EUVD-2013-2735

Malware in sbrugna...

CVE-2013-2796

Schneider Electric Vijeo Citect 7.20 and earlier, CitectSCADA 7.20 and earlier, and PowerLogic SCADA 7.20 and earlier allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service CPU and memory consumption via an XML document containing an...

CVE-2019-13537

The IEC870IP driver for AVEVA’s Vijeo Citect and Citect SCADA and Schneider Electric’s Power SCADA Operation has a buffer overflow vulnerability that could result in a server-side crash...

Buffer overflow

The IEC870IP driver for AVEVA’s Vijeo Citect and Citect SCADA and Schneider Electric’s Power SCADA Operation has a buffer overflow vulnerability that could result in a server-side crash...

CVE-2019-13537

The CVE-2019-13537 issue affects the IEC870IP driver used in AVEVA’s Vijeo Citect and Citect SCADA and Schneider Electric’s Power SCADA Operation. The vulnerability is a stack-based buffer overflow in the IEC870IP driver (versions 4.14.02 and earlier) that could lead to a server-side crash. Red H...

AVEVA Vijeo Citect and Citect SCADA (Update A)

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit --------- Begin Update A Part 1 of 5 --------- Vendor: AVEVA and Schneider Electric Equipment: AVEVA’s Vijeo Citect and Citect SCADA; Schneider Electric’s Power SCADA Operation --------- End Update A Part...

Schneider Electric Floating License Manager ICSA-19-192-07 Multiple Security Vulnerabilities

Description Schneider Electric Floating License Manager is prone to multiple security vulnerabilities Attackers can exploit these issues to shut down the affected device, denying service to legitimate users. Floating License Manager version 2.3.0.0 and prior are vulnerable. Technologies Affected...

CVE-2019-10981

In Vijeo Citect 7.30 and 7.40, and CitectSCADA 7.30 and 7.40, a vulnerability has been identified that may allow an authenticated local user access to Citect user credentials...

Design/Logic Flaw

In Vijeo Citect 7.30 and 7.40, and CitectSCADA 7.30 and 7.40, a vulnerability has been identified that may allow an authenticated local user access to Citect user credentials...

CVE-2019-10981

In Vijeo Citect 7.30 and 7.40, and CitectSCADA 7.30 and 7.40, a vulnerability has been identified that may allow an authenticated local user access to Citect user credentials...

CVE-2019-10981

The CVE-2019-10981 vulnerability affects AVEVA Vijeo Citect 7.30/7.40 and CitectSCADA 7.30/7.40, where an authenticated local user may access Citect user credentials due to Insufficiently Protected Credentials (CWE-522). Reported in ICS context with a CVSS v3 base score of 6.5 (local, low skill t...

AVEVA Vijeo Citect and CitectSCADA

1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Low skill level to exploit Vendor: AVEVA Equipment: Vijeo Citect and CitectSCADA Vulnerability: Insufficiently Protected Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a locally authenticated user to obtain...

CVE-2015-1014

A successful exploit of these vulnerabilities requires the local user to load a crafted DLL file in the system directory on servers running Schneider Electric OFS v3.5 with version v7.40 of SCADA Expert Vijeo Citect/CitectSCADA, OFS v3.5 with version v7.30 of Vijeo Citect/CitectSCADA, and OFS v3....

CVE-2015-1014

CVE-2015-1014 affects Schneider Electric OPC Factory Server (OFS) 3.5 when used with SCADA Expert Vijeo Citect/CitectSCADA versions 7.20, 7.30, or 7.40. The vulnerability arises from DLL hijacking: a local user must load a crafted DLL into the system directory, and if the application opens that D...

AVEVA Vijeo Citect and Citect SCADA

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: AVEVA Software, LLC AVEVA Equipment: Vijeo Citect, Citect SCADA Vulnerability: Uncontrolled Search Path Element 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute...

Schneider Electric Floating License Manager Vulnerability

OVERVIEW Schneider Electric had become aware of an “unquoted service path” vulnerability in the Schneider Electric Floating License Manager, produced a patchSchneider Electric Security Notification SEVD 2014-015-01v3,...

CVE-2013-2824

Schneider Electric StruxureWare SCADA Expert Vijeo Citect 7.40, Vijeo Citect 7.20 through 7.30SP1, CitectSCADA 7.20 through 7.30SP1, StruxureWare PowerSCADA Expert 7.30 through 7.30SR1, and PowerLogic SCADA 7.20 through 7.20SR1 do not properly handle exceptions, which allows remote attackers to...

CVE-2013-2824

CVE-2013-2824 affects Schneider Electric StruxureWare SCADA Expert Vijeo Citect (v7.40), Vijeo Citect (v7.20–7.30SP1), CitectSCADA (v7.20–7.30SP1), StruxureWare PowerSCADA Expert (v7.30–7.30SR1), and PowerLogic SCADA (v7.20–7.20SR1). The issue is an exception-handling flaw that allows remote atta...

Xxe

Schneider Electric Vijeo Citect 7.20 and earlier, CitectSCADA 7.20 and earlier, and PowerLogic SCADA 7.20 and earlier allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service CPU and memory consumption via an XML document containing an...

CVE-2013-2796

Schneider Electric Vijeo Citect 7.20 and earlier, CitectSCADA 7.20 and earlier, and PowerLogic SCADA 7.20 and earlier allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service CPU and memory consumption via an XML document containing an...