Schneider-electric

Remoteconnect

8 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.5

CVE-2024-12703

  • EPSS 0.35%
  • Published 17.01.2025 11:15:08
  • Last modified 17.01.2025 11:15:08

CWE-502: Deserialization of untrusted data vulnerability exists that could lead to loss of confidentiality, integrity and potential remote code execution on workstation when a non-admin authenticated user opens a malicious project file.

9.8

CVE-2022-26507

  • EPSS 6.7%
  • Published 14.04.2022 13:15:11
  • Last modified 21.11.2024 06:54:04

A heap-based buffer overflow exists in XML Decompression DecodeTreeBlock in AT&T Labs Xmill 0.7. A crafted input file can lead to remote code execution. This is not the same as any of: CVE-2021-21810, CVE-2021-21811, CVE-2021-21812, CVE-2021-21815, C...

9.3

CVE-2021-22797

  • EPSS 0.45%
  • Published 13.04.2022 16:15:09
  • Last modified 21.11.2024 05:50:41

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal) vulnerability exists that could cause malicious script to be deployed in an unauthorized location and may result in code execution on the engineering workstation ...

7.1

CVE-2021-22778

  • EPSS 0.05%
  • Published 14.07.2021 15:15:08
  • Last modified 21.11.2024 05:50:38

Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS...

9.1

CVE-2021-22779

  • EPSS 0.12%
  • Published 14.07.2021 15:15:08
  • Last modified 21.11.2024 05:50:38

Authentication Bypass by Spoofing vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Control Expert V15.0 SP1, EcoStruxure Process Expert (all versions, including all...

7.1

CVE-2021-22780

  • EPSS 0.05%
  • Published 14.07.2021 15:15:08
  • Last modified 21.11.2024 05:50:39

Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS...

5.5

CVE-2021-22781

  • EPSS 0.05%
  • Published 14.07.2021 15:15:08
  • Last modified 21.11.2024 05:50:39

Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS...

5.5

CVE-2021-22782

  • EPSS 0.02%
  • Published 14.07.2021 15:15:08
  • Last modified 21.11.2024 05:50:39

Missing Encryption of Sensitive Data vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS...