Schneider-electric

Ecostruxure Operator Terminal Expert

12 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.8

CVE-2023-1049

  • EPSS 0.1%
  • Published 14.06.2023 08:15:08
  • Last modified 21.11.2024 07:38:21

A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause execution of malicious code when an unsuspicious user loads a project file from the local filesystem into the HMI.

7.8

CVE-2022-41671

  • EPSS 0.07%
  • Published 04.11.2022 15:15:10
  • Last modified 21.11.2024 07:23:36

A CWE-89: Improper Neutralization of Special Elements used in SQL Command (‘SQL Injection’) vulnerability exists that allows adversaries with local user privileges to craft a malicious SQL query and execute as part of project migration which could re...

7.8

CVE-2022-41670

  • EPSS 0.06%
  • Published 04.11.2022 14:15:10
  • Last modified 21.11.2024 07:23:36

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load malicious DLL which could result in execution of mali...

7.8

CVE-2022-41669

  • EPSS 0.03%
  • Published 04.11.2022 13:15:11
  • Last modified 21.11.2024 07:23:36

A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load a malicious DLL which could result in execution of malicious code. Affected Produc...

7.8

CVE-2022-41668

  • EPSS 0.07%
  • Published 04.11.2022 12:15:20
  • Last modified 21.11.2024 07:23:36

A CWE-704: Incorrect Project Conversion vulnerability exists that allows adversaries with local user privileges to load a project file from an adversary-controlled network share which could result in execution of malicious code. Affected Products: Ec...

7.8

CVE-2022-41667

  • EPSS 0.06%
  • Published 04.11.2022 12:15:19
  • Last modified 21.11.2024 07:23:36

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that allows adversaries with local user privileges to load a malicious DLL which could lead to execution of malicious code. Affected Product...

7.8

CVE-2022-41666

  • EPSS 0.05%
  • Published 04.11.2022 05:15:09
  • Last modified 21.11.2024 07:23:36

A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists that allows adversaries with local user privileges to load a malicious DLL which could lead to execution of malicious code. Affected Products: EcoStruxure Operator Termi...

9.8

CVE-2020-28221

  • EPSS 0.92%
  • Published 26.01.2021 18:15:47
  • Last modified 21.11.2024 05:22:30

A CWE-20: Improper Input Validation vulnerability exists in EcoStruxure™ Operator Terminal Expert and Pro-face BLUE (version details in the notification) that could cause arbitrary code execution when the Ethernet Download feature is enable on the HM...

7.8

CVE-2020-7493

  • EPSS 0.34%
  • Published 16.06.2020 20:15:14
  • Last modified 21.11.2024 05:37:15

A CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD) which could cause malicious code exe...

7.8

CVE-2020-7494

  • EPSS 0.43%
  • Published 16.06.2020 20:15:14
  • Last modified 21.11.2024 05:37:15

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD) which could cause malicious code execution...