| CVE-2014-5413 |
medium |
— |
6.4 |
|
|
avevaschneider-electric |
12y ago |
Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 uses the MD5 algorithm for an X.509 certificate, which makes it easier for remote attackers to spoof servers via a cryp… |
| CVE-2014-5412 |
medium |
— |
6.4 |
|
|
avevaschneider-electric |
12y ago |
Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allows remote attackers to read database records by leveraging access to the guest account. |
| CVE-2014-5411 |
medium |
— |
4.9 |
|
|
avevaschneider-electric |
12y ago |
Multiple cross-site scripting (XSS) vulnerabilities in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allow remote authenticated users to inject arbitrary web script … |
| CVE-2014-5407 |
medium |
— |
4.1 |
|
|
schneider-electric |
12y ago |
Multiple stack-based buffer overflows in Schneider Electric VAMPSET 2.2.136 and earlier allow local users to cause a denial of service (application halt) via a malformed (1) setting file or (2) distu… |
| CVE-2013-0662 |
critical |
— |
10.0 |
EXP |
|
schneider-electricschneider_electric |
12y ago |
Multiple stack-based buffer overflows in ModbusDrv.exe in Schneider Electric Modbus Serial Driver 1.10 through 3.2 allow remote attackers to execute arbitrary code via a large buffer-size value in a … |
| CVE-2014-0774 |
medium |
— |
6.8 |
|
|
schneider-electric |
12y ago |
Stack-based buffer overflow in the C++ sample client in Schneider Electric OPC Factory Server (OFS) TLXCDSUOFS33 - 3.35, TLXCDSTOFS33 - 3.35, TLXCDLUOFS33 - 3.35, TLXCDLTOFS33 - 3.35, and TLXCDLFOFS3… |
| CVE-2014-0759 |
medium |
5.9 |
5.9 |
|
|
schneider-electric |
12y ago |
Unquoted Windows search path vulnerability in Schneider Electric Floating License Manager 1.0.0 through 1.4.0 allows local users to gain privileges via a Trojan horse application with a name composed… |
| CVE-2013-2824 |
high |
— |
7.8 |
|
|
schneider-electric |
12y ago |
Schneider Electric StruxureWare SCADA Expert Vijeo Citect 7.40, Vijeo Citect 7.20 through 7.30SP1, CitectSCADA 7.20 through 7.30SP1, StruxureWare PowerSCADA Expert 7.30 through 7.30SR1, and PowerLogi… |
| CVE-2013-2796 |
medium |
— |
6.9 |
|
|
schneider-electric |
13y ago |
Schneider Electric Vijeo Citect 7.20 and earlier, CitectSCADA 7.20 and earlier, and PowerLogic SCADA 7.20 and earlier allow remote attackers to read arbitrary files, send HTTP requests to intranet se… |
| CVE-2013-3075 |
critical |
— |
10.0 |
EXP |
|
mitsubishi-automationschneider-electric |
13y ago |
Multiple buffer overflows in ActUWzd.dll 1.0.0.1 in Mitsubishi MX Component 3, as distributed in Citect CitectFacilities 7.10 and CitectScada 7.10r1, allow remote attackers to execute arbitrary code … |
| CVE-2013-0687 |
medium |
— |
6.6 |
|
|
schneider-electric |
13y ago |
The installer routine in Schneider Electric MiCOM S1 Studio uses world-writable permissions for executable files, which allows local users to modify the service or the configuration files, and conseq… |
| CVE-2013-0658 |
critical |
— |
10.0 |
EXP |
|
schneider-electric |
14y ago |
Heap-based buffer overflow in RFManagerService.exe in Schneider Electric Accutech Manager 2.00.1 and earlier allows remote attackers to execute arbitrary code via a crafted HTTP request. |
| CVE-2013-0657 |
critical |
— |
10.0 |
EXP |
|
schneider-electric |
14y ago |
Stack-based buffer overflow in Schneider Electric Interactive Graphical SCADA System (IGSS) 10 and earlier allows remote attackers to execute arbitrary code by sending TCP port-12397 data that does n… |
| CVE-2013-0655 |
critical |
— |
9.3 |
|
|
schneider-electric |
14y ago |
The client in Schneider Electric Software Update (SESU) Utility 1.0.x and 1.1.x does not ensure that updates have a valid origin, which allows man-in-the-middle attackers to spoof updates, and conseq… |
| CVE-2011-5163 |
medium |
— |
4.6 |
|
|
mitsubishi-automationschneider-electric |
14y ago |
Buffer overflow in an unspecified third-party component in the Batch module for Schneider Electric CitectSCADA before 7.20 and Mitsubishi MX4 SCADA before 7.20 allows local users to execute arbitrary… |
| CVE-2012-1990 |
medium |
— |
5.3 |
EXP |
|
schneider-electric |
14y ago |
Multiple cross-site scripting (XSS) vulnerabilities in Schneider Electric Kerweb before 3.0.1 and Kerwin before 6.0.1 allow remote attackers to inject arbitrary web script or HTML via (1) the evtvari… |
| CVE-2011-4861 |
critical |
— |
10.0 |
|
|
schneider-electric |
15y ago |
The modbus_125_handler function in the Schneider Electric Quantum Ethernet Module on the NOE 771 device (aka the Quantum 140NOE771* module) allows remote attackers to install arbitrary firmware updat… |
| CVE-2011-4860 |
critical |
— |
10.0 |
|
|
schneider-electric |
15y ago |
The ComputePassword function in the Schneider Electric Quantum Ethernet Module on the NOE 771 device (aka the Quantum 140NOE771* module) generates the password for the fwupgrade account by performing… |
| CVE-2011-4859 |
critical |
— |
10.0 |
|
|
schneider-electric |
15y ago |
The Schneider Electric Quantum Ethernet Module, as used in the Quantum 140NOE771* and 140CPU65* modules, the Premium TSXETY* and TSXP57* modules, the M340 BMXNOE01* and BMXP3420* modules, and the STB… |
| CVE-2011-4036 |
medium |
— |
5.0 |
|
|
schneider-electric |
15y ago |
Directory traversal vulnerability in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADAReports 4.10 and earlier allows remote attackers to read arb… |
| CVE-2011-4035 |
medium |
— |
4.3 |
|
|
schneider-electric |
15y ago |
Cross-site scripting (XSS) vulnerability in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADAReports 4.10 and earlier allows remote attackers to i… |
| CVE-2011-4034 |
critical |
— |
10.0 |
EXP |
|
schneider-electric |
15y ago |
Buffer overflow in the Steema TeeChart ActiveX control, as used in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADAReports 4.10 and earlier, allo… |
| CVE-2011-4033 |
medium |
— |
4.3 |
|
|
schneider-electric |
15y ago |
Buffer overflow in the Steema TeeChart ActiveX control, as used in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADAReports 4.10 and earlier, allo… |
| CVE-2011-3330 |
high |
— |
7.2 |
|
|
schneider-electric |
15y ago |
Buffer overflow in the UnitelWay Windows Device Driver, as used in Schneider Electric Unity Pro 6 and earlier, OPC Factory Server 3.34, Vijeo Citect 7.20 and earlier, Telemecanique Driver Pack 2.6 an… |
| CVE-2011-3144 |
medium |
— |
4.3 |
|
|
avevaschneider-electric |
15y ago |
Cross-site scripting (XSS) vulnerability in Control Microsystems ClearSCADA 2005, 2007, and 2009 before R2.3 and R1.4, as used in SCX before 67 R4.5 and 68 R3.9, allows remote attackers to inject arb… |
| CVE-2011-3143 |
critical |
— |
10.0 |
|
|
avevaschneider-electric |
15y ago |
Use-after-free vulnerability in Control Microsystems ClearSCADA 2005, 2007, and 2009 before R2.3 and R1.4, as used in SCX before 67 R4.5 and 68 R3.9, allows remote attackers to cause a denial of serv… |
