CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0CVE-2018-7817 – Schneider Electric ZelioSoft2 ZM2 File Parsing Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-7817
A Use After Free (CWE-416) vulnerability exists in Zelio Soft 2 v5.1 and prior versions which could cause remote code execution when opening a specially crafted Zelio Soft project file. Existe una vulnerabilidad de uso de memoria previamente liberada (CWE-416) en Zelio Soft 2, en versiones v5.1 y anteriores, que podría provocar la ejecución remota de código al abrir un archivo de proyecto Zelio Soft especialmente manipulado. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Schneider Electric ZelioSoft 2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ZM2 files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. • http://www.securityfocus.com/bid/106481 https://ics-cert.us-cert.gov/advisories/ICSA-19-008-01 https://www.schneider-electric.com/en/download/document/SEVD-2018-361-01 • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2018-7800
https://notcve.org/view.php?id=CVE-2018-7800
A Hard-coded Credentials vulnerability exists in EVLink Parking, v3.2.0-12_v1 and earlier, which could enable an attacker to gain access to the device. Existe una vulnerabilidad de credenciales embebidas en EVLink Parking, en versiones v3.2.0-12_v1 y anteriores, lo que podría permitir que un atacante obtenga acceso al dispositivo. • http://www.securityfocus.com/bid/106807 https://ics-cert.us-cert.gov/advisories/ICSA-19-031-01 https://www.schneider-electric.com/en/download/document/SEVD-2018-354-01 • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.8EPSS: 2%CPEs: 1EXPL: 0CVE-2018-7835 – Schneider Electric IIoT Monitor downloadCSV Directory Traversal Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2018-7835
An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in IIoT Monitor 3.1.38 which could allow access to files available to SYSTEM user. Existe una vulnerabilidad de limitación incorrecta de un nombre de ruta en un directorio restringido ("salto de directorio") en IIoT Monitor 3.1.38, lo que podría permitir el acceso a archivos disponibles para el usuario SYSTEM. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Schneider Electric IIoT Monitor. Authentication is not required to exploit this vulnerability. The specific flaw exists within downloadCSV.jsp servlet. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. • http://www.securityfocus.com/bid/106484 https://www.schneider-electric.com/en/download/document/SEVD-2018-354-03 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-7796
https://notcve.org/view.php?id=CVE-2018-7796
A Buffer Error vulnerability exists in PowerSuite 2, all released versions (VW3A8104 & Patches), which could cause an overflow in the memcpy function, leading to corruption of data and program instability. Existe una vulnerabilidad de error en el búfer en PowerSuite 2, en todas las versiones publicadas (parches VW3A8104) que podría provocar un desbordamiento en la función memcpy, lo que conduce a la corrupción de los datos y a la inestabilidad del programa. • https://www.schneider-electric.com/en/download/document/SEVD-2018-351-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-7832
https://notcve.org/view.php?id=CVE-2018-7832
An Improper Input Validation vulnerability exists in Pro-Face GP-Pro EX v4.08 and previous versions which could cause the execution arbitrary executable when GP-Pro EX is launched. Existe una vulnerabilidad de validación de entradas en Pro-Face GP-Pro EX, en versiones v4.08 y anteriores, lo que podría provocar la ejecución de archivos ejecutables arbitrarios cuando se inicia GP-Pro EX. • http://www.securityfocus.com/bid/106441 https://ics-cert.us-cert.gov/advisories/ICSA-19-003-01 https://www.schneider-electric.com/en/download/document/SEVD-2018-354-02 • CWE-20: Improper Input Validation •