Search Results (810 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-7480 1 Schneider-electric 22 Andover Continuum 5720, Andover Continuum 5720 Firmware, Andover Continuum 5740 and 19 more 2024-11-21 9.8 Critical
A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists in Andover Continuum (All versions), which could cause files on the application server filesystem to be viewable when an attacker interferes with an application's processing of XML data.
CVE-2020-7479 1 Schneider-electric 1 Interactive Graphical Scada System 2024-11-21 7.8 High
A CWE-306: Missing Authentication for Critical Function vulnerability exists in IGSS (Versions 14 and prior using the service: IGSSupdate), which could allow a local user to execute processes that otherwise require escalation privileges when sending local network commands to the IGSS Update Service.
CVE-2020-7478 1 Schneider-electric 1 Interactive Graphical Scada System 2024-11-21 7.5 High
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory exists in IGSS (Versions 14 and prior using the service: IGSSupdate), which could allow a remote unauthenticated attacker to read arbitrary files from the IGSS server PC on an unrestricted or shared network when the IGSS Update Service is enabled.
CVE-2020-7476 1 Schneider-electric 1 Ulti Zigbee Installation Toolkit 2024-11-21 7.8 High
A CWE-426: Untrusted Search Path vulnerability exists in ZigBee Installation Kit (Versions prior to 1.0.1), which could cause execution of malicious code when a malicious file is put in the search path.
CVE-2020-7475 1 Schneider-electric 6 Ecostruxure Control Expert, Modicon M340, Modicon M340 Firmware and 3 more 2024-11-21 9.8 Critical
A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'), reflective DLL, vulnerability exists in EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions), Modicon M340 (all versions prior to V3.20), Modicon M580 (all versions prior to V3.10), which, if exploited, could allow attackers to transfer malicious code to the controller.
CVE-2020-7474 1 Schneider-electric 1 Pmepxm0100 Prosoft Configurator 2024-11-21 7.8 High
A CWE-427: Uncontrolled Search Path Element vulnerability exists in ProSoft Configurator (v1.002 and prior), for the PMEPXM0100 (H) module, which could cause the execution of untrusted code when using double click to open a project file which may trigger execution of a malicious DLL.
CVE-2020-28221 1 Schneider-electric 42 Ecostruxure Operator Terminal Expert, Gp-4104g, Gp-4104w and 39 more 2024-11-21 9.8 Critical
A CWE-20: Improper Input Validation vulnerability exists in EcoStruxure™ Operator Terminal Expert and Pro-face BLUE (version details in the notification) that could cause arbitrary code execution when the Ethernet Download feature is enable on the HMI.
CVE-2020-28219 1 Schneider-electric 2 Ecostruxure Geo Scada Expert 2019, Ecostruxure Geo Scada Expert 2020 2024-11-21 7.8 High
A CWE-522: Insufficiently Protected Credentials vulnerability exists in EcoStruxure Geo SCADA Expert 2019 (Original release and Monthly Updates to September 2020, from 81.7268.1 to 81.7578.1) and EcoStruxure Geo SCADA Expert 2020 (Original release and Monthly Updates to September 2020, from 83.7551.1 to 83.7578.1), that could cause exposure of credentials to server-side users when web users are logged in to Virtual ViewX.
CVE-2020-28218 1 Schneider-electric 2 Easergy T300, Easergy T300 Firmware 2024-11-21 6.5 Medium
A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists in Easergy T300 (firmware 2.7 and older), that would allow an attacker to trick a user into initiating an unintended action.
CVE-2020-28217 1 Schneider-electric 2 Easergy T300, Easergy T300 Firmware 2024-11-21 7.5 High
A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Easergy T300 (firmware 2.7 and older), that would allow an attacker to read network traffic over HTTP protocol.
CVE-2020-28216 1 Schneider-electric 2 Easergy T300, Easergy T300 Firmware 2024-11-21 7.5 High
A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Easergy T300 (firmware 2.7 and older), that would allow an attacker to read network traffic over HTTP protocol.
CVE-2020-28215 1 Schneider-electric 2 Easergy T300, Easergy T300 Firmware 2024-11-21 9.8 Critical
A CWE-862: Missing Authorization vulnerability exists in Easergy T300 (firmware 2.7 and older), that could cause a wide range of problems, including information exposures, denial of service, and arbitrary code execution when access control checks are not applied consistently.
CVE-2020-28213 1 Schneider-electric 1 Ecostruxure Control Expert 2024-11-21 8.8 High
A CWE-494: Download of Code Without Integrity Check vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause unauthorized command execution when sending specially crafted requests over Modbus.
CVE-2020-28212 1 Schneider-electric 1 Ecostruxure Control Expert 2024-11-21 9.8 Critical
A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause unauthorized command execution when a brute force attack is done over Modbus.
CVE-2020-28211 1 Schneider-electric 1 Ecostruxure Control Expert 2024-11-21 7.8 High
A CWE-863: Incorrect Authorization vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause bypass of authentication when overwriting memory using a debugger.
CVE-2020-10626 2 Fazecast, Schneider-electric 2 Jserialcomm, Ecostruxure It Gateway 2024-11-21 7.8 High
In Fazecast jSerialComm, Version 2.2.2 and prior, an uncontrolled search path element vulnerability could allow a malicious DLL file with the same name of any resident DLLs inside the software installation to execute arbitrary code.
CVE-2019-6859 1 Schneider-electric 20 140 Cpu6x, 140 Cpu6x Firmware, 140 Noc 77101 and 17 more 2024-11-21 7.5 High
A CWE-798: Use of Hardcoded Credentials vulnerability exists in Modicon Controllers (All versions of the following CPUs and Communication Module product references listed in the Security Notifications), which could cause the disclosure of FTP hardcoded credentials when using the Web server of the controller on an unsecure network.
CVE-2019-6858 1 Schneider-electric 1 Msx Configurator 2024-11-21 7.8 High
A CWE-427:Uncontrolled Search Path Element vulnerability exists in MSX Configurator (Software Version prior to V1.0.8.1), which could cause privilege escalation when injecting a malicious DLL.
CVE-2019-6855 1 Schneider-electric 44 Ecostruxure Control Expert, Modicon M340 Bmxp341000, Modicon M340 Bmxp341000 Firmware and 41 more 2024-11-21 7.3 High
Incorrect Authorization vulnerability exists in EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions), Modicon M340 (all versions prior to V3.20) , and Modicon M580 (all versions prior to V3.10), which could cause a bypass of the authentication process between EcoStruxure Control Expert and the M340 and M580 controllers.
CVE-2019-6854 1 Schneider-electric 1 Clearscada 2024-11-21 7.8 High
A CWE-287: Improper Authentication vulnerability exists in a folder within EcoStruxure Geo SCADA Expert (ClearSCADA) -with initial releases before 1 January 2019- which could cause a low privilege user to delete or modify database, setting or certificate files. Those users must have access to the file system of that operating system to exploit this vulnerability. Affected versions in current support includes ClearSCADA 2017 R3, ClearSCADA 2017 R2, and ClearSCADA 2017.