Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2018-7777

Summary
Assigner-schneider
Assigner Org ID-076d1eb6-cfab-4401-b34d-6dfc2a413bdb
Published At-03 Jul, 2018 | 14:00
Updated At-17 Sep, 2024 | 03:23
Rejected At-
Credits

The vulnerability is due to insufficient handling of update_file request parameter on update_module.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. A remote, authenticated attacker can exploit this vulnerability by sending a crafted request to the target server.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:schneider
Assigner Org ID:076d1eb6-cfab-4401-b34d-6dfc2a413bdb
Published At:03 Jul, 2018 | 14:00
Updated At:17 Sep, 2024 | 03:23
Rejected At:
▼CVE Numbering Authority (CNA)

The vulnerability is due to insufficient handling of update_file request parameter on update_module.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. A remote, authenticated attacker can exploit this vulnerability by sending a crafted request to the target server.

Affected Products
Vendor
Schneider Electric SESchneider Electric SE
Product
U.Motion
Versions
Affected
  • U.motion Builder Software, all versions prior to v1.3.4
Problem Types
TypeCWE IDDescription
textN/ASamba Remote Code Execution
Type: text
CWE ID: N/A
Description: Samba Remote Code Execution
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.schneider-electric.com/en/download/document/SEVD-2018-095-01/
x_refsource_CONFIRM
http://packetstormsecurity.com/files/156184/Schneider-Electric-U.Motion-Builder-1.3.4-Command-Injection.html
x_refsource_MISC
Hyperlink: https://www.schneider-electric.com/en/download/document/SEVD-2018-095-01/
Resource:
x_refsource_CONFIRM
Hyperlink: http://packetstormsecurity.com/files/156184/Schneider-Electric-U.Motion-Builder-1.3.4-Command-Injection.html
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.schneider-electric.com/en/download/document/SEVD-2018-095-01/
x_refsource_CONFIRM
x_transferred
http://packetstormsecurity.com/files/156184/Schneider-Electric-U.Motion-Builder-1.3.4-Command-Injection.html
x_refsource_MISC
x_transferred
Hyperlink: https://www.schneider-electric.com/en/download/document/SEVD-2018-095-01/
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://packetstormsecurity.com/files/156184/Schneider-Electric-U.Motion-Builder-1.3.4-Command-Injection.html
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cybersecurity@se.com
Published At:03 Jul, 2018 | 14:29
Updated At:03 Feb, 2020 | 19:15

The vulnerability is due to insufficient handling of update_file request parameter on update_module.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. A remote, authenticated attacker can exploit this vulnerability by sending a crafted request to the target server.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.08.8HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary2.06.5MEDIUM
AV:N/AC:L/Au:S/C:P/I:P/A:P
Type: Primary
Version: 3.0
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 6.5
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:S/C:P/I:P/A:P
CPE Matches
Schneider Electric SE
schneider-electric
>>u.motion_builder>>Versions before 1.3.4(exclusive)
cpe:2.3:a:schneider-electric:u.motion_builder:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-20Primarynvd@nist.gov
CWE ID: CWE-20
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://packetstormsecurity.com/files/156184/Schneider-Electric-U.Motion-Builder-1.3.4-Command-Injection.htmlcybersecurity@se.com
N/A
https://www.schneider-electric.com/en/download/document/SEVD-2018-095-01/cybersecurity@se.com
Vendor Advisory
Hyperlink: http://packetstormsecurity.com/files/156184/Schneider-Electric-U.Motion-Builder-1.3.4-Command-Injection.html
Source: cybersecurity@se.com
Resource: N/A
Hyperlink: https://www.schneider-electric.com/en/download/document/SEVD-2018-095-01/
Source: cybersecurity@se.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

445Records found
CVE-2018-7832
Matching Score-10
Assigner-Schneider Electric
ShareView Details
Matching Score-10
Assigner-Schneider Electric
CVSS Score-8.8||HIGH
EPSS-1.28% / 78.71%
||
7 Day CHG~0.00%
Published-24 Dec, 2018 | 16:00
Updated-05 Aug, 2024 | 06:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Improper Input Validation vulnerability exists in Pro-Face GP-Pro EX v4.08 and previous versions which could cause the execution arbitrary executable when GP-Pro EX is launched.

Action-Not Available
Vendor-
Product-pro-face_gp-pro_exPro-Face GP-Pro EX v4.08 and previous versions
CWE ID-CWE-20
Improper Input Validation
CVE-2022-30232
Matching Score-10
Assigner-Schneider Electric
ShareView Details
Matching Score-10
Assigner-Schneider Electric
CVSS Score-8||HIGH
EPSS-0.62% / 69.11%
||
7 Day CHG~0.00%
Published-02 Jun, 2022 | 22:45
Updated-17 Sep, 2024 | 04:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-20: Improper Input Validation vulnerability exists that could cause potential remote code execution when an attacker is able to intercept and modify a request on the same network or has configuration access to an ION device on the network. Affected Products: Wiser Smart, EER21000 & EER21001 (V4.5 and prior)

Action-Not Available
Vendor-
Product-powerlogic_ion_setup_firmwarepowerlogic_ion_setupPower Logic ION Setup
CWE ID-CWE-20
Improper Input Validation
CVE-2018-7806
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-8.8||HIGH
EPSS-0.76% / 72.28%
||
7 Day CHG~0.00%
Published-30 Nov, 2018 | 19:00
Updated-05 Aug, 2024 | 06:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Data Center Operation allows for the upload of a zip file from its user interface to the server. A carefully crafted, malicious file could be mistakenly uploaded by an authenticated user via this feature which could contain path traversal file names. As such, it could allow for the arbitrary upload of files contained with the zip onto the server file system outside of the intended directory. This is leveraging the more commonly known ZipSlip vulnerability within Java code.

Action-Not Available
Vendor-
Product-struxureware_data_center_operationData Center Operation all versions
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2018-7802
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-8.8||HIGH
EPSS-0.87% / 74.24%
||
7 Day CHG~0.00%
Published-24 Dec, 2018 | 16:00
Updated-05 Aug, 2024 | 06:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A SQL Injection vulnerability exists in EVLink Parking, v3.2.0-12_v1 and earlier, which could give access to the web interface with full privileges.

Action-Not Available
Vendor-
Product-evlink_parkingevlink_parking_firmwareEVLink Parking v3.2.0-12_v1 and earlier
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2018-7782
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-8.8||HIGH
EPSS-0.21% / 43.41%
||
7 Day CHG~0.00%
Published-03 Jul, 2018 | 14:00
Updated-16 Sep, 2024 | 19:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Schneider Electric Pelco Sarix Professional 1st generation cameras with firmware versions prior to 3.29.69, authenticated users can view passwords in clear text.

Action-Not Available
Vendor-
Product-imp519-1er_firmwareimp319-1eribp319-1erimps110-1eibp519-1er_firmwareimp1110-1er_firmwareimps110-1eribp1110-1erimp519-1_firmwareimp519-1ibps110-1er_firmwareimp219-1_firmwareimp319-1_firmwareimps110-1er_firmwareimp219-1erimps110-1_firmwareibp319-1er_firmwareimp319-1er_firmwareimps110-1e_firmwareimp219-1e_firmwareimp219-1eibp219-1erimps110-1imp1110-1e_firmwareimp1110-1_firmwareimp519-1eimp319-1e_firmwareimp1110-1erimp219-1ibp219-1er_firmwareimp519-1erimp1110-1eimp319-1eibp1110-1er_firmwareibps110-1erimp219-1er_firmwareimp519-1e_firmwareimp1110-1ibp519-1erimp319-1Pelco Sarix Professional V1
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2018-7807
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-8.8||HIGH
EPSS-0.76% / 72.28%
||
7 Day CHG~0.00%
Published-30 Nov, 2018 | 19:00
Updated-05 Aug, 2024 | 06:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Data Center Expert, versions 7.5.0 and earlier, allows for the upload of a zip file from its user interface to the server. A carefully crafted, malicious file could be mistakenly uploaded by an authenticated user via this feature which could contain path traversal file names. As such, it could allow for the arbitrary upload of files contained with the zip onto the server file system outside of the intended directory. This is leveraging the more commonly known ZipSlip vulnerability within Java code.

Action-Not Available
Vendor-
Product-struxureware_data_center_expertData Center Expert versions 7.5.0 and earlier
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2018-7829
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-8.8||HIGH
EPSS-0.62% / 69.20%
||
7 Day CHG-0.03%
Published-22 May, 2019 | 19:35
Updated-05 Aug, 2024 | 06:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Improper Neutralization of Special Elements in Query vulnerability exists in the 1st Gen. Pelco Sarix Enhanced Camera and Spectra Enhanced PTZ Camera which allows an attacker to execute arbitrary system commands.

Action-Not Available
Vendor-n/a
Product-ime219-1ep_firmwareime119-1esime319-1ei_firmwareime219-1vi_firmwareime3122-1vp_firmwareime219-1vs_firmwareime319-1vs_firmwareime219-1esd6220ime219-1vp_firmwareixe31imes19-1eiime3122-1vpimes19-1sime3122-1epime219-1viimes19-1esime319-1eiime3122-1iimes19-1ep_firmwareimes19-1es_firmwared6220_firmwareime3122-b1iimes19-1s_firmwareime3122-b1s_firmwareime119-1vi_firmwared6230_firmwareime319-1s_firmwareime319-b1p_firmwareime319-1pime3122-b1pime319-1ep_firmwareime319-1vsime119-1vp_firmwareime219-1vpime219-1iime3122-1esixe21_firmwareime319-1p_firmwareime3122-1i_firmwareime319-1viimes19-1vsime119-1viimes19-1vp_firmwareime119-1pime3122-1vs_firmwareime219-1es_firmwareime319-1vpimes19-1vpime3122-1eiime319-b1s_firmwareimes19-1ei_firmwareime119-1ei_firmwareime219-1pixe11_firmwareime3122-1ei_firmwareime119-1vpime319-b1iixe31_firmwareime119-1vs_firmwareixes1ime219-1p_firmwareime3122-1ep_firmwareime3122-1vi_firmwareime219-1s_firmwareime119-1vsime119-1es_firmwareimes19-1epime219-1epime319-1vi_firmwareime119-1i_firmwareime119-1eiime319-1iimes19-1iime319-b1sime3122-1p_firmwareimes19-1vi_firmwareimes19-1vs_firmwareime3122-1sime119-1iimes19-1viimes19-1i_firmwareime319-1vp_firmwareime319-1i_firmwareimes19-1pime219-1sime319-b1i_firmwareime3122-1s_firmwareime219-1i_firmwareime3122-1viixe21d6230lime119-1p_firmwareime219-1eiime319-1es_firmwared6230l_firmwareime319-b1pime319-1esd6230ime3122-b1sime219-1ei_firmwareime119-1epd6220lime3122-1vsime219-1vsimes19-1p_firmwareime319-1epime3122-1es_firmwareime119-1sime119-1ep_firmwared6220l_firmwareixes1_firmwareime3122-b1i_firmwareime3122-b1p_firmwareime319-1sixe11ime119-1s_firmwareime3122-1pPelco Sarix Enhanced and Spectra Enhanced, Pelco Sarix Enhanced 1st generation and Spectra Enhanced PTZ
CWE ID-CWE-943
Improper Neutralization of Special Elements in Data Query Logic
CVE-2018-7826
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-8.8||HIGH
EPSS-1.05% / 76.63%
||
7 Day CHG-0.06%
Published-22 May, 2019 | 19:33
Updated-05 Aug, 2024 | 06:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Command Injection vulnerability exists in the web-based GUI of the 1st Gen Pelco Sarix Enhanced Camera that could allow a remote attacker to execute arbitrary commands.

Action-Not Available
Vendor-n/a
Product-ime219-1ep_firmwareime119-1esime319-1ei_firmwareime219-1vi_firmwareime3122-1vp_firmwareime219-1vs_firmwareime319-1vs_firmwareime219-1esd6220ime219-1vp_firmwareixe31imes19-1eiime3122-1vpimes19-1sime3122-1epime219-1viimes19-1esime319-1eiime3122-1iimes19-1ep_firmwareimes19-1es_firmwared6220_firmwareime3122-b1iimes19-1s_firmwareime3122-b1s_firmwareime119-1vi_firmwared6230_firmwareime319-1s_firmwareime319-b1p_firmwareime319-1pime3122-b1pime319-1ep_firmwareime319-1vsime119-1vp_firmwareime219-1vpime219-1iime3122-1esixe21_firmwareime319-1p_firmwareime3122-1i_firmwareime319-1viimes19-1vsime119-1viimes19-1vp_firmwareime119-1pime3122-1vs_firmwareime219-1es_firmwareime319-1vpimes19-1vpime3122-1eiime319-b1s_firmwareimes19-1ei_firmwareime119-1ei_firmwareime219-1pixe11_firmwareime3122-1ei_firmwareime119-1vpime319-b1iixe31_firmwareime119-1vs_firmwareixes1ime219-1p_firmwareime3122-1ep_firmwareime3122-1vi_firmwareime219-1s_firmwareime119-1vsime119-1es_firmwareimes19-1epime219-1epime319-1vi_firmwareime119-1i_firmwareime119-1eiime319-1iimes19-1iime319-b1sime3122-1p_firmwareimes19-1vi_firmwareimes19-1vs_firmwareime3122-1sime119-1iimes19-1viimes19-1i_firmwareime319-1vp_firmwareime319-1i_firmwareimes19-1pime219-1sime319-b1i_firmwareime3122-1s_firmwareime219-1i_firmwareime3122-1viixe21d6230lime119-1p_firmwareime219-1eiime319-1es_firmwared6230l_firmwareime319-b1pime319-1esd6230ime3122-b1sime219-1ei_firmwareime119-1epd6220lime3122-1vsime219-1vsimes19-1p_firmwareime319-1epime3122-1es_firmwareime119-1sime119-1ep_firmwared6220l_firmwareixes1_firmwareime3122-b1i_firmwareime3122-b1p_firmwareime319-1sixe11ime119-1s_firmwareime3122-1pPelco Sarix Enhanced and Spectra Enhanced, Pelco Sarix Enhanced 1st generation and Spectra Enhanced PTZ
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2018-7781
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-8.8||HIGH
EPSS-0.15% / 35.98%
||
7 Day CHG~0.00%
Published-03 Jul, 2018 | 14:00
Updated-16 Sep, 2024 | 19:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Schneider Electric Pelco Sarix Professional 1st generation cameras with firmware versions prior to 3.29.69, by sending a specially crafted request an authenticated user can view password in clear text and results in privilege escalation.

Action-Not Available
Vendor-
Product-imp519-1er_firmwareimp319-1eribp319-1erimps110-1eibp519-1er_firmwareimp1110-1er_firmwareimps110-1eribp1110-1erimp519-1_firmwareimp519-1ibps110-1er_firmwareimp219-1_firmwareimp319-1_firmwareimps110-1er_firmwareimp219-1erimps110-1_firmwareibp319-1er_firmwareimp319-1er_firmwareimps110-1e_firmwareimp219-1e_firmwareimp219-1eibp219-1erimps110-1imp1110-1e_firmwareimp1110-1_firmwareimp519-1eimp319-1e_firmwareimp1110-1erimp219-1ibp219-1er_firmwareimp519-1erimp1110-1eimp319-1eibp1110-1er_firmwareibps110-1erimp219-1er_firmwareimp519-1e_firmwareimp1110-1ibp519-1erimp319-1Pelco Sarix Professional V1
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CVE-2018-7240
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-8.8||HIGH
EPSS-0.44% / 62.11%
||
7 Day CHG~0.00%
Published-18 Apr, 2018 | 20:00
Updated-05 Aug, 2024 | 06:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability exists in Schneider Electric's Modicon Quantum in all versions of the communication modules which could allow arbitrary code execution. An FTP command used to upgrade the firmware of the module can be misused to cause a denial of service, or in extreme cases, to load a malicious firmware.

Action-Not Available
Vendor-
Product-140cpu65160c140cpu65150140cpu65160c_firmware140cpu65160s140cpu65260_firmware140cpu65160_firmware140cpu65160s_firmware140cpu65860_firmware140cpu43412uc_firmware140cpu65860140cpu65260c140cpu65150c140cpu43412u_firmware140cpu31110140cpu65160140cpu65150c_firmware140cpu65260c_firmware140cpu65150_firmware140cpu65860c140cpu31110_firmware140cpu31110c140cpu65260140cpu31110c_firmware140cpu43412u140cpu43412uc140cpu65860c_firmwareModicon Quantum
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-7825
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-8.8||HIGH
EPSS-1.05% / 76.63%
||
7 Day CHG-0.06%
Published-22 May, 2019 | 19:32
Updated-05 Aug, 2024 | 06:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Command Injection vulnerability exists in the web-based GUI of the 1st Gen PelcoSarix Enhanced Camera that could allow a remote attacker to execute arbitrary commands.

Action-Not Available
Vendor-n/a
Product-ime219-1ep_firmwareime119-1esime319-1ei_firmwareime219-1vi_firmwareime3122-1vp_firmwareime219-1vs_firmwareime319-1vs_firmwareime219-1esd6220ime219-1vp_firmwareixe31imes19-1eiime3122-1vpimes19-1sime3122-1epime219-1viimes19-1esime319-1eiime3122-1iimes19-1ep_firmwareimes19-1es_firmwared6220_firmwareime3122-b1iimes19-1s_firmwareime3122-b1s_firmwareime119-1vi_firmwared6230_firmwareime319-1s_firmwareime319-b1p_firmwareime319-1pime3122-b1pime319-1ep_firmwareime319-1vsime119-1vp_firmwareime219-1vpime219-1iime3122-1esixe21_firmwareime319-1p_firmwareime3122-1i_firmwareime319-1viimes19-1vsime119-1viimes19-1vp_firmwareime119-1pime3122-1vs_firmwareime219-1es_firmwareime319-1vpimes19-1vpime3122-1eiime319-b1s_firmwareimes19-1ei_firmwareime119-1ei_firmwareime219-1pixe11_firmwareime3122-1ei_firmwareime119-1vpime319-b1iixe31_firmwareime119-1vs_firmwareixes1ime219-1p_firmwareime3122-1ep_firmwareime3122-1vi_firmwareime219-1s_firmwareime119-1vsime119-1es_firmwareimes19-1epime219-1epime319-1vi_firmwareime119-1i_firmwareime119-1eiime319-1iimes19-1iime319-b1sime3122-1p_firmwareimes19-1vi_firmwareimes19-1vs_firmwareime3122-1sime119-1iimes19-1viimes19-1i_firmwareime319-1vp_firmwareime319-1i_firmwareimes19-1pime219-1sime319-b1i_firmwareime3122-1s_firmwareime219-1i_firmwareime3122-1viixe21d6230lime119-1p_firmwareime219-1eiime319-1es_firmwared6230l_firmwareime319-b1pime319-1esd6230ime3122-b1sime219-1ei_firmwareime119-1epd6220lime3122-1vsime219-1vsimes19-1p_firmwareime319-1epime3122-1es_firmwareime119-1sime119-1ep_firmwared6220l_firmwareixes1_firmwareime3122-b1i_firmwareime3122-b1p_firmwareime319-1sixe11ime119-1s_firmwareime3122-1pPelco Sarix Enhanced and Spectra Enhanced, Pelco Sarix Enhanced 1st generation and Spectra Enhanced PTZ
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-22735
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-7.2||HIGH
EPSS-0.84% / 73.83%
||
7 Day CHG~0.00%
Published-26 May, 2021 | 19:19
Updated-03 Aug, 2024 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper Verification of Cryptographic Signature vulnerability exists inhomeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior which could allow remote code execution when unauthorized code is copied to the device.

Action-Not Available
Vendor-n/a
Product-homelynkspacelynk_firmwarehomelynk_firmwarespacelynkhomeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2021-22717
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-8.8||HIGH
EPSS-17.68% / 94.84%
||
7 Day CHG~0.00%
Published-13 Apr, 2021 | 18:31
Updated-03 Aug, 2024 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in C-Bus Toolkit (V1.15.7 and prior) that could allow a remote code execution when processing config files.

Action-Not Available
Vendor-n/a
Product-c-bus_toolkitC-Bus Toolkit V1.15.7 and prior
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-22720
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-7.2||HIGH
EPSS-12.00% / 93.51%
||
7 Day CHG~0.00%
Published-13 Apr, 2021 | 18:32
Updated-03 Aug, 2024 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in C-Bus Toolkit (V1.15.7 and prior) that could allow a remote code execution when restoring a project.

Action-Not Available
Vendor-n/a
Product-c-bus_toolkitC-Bus Toolkit V1.15.7 and prior
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-22748
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-8.8||HIGH
EPSS-3.80% / 87.63%
||
7 Day CHG~0.00%
Published-11 Feb, 2022 | 17:40
Updated-03 Aug, 2024 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could allow a remote code execution when a file is saved. Affected Product: C-Bus Toolkit (V1.15.9 and prior), C-Gate Server (V2.11.7 and prior)

Action-Not Available
Vendor-n/a
Product-c-bus_toolkitC-Bus Toolkit (V1.15.9 and prior), C-Gate Server (V2.11.7 and prior)
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-22734
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-7.2||HIGH
EPSS-0.84% / 73.83%
||
7 Day CHG~0.00%
Published-26 May, 2021 | 19:19
Updated-03 Aug, 2024 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper Verification of Cryptographic Signature vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior which could cause remote code execution when an attacker loads unauthorized code.

Action-Not Available
Vendor-n/a
Product-homelynkspacelynk_firmwarehomelynk_firmwarespacelynkhomeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2020-7509
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-7.2||HIGH
EPSS-0.40% / 59.80%
||
7 Day CHG~0.00%
Published-16 Jun, 2020 | 19:44
Updated-04 Aug, 2024 | 09:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-269: Improper privilege management (write) vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to elevate their privileges and delete files.

Action-Not Available
Vendor-n/a
Product-easergy_t300easergy_t300_firmwareEasergy T300 (Firmware version 1.5.2 and older)
CWE ID-CWE-269
Improper Privilege Management
CVE-2020-7547
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-8.8||HIGH
EPSS-0.36% / 57.22%
||
7 Day CHG~0.00%
Published-01 Dec, 2020 | 14:44
Updated-04 Aug, 2024 | 09:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-284: Improper Access Control vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) that could allow a user the ability to perform actions via the web interface at a higher privilege level.

Action-Not Available
Vendor-n/a
Product-ecostruxure_energy_expertpower_managerpowerscada_expert_with_advanced_reporting_and_dashboardspowerscada_operation_with_advanced_reporting_and_dashboardsecostruxure_power_monitoring_expertEcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information)
CWE ID-CWE-284
Improper Access Control
CVE-2020-7545
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-7.2||HIGH
EPSS-0.46% / 63.23%
||
7 Day CHG~0.00%
Published-01 Dec, 2020 | 14:44
Updated-04 Aug, 2024 | 09:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-284:Improper Access Control vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) that could allow for arbitrary code execution on the server when an authorized user access an affected webpage.

Action-Not Available
Vendor-n/a
Product-ecostruxure_energy_expertpower_managerpowerscada_expert_with_advanced_reporting_and_dashboardspowerscada_operation_with_advanced_reporting_and_dashboardsecostruxure_power_monitoring_expertEcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information)
CWE ID-CWE-284
Improper Access Control
CVE-2020-7501
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-8.8||HIGH
EPSS-0.34% / 55.76%
||
7 Day CHG~0.00%
Published-16 Jun, 2020 | 19:40
Updated-04 Aug, 2024 | 09:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-798: Use of Hard-coded Credentials vulnerability exists in Vijeo Designer Basic (V1.1 HotFix 16 and prior) and Vijeo Designer (V6.2 SP9 and prior) which could cause unauthorized read and write when downloading and uploading project or firmware into Vijeo Designer Basic and Vijeo Designer.

Action-Not Available
Vendor-n/a
Product-vijeo_designerVijeo Designer Basic (V1.1 HotFix 16 and prior) and Vijeo Designer (V6.2 SP9 and prior)
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2020-7564
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-8.8||HIGH
EPSS-1.23% / 78.36%
||
7 Day CHG~0.00%
Published-18 Nov, 2020 | 13:51
Updated-04 Aug, 2024 | 09:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details) which could cause write access and the execution of commands when uploading a specially crafted file on the controller over FTP.

Action-Not Available
Vendor-n/a
Product-modicon_quantum_140cpu65150c_firmwaremodicon_m340_bmx_p34-2010_firmwaremodicon_m340_bmx_noe_0100h_firmwaremodicon_tsxp575634modicon_quantum_140noe77101_firmwaremodicon_m340_bmx_noc_0401modicon_quantum_140cpu65160c_firmwaremodicon_tsxp576634_firmwaremodicon_tsxety5103modicon_tsxp576634modicon_quantum_140cpu65160modicon_quantum_140noe77111_firmwaremodicon_tsxp575634_firmwaremodicon_m340_bmx_noe_0110hmodicon_quantum_140cpu65160_firmwaremodicon_m340_bmx_noe_0100_firmwaremodicon_m340_bmx_noe_0110_firmwaremodicon_m340_bmx_noe_0110h_firmwaremodicon_quantum_140cpu65160cmodicon_m340_bmx_nor_0200hmodicon_quantum_140cpu65150_firmwaremodicon_m340_bmx_p34-2030modicon_quantum_140cpu65150cmodicon_quantum_140cpu65150modicon_tsxety5103_firmwaremodicon_quantum_140noe77101modicon_m340_bmx_noc_0401_firmwaremodicon_m340_bmx_noe_0100hmodicon_tsxety4103modicon_m340_bmx_noe_0110modicon_quantum_140noc78100modicon_m340_bmx_noe_0100modicon_tsxp574634_firmwaremodicon_quantum_140noc78100_firmwaremodicon_m340_bmx_nor_0200h_firmwaremodicon_quantum_140noe77111modicon_m340_bmx_p34-2010modicon_m340_bmx_p34-2030_firmwaremodicon_tsxety4103_firmwaremodicon_tsxp574634Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details)
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2020-7530
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-8.8||HIGH
EPSS-0.44% / 62.36%
||
7 Day CHG~0.00%
Published-16 Sep, 2020 | 15:40
Updated-04 Aug, 2024 | 09:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-285 Improper Authorization vulnerability exists in SCADAPack 7x Remote Connect (V3.6.3.574 and prior) which allows improper access to executable code folders.

Action-Not Available
Vendor-n/a
Product-scadapack_7x_remote_connectSCADAPack 7x Remote Connect V3.6.3.574 and prior.
CWE ID-CWE-285
Improper Authorization
CVE-2020-28213
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-8.8||HIGH
EPSS-0.35% / 56.64%
||
7 Day CHG~0.00%
Published-19 Nov, 2020 | 21:03
Updated-04 Aug, 2024 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-494: Download of Code Without Integrity Check vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause unauthorized command execution when sending specially crafted requests over Modbus.

Action-Not Available
Vendor-n/a
Product-ecostruxure_control_expertPLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions)
CWE ID-CWE-494
Download of Code Without Integrity Check
CVE-2019-6810
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-8.8||HIGH
EPSS-0.54% / 66.64%
||
7 Day CHG~0.00%
Published-17 Sep, 2019 | 19:52
Updated-04 Aug, 2024 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CWE-284: Improper Access Control vulnerability exists in BMXNOR0200H Ethernet / Serial RTU module (all firmware versions), which could cause the execution of commands by unauthorized users when using IEC 60870-5-104 protocol.

Action-Not Available
Vendor-
Product-bmxnor0200h_firmwarebmxnor0200hBMXNOR0200H Ethernet / Serial RTU module
CWE ID-CWE-284
Improper Access Control
CVE-2019-6839
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-8.8||HIGH
EPSS-0.51% / 65.40%
||
7 Day CHG~0.00%
Published-17 Sep, 2019 | 19:17
Updated-04 Aug, 2024 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15), which could allow a user with low privileges to upload a rogue file.

Action-Not Available
Vendor-n/a
Product-meg6260-0415_firmwaremeg6260-0410meg6501-0001_firmwaremeg6501-0002meg6260-0410_firmwaremeg6501-0001meg6260-0415meg6501-0002_firmwareU.motion Servers (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, and MEG6260-0415 - U.motion KNX Server Plus, Touch 1)
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2021-22719
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-8.8||HIGH
EPSS-15.63% / 94.43%
||
7 Day CHG~0.00%
Published-13 Apr, 2021 | 18:32
Updated-03 Aug, 2024 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in C-Bus Toolkit (V1.15.7 and prior) that could allow a remote code execution when a file is uploaded.

Action-Not Available
Vendor-n/a
Product-c-bus_toolkitC-Bus Toolkit V1.15.7 and prior
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-22708
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-7.2||HIGH
EPSS-0.24% / 47.65%
||
7 Day CHG~0.00%
Published-21 Jul, 2021 | 10:41
Updated-03 Aug, 2024 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could allow an attacker to craft a malicious firmware package and bypass the signature verification mechanism.

Action-Not Available
Vendor-n/a
Product-evlink_city_evc1s22p4evlink_parking_evf2evlink_parking_evf2_firmwareevlink_parking_ev.2_firmwareevlink_parking_evw2evlink_city_evc1s22p4_firmwareevlink_city_evc1s7p4_firmwareevlink_smart_wallbox_evb1a_firmwareevlink_smart_wallbox_evb1aevlink_parking_evw2_firmwareevlink_parking_ev.2evlink_city_evc1s7p4EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 )
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2020-7572
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-8.8||HIGH
EPSS-0.48% / 64.02%
||
7 Day CHG~0.00%
Published-19 Nov, 2020 | 21:02
Updated-04 Aug, 2024 | 09:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-611 Improper Restriction of XML External Entity Reference vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause an authenticated remote user being able to inject arbitrary XML code and obtain disclosure of confidential data, denial of service, server side request forgery due to improper configuration of the XML parser.

Action-Not Available
Vendor-n/a
Product-webreportsEcoStruxure Building Operation WebReports V1.9 - V3.1
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2021-22793
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-7.2||HIGH
EPSS-0.54% / 66.75%
||
7 Day CHG~0.00%
Published-02 Sep, 2021 | 16:53
Updated-03 Aug, 2024 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exist in AccuSine PCS+ / PFV+ (Versions prior to V1.6.7) and AccuSine PCSn (Versions prior to V2.2.4) that could allow an authenticated attacker to access the device via FTP protocol.

Action-Not Available
Vendor-n/a
Product-accusine_pcsnaccusine_pcsn_active_harmonic_filter_firmwareaccusine_pcs\+accusine_pfv\+accusine_pcsp_pfvp_firmwareAccuSine PCS+ / PFV+ (Versions prior to V1.6.7) and AccuSine PCSn (Versions prior to V2.2.4)
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2020-7563
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-8.8||HIGH
EPSS-1.04% / 76.55%
||
7 Day CHG~0.00%
Published-18 Nov, 2020 | 13:50
Updated-04 Aug, 2024 | 09:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-787: Out-of-bounds Write vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details) which could cause corruption of data, a crash, or code execution when uploading a specially crafted file on the controller over FTP.

Action-Not Available
Vendor-n/a
Product-modicon_quantum_140cpu65150c_firmwaremodicon_m340_bmx_p34-2010_firmwaremodicon_m340_bmx_noe_0100h_firmwaremodicon_tsxp575634modicon_quantum_140noe77101_firmwaremodicon_m340_bmx_noc_0401modicon_quantum_140cpu65160c_firmwaremodicon_tsxp576634_firmwaremodicon_tsxety5103modicon_tsxp576634modicon_quantum_140cpu65160modicon_quantum_140noe77111_firmwaremodicon_tsxp575634_firmwaremodicon_m340_bmx_noe_0110hmodicon_quantum_140cpu65160_firmwaremodicon_m340_bmx_noe_0100_firmwaremodicon_m340_bmx_noe_0110_firmwaremodicon_m340_bmx_noe_0110h_firmwaremodicon_quantum_140cpu65160cmodicon_m340_bmx_nor_0200hmodicon_quantum_140cpu65150_firmwaremodicon_m340_bmx_p34-2030modicon_quantum_140cpu65150cmodicon_quantum_140cpu65150modicon_tsxety5103_firmwaremodicon_quantum_140noe77101modicon_m340_bmx_noc_0401_firmwaremodicon_m340_bmx_noe_0100hmodicon_tsxety4103modicon_m340_bmx_noe_0110modicon_quantum_140noc78100modicon_m340_bmx_noe_0100modicon_tsxp574634_firmwaremodicon_quantum_140noc78100_firmwaremodicon_m340_bmx_nor_0200h_firmwaremodicon_quantum_140noe77111modicon_m340_bmx_p34-2010modicon_m340_bmx_p34-2030_firmwaremodicon_tsxety4103_firmwaremodicon_tsxp574634Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details)
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-7569
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-8.8||HIGH
EPSS-1.49% / 80.26%
||
7 Day CHG~0.00%
Published-19 Nov, 2020 | 21:02
Updated-04 Aug, 2024 | 09:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-434 Unrestricted Upload of File with Dangerous Type vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause an authenticated remote user being able to upload arbitrary files due to incorrect verification of user supplied files and achieve remote code execution.

Action-Not Available
Vendor-n/a
Product-webreportsEcoStruxure Building Operation WebReports V1.9 - V3.1
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2018-7233
Matching Score-6
Assigner-Schneider Electric
ShareView Details
Matching Score-6
Assigner-Schneider Electric
CVSS Score-9.8||CRITICAL
EPSS-1.20% / 78.08%
||
7 Day CHG~0.00%
Published-09 Mar, 2018 | 23:00
Updated-17 Sep, 2024 | 01:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow execution of commands due to lack of validation of the shell meta characters with the value of 'model_name' or 'mac_address'.

Action-Not Available
Vendor-
Product-imp519-1er_firmwareibp319-1erimp319-1erimps110-1eibp519-1er_firmwareimp1110-1er_firmwareimps110-1eribp1110-1erimp519-1_firmwareimp519-1ibps110-1er_firmwareimp219-1_firmwareimp319-1_firmwareimps110-1er_firmwareimp219-1erimp319-1mps110-1ibp319-1er_firmwareimp319-1er_firmwareimps110-1e_firmwareimp219-1e_firmwareimp219-1eibp219-1erimp1110-1e_firmwareimp1110-1_firmwareimp519-1eimp319-1e_firmwareimp1110-1erimp219-1ibp219-1er_firmwareimp519-1erimp1110-1eimp319-1eibp1110-1er_firmwareibps110-1erimp219-1er_firmwareimp519-1e_firmwareimp1110-1ibp519-1ermps110-1_firmwarePelco Sarix Professional
CWE ID-CWE-20
Improper Input Validation
CVE-2018-7787
Matching Score-6
Assigner-Schneider Electric
ShareView Details
Matching Score-6
Assigner-Schneider Electric
CVSS Score-5.3||MEDIUM
EPSS-0.21% / 43.30%
||
7 Day CHG~0.00%
Published-03 Jul, 2018 | 14:00
Updated-17 Sep, 2024 | 02:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Schneider Electric U.motion Builder software versions prior to v1.3.4, this vulnerability is due to improper validation of input of context parameter in HTTP GET request.

Action-Not Available
Vendor-
Product-u.motion_builderU.motion Builder
CWE ID-CWE-20
Improper Input Validation
CVE-2018-7237
Matching Score-6
Assigner-Schneider Electric
ShareView Details
Matching Score-6
Assigner-Schneider Electric
CVSS Score-9.1||CRITICAL
EPSS-0.53% / 66.16%
||
7 Day CHG~0.00%
Published-09 Mar, 2018 | 23:00
Updated-16 Sep, 2024 | 23:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow a remote attacker to delete arbitrary system file due to lack of validation of the /login/bin/set_param to the file name with the value of 'system.delete.sd_file'

Action-Not Available
Vendor-
Product-imp519-1er_firmwareibp319-1erimp319-1erimps110-1eibp519-1er_firmwareimp1110-1er_firmwareimps110-1eribp1110-1erimp519-1_firmwareimp519-1ibps110-1er_firmwareimp219-1_firmwareimp319-1_firmwareimps110-1er_firmwareimp219-1erimp319-1mps110-1ibp319-1er_firmwareimp319-1er_firmwareimps110-1e_firmwareimp219-1e_firmwareimp219-1eibp219-1erimp1110-1e_firmwareimp1110-1_firmwareimp519-1eimp319-1e_firmwareimp1110-1erimp219-1ibp219-1er_firmwareimp519-1erimp1110-1eimp319-1eibp1110-1er_firmwareibps110-1erimp219-1er_firmwareimp519-1e_firmwareimp1110-1ibp519-1ermps110-1_firmwarePelco Sarix Professional
CWE ID-CWE-20
Improper Input Validation
CVE-2018-7235
Matching Score-6
Assigner-Schneider Electric
ShareView Details
Matching Score-6
Assigner-Schneider Electric
CVSS Score-7.5||HIGH
EPSS-0.31% / 53.41%
||
7 Day CHG~0.00%
Published-09 Mar, 2018 | 23:00
Updated-17 Sep, 2024 | 03:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow arbitrary system file download due to lack of validation of the shell meta characters with the value of 'system.download.sd_file'

Action-Not Available
Vendor-
Product-imp519-1er_firmwareibp319-1erimp319-1erimps110-1eibp519-1er_firmwareimp1110-1er_firmwareimps110-1eribp1110-1erimp519-1_firmwareimp519-1ibps110-1er_firmwareimp219-1_firmwareimp319-1_firmwareimps110-1er_firmwareimp219-1erimp319-1mps110-1ibp319-1er_firmwareimp319-1er_firmwareimps110-1e_firmwareimp219-1e_firmwareimp219-1eibp219-1erimp1110-1e_firmwareimp1110-1_firmwareimp519-1eimp319-1e_firmwareimp1110-1erimp219-1ibp219-1er_firmwareimp519-1erimp1110-1eimp319-1eibp1110-1er_firmwareibps110-1erimp219-1er_firmwareimp519-1e_firmwareimp1110-1ibp519-1ermps110-1_firmwarePelco Sarix Professional
CWE ID-CWE-20
Improper Input Validation
CVE-2018-7232
Matching Score-6
Assigner-Schneider Electric
ShareView Details
Matching Score-6
Assigner-Schneider Electric
CVSS Score-9.8||CRITICAL
EPSS-1.20% / 78.08%
||
7 Day CHG~0.00%
Published-09 Mar, 2018 | 23:00
Updated-17 Sep, 2024 | 00:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow execution of commands due to lack of validation of the shell meta characters with the value of 'network.ieee8021x.delete_certs'.

Action-Not Available
Vendor-
Product-imp519-1er_firmwareibp319-1erimp319-1erimps110-1eibp519-1er_firmwareimp1110-1er_firmwareimps110-1eribp1110-1erimp519-1_firmwareimp519-1ibps110-1er_firmwareimp219-1_firmwareimp319-1_firmwareimps110-1er_firmwareimp219-1erimp319-1mps110-1ibp319-1er_firmwareimp319-1er_firmwareimps110-1e_firmwareimp219-1e_firmwareimp219-1eibp219-1erimp1110-1e_firmwareimp1110-1_firmwareimp519-1eimp319-1e_firmwareimp1110-1erimp219-1ibp219-1er_firmwareimp519-1erimp1110-1eimp319-1eibp1110-1er_firmwareibps110-1erimp219-1er_firmwareimp519-1e_firmwareimp1110-1ibp519-1ermps110-1_firmwarePelco Sarix Professional
CWE ID-CWE-20
Improper Input Validation
CVE-2018-7761
Matching Score-6
Assigner-Schneider Electric
ShareView Details
Matching Score-6
Assigner-Schneider Electric
CVSS Score-9.8||CRITICAL
EPSS-0.58% / 67.83%
||
7 Day CHG~0.00%
Published-18 Apr, 2018 | 20:00
Updated-05 Aug, 2024 | 06:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability exists in the HTTP request parser in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200 which could allow arbitrary code execution.

Action-Not Available
Vendor-
Product-140cpu65160ctsxp573634mmodicon_m340_bmxp3420302h_firmware140cpu65160_firmwaretsxh5744m_firmwaremodicon_m340_bmxp342020h_firmwaretsxh5744m140cpu65160s_firmwaretsxp571634mcmodicon_m340_bmxp3420102cltsxp574634m_firmwaremodicon_m340_bmxp3420302_firmwaretsxp575634mtsxh5724mc_firmwaretsxp57304mc140cpu65860tsxp575634mc140cpu65160modicon_m340_bmxp3420302cl_firmwaretsxh5744mc_firmwaretsxp573634mc_firmwaremodicon_m340_bmxp342020_firmwaretsxp57454m_firmwaretsxp57254m_firmwaremodicon_m340_bmxp3420102_firmwaretsxp572634mtsxp57554mc_firmwaretsxp574634mtsxh5724mtsxp57304m_firmwaretsxp571634mc_firmwaretsxp57454mcmodicon_m340_bmxp341000h140cpu65160sbmxnor0200_firmwaremodicon_m340_bmxp3420302clbmxnor0200htsxp574634mc_firmwaretsxp57154mctsxp57154m_firmwaretsxp57154mtsxp576634mtsxh5744mctsxp57204mcmodicon_m340_bmxp342020140cpu31110modicon_m340_bmxp342020htsxp57354mc_firmwaretsxp57104m140cpu65150c_firmwaretsxp57354m140cpu65150_firmwaremodicon_m340_bmxp342000_firmware140cpu65860cbmxnor0200h_firmwaretsxp57204m_firmwaretsxp57204m140cpu65260tsxp571634m_firmwaretsxp573634mc140cpu43412uc140cpu65150tsxp571634mtsxp57304mc_firmware140cpu65860_firmwarebmxnor0200modicon_m340_bmxp341000h_firmware140cpu65260ctsxp57354mc140cpu65150c140cpu43412u_firmwaretsxh5724m_firmwaremodicon_m340_bmxp342000tsxp575634m_firmwaretsxp573634m_firmwaretsxp57204mc_firmwaretsxp57104mc_firmwaremodicon_m340_bmxp341000tsxh5724mc140cpu65260c_firmwaretsxp57254mc_firmware140cpu31110_firmware140cpu31110ctsxp57304mtsxp576634mcmodicon_m340_bmxp3420302htsxp574634mcmodicon_m340_bmxp3420102cl_firmwaretsxp572634mc_firmwaretsxp57454mc_firmwaretsxp576634mc_firmwaretsxp57554mctsxp575634mc_firmware140cpu65160c_firmwaretsxp576634m_firmware140cpu65260_firmwaremodicon_m340_bmxp3420302140cpu43412uc_firmwaretsxp57454mtsxp572634mcmodicon_m340_bmxp341000_firmwaretsxp57254mtsxp57104m_firmwaretsxp572634m_firmwaretsxp57554mtsxp57254mctsxp57354m_firmwaretsxp57104mctsxp57554m_firmwaremodicon_m340_bmxp3420102140cpu31110c_firmware140cpu43412utsxp57154mc_firmware140cpu65860c_firmwareModicon M340, Modicon Premium, Modicon Quantum, BMXNOR0202
CWE ID-CWE-20
Improper Input Validation
CVE-2018-7231
Matching Score-6
Assigner-Schneider Electric
ShareView Details
Matching Score-6
Assigner-Schneider Electric
CVSS Score-9.8||CRITICAL
EPSS-1.20% / 78.08%
||
7 Day CHG~0.00%
Published-09 Mar, 2018 | 23:00
Updated-16 Sep, 2024 | 19:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow execution of commands due to lack of validation of the shell meta characters with the value of 'system.opkg.remove'.

Action-Not Available
Vendor-
Product-imp519-1er_firmwareibp319-1erimp319-1erimps110-1eibp519-1er_firmwareimp1110-1er_firmwareimps110-1eribp1110-1erimp519-1_firmwareimp519-1ibps110-1er_firmwareimp219-1_firmwareimp319-1_firmwareimps110-1er_firmwareimp219-1erimp319-1mps110-1ibp319-1er_firmwareimp319-1er_firmwareimps110-1e_firmwareimp219-1e_firmwareimp219-1eibp219-1erimp1110-1e_firmwareimp1110-1_firmwareimp519-1eimp319-1e_firmwareimp1110-1erimp219-1ibp219-1er_firmwareimp519-1erimp1110-1eimp319-1eibp1110-1er_firmwareibps110-1erimp219-1er_firmwareimp519-1e_firmwareimp1110-1ibp519-1ermps110-1_firmwarePelco Sarix Professional
CWE ID-CWE-20
Improper Input Validation
CVE-2018-7784
Matching Score-6
Assigner-Schneider Electric
ShareView Details
Matching Score-6
Assigner-Schneider Electric
CVSS Score-9.8||CRITICAL
EPSS-1.00% / 76.09%
||
7 Day CHG~0.00%
Published-03 Jul, 2018 | 14:00
Updated-16 Sep, 2024 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Schneider Electric U.motion Builder software versions prior to v1.3.4, this exploit occurs when the submitted data of an input string is evaluated as a command by the application. In this way, the attacker could execute code, read the stack, or cause a segmentation fault in the running application.

Action-Not Available
Vendor-
Product-u.motionU.motion Builder
CWE ID-CWE-20
Improper Input Validation
CVE-2021-22768
Matching Score-6
Assigner-Schneider Electric
ShareView Details
Matching Score-6
Assigner-Schneider Electric
CVSS Score-9.8||CRITICAL
EPSS-0.59% / 68.16%
||
7 Day CHG~0.00%
Published-11 Jun, 2021 | 15:40
Updated-03 Aug, 2024 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service or remote code execution via a specially crafted HTTP packet.This CVE ID is unique from CVE-2021-22767

Action-Not Available
Vendor-n/a
Product-powerlogic_egx300_firmwarepowerlogic_egx100powerlogic_egx100_firmwarepowerlogic_egx300PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions)
CWE ID-CWE-20
Improper Input Validation
CVE-2021-22765
Matching Score-6
Assigner-Schneider Electric
ShareView Details
Matching Score-6
Assigner-Schneider Electric
CVSS Score-9.8||CRITICAL
EPSS-0.45% / 62.57%
||
7 Day CHG~0.00%
Published-11 Jun, 2021 | 15:40
Updated-03 Aug, 2024 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service or remote code execution via a specially crafted HTTP packet

Action-Not Available
Vendor-n/a
Product-powerlogic_egx300_firmwarepowerlogic_egx100powerlogic_egx100_firmwarepowerlogic_egx300PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions)
CWE ID-CWE-20
Improper Input Validation
CVE-2021-22827
Matching Score-6
Assigner-Schneider Electric
ShareView Details
Matching Score-6
Assigner-Schneider Electric
CVSS Score-8.8||HIGH
EPSS-0.41% / 60.58%
||
7 Day CHG~0.00%
Published-28 Jan, 2022 | 19:09
Updated-03 Aug, 2024 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-20: Improper Input Validation vulnerability exists that could cause arbitrary code execution when the user visits a page containing the injected payload. This CVE is unique from CVE-2021-22826. Affected Product: EcoStruxure� Power Monitoring Expert 9.0 and prior versions

Action-Not Available
Vendor-n/a
Product-ecostruxure_power_monitoring_expertn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-22826
Matching Score-6
Assigner-Schneider Electric
ShareView Details
Matching Score-6
Assigner-Schneider Electric
CVSS Score-8.8||HIGH
EPSS-0.69% / 70.89%
||
7 Day CHG~0.00%
Published-28 Jan, 2022 | 19:09
Updated-03 Aug, 2024 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-20: Improper Input Validation vulnerability exists that could cause arbitrary code execution when the user visits a page containing the injected payload. This CVE is unique from CVE-2021-22827. Affected Product: EcoStruxure� Power Monitoring Expert 9.0 and prior versions

Action-Not Available
Vendor-n/a
Product-ecostruxure_power_monitoring_expertn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-22699
Matching Score-6
Assigner-Schneider Electric
ShareView Details
Matching Score-6
Assigner-Schneider Electric
CVSS Score-7.5||HIGH
EPSS-0.55% / 67.00%
||
7 Day CHG~0.00%
Published-26 May, 2021 | 19:19
Updated-03 Aug, 2024 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper Input Validation vulnerability exists in Modicon M241/M251 logic controllers firmware prior to V5.1.9.1 that could cause denial of service when specific crafted requests are sent to the controller over HTTP.

Action-Not Available
Vendor-n/a
Product-modicon_m241modicon_m241_firmwaremodicon_m251_firmwaremodicon_m251Modicon M241/M251 logic controllers firmware prior to V5.1.9.1
CWE ID-CWE-20
Improper Input Validation
CVE-2013-6143
Matching Score-6
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-6
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-5||MEDIUM
EPSS-0.46% / 62.90%
||
7 Day CHG~0.00%
Published-31 Jan, 2014 | 16:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Schneider Electric Telvent SAGE 3030 RTU with firmware C3413-500-001D3_P4 and C3413-500-001F0_PB allows remote attackers to cause a denial of service (temporary outage and CPU consumption) via malformed DNP3 traffic.

Action-Not Available
Vendor-n/aSchneider Electric SE
Product-telvent_sage_3030_firmwaren/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-0655
Matching Score-6
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-6
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.3||HIGH
EPSS-1.58% / 80.85%
||
7 Day CHG~0.00%
Published-21 Jan, 2013 | 16:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The client in Schneider Electric Software Update (SESU) Utility 1.0.x and 1.1.x does not ensure that updates have a valid origin, which allows man-in-the-middle attackers to spoof updates, and consequently execute arbitrary code, by modifying the data stream on TCP port 80.

Action-Not Available
Vendor-n/aSchneider Electric SE
Product-software_update_utilityn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2017-6021
Matching Score-6
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-6
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-0.45% / 62.64%
||
7 Day CHG~0.00%
Published-14 May, 2018 | 14:00
Updated-16 Sep, 2024 | 22:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Schneider Electric ClearSCADA 2014 R1 (build 75.5210) and prior, 2014 R1.1 (build 75.5387) and prior, 2015 R1 (build 76.5648) and prior, and 2015 R2 (build 77.5882) and prior, an attacker with network access to the ClearSCADA server can send specially crafted sequences of commands and data packets to the ClearSCADA server that can cause the ClearSCADA server process and ClearSCADA communications driver processes to terminate. A CVSS v3 base score of 7.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-AVEVA
Product-clearscadaClearSCADA
CWE ID-CWE-20
Improper Input Validation
CVE-2022-34758
Matching Score-6
Assigner-Schneider Electric
ShareView Details
Matching Score-6
Assigner-Schneider Electric
CVSS Score-5.1||MEDIUM
EPSS-0.30% / 52.85%
||
7 Day CHG~0.00%
Published-13 Jul, 2022 | 21:10
Updated-17 Sep, 2024 | 00:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-20: Improper Input Validation vulnerability exists that could cause the device watchdog function to be disabled if the attacker had access to privileged user credentials. Affected Products: Easergy P5 (V01.401.102 and prior)

Action-Not Available
Vendor-
Product-easergy_p5_firmwareeasergy_p5Easergy P5
CWE ID-CWE-20
Improper Input Validation
CVE-2020-7504
Matching Score-6
Assigner-Schneider Electric
ShareView Details
Matching Score-6
Assigner-Schneider Electric
CVSS Score-5.3||MEDIUM
EPSS-0.38% / 58.46%
||
7 Day CHG~0.00%
Published-16 Jun, 2020 | 19:42
Updated-04 Aug, 2024 | 09:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-20: Improper Input Validation vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to disable the webserver service on the device when specially crafted network packets are sent.

Action-Not Available
Vendor-n/a
Product-easergy_t300easergy_t300_firmwareEasergy T300 (Firmware version 1.5.2 and older)
CWE ID-CWE-20
Improper Input Validation
CVE-2023-29410
Matching Score-6
Assigner-Schneider Electric
ShareView Details
Matching Score-6
Assigner-Schneider Electric
CVSS Score-7.2||HIGH
EPSS-0.12% / 31.06%
||
7 Day CHG~0.00%
Published-18 Apr, 2023 | 21:13
Updated-05 Feb, 2025 | 20:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-20: Improper Input Validation vulnerability exists that could allow an authenticated attacker to gain the same privilege as the application on the server when a malicious payload is provided over HTTP for the server to execute.

Action-Not Available
Vendor-Schneider Electric SE
Product-insightfacility_firmwareinsighthomeconext_gateway_firmwareinsightfacilityconext_gatewayinsighthome_firmwareInsightFacilityInsightHomeConext Gateway
CWE ID-CWE-20
Improper Input Validation
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 8
  • 9
  • Next
Details not found