CVSS: 7.5EPSS: 25%CPEs: 1EXPL: 0CVE-2015-0982 – Schneider Electric DS-NVs Rvctl.RVControl.1 SetText Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-0982
Buffer overflow in an unspecified DLL in Schneider Electric Pelco DS-NVs before 7.8.90 allows remote attackers to execute arbitrary code via unspecified vectors. Desbordamiento de buffer en una DLL no especificada en Schneider Electric Pelco DS-NVs anterior a 7.8.90 permite a atacantes remotos ejecutar código arbitrario a través de vectores no especificados. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Schneider Electric DS-NVs. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Rvctl.RVControl.1 ActiveX Control in rvctl.dll. The control does not check the length of an attacker-supplied string in the SetText method before copying it into a fixed length buffer on the stack. • http://download.schneider-electric.com/files?p_File_Id=755516404&p_File_Name=SEVD-2015-065-01+Pelco+DS-NVs+Video+Mgmt+SW.pdf https://ics-cert.us-cert.gov/advisories/ICSA-15-071-01 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 15%CPEs: 4EXPL: 0CVE-2014-9200 – Schneider Electric SoMove Lite IsObjectModel RemoveParameter Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-9200
Stack-based buffer overflow in an unspecified DLL file in a DTM development kit in Schneider Electric Unity Pro, SoMachine, SoMove, SoMove Lite, Modbus Communication Library 2.2.6 and earlier, CANopen Communication Library 1.0.2 and earlier, EtherNet/IP Communication Library 1.0.0 and earlier, EM X80 Gateway DTM (MB TCP/SL), Advantys DTM for OTB, Advantys DTM for STB, KINOS DTM, SOLO DTM, and Xantrex DTMs allows remote attackers to execute arbitrary code via unspecified vectors. Desbordamiento de buffer basado en pila en un fichero DLL no especificado en un juego de desarrollo DTM en Schneider Electric Unity Pro, SoMachine, SoMove, SoMove Lite, Modbus Communication Library 2.2.6 y anteriores, CANopen Communication Library 1.0.2 y anteriores, EtherNet/IP Communication Library 1.0.0 y anteriores, EM X80 Gateway DTM (MB TCP/SL), Advantys DTM for OTB, Advantys DTM for STB, KINOS DTM, SOLO DTM, y Xantrex DTMs permite a atacantes remotos ejecutar código arbitrario a través de vectores no especificados. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Schneider Electric SoMove Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the IsObjectModel.ModelObject.1 ActiveX control in isObjectModel.dll. The control does not check the length of an attacker-supplied string in the RemoveParameter method before copying it into a fixed length buffer on the stack. • http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-009-01 http://www.securityfocus.com/bid/72335 https://ics-cert.us-cert.gov/advisories/ICSA-15-027-02 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2014-9197
https://notcve.org/view.php?id=CVE-2014-9197
The Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware before 1.60 IR 04 stores rde.jar under the web root with insufficient access control, which allows remote attackers to obtain sensitive setup and configuration information via a direct request. Schneider Electric ETG3000 FactoryCast HMI Gateway con firmware anterior a 1.60 IR 04 almacena rde.jar bajo el root web sin suficiente control de acceso, lo que permite a atacantes remotos obtener información sensible de la instalación y la configuración a través de una solicitud directa. • https://ics-cert.us-cert.gov/advisories/ICSA-15-020-02 • CWE-284: Improper Access Control •
CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0CVE-2014-9198
https://notcve.org/view.php?id=CVE-2014-9198
The FTP server on the Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware through 1.60 IR 04 has hardcoded credentials, which makes it easier for remote attackers to obtain access via an FTP session. El servidor FTP en Schneider Electric ETG3000 FactoryCast HMI Gateway con firmware hasta 1.60 IR 04 tienen credenciales embebidas, lo que facilita a atacantes remotos obtener el acceso a través de una sesión FTP. • http://www.securityfocus.com/bid/72258 http://www.securityfocus.com/bid/77765 https://ics-cert.us-cert.gov/advisories/ICSA-15-020-02 • CWE-255: Credentials Management Errors •
CVSS: 10.0EPSS: 3%CPEs: 2EXPL: 0CVE-2014-9190
https://notcve.org/view.php?id=CVE-2014-9190
Stack-based buffer overflow in Schneider Electric Wonderware InTouch Access Anywhere Server 10.6 and 11.0 allows remote attackers to execute arbitrary code via a request for a filename that does not exist. Desbordamiento de buffer basado en pila en Schneider Electric Wonderware InTouch Access Anywhere Server 10.6 y 11.0 permite a atacantes remotos ejecutar código arbitrario a través de una solicitud para un nombre de fichero que no existe. • https://ics-cert.us-cert.gov/advisories/ICSA-15-008-02 https://wdnresource.wonderware.com/support/docs/_SecurityBulletins/Security_Bulletin_LFSEC00000104.pdf • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •