CVE-2023-2161
https://notcve.org/view.php?id=CVE-2023-2161
A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause unauthorized read access to the file system when a malicious configuration file is loaded on to the software by a local user. • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-129-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-129-01.pdf • CWE-611: Improper Restriction of XML External Entity Reference •
CVE-2015-1014
https://notcve.org/view.php?id=CVE-2015-1014
A successful exploit of these vulnerabilities requires the local user to load a crafted DLL file in the system directory on servers running Schneider Electric OFS v3.5 with version v7.40 of SCADA Expert Vijeo Citect/CitectSCADA, OFS v3.5 with version v7.30 of Vijeo Citect/CitectSCADA, and OFS v3.5 with version v7.20 of Vijeo Citect/CitectSCADA.. If the application attempts to open that file, the application could crash or allow the attacker to execute arbitrary code. Schneider Electric recommends vulnerable users upgrade the OFS to V3.5 and install the latest service pack (SP 6 or newer) for their associated version. Una explotación exitosa de estas vulnerabilidades requiere que el usuario local suba un archivo DLL manipulado en el directorio de sistemas en los servidores que ejecutan Schneider Electric OFS v3.5 con la versión v7.40 de SCADA Expert Vijeo Citect/CitectSCADA, OFS v3.5 con la versión v7.30 de Vijeo Citect/CitectSCADA y OFS v3.5 con la versiónv7.20 de Vijeo Citect/CitectSCADA. Si la aplicación intenta abrir ese archivo, podría cerrarse inesperadamente o permitir al atacante ejecutar código arbitrario. • https://ics-cert.us-cert.gov/advisories/ICSA-15-141-01 • CWE-427: Uncontrolled Search Path Element •
CVE-2013-0662 – SEIG Modbus 3.4 - Denial of Service (PoC)
https://notcve.org/view.php?id=CVE-2013-0662
Multiple stack-based buffer overflows in ModbusDrv.exe in Schneider Electric Modbus Serial Driver 1.10 through 3.2 allow remote attackers to execute arbitrary code via a large buffer-size value in a Modbus Application Header. Múltiples desbordamientos de buffer basado en pila en ModbusDrv.exe en Schneider Electric Modbus Serial Driver 1.10 hasta 3.2 permiten a atacantes remotos ejecutar código arbitrario a través de un valor de tamaño de buffer grande en Modbus Application Header. SEIG Modbus version 3.4 suffers from a remote code execution vulnerability. • https://www.exploit-db.com/exploits/45219 https://www.exploit-db.com/exploits/45220 http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202013-070-01 http://ics-cert.us-cert.gov/advisories/ICSA-14-086-01 http://www.securityfocus.com/bid/66500 • CWE-787: Out-of-bounds Write •
CVE-2014-0774 – Schneider Electric OPC Factory Server OFS Client Stack Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-0774
Stack-based buffer overflow in the C++ sample client in Schneider Electric OPC Factory Server (OFS) TLXCDSUOFS33 - 3.35, TLXCDSTOFS33 - 3.35, TLXCDLUOFS33 - 3.35, TLXCDLTOFS33 - 3.35, and TLXCDLFOFS33 - 3.35 allows local users to gain privileges via vectors involving a malformed configuration file. Desbordamiento de buffer basado en pila en el cliente C++ de ejemplo en Schneider Electric OPC Factory Server (OFS) TLXCDSUOFS33 - 3.35, TLXCDSTOFS33 - 3.35, TLXCDLUOFS33 - 3.35, TLXCDLTOFS33 - 3.35 y TLXCDLFOFS33 - 3.35 permite a usuarios locales ganar privilegios a través de vectores involucrando un archivo de configuración malformado. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Schneider Electric OFS Client. User interaction is required to exploit this vulnerability in that the target must load a malicious file. The specific flaw exists within the parsing of the configuration file. A crafted configuration file will result in an exploitable stack buffer overflow. • http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-031-01 http://ics-cert.us-cert.gov/advisories/ICSA-14-058-02 http://www.securityfocus.com/bid/65871 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2011-3330
https://notcve.org/view.php?id=CVE-2011-3330
Buffer overflow in the UnitelWay Windows Device Driver, as used in Schneider Electric Unity Pro 6 and earlier, OPC Factory Server 3.34, Vijeo Citect 7.20 and earlier, Telemecanique Driver Pack 2.6 and earlier, Monitor Pro 7.6 and earlier, and PL7 Pro 4.5 and earlier, allows local users, and possibly remote attackers, to execute arbitrary code via an unspecified system parameter. Un desbordamiento de búfer en el controlador de dispositivo UNITELWAY Windows, tal y como se utiliza en Schneider Electric Unity Pro v6 y versiones anteriores, en el servidor OPC Factory v3.34, en Vijeo Citect v7.20 y anteriores, en Telemecanique Driver Pack v2.6 y anteriores, en Monitor Pro v7.6 y versiones anteriores, y en PL7 Pro v4.5 y versiones anteriores, permite ejecutar código de su elección a los usuarios locales y posiblemente a los atacantes remotos también, a través de un parámetro del sistema no especificado. • http://secunia.com/advisories/46534 http://www.scada.schneider-electric.com/sites/scada/en/login/vijeo-citect-unitelway-windows-device-driver.page http://www.securityfocus.com/bid/50319 http://www.securitytracker.com/id?1026234 http://www.us-cert.gov/control_systems/pdf/ICSA-11-277-01.pdf https://exchange.xforce.ibmcloud.com/vulnerabilities/70882 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •