Ecostruxure Operator Terminal Expert@3.3 Security Vulnerabilities and Issues — Ecostruxure Operator Terminal Expert@3.3 CVE List

Lucene search

Schneider-electricEcostruxure Operator Terminal Expert3.3

7 matches found

CVE•added 2022/11/04 3:15 p.m.•55 views

CVE-2022-41671

A CWE-89: Improper Neutralization of Special Elements used in SQL Command (‘SQL Injection’) vulnerability exists that allows adversaries with local user privileges to craft a malicious SQL query and execute as part of project migration which could result in execution of malicious code. Affected Pro...

7.8CVSS7.8AI score0.00056EPSS

CVE•added 2022/11/04 12:15 p.m.•50 views

CVE-2022-41667

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that allows adversaries with local user privileges to load a malicious DLL which could lead to execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotf...

7.8CVSS7.5AI score0.00046EPSS

CVE•added 2023/06/14 8:15 a.m.•48 views

CVE-2023-1049

A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists thatcould cause execution of malicious code when an unsuspicious user loads a project file from thelocal filesystem into the HMI.

7.8CVSS7.7AI score0.00101EPSS

CVE•added 2022/11/04 5:15 a.m.•47 views

CVE-2022-41666

A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists that allows adversaries with local user privileges to load a malicious DLL which could lead to execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE...

7.8CVSS7.5AI score0.00042EPSS

CVE•added 2022/11/04 12:15 p.m.•47 views

CVE-2022-41668

A CWE-704: Incorrect Project Conversion vulnerability exists that allows adversaries with local user privileges to load a project file from an adversary-controlled network share which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 ...

7.8CVSS7.5AI score0.00057EPSS

CVE•added 2022/11/04 2:15 p.m.•45 views

CVE-2022-41670

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load malicious DLL which could result in execution of malicious code. Affected Products: EcoStruxure Operat...

7.8CVSS7.4AI score0.00046EPSS

CVE•added 2022/11/04 1:15 p.m.•36 views

CVE-2022-41669

A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load a malicious DLL which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hot...

7.8CVSS7.4AI score0.00023EPSS