Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
schneider-electric ecostruxure operator terminal expert vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-1049
A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause execution of malicious code when an unsuspicious user loads a project file from the local filesystem into the HMI.
Schneider-electric Ecostruxure Operator Terminal Expert 3.3
Schneider-electric Ecostruxure Operator Terminal Expert
Schneider-electric Pro-face Blue 3.3
Schneider-electric Pro-face Blue
NA
CVE-2022-41671
A CWE-89: Improper Neutralization of Special Elements used in SQL Command (‘SQL Injection’) vulnerability exists that allows adversaries with local user privileges to craft a malicious SQL query and execute as part of project migration which could result in execution ...
Schneider-electric Ecostruxure Operator Terminal Expert 3.3
Schneider-electric Ecostruxure Operator Terminal Expert
Schneider-electric Pro-face Blue 3.3
Schneider-electric Pro-face Blue
NA
CVE-2022-41670
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load malicious DLL which could result in execution of malicious code. Affected...
Schneider-electric Ecostruxure Operator Terminal Expert 3.3
Schneider-electric Ecostruxure Operator Terminal Expert
Schneider-electric Pro-face Blue 3.3
Schneider-electric Pro-face Blue
NA
CVE-2022-41669
A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load a malicious DLL which could result in execution of malicious code. Affected Products: EcoStruxure Operator Termi...
Schneider-electric Ecostruxure Operator Terminal Expert 3.3
Schneider-electric Ecostruxure Operator Terminal Expert
Schneider-electric Pro-face Blue 3.3
Schneider-electric Pro-face Blue
NA
CVE-2022-41667
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that allows adversaries with local user privileges to load a malicious DLL which could lead to execution of malicious code. Affected Products: EcoStruxure Opera...
Schneider-electric Ecostruxure Operator Terminal Expert
Schneider-electric Pro-face Blue
Schneider-electric Pro-face Blue 3.3
Schneider-electric Ecostruxure Operator Terminal Expert 3.3
NA
CVE-2022-41668
A CWE-704: Incorrect Project Conversion vulnerability exists that allows adversaries with local user privileges to load a project file from an adversary-controlled network share which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal Ex...
Schneider-electric Ecostruxure Operator Terminal Expert
Schneider-electric Pro-face Blue
Schneider-electric Pro-face Blue 3.3
Schneider-electric Ecostruxure Operator Terminal Expert 3.3
NA
CVE-2022-41666
A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists that allows adversaries with local user privileges to load a malicious DLL which could lead to execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or pr...
Schneider-electric Ecostruxure Operator Terminal Expert 3.3
Schneider-electric Ecostruxure Operator Terminal Expert
Schneider-electric Pro-face Blue 3.3
Schneider-electric Pro-face Blue
9.3
CVSSv2
CVE-2020-28221
A CWE-20: Improper Input Validation vulnerability exists in EcoStruxure™ Operator Terminal Expert and Pro-face BLUE (version details in the notification) that could cause arbitrary code execution when the Ethernet Download feature is enable on the HMI.
Schneider-electric Ecostruxure Operator Terminal Expert 3.1
Schneider-electric Pro-face Blue 3.1
6.8
CVSSv2
CVE-2020-7494
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD) which could cause malicious code execution when opening the pr...
Schneider-electric Ecostruxure Operator Terminal Expert
Schneider-electric Ecostruxure Operator Terminal Expert 3.1
4.3
CVSSv2
CVE-2020-7495
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability during zip file extraction exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD) which could cause unauthorized writ...
Schneider-electric Ecostruxure Operator Terminal Expert
Schneider-electric Ecostruxure Operator Terminal Expert 3.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »