14 matches found
EUVD-2022-44857
Malicious code in bioql PyPI...
CVE-2022-41670
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load malicious DLL which could result in execution of malicious code. Affected Products: EcoStruxure Operat...
CVE-2022-41669
A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load a malicious DLL which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal ExpertV3.3...
The vulnerability of the SGIUtility component in the HMI terminal configuration software for Schneider Electric EcoStruxure Operator Terminal Expert and the SCADA Pro-face BLUE software allows a malicious individual to execute arbitrary code.
The vulnerability of the SGIUtility component in Schneider Electric’s HMI terminal configuration software, as well as in the SCADA Pro-face BLUE software, is related to improper handling of a path leading to a limited catalog. Exploiting this vulnerability could allow an attacker to execute...
The vulnerability of the SGIUtility component in the HMI terminal configuration software for Schneider Electric EcoStruxure Operator Terminal Expert and the SCADA Pro-face BLUE software allows a malicious individual to execute arbitrary code.
The vulnerability of the SGIUtility component in Schneider Electric’s HMI terminal configuration software, as well as in the SCADA Pro-face BLUE software, is related to improper verification of the cryptographic signature. Exploiting this vulnerability could allow an attacker to execute arbitrary...
CVE-2022-41670
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load malicious DLL which could result in execution of malicious code. Affected Products: EcoStruxure Operat...
CVE-2022-41670
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load malicious DLL which could result in execution of malicious code. Affected Products: EcoStruxure Operat...
CVE-2022-41669
A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load a malicious DLL which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal ExpertV3.3...
Information disclosure
A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load a malicious DLL which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal ExpertV3.3...
CVE-2022-41669
A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load a malicious DLL which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal ExpertV3.3...
CVE-2022-41670
CVE-2022-41670 describes a path traversal vulnerability in the SGIUtility component that could allow local-privilege attackers to load a malicious DLL and execute code. Affected: EcoStruxure Operator Terminal Expert (V3.3 Hotfix 1 or prior) and Pro-face BLUE (V3.3 Hotfix 1 or prior). Root cause: ...
CVE-2022-41669
A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load a malicious DLL which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal ExpertV3.3...
CVE-2022-41669
Schneider Electric EcoStruxure Operator Terminal Expert and Pro-face BLUE are affected by CVE-2022-41669 due to improper verification of cryptographic signatures in the SGIUtility component. An attacker with local user privileges can load a malicious DLL, potentially executing arbitrary code on t...
PT-2022-6468 · Schneider Electric · Ecostruxure Operator Terminal Expert +1
Name of the Vulnerable Software and Affected Versions: EcoStruxure Operator Terminal Expert versions prior to V3.3 Hotfix 1 Pro-face BLUE versions prior to V3.3 Hotfix 1 Description: The issue is related to an improper verification of cryptographic signature in the SGIUtility component. This coul...