VYPR

BLUE

by Pro Face

CVEs (4)

  • CVE-2020-28221CriJan 26, 2021
    risk 0.64cvss 9.8epss 0.02

    A CWE-20: Improper Input Validation vulnerability exists in EcoStruxure™ Operator Terminal Expert and Pro-face BLUE (version details in the notification) that could cause arbitrary code execution when the Ethernet Download feature is enable on the HMI.

  • CVE-2022-41671HigNov 4, 2022
    risk 0.46cvss 7.0epss 0.00

    A CWE-89: Improper Neutralization of Special Elements used in SQL Command (‘SQL Injection’) vulnerability exists that allows adversaries with local user privileges to craft a malicious SQL query and execute as part of project migration which could result in execution of…

  • CVE-2022-41668HigNov 4, 2022
    risk 0.46cvss 7.0epss 0.00

    A CWE-704: Incorrect Project Conversion vulnerability exists that allows adversaries with local user privileges to load a project file from an adversary-controlled network share which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal…

  • CVE-2022-41666HigNov 4, 2022
    risk 0.46cvss 7.0epss 0.00

    A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists that allows adversaries with local user privileges to load a malicious DLL which could lead to execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or…