Vendor CVEs
Schneider Electric
All CVEs
722 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-34764 | 0.00 | — | 0.01 | Jul 13, 2022 | A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause denial of service when parsing the URL. Affected Products: X80 advanced RTU Communication Module (BMENOR2200H) (V1.0), OPC UA Modicon Communication Module… | |||
| CVE-2022-34763 | 0.00 | — | 0.00 | Jul 13, 2022 | A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists that could cause loading of unauthorized firmware images due to improper verification of the firmware signature. Affected Products: X80 advanced RTU Communication Module (BMENOR2200H) (V2.01 and… | |||
| CVE-2022-34762 | 0.00 | — | 0.01 | Jul 13, 2022 | A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause unauthorized firmware image loading when unsigned images are added to the firmware image path. Affected Products: X80 advanced RTU Communication Module… | |||
| CVE-2022-34761 | 0.00 | — | 0.01 | Jul 13, 2022 | A CWE-476: NULL Pointer Dereference vulnerability exists that could cause a denial of service of the webserver when parsing JSON content type. Affected Products: X80 advanced RTU Communication Module (BMENOR2200H) (V2.01 and later), OPC UA Modicon Communication Module… | |||
| CVE-2022-34760 | 0.00 | — | 0.01 | Jul 13, 2022 | A CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability exists that could cause a denial of service of the webserver due to improper handling of the cookies. Affected Products: X80 advanced RTU Communication Module (BMENOR2200H) (V1.0), OPC UA Modicon… | |||
| CVE-2022-34759 | 0.00 | — | 0.01 | Jul 13, 2022 | A CWE-787: Out-of-bounds Write vulnerability exists that could cause a denial of service of the webserver due to improper parsing of the HTTP Headers. Affected Products: X80 advanced RTU Communication Module (BMENOR2200H) (V1.0), OPC UA Modicon Communication Module (BMENUA0100)… | |||
| CVE-2022-34758 | 0.00 | — | 0.00 | Jul 13, 2022 | A CWE-20: Improper Input Validation vulnerability exists that could cause the device watchdog function to be disabled if the attacker had access to privileged user credentials. Affected Products: Easergy P5 (V01.401.102 and prior) | |||
| CVE-2022-34757 | 0.00 | — | 0.00 | Jul 13, 2022 | A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists where weak cipher suites can be used for the SSH connection between Easergy Pro software and the device, which may allow an attacker to observe protected communication details. Affected Products:… | |||
| CVE-2022-34756 | 0.00 | — | 0.01 | Jul 13, 2022 | A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in remote code execution or the crash of HTTPs stack which is used for the device Web HMI. Affected Products: Easergy P5 (V01.401.102 and prior) | |||
| CVE-2022-34754 | 0.00 | — | 0.00 | Jul 13, 2022 | A CWE-269: Improper Privilege Management vulnerability exists that could allow elevated functionality when guessing credentials. Affected Products: Acti9 PowerTag Link C (A9XELC10-A) (V1.7.5 and prior), Acti9 PowerTag Link C (A9XELC10-B) (V2.12.0 and prior) | |||
| CVE-2022-32530 | 0.00 | — | 0.00 | Jun 24, 2022 | A CWE-668 Exposure of Resource to Wrong Sphere vulnerability exists that could cause users to be misled, hiding alarms, showing the wrong server connection option or the wrong control request when a mobile device has been compromised by a malicious application. Affected Product:… | |||
| CVE-2022-30238 | 0.00 | — | 0.01 | Jun 2, 2022 | A CWE-287: Improper Authentication vulnerability exists that could allow an attacker to take over the admin account when an attacker hijacks a session. Affected Products: Wiser Smart, EER21000 & EER21001 (V4.5 and prior) | |||
| CVE-2022-30237 | 0.00 | — | 0.00 | Jun 2, 2022 | A CWE-311: Missing Encryption of Sensitive Data vulnerability exists that could allow authentication credentials to be recovered when an attacker breaks the encoding. Affected Products: Wiser Smart, EER21000 & EER21001 (V4.5 and prior) | |||
| CVE-2022-30236 | 0.00 | — | 0.01 | Jun 2, 2022 | A CWE-669: Incorrect Resource Transfer Between Spheres vulnerability exists that could allow unauthorized access when an attacker uses cross-domain attacks. Affected Products: Wiser Smart, EER21000 & EER21001 (V4.5 and prior) | |||
| CVE-2022-30235 | 0.00 | — | 0.01 | Jun 2, 2022 | A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could allow unauthorized access when an attacker uses brute force. Affected Products: Wiser Smart, EER21000 & EER21001 (V4.5 and prior) | |||
| CVE-2022-30234 | 0.00 | — | 0.01 | Jun 2, 2022 | A CWE-798: Use of Hard-coded Credentials vulnerability exists that could allow arbitrary code to be executed when root level access is obtained. Affected Products: Wiser Smart, EER21000 & EER21001 (V4.5 and prior) | |||
| CVE-2022-30233 | 0.00 | — | 0.01 | Jun 2, 2022 | A CWE-20: Improper Input Validation vulnerability exists that could allow the product to be maliciously manipulated when the user is tricked into performing certain actions on a webpage. Affected Products: Wiser Smart, EER21000 & EER21001 (V4.5 and prior) | |||
| CVE-2022-30232 | 0.00 | — | 0.01 | Jun 2, 2022 | A CWE-20: Improper Input Validation vulnerability exists that could cause potential remote code execution when an attacker is able to intercept and modify a request on the same network or has configuration access to an ION device on the network. Affected Products: Wiser Smart,… | |||
| CVE-2021-30066 | 0.00 | — | 0.00 | Apr 3, 2022 | On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, an arbitrary firmware image can be loaded because firmware signature verification (for a USB stick) can be bypassed. NOTE: this issue… | |||
| CVE-2021-30065 | 0.00 | — | 0.01 | Apr 3, 2022 | On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, crafted ModBus packets can bypass the ModBus enforcer. NOTE: this issue exists because of an incomplete fix of CVE-2017-11401. | |||
| CVE-2021-30064 | 0.00 | — | 0.01 | Apr 3, 2022 | On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, an SSH login can succeed with hardcoded default credentials (if the device is in the uncommissioned state). | |||
| CVE-2021-30063 | 0.00 | — | 0.01 | Apr 3, 2022 | On Schneider Electric ConneXium Tofino OPCLSM TCSEFM0000 before 03.23 and Belden Tofino Xenon Security Appliance, crafted OPC packets can cause an OPC enforcer denial of service. | |||
| CVE-2021-30062 | 0.00 | — | 0.01 | Apr 3, 2022 | On Schneider Electric ConneXium Tofino OPCLSM TCSEFM0000 before 03.23 and Belden Tofino Xenon Security Appliance, crafted OPC packets can bypass the OPC enforcer. | |||
| CVE-2021-30061 | 0.00 | — | 0.00 | Apr 3, 2022 | On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, physically proximate attackers can execute code via a crafted file on a USB stick. | |||
| CVE-2022-0221 | 0.00 | — | 0.01 | Mar 28, 2022 | A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could result in information disclosure when opening a malicious solution file provided by an attacker with SCADAPack Workbench. This could be exploited to pass data from local files to a… | |||
| CVE-2021-22797 | 0.00 | — | 0.26 | Mar 28, 2022 | A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal) vulnerability exists that could cause malicious script to be deployed in an unauthorized location and may result in code execution on the engineering workstation when a malicious project file… | |||
| CVE-2021-22795 | 0.00 | — | 0.03 | Mar 28, 2022 | A CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause remote code execution when performed over the network. Affected Product: StruxureWare Data Center Expert (V7.8.1 and prior) | |||
| CVE-2021-22794 | 0.00 | — | 0.02 | Mar 28, 2022 | A CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause remote code execution. Affected Product: StruxureWare Data Center Expert (V7.8.1 and prior) | |||
| CVE-2019-6834 | 0.00 | — | 0.01 | Mar 28, 2022 | A CWE-502: Deserialization of Untrusted Data vulnerability exists which could allow an attacker to execute arbitrary code on the targeted system with SYSTEM privileges when placing a malicious user to be authenticated for this vulnerability to be successfully exploited. Affected… | |||
| CVE-2022-24323 | 0.00 | — | 0.01 | Mar 9, 2022 | A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause a disruption of communication between the Modicon controller and the engineering software, when an attacker is able to intercept and manipulate specific Modbus response data.… | |||
| CVE-2022-24322 | 0.00 | — | 0.01 | Mar 9, 2022 | A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause a disruption of communication between the Modicon controller and the engineering software when an attacker is able to intercept and manipulate specific Modbus… | |||
| CVE-2021-22783 | 0.00 | — | 0.00 | Mar 9, 2022 | A CWE-200: Information Exposure vulnerability exists which could allow a session hijack when the door panel is communicating with the door. Affected Product: Ritto Wiser Door (All versions) | |||
| CVE-2022-22806 | 0.00 | — | 0.12 | Mar 9, 2022 | A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause an unauthenticated connection to the UPS when a malformed connection is sent. Affected Product: SmartConnect Family: SMT Series (SMT Series ID=1015: UPS 04.5 and prior), SMC Series (SMC… | |||
| CVE-2021-22824 | 0.00 | — | 0.14 | Feb 11, 2022 | A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in denial of service, due to missing length check on user-supplied data from a constructed message received on the network. Affected Product: Interactive Graphical SCADA System Data… | |||
| CVE-2021-22823 | 0.00 | — | 0.21 | Feb 11, 2022 | A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause deletion of arbitrary files in the context of the user running IGSS due to lack of validation of network messages. Affected Product: Interactive Graphical SCADA System Data Collector… | |||
| CVE-2021-22800 | 0.00 | — | 0.01 | Feb 11, 2022 | A CWE-20: Improper Input Validation vulnerability exists that could cause a Denial of Service when a crafted packet is sent to the controller over network port 1105/TCP. Affected Product: Modicon M218 Logic Controller (V5.1.0.6 and prior) | |||
| CVE-2021-22805 | 0.00 | — | 0.01 | Feb 11, 2022 | A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause deletion of arbitrary files in the context of the user running IGSS due to lack of validation of network messages. Affected Product: Interactive Graphical SCADA System Data Collector… | |||
| CVE-2021-22804 | 0.00 | — | 0.01 | Feb 11, 2022 | A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists that could cause disclosure of arbitrary files being read in the context of the user running IGSS, due to missing validation of user supplied data in network messages. Affected Product:… | |||
| CVE-2021-22803 | 0.00 | — | 0.02 | Feb 11, 2022 | A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could lead to remote code execution through a number of paths, when an attacker, writes arbitrary files to folders in context of the DC module, by sending constructed messages on the network.… | |||
| CVE-2021-22802 | 0.00 | — | 0.20 | Feb 11, 2022 | A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in remote code execution due to missing length check on user supplied data, when a constructed message is received on the network. Affected Product: Interactive Graphical SCADA System… | |||
| CVE-2021-22801 | 0.00 | — | 0.01 | Feb 11, 2022 | A CWE-269: Improper Privilege Management vulnerability exists that could cause an arbitrary command execution when the software is configured with specially crafted event actions. Affected Product: ConneXium Network Manager Software (All Versions) | |||
| CVE-2021-22806 | 0.00 | — | 0.01 | Feb 11, 2022 | A CWE-669: Incorrect Resource Transfer Between Spheres vulnerability exists that could cause data exfiltration and unauthorized access when accessing a malicious website. Affected Product: spaceLYnk (V2.6.1 and prior), Wiser for KNX (V2.6.1 and prior), fellerLYnk (V2.6.1 and… | |||
