3 results (0.017 seconds)

CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0

Improper Privilege Management vulnerability exists in Schneider Electric Modbus Serial Driver (see security notification for versions) which could cause local privilege escalation when the Modbus Serial Driver service is invoked. The driver does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor. Se presenta una vulnerabilidad de Administración de Privilegios Inapropiada en Schneider Electric Modbus Serial Driver (consulte la notificación de seguridad para las versiones) que podría causar una escalada de privilegios locales cuando el servicio Modbus Serial Driver es invocado. El controlador no asigna, modifica, rastrea o comprueba apropiadamente los privilegios de un actor, creando una esfera de control no prevista para ese actor • https://www.se.com/ww/en/download/document/SEVD-2020-224-01 • CWE-269: Improper Privilege Management •

CVSS: 6.8EPSS: 0%CPEs: 5EXPL: 0

An Externally Controlled Reference to a Resource (CWE-610) vulnerability exists in Schneider Electric Modbus Serial Driver (For 64-bit Windows OS:V3.17 IE 37 and prior , For 32-bit Windows OS:V2.17 IE 27 and prior, and as part of the Driver Suite version:V14.12 and prior) which could allow write access to system files available only to users with SYSTEM privilege or other important user files. Existe una vulnerabilidad de tipo referencias a recurso controlado externamente (CWE-610) en Schneider Electric Modbus Serial Driver (For 64-bit Windows OS:V3.17 IE 37 y anterior, para Windows 32-bit OS:V2.17 IE 27 y anterior, y como parte del Driver Suite versión:V14.12 y anterior), que podría permitir el acceso de escritura a los archivos del sistema disponibles solo para usuarios con privilegio SYSTEM u otros archivos de usuarios importantes. • https://www.schneider-electric.com/en/download/document/SEVD-2019-099-01 • CWE-610: Externally Controlled Reference to a Resource in Another Sphere •

CVSS: 9.3EPSS: 11%CPEs: 21EXPL: 2

Multiple stack-based buffer overflows in ModbusDrv.exe in Schneider Electric Modbus Serial Driver 1.10 through 3.2 allow remote attackers to execute arbitrary code via a large buffer-size value in a Modbus Application Header. Múltiples desbordamientos de buffer basado en pila en ModbusDrv.exe en Schneider Electric Modbus Serial Driver 1.10 hasta 3.2 permiten a atacantes remotos ejecutar código arbitrario a través de un valor de tamaño de buffer grande en Modbus Application Header. SEIG Modbus version 3.4 suffers from a remote code execution vulnerability. • https://www.exploit-db.com/exploits/45219 https://www.exploit-db.com/exploits/45220 http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202013-070-01 http://ics-cert.us-cert.gov/advisories/ICSA-14-086-01 http://www.securityfocus.com/bid/66500 • CWE-787: Out-of-bounds Write •