76 matches found
CVE-2020-7493
A CWE-89: Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior formerly known as Vijeo XD which could cause malicious code execution when opening the project file...
CVE-2020-7495
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability during zip file extraction exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior formerly known as Vijeo XD which could cause unauthorized write access outside of expected pa...
EUVD-2020-28669
Malware in sbrugna...
EUVD-2020-28620
Malware in sbrugna...
EUVD-2022-44858
Malicious code in bioql PyPI...
CVE-2020-7544
A CWE-269 Improper Privilege Management vulnerability exists in EcoStruxureª Operator Terminal Expert runtime Vijeo XD that could cause privilege escalation on the workstation when interacting directly with a driver installed by the runtime software of EcoStruxureª Operator Terminal Expert...
CVE-2022-41668
A CWE-704: Incorrect Project Conversion vulnerability exists that allows adversaries with local user privileges to load a project file from an adversary-controlled network share which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal ExpertV3.3 Hotfix 1...
CVE-2022-41669
A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load a malicious DLL which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal ExpertV3.3...
Schneider Electric EcoStruxure Operator Terminal Expert 代码注入漏洞
Schneider Electric EcoStruxure Operator Terminal Expert is a touch screen configuration software from Schneider Electric, France. This software branch is primarily used to create and edit touch applications. A code injection vulnerability exists in Schneider Electric EcoStruxure Operator Terminal...
The vulnerability of the SGIUtility component in the HMI terminal configuration software for Schneider Electric EcoStruxure Operator Terminal Expert and the SCADA Pro-face BLUE software allows a malicious individual to execute arbitrary code.
The vulnerability of the SGIUtility component in Schneider Electric’s HMI terminal configuration software, as well as in the SCADA Pro-face BLUE software, is related to improper handling of a path leading to a limited catalog. Exploiting this vulnerability could allow an attacker to execute...
The vulnerability of the software for configuring Schneider Electric EcoStruxure Operator Terminal Expert HMI terminals and the SCADA Pro-face BLUE software allows a perpetrator to execute arbitrary codes.
The vulnerability of the software for configuring Schneider Electric EcoStruxure Operator Terminal Expert HMI terminals and the SCADA Pro-face BLUE software is related to improper project conversion. Exploiting this vulnerability could allow an attacker to execute arbitrary code...
The vulnerability of the software for configuring Schneider Electric EcoStruxure Operator Terminal Expert HMI terminals and the SCADA Pro-face BLUE software allows a perpetrator to execute arbitrary codes.
The vulnerability of the software for configuring Schneider Electric EcoStruxure Operator Terminal Expert and the SCADA Pro-face BLUE software is related to improper bypassing of a limited catalog. Exploiting this vulnerability can allow an attacker to execute arbitrary code...
The vulnerability of the SGIUtility component in the HMI terminal configuration software for Schneider Electric EcoStruxure Operator Terminal Expert and the SCADA Pro-face BLUE software allows a malicious individual to execute arbitrary code.
The vulnerability of the SGIUtility component in Schneider Electric’s HMI terminal configuration software, as well as in the SCADA Pro-face BLUE software, is related to improper verification of the cryptographic signature. Exploiting this vulnerability could allow an attacker to execute arbitrary...
CVE-2022-41671
A CWE-89: Improper Neutralization of Special Elements used in SQL Command ‘SQL Injection’ vulnerability exists that allows adversaries with local user privileges to craft a malicious SQL query and execute as part of project migration which could result in execution of malicious code. Affected...
CVE-2022-41671
A CWE-89: Improper Neutralization of Special Elements used in SQL Command ‘SQL Injection’ vulnerability exists that allows adversaries with local user privileges to craft a malicious SQL query and execute as part of project migration which could result in execution of malicious code. Affected...
Sql injection
A CWE-89: Improper Neutralization of Special Elements used in SQL Command ‘SQL Injection’ vulnerability exists that allows adversaries with local user privileges to craft a malicious SQL query and execute as part of project migration which could result in execution of malicious code. Affected...
CVE-2022-41670
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load malicious DLL which could result in execution of malicious code. Affected Products: EcoStruxure Operat...
CVE-2022-41670
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load malicious DLL which could result in execution of malicious code. Affected Products: EcoStruxure Operat...
Path traversal
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load malicious DLL which could result in execution of malicious code. Affected Products: EcoStruxure Operat...
CVE-2022-41669
A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load a malicious DLL which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal ExpertV3.3...