| CVE-2021-22796 | 0.00 | — | 0.01 | Feb 11, 2022 | A CWE-287: Improper Authentication vulnerability exists that could allow remote code execution when a malicious file is uploaded. Affected Product: C-Bus Toolkit (V1.15.9 and prior), C-Gate Server (V2.11.7 and prior) | |||
| CVE-2021-22748 | 0.00 | — | 0.02 | Feb 11, 2022 | A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could allow a remote code execution when a file is saved. Affected Product: C-Bus Toolkit (V1.15.9 and prior), C-Gate Server (V2.11.7 and prior) | |||
| CVE-2022-24321 | 0.00 | — | 0.01 | Feb 9, 2022 | A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause Denial of Service against the Geo SCADA server when receiving a malformed HTTP request. Affected Product: ClearSCADA (All Versions), EcoStruxure Geo SCADA Expert 2019 (All… | |||
| CVE-2021-22817 | 0.00 | — | 0.00 | Feb 9, 2022 | A CWE-276: Incorrect Default Permissions vulnerability exists that could cause unauthorized access to the base installation directory leading to local privilege escalation. Affected Product: Harmony/Magelis iPC Series (All Versions), Vijeo Designer (All Versions prior to V6.2… | |||
| CVE-2022-24320 | 0.00 | — | 0.01 | Feb 9, 2022 | A CWE-295: Improper Certificate Validation vulnerability exists that could allow a Man-in-theMiddle attack when communications between the client and Geo SCADA database server are intercepted. Affected Product: ClearSCADA (All Versions), EcoStruxure Geo SCADA Expert 2019 (All… | |||
| CVE-2022-24319 | 0.00 | — | 0.01 | Feb 9, 2022 | A CWE-295: Improper Certificate Validation vulnerability exists that could allow a Man-in-theMiddle attack when communications between the client and Geo SCADA web server are intercepted. Affected Product: ClearSCADA (All Versions), EcoStruxure Geo SCADA Expert 2019 (All… | |||
| CVE-2022-24318 | 0.00 | — | 0.00 | Feb 9, 2022 | A CWE-326: Inadequate Encryption Strength vulnerability exists that could cause non-encrypted communication with the server when outdated versions of the ViewX client are used. Affected Product: ClearSCADA (All Versions), EcoStruxure Geo SCADA Expert 2019 (All Versions),… | |||
| CVE-2022-22812 | 0.00 | — | 0.01 | Feb 9, 2022 | A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause a web session compromise when an attacker injects and then executes arbitrary malicious JavaScript code inside the target browser. Affected… |
- CVE-2022-34764Jul 13, 2022risk 0.00cvss —epss 0.01
A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause denial of service when parsing the URL. Affected Products: X80 advanced RTU Communication Module (BMENOR2200H) (V1.0), OPC UA Modicon Communication Module…
- CVE-2022-34763Jul 13, 2022risk 0.00cvss —epss 0.00
A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists that could cause loading of unauthorized firmware images due to improper verification of the firmware signature. Affected Products: X80 advanced RTU Communication Module (BMENOR2200H) (V2.01 and…
- CVE-2022-34762Jul 13, 2022risk 0.00cvss —epss 0.01
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause unauthorized firmware image loading when unsigned images are added to the firmware image path. Affected Products: X80 advanced RTU Communication Module…
- CVE-2022-34761Jul 13, 2022risk 0.00cvss —epss 0.01
A CWE-476: NULL Pointer Dereference vulnerability exists that could cause a denial of service of the webserver when parsing JSON content type. Affected Products: X80 advanced RTU Communication Module (BMENOR2200H) (V2.01 and later), OPC UA Modicon Communication Module…
- CVE-2022-34760Jul 13, 2022risk 0.00cvss —epss 0.01
A CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability exists that could cause a denial of service of the webserver due to improper handling of the cookies. Affected Products: X80 advanced RTU Communication Module (BMENOR2200H) (V1.0), OPC UA Modicon…
- CVE-2022-34759Jul 13, 2022risk 0.00cvss —epss 0.01
A CWE-787: Out-of-bounds Write vulnerability exists that could cause a denial of service of the webserver due to improper parsing of the HTTP Headers. Affected Products: X80 advanced RTU Communication Module (BMENOR2200H) (V1.0), OPC UA Modicon Communication Module (BMENUA0100)…
- CVE-2022-34758Jul 13, 2022risk 0.00cvss —epss 0.00
A CWE-20: Improper Input Validation vulnerability exists that could cause the device watchdog function to be disabled if the attacker had access to privileged user credentials. Affected Products: Easergy P5 (V01.401.102 and prior)
- CVE-2022-34757Jul 13, 2022risk 0.00cvss —epss 0.00
A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists where weak cipher suites can be used for the SSH connection between Easergy Pro software and the device, which may allow an attacker to observe protected communication details. Affected Products:…
- CVE-2022-34756Jul 13, 2022risk 0.00cvss —epss 0.01
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in remote code execution or the crash of HTTPs stack which is used for the device Web HMI. Affected Products: Easergy P5 (V01.401.102 and prior)
- CVE-2022-34754Jul 13, 2022risk 0.00cvss —epss 0.00
A CWE-269: Improper Privilege Management vulnerability exists that could allow elevated functionality when guessing credentials. Affected Products: Acti9 PowerTag Link C (A9XELC10-A) (V1.7.5 and prior), Acti9 PowerTag Link C (A9XELC10-B) (V2.12.0 and prior)
- CVE-2022-32530Jun 24, 2022risk 0.00cvss —epss 0.00
A CWE-668 Exposure of Resource to Wrong Sphere vulnerability exists that could cause users to be misled, hiding alarms, showing the wrong server connection option or the wrong control request when a mobile device has been compromised by a malicious application. Affected Product:…
- CVE-2022-30238Jun 2, 2022risk 0.00cvss —epss 0.01
A CWE-287: Improper Authentication vulnerability exists that could allow an attacker to take over the admin account when an attacker hijacks a session. Affected Products: Wiser Smart, EER21000 & EER21001 (V4.5 and prior)
- CVE-2022-30237Jun 2, 2022risk 0.00cvss —epss 0.00
A CWE-311: Missing Encryption of Sensitive Data vulnerability exists that could allow authentication credentials to be recovered when an attacker breaks the encoding. Affected Products: Wiser Smart, EER21000 & EER21001 (V4.5 and prior)
- CVE-2022-30236Jun 2, 2022risk 0.00cvss —epss 0.01
A CWE-669: Incorrect Resource Transfer Between Spheres vulnerability exists that could allow unauthorized access when an attacker uses cross-domain attacks. Affected Products: Wiser Smart, EER21000 & EER21001 (V4.5 and prior)
- CVE-2022-30235Jun 2, 2022risk 0.00cvss —epss 0.01
A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could allow unauthorized access when an attacker uses brute force. Affected Products: Wiser Smart, EER21000 & EER21001 (V4.5 and prior)
- CVE-2022-30234Jun 2, 2022risk 0.00cvss —epss 0.01
A CWE-798: Use of Hard-coded Credentials vulnerability exists that could allow arbitrary code to be executed when root level access is obtained. Affected Products: Wiser Smart, EER21000 & EER21001 (V4.5 and prior)
- CVE-2022-30233Jun 2, 2022risk 0.00cvss —epss 0.01
A CWE-20: Improper Input Validation vulnerability exists that could allow the product to be maliciously manipulated when the user is tricked into performing certain actions on a webpage. Affected Products: Wiser Smart, EER21000 & EER21001 (V4.5 and prior)
- CVE-2022-30232Jun 2, 2022risk 0.00cvss —epss 0.01
A CWE-20: Improper Input Validation vulnerability exists that could cause potential remote code execution when an attacker is able to intercept and modify a request on the same network or has configuration access to an ION device on the network. Affected Products: Wiser Smart,…
- CVE-2021-30066Apr 3, 2022risk 0.00cvss —epss 0.00
On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, an arbitrary firmware image can be loaded because firmware signature verification (for a USB stick) can be bypassed. NOTE: this issue…
- CVE-2021-30065Apr 3, 2022risk 0.00cvss —epss 0.01
On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, crafted ModBus packets can bypass the ModBus enforcer. NOTE: this issue exists because of an incomplete fix of CVE-2017-11401.
- CVE-2021-30064Apr 3, 2022risk 0.00cvss —epss 0.01
On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, an SSH login can succeed with hardcoded default credentials (if the device is in the uncommissioned state).
- CVE-2021-30063Apr 3, 2022risk 0.00cvss —epss 0.01
On Schneider Electric ConneXium Tofino OPCLSM TCSEFM0000 before 03.23 and Belden Tofino Xenon Security Appliance, crafted OPC packets can cause an OPC enforcer denial of service.
- CVE-2021-30062Apr 3, 2022risk 0.00cvss —epss 0.01
On Schneider Electric ConneXium Tofino OPCLSM TCSEFM0000 before 03.23 and Belden Tofino Xenon Security Appliance, crafted OPC packets can bypass the OPC enforcer.
- CVE-2021-30061Apr 3, 2022risk 0.00cvss —epss 0.00
On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, physically proximate attackers can execute code via a crafted file on a USB stick.
- CVE-2022-0221Mar 28, 2022risk 0.00cvss —epss 0.01
A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could result in information disclosure when opening a malicious solution file provided by an attacker with SCADAPack Workbench. This could be exploited to pass data from local files to a…
- CVE-2021-22797Mar 28, 2022risk 0.00cvss —epss 0.26
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal) vulnerability exists that could cause malicious script to be deployed in an unauthorized location and may result in code execution on the engineering workstation when a malicious project file…
- CVE-2021-22795Mar 28, 2022risk 0.00cvss —epss 0.03
A CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause remote code execution when performed over the network. Affected Product: StruxureWare Data Center Expert (V7.8.1 and prior)
- CVE-2021-22794Mar 28, 2022risk 0.00cvss —epss 0.02
A CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause remote code execution. Affected Product: StruxureWare Data Center Expert (V7.8.1 and prior)
- CVE-2019-6834Mar 28, 2022risk 0.00cvss —epss 0.01
A CWE-502: Deserialization of Untrusted Data vulnerability exists which could allow an attacker to execute arbitrary code on the targeted system with SYSTEM privileges when placing a malicious user to be authenticated for this vulnerability to be successfully exploited. Affected…
- CVE-2022-24323Mar 9, 2022risk 0.00cvss —epss 0.01
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause a disruption of communication between the Modicon controller and the engineering software, when an attacker is able to intercept and manipulate specific Modbus response data.…
- CVE-2022-24322Mar 9, 2022risk 0.00cvss —epss 0.01
A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause a disruption of communication between the Modicon controller and the engineering software when an attacker is able to intercept and manipulate specific Modbus…
- CVE-2021-22783Mar 9, 2022risk 0.00cvss —epss 0.00
A CWE-200: Information Exposure vulnerability exists which could allow a session hijack when the door panel is communicating with the door. Affected Product: Ritto Wiser Door (All versions)
- CVE-2022-22806Mar 9, 2022risk 0.00cvss —epss 0.12
A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause an unauthenticated connection to the UPS when a malformed connection is sent. Affected Product: SmartConnect Family: SMT Series (SMT Series ID=1015: UPS 04.5 and prior), SMC Series (SMC…
- CVE-2021-22824Feb 11, 2022risk 0.00cvss —epss 0.14
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in denial of service, due to missing length check on user-supplied data from a constructed message received on the network. Affected Product: Interactive Graphical SCADA System Data…
- CVE-2021-22823Feb 11, 2022risk 0.00cvss —epss 0.21
A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause deletion of arbitrary files in the context of the user running IGSS due to lack of validation of network messages. Affected Product: Interactive Graphical SCADA System Data Collector…
- CVE-2021-22800Feb 11, 2022risk 0.00cvss —epss 0.01
A CWE-20: Improper Input Validation vulnerability exists that could cause a Denial of Service when a crafted packet is sent to the controller over network port 1105/TCP. Affected Product: Modicon M218 Logic Controller (V5.1.0.6 and prior)
- CVE-2021-22805Feb 11, 2022risk 0.00cvss —epss 0.01
A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause deletion of arbitrary files in the context of the user running IGSS due to lack of validation of network messages. Affected Product: Interactive Graphical SCADA System Data Collector…
- CVE-2021-22804Feb 11, 2022risk 0.00cvss —epss 0.01
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists that could cause disclosure of arbitrary files being read in the context of the user running IGSS, due to missing validation of user supplied data in network messages. Affected Product:…
- CVE-2021-22803Feb 11, 2022risk 0.00cvss —epss 0.02
A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could lead to remote code execution through a number of paths, when an attacker, writes arbitrary files to folders in context of the DC module, by sending constructed messages on the network.…
- CVE-2021-22802Feb 11, 2022risk 0.00cvss —epss 0.20
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in remote code execution due to missing length check on user supplied data, when a constructed message is received on the network. Affected Product: Interactive Graphical SCADA System…
- CVE-2021-22801Feb 11, 2022risk 0.00cvss —epss 0.01
A CWE-269: Improper Privilege Management vulnerability exists that could cause an arbitrary command execution when the software is configured with specially crafted event actions. Affected Product: ConneXium Network Manager Software (All Versions)
- CVE-2021-22806Feb 11, 2022risk 0.00cvss —epss 0.01
A CWE-669: Incorrect Resource Transfer Between Spheres vulnerability exists that could cause data exfiltration and unauthorized access when accessing a malicious website. Affected Product: spaceLYnk (V2.6.1 and prior), Wiser for KNX (V2.6.1 and prior), fellerLYnk (V2.6.1 and…
- CVE-2021-22796Feb 11, 2022risk 0.00cvss —epss 0.01
A CWE-287: Improper Authentication vulnerability exists that could allow remote code execution when a malicious file is uploaded. Affected Product: C-Bus Toolkit (V1.15.9 and prior), C-Gate Server (V2.11.7 and prior)
- CVE-2021-22748Feb 11, 2022risk 0.00cvss —epss 0.02
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could allow a remote code execution when a file is saved. Affected Product: C-Bus Toolkit (V1.15.9 and prior), C-Gate Server (V2.11.7 and prior)
- CVE-2022-24321Feb 9, 2022risk 0.00cvss —epss 0.01
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause Denial of Service against the Geo SCADA server when receiving a malformed HTTP request. Affected Product: ClearSCADA (All Versions), EcoStruxure Geo SCADA Expert 2019 (All…
- CVE-2021-22817Feb 9, 2022risk 0.00cvss —epss 0.00
A CWE-276: Incorrect Default Permissions vulnerability exists that could cause unauthorized access to the base installation directory leading to local privilege escalation. Affected Product: Harmony/Magelis iPC Series (All Versions), Vijeo Designer (All Versions prior to V6.2…
- CVE-2022-24320Feb 9, 2022risk 0.00cvss —epss 0.01
A CWE-295: Improper Certificate Validation vulnerability exists that could allow a Man-in-theMiddle attack when communications between the client and Geo SCADA database server are intercepted. Affected Product: ClearSCADA (All Versions), EcoStruxure Geo SCADA Expert 2019 (All…
- CVE-2022-24319Feb 9, 2022risk 0.00cvss —epss 0.01
A CWE-295: Improper Certificate Validation vulnerability exists that could allow a Man-in-theMiddle attack when communications between the client and Geo SCADA web server are intercepted. Affected Product: ClearSCADA (All Versions), EcoStruxure Geo SCADA Expert 2019 (All…
- CVE-2022-24318Feb 9, 2022risk 0.00cvss —epss 0.00
A CWE-326: Inadequate Encryption Strength vulnerability exists that could cause non-encrypted communication with the server when outdated versions of the ViewX client are used. Affected Product: ClearSCADA (All Versions), EcoStruxure Geo SCADA Expert 2019 (All Versions),…
- CVE-2022-22812Feb 9, 2022risk 0.00cvss —epss 0.01
A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause a web session compromise when an attacker injects and then executes arbitrary malicious JavaScript code inside the target browser. Affected…
Page 8 of 15