2 results (0.013 seconds)

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

A CWE-120: Buffer Copy without Checking Size of Input (Classic Buffer Overflow) vulnerability exists that could cause user privilege escalation if a local user sends specific string input to a local function call. • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-192-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-192-03.pdf • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 10.0EPSS: 96%CPEs: 1EXPL: 1

Heap-based buffer overflow in RFManagerService.exe in Schneider Electric Accutech Manager 2.00.1 and earlier allows remote attackers to execute arbitrary code via a crafted HTTP request. Un desbordamiento de búfer basado en memoria dinámica ('heap') en RFManagerService.exe de Schneider Electric Accutech Manager v2.00.1 y anteriores, permite a atacantes remotos ejecutar código arbitrario a través de una solicitud HTTP manipulada. • https://www.exploit-db.com/exploits/24474 http://ics-cert.us-cert.gov/pdf/ICSA-13-043-01.pdf • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •