VYPR

SCADAPack RemoteConnect for x70

by Schneider Electric

CVEs (8)

  • CVE-2021-22797Mar 28, 2022
    risk 0.00cvss epss 0.26

    A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal) vulnerability exists that could cause malicious script to be deployed in an unauthorized location and may result in code execution on the engineering workstation when a malicious project file…

  • CVE-2021-22782Jul 14, 2021
    risk 0.00cvss epss 0.00

    Missing Encryption of Sensitive Data vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack…

  • CVE-2021-22781Jul 14, 2021
    risk 0.00cvss epss 0.00

    Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack…

  • CVE-2021-22780Jul 14, 2021
    risk 0.00cvss epss 0.00

    Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack…

  • CVE-2021-22778Jul 14, 2021
    risk 0.00cvss epss 0.00

    Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack…

  • CVE-2020-7531Sep 16, 2020
    risk 0.00cvss epss 0.01

    A CWE-284 Improper Access Control vulnerability exists in SCADAPack 7x Remote Connect (V3.6.3.574 and prior) which allows an attacker to place executables in a specific folder and run code whenever RemoteConnect is executed by the user.

  • CVE-2020-7530Sep 16, 2020
    risk 0.00cvss epss 0.01

    A CWE-285 Improper Authorization vulnerability exists in SCADAPack 7x Remote Connect (V3.6.3.574 and prior) which allows improper access to executable code folders.

  • CVE-2020-7529Sep 16, 2020
    risk 0.00cvss epss 0.01

    A CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Transversal') vulnerability exists in SCADAPack 7x Remote Connect (V3.6.3.574 and prior) which allows an attacker to place content in any unprotected folder on the target system using a crafted .RCZ file.