CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2016-5815
https://notcve.org/view.php?id=CVE-2016-5815
An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. No authentication is configured by default. An unauthorized user can access the device management portal and make configuration changes. Ha sido descubierto un problema en los medidores de potencia de las series IONXXXX, ION73XX, ION75XX, ION76XX, ION8650, ION8800 y PM5XXX de Schneider Electric. Ninguna autenticación está configurada de forma predeterminada. • http://www.securityfocus.com/bid/94091 https://ics-cert.us-cert.gov/advisories/ICSA-16-308-03 • CWE-284: Improper Access Control •
CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0CVE-2016-8352
https://notcve.org/view.php?id=CVE-2016-8352
An issue was discovered in Schneider Electric ConneXium firewalls TCSEFEC23F3F20 all versions, TCSEFEC23F3F21 all versions, TCSEFEC23FCF20 all versions, TCSEFEC23FCF21 all versions, and TCSEFEC2CF3F20 all versions. A stack-based buffer overflow can be triggered during the SNMP login authentication process that may allow an attacker to remotely execute code. Ha sido descubierto un problema en los cortafuegos Schneider Electric ConneXium TCSEFEC23F3F20 todas las versiones, TCSEFEC23F3F21 todas las versiones, TCSEFEC23FCF20 todas las versiones, TCSEFEC23FCF21 todas las versiones, y TCSEFEC2CF3F20 todas las versiones. Un desbordamiento de búfer basado en pila puede ser desencadenado durante el proceso de autenticación de inicio de sesión SNMP que puede permitir a un atacante ejecutar código remotamente. • http://www.securityfocus.com/bid/94062 https://ics-cert.us-cert.gov/advisories/ICSA-16-306-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2017-5157
https://notcve.org/view.php?id=CVE-2017-5157
An issue was discovered in Schneider Electric homeLYnk Controller, LSS100100, all versions prior to V1.5.0. The homeLYnk controller is susceptible to a cross-site scripting attack. User inputs can be manipulated to cause execution of JavaScript code. Ha sido descubierto un problema en Schneider Electric homeLYnk Controller, LSS100100, todas las versiones anteriores a V1.5.0. El controlador homeLYnk es susceptible a un ataque de secuencias de comandos en sitios cruzados. • http://www.securityfocus.com/bid/95665 https://ics-cert.us-cert.gov/advisories/ICSA-17-019-01 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 16EXPL: 0CVE-2016-8374
https://notcve.org/view.php?id=CVE-2016-8374
An issue was discovered in Schneider Electric Magelis HMI Magelis GTO Advanced Optimum Panels, all versions, Magelis GTU Universal Panel, all versions, Magelis STO5xx and STU Small panels, all versions, Magelis XBT GH Advanced Hand-held Panels, all versions, Magelis XBT GK Advanced Touchscreen Panels with Keyboard, all versions, Magelis XBT GT Advanced Touchscreen Panels, all versions, and Magelis XBT GTW Advanced Open Touchscreen Panels (Windows XPe). An attacker may be able to disrupt a targeted web server, resulting in a denial of service because of UNCONTROLLED RESOURCE CONSUMPTION. Ha sido descubierto un problema en Schneider Electric Magelis HMI Magelis GTO Advanced Optimum Panels, todas las versiones, Magelis GTU Universal Panel, todas las versiones, Magelis STO5xx and STU Small panels, todas las versiones, Magelis XBT GH Advanced Hand-held Panels, todas las versiones, Magelis XBT GK Advanced Touchscreen Panels con Keyboard, todas las versiones, Magelis XBT GT Advanced Touchscreen Panels, todas las versiones y Magelis XBT GTW Advanced Open Touchscreen Panels (Windows XPe). Un atacante puede ser capaz de interrumpir un servidor web objetivo, causando una denegación de servicio por UNCONTROLLED RESOURCE CONSUMPTION. • http://www.securityfocus.com/bid/94093 https://ics-cert.us-cert.gov/advisories/ICSA-16-308-02 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2016-5818
https://notcve.org/view.php?id=CVE-2016-5818
An issue was discovered in Schneider Electric PowerLogic PM8ECC device 2.651 and older. Undocumented hard-coded credentials allow access to the device. Ha sido descubierto un problema en el dispositivo Schneider Electric PowerLogic PM8ECC 2.651 y versiones anteriores. Las credenciales codificadas en blanco no documentadas permiten el acceso al dispositivo. • http://www.securityfocus.com/bid/93602 https://ics-cert.us-cert.gov/advisories/ICSA-16-292-01 • CWE-798: Use of Hard-coded Credentials •