10 matches found
CVE-2015-0996
CVE-2015-0996 affects Schneider Electric InduSoft Web Studio (before 7.1.3.4 SP3 Patch 4) and InTouch Machine Edition 2014 (before 7.1.3.4 SP3 Patch 4). Root cause is a hard-coded, cleartext password used to control read access to Project files and Project Configuration files, enabling local atta...
CVE-2015-0997
Schneider Electric InduSoft Web Studio (before 7.1.3.4 SP3 Patch 4) and InTouch Machine Edition 2014 (before 7.1.3.4 SP3 Patch 4) expose an authentication flaw: the HMI UI lists all valid usernames, enabling remote brute-force access. Root cause involves use of hard-coded/cleartext credentials in...
CVE-2015-0999
The CVE-2015-0999 issue affects Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4, where OPC User credentials are stored in cleartext in configuration files. This enables local attackers with access to read the files to o...
CVE-2015-0998
CVE-2015-0998 affects Schneider Electric InduSoft Web Studio (before 7.1.3.4 SP3 Patch 4) and InTouch Machine Edition 2014 (before 7.1.3.4 SP3 Patch 4). The issue is cleartext transmission of credentials (CWE-319), enabling an attacker on an adjacent network to sniff sensitive information. Root c...
CVE-2022-28685
AVEVA Edge 2020 SP2 Patch 0 (4201.2111.1802.0000) is affected by CVE-2022-28685, a Deserialization of untrusted data vulnerability in the APP file parsing path. The flaw arises from inadequate validation of user-supplied data, enabling arbitrary code execution when a victim opens a malicious APP ...
CVE-2022-28688
CVE-2022-28688 affects AVEVA Edge 2020 SP2 Patch 0 (4201.2111.1802.0000). The flaw is in how APP files are handled: the process loads a library from an unsecured location, enabling arbitrary code execution when a user visits a malicious page or opens a crafted file. Exploitation requires user int...
CVE-2022-28687
The CVE-2022-28687 entry covers AVEVA Edge 2020 SP2 Patch 0 (4201.2111.1802.0000). The described issue is in APP file handling where the process loads a library from an unsecured location, enabling arbitrary code execution in the context of the current process after user interaction (visiting a m...
CVE-2022-36969
CVE-2022-36969 affects AVEVA Edge 2020 R2 SP1 and earlier, exploiting an XXE flaw in LoadImportedLibraries that allows an attacker to disclose sensitive information within the current process. Technical details across sources consistently identify the flaw as improper restriction of XML External ...
CVE-2022-28686
Affected product: AVEVA Edge 2020 SP2 Patch 0 (4201.2111.1802.0000). Vulnerability in APP file handling where the process loads a library from an unsecured location, enabling arbitrary code execution with the user’s context after user interaction (malicious page/file). CVSS 3.1/3.0 base score 7.8...
CVE-2022-36970
CVE-2022-36970 affects AVEVA Edge 20.0 Build 4201.2111.1802.0000 Service Pack 2. The flaw lies in the processing of APP files, where crafted APP data can cause the application to execute arbitrary Visual Basic scripts. User interaction is required (visiting a malicious page or opening a malicious...