Page 132 of 763 results (0.003 seconds)

CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0

CVE-2017-7971

https://notcve.org/view.php?id=CVE-2017-7971

A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the use of outdated cipher suites and improper verification of peer SSL Certificate. Existe una vulnerabilidad en la versión 1.0 de PowerSCADA Anywhere de Schneider Electric redistribuida con PowerSCADA Expert 8.1, PowerSCADA Expert 8.2 y Citect Anywhere 1.0 que permite que se utilicen suites de cifrado obsoletas y se verifique incorrectamente el certificado Peer SSL. • http://www.schneider-electric.com/en/download/document/SEVD-2017-173-01 http://www.securityfocus.com/bid/99913 https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9071-security-notification-citect-anywhere • CWE-295: Improper Certificate Validation •

CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0

CVE-2017-7972

https://notcve.org/view.php?id=CVE-2017-7972

A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the ability to escape out of remote PowerSCADA Anywhere applications and launch other processes. Existe una vulnerabilidad en la versión 1.0 de PowerSCADA Anywhere de Schneider Electric redistribuida con PowerSCADA Expert 8.1, PowerSCADA Expert 8.2 y Citect Anywhere 1.0 que permite escaparse de las aplicaciones remotas de PowerSCADA Anywhere y ejecutar otros procesos. • http://www.schneider-electric.com/en/download/document/SEVD-2017-173-01 http://www.securityfocus.com/bid/99913 https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9071-security-notification-citect-anywhere •

CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0

CVE-2017-7969

https://notcve.org/view.php?id=CVE-2017-7969

A cross-site request forgery vulnerability exists on the Secure Gateway component of Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 for multiple state-changing requests. This type of attack requires some level of social engineering in order to get a legitimate user to click on or access a malicious link/site containing the CSRF attack. Existe una vulnerabilidad de Cross-Site Request Forgery (CSRF) en el componente Secure Gateway de PowerSCADA Anywhere v1.0 redistribuido con PowerSCADA Expert v8.1 y PowerSCADA Expert v8.2 y Citect Anywhere versión 1.0, de Schneider Electric para múltiples peticiones de cambio de estado. Este tipo de ataque requiere cierto nivel de ingeniería social para conseguir que un usuario legítimo haga clic o acceda a un enlace o página maliciosa que contenga el ataque CSRF. • http://www.schneider-electric.com/en/download/document/SEVD-2017-173-01 http://www.securityfocus.com/bid/99913 https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9071-security-notification-citect-anywhere • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2017-9957

https://notcve.org/view.php?id=CVE-2017-9957

A vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the web service contains a hidden system account with a hardcoded password. An attacker can use this information to log into the system with high-privilege credentials. Existe una vulnerabilidad en las versiones 1.2.1 y anteriores del software de U.motion Builder de Schneider Electric en la que el servicio web contiene una cuenta de sistema oculta con una contraseña embebida. Un atacante podría utilizar esta información para conectarse al sistema con unas credenciales con privilegios elevados. • http://www.schneider-electric.com/en/download/document/SEVD-2017-178-01 http://www.securityfocus.com/bid/99344 • CWE-798: Use of Hard-coded Credentials •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2017-9959

https://notcve.org/view.php?id=CVE-2017-9959

A vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the system accepts reboot in session from unauthenticated users, supporting a denial of service condition. Existe una vulnerabilidad en las versiones 1.2.1 y anteriores del software de U.motion Builder de Schneider Electric en la que el sistema acepta el reinicio en una sesión por usuarios no autenticados, permitiendo que se realice una denegación de servicio. • http://www.schneider-electric.com/en/download/document/SEVD-2017-178-01 http://www.securityfocus.com/bid/99344 •