
CVE-2019-10981
https://notcve.org/view.php?id=CVE-2019-10981
31 May 2019 — In Vijeo Citect 7.30 and 7.40, and CitectSCADA 7.30 and 7.40, a vulnerability has been identified that may allow an authenticated local user access to Citect user credentials. En los sistemas Vijeo Citect versiones 7.30 y 7.40, y CitectSCADA versiones 7.30 y 7.40, ha sido identificada na vulnerabilidad que puede permitir el acceso a las credenciales de usuario de Citect por parte de un usuario local identificado • http://www.securityfocus.com/bid/108543 • CWE-522: Insufficiently Protected Credentials •

CVE-2015-1014
https://notcve.org/view.php?id=CVE-2015-1014
25 Mar 2019 — A successful exploit of these vulnerabilities requires the local user to load a crafted DLL file in the system directory on servers running Schneider Electric OFS v3.5 with version v7.40 of SCADA Expert Vijeo Citect/CitectSCADA, OFS v3.5 with version v7.30 of Vijeo Citect/CitectSCADA, and OFS v3.5 with version v7.20 of Vijeo Citect/CitectSCADA.. If the application attempts to open that file, the application could crash or allow the attacker to execute arbitrary code. Schneider Electric recommends vulnerable... • https://ics-cert.us-cert.gov/advisories/ICSA-15-141-01 • CWE-427: Uncontrolled Search Path Element •

CVE-2013-2824
https://notcve.org/view.php?id=CVE-2013-2824
26 Feb 2014 — Schneider Electric StruxureWare SCADA Expert Vijeo Citect 7.40, Vijeo Citect 7.20 through 7.30SP1, CitectSCADA 7.20 through 7.30SP1, StruxureWare PowerSCADA Expert 7.30 through 7.30SR1, and PowerLogic SCADA 7.20 through 7.20SR1 do not properly handle exceptions, which allows remote attackers to cause a denial of service via a crafted packet. Schneider Electric StruxureWare SCADA Expert Vijeo Citect 7.40, Vijeo Citect 7.20 hasta 7.30SP1, CitectSCADA 7.20 hasta 7.30SP1, StruxureWare PowerSCADA Expert 7.30 has... • http://ics-cert.us-cert.gov/advisories/ICSA-13-350-01 •

CVE-2013-2796
https://notcve.org/view.php?id=CVE-2013-2796
09 Aug 2013 — Schneider Electric Vijeo Citect 7.20 and earlier, CitectSCADA 7.20 and earlier, and PowerLogic SCADA 7.20 and earlier allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. Schneider Electric Vijeo Citect v7.20 y anteriores, CitectSCADA v7.20 y anteriores, y PowerLogic S... • http://ics-cert.us-cert.gov/advisories/ICSA-13-217-02 • CWE-264: Permissions, Privileges, and Access Controls •

CVE-2013-3075 – Mitsubishi MX ActiveX Component 3 - 'ActUWzd.dll' 'WzTitle' Remote Heap Spray
https://notcve.org/view.php?id=CVE-2013-3075
19 Apr 2013 — Multiple buffer overflows in ActUWzd.dll 1.0.0.1 in Mitsubishi MX Component 3, as distributed in Citect CitectFacilities 7.10 and CitectScada 7.10r1, allow remote attackers to execute arbitrary code via a long string, as demonstrated by a long WzTitle property value to a certain ActiveX control. Múltiples desbordamientos de búfer en ActUWzd.dll v1.0.0.1 en Mitsubishi MX componente 3, que distribuye en CitectFacilities Citect v7.10 y CitectSCADA v7.10r1, permite a atacantes remotos ejecutar código arbitrario... • https://www.exploit-db.com/exploits/24886 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVE-2011-5163
https://notcve.org/view.php?id=CVE-2011-5163
15 Sep 2012 — Buffer overflow in an unspecified third-party component in the Batch module for Schneider Electric CitectSCADA before 7.20 and Mitsubishi MX4 SCADA before 7.20 allows local users to execute arbitrary code via a long string in a login sequence. Desbordamiento de búfer en un componente de terceros no especificado en el módulo de ejecución por lote para Schneider Electric CitectSCADA anterior a v7.20 y Mitsubishi MX4 SCADA anterior a v7.20 permite a usuarios locales ejecutar código arbitrario a través de una c... • http://secunia.com/advisories/46779 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVE-2011-4033
https://notcve.org/view.php?id=CVE-2011-4033
02 Dec 2011 — Buffer overflow in the Steema TeeChart ActiveX control, as used in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADAReports 4.10 and earlier, allows remote attackers to cause a denial of service via unspecified vectors. Desbordamiento de búfer en el control ActiveX TeeChart Steema, tal como se utiliza en Schneider Electric Vijeo Historian v4.30 y anteriores, CitectHistorian v4.30 y anteriores, y CitectSCADAReports v4.10 y anteriores, permite a atacantes r... • http://www.citect.com/index.php?option=com_content&view=article&id=1656&Itemid=1695 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVE-2011-4034
https://notcve.org/view.php?id=CVE-2011-4034
02 Dec 2011 — Buffer overflow in the Steema TeeChart ActiveX control, as used in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADAReports 4.10 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service via unspecified vectors. Desbordamiento de búfer en el control ActiveX TeeChart Steema, tal como se utiliza en Schneider Electric Vijeo Historian v4.30 y anteriores, CitectHistorian v4.30 y anteriores, y CitectSCADAReports v4.10 y anterio... • http://www.citect.com/index.php?option=com_content&view=article&id=1656&Itemid=1695 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVE-2011-4035
https://notcve.org/view.php?id=CVE-2011-4035
02 Dec 2011 — Cross-site scripting (XSS) vulnerability in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADAReports 4.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Schneider Electric Vijeo Historian v4.30 y anteriores, CitectHistorian v4.30 y anteriores, y CitectSCADAReports v4.10 y anteriores permite a atacantes remotos inyectar sec... • http://www.citect.com/index.php?option=com_content&view=article&id=1656&Itemid=1695 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2011-4036
https://notcve.org/view.php?id=CVE-2011-4036
02 Dec 2011 — Directory traversal vulnerability in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADAReports 4.10 and earlier allows remote attackers to read arbitrary files via unspecified vectors. Vulnerabilidad de salto de directorio en Schneider Electric Vijeo Historian v4.30 y anteriores, CitectHistorian v4.30 y anteriores, y CitectSCADAReports v4.10 y anteriores permite a atacantes remotos leer ficheros arbitrarios a través de vectores no especificados. • http://www.citect.com/index.php?option=com_content&view=article&id=1656&Itemid=1695 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •