CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 1CVE-2011-4861
https://notcve.org/view.php?id=CVE-2011-4861
The modbus_125_handler function in the Schneider Electric Quantum Ethernet Module on the NOE 771 device (aka the Quantum 140NOE771* module) allows remote attackers to install arbitrary firmware updates via a MODBUS 125 function code to TCP port 502. La función modbus_125_handler del módulo Schneider Electric Quantum Ethernet del dispositivo NOE 771 (módulo Quantum 140NOE771*) permite a atacantes remotos instalar actualizaciones de firmware arbitrarias a través de un código de función MODBUS 125 al puerto TCP 502. • http://reversemode.com/index.php?option=com_content&task=view&id=80&Itemid=1 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 0%CPEs: 8EXPL: 0CVE-2011-4036
https://notcve.org/view.php?id=CVE-2011-4036
Directory traversal vulnerability in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADAReports 4.10 and earlier allows remote attackers to read arbitrary files via unspecified vectors. Vulnerabilidad de salto de directorio en Schneider Electric Vijeo Historian v4.30 y anteriores, CitectHistorian v4.30 y anteriores, y CitectSCADAReports v4.10 y anteriores permite a atacantes remotos leer ficheros arbitrarios a través de vectores no especificados. • http://www.citect.com/index.php?option=com_content&view=article&id=1656&Itemid=1695 http://www.scada.schneider-electric.com/sites/scada/en/login/historian-vulnerability.page http://www.us-cert.gov/control_systems/pdf/ICSA-11-307-01.pdf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.3EPSS: 39%CPEs: 8EXPL: 0CVE-2011-4034
https://notcve.org/view.php?id=CVE-2011-4034
Buffer overflow in the Steema TeeChart ActiveX control, as used in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADAReports 4.10 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service via unspecified vectors. Desbordamiento de búfer en el control ActiveX TeeChart Steema, tal como se utiliza en Schneider Electric Vijeo Historian v4.30 y anteriores, CitectHistorian v4.30 y anteriores, y CitectSCADAReports v4.10 y anteriores, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio a través de vectores no especificados. • http://www.citect.com/index.php?option=com_content&view=article&id=1656&Itemid=1695 http://www.scada.schneider-electric.com/sites/scada/en/login/historian-vulnerability.page http://www.us-cert.gov/control_systems/pdf/ICSA-11-307-01.pdf • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 0CVE-2011-4035
https://notcve.org/view.php?id=CVE-2011-4035
Cross-site scripting (XSS) vulnerability in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADAReports 4.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Schneider Electric Vijeo Historian v4.30 y anteriores, CitectHistorian v4.30 y anteriores, y CitectSCADAReports v4.10 y anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://www.citect.com/index.php?option=com_content&view=article&id=1656&Itemid=1695 http://www.scada.schneider-electric.com/sites/scada/en/login/historian-vulnerability.page http://www.us-cert.gov/control_systems/pdf/ICSA-11-307-01.pdf https://exchange.xforce.ibmcloud.com/vulnerabilities/71503 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 0CVE-2011-4033
https://notcve.org/view.php?id=CVE-2011-4033
Buffer overflow in the Steema TeeChart ActiveX control, as used in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADAReports 4.10 and earlier, allows remote attackers to cause a denial of service via unspecified vectors. Desbordamiento de búfer en el control ActiveX TeeChart Steema, tal como se utiliza en Schneider Electric Vijeo Historian v4.30 y anteriores, CitectHistorian v4.30 y anteriores, y CitectSCADAReports v4.10 y anteriores, permite a atacantes remotos provocar una denegación de servicio a través de vectores no especificados. • http://www.citect.com/index.php?option=com_content&view=article&id=1656&Itemid=1695 http://www.scada.schneider-electric.com/sites/scada/en/login/historian-vulnerability.page http://www.us-cert.gov/control_systems/pdf/ICSA-11-307-01.pdf • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •