VYPR

Software Update

by Schneider Electric

CVEs (4)

  • CVE-2018-7799HigNov 2, 2018
    risk 0.51cvss 7.8epss 0.03

    A DLL hijacking vulnerability exists in Schneider Electric Software Update (SESU), all versions prior to V2.2.0, which could allow an attacker to execute arbitrary code on the targeted system when placing a specific DLL file.

  • CVE-2019-6834HigApr 13, 2022
    risk 0.48cvss 7.3epss 0.01

    A CWE-502: Deserialization of Untrusted Data vulnerability exists which could allow an attacker to execute arbitrary code on the targeted system with SYSTEM privileges when placing a malicious user to be authenticated for this vulnerability to be successfully exploited. Affected…

  • CVE-2020-7520MedJul 23, 2020
    risk 0.31cvss 4.7epss 0.01

    A CWE-601: URL Redirection to Untrusted Site ('Open Redirect') vulnerability exists in Schneider Electric Software Update (SESU), V2.4.0 and prior, which could cause execution of malicious code on the victim's machine. In order to exploit this vulnerability, an attacker requires…

  • CVE-2021-22799LowJan 28, 2022
    risk 0.25cvss 3.8epss 0.00

    A CWE-331: Insufficient Entropy vulnerability exists that could cause unintended connection from an internal network to an external network when an attacker manages to decrypt the SESU proxy password from the registry. Affected Product: Schneider Electric Software Update, V2.3.0…