Page 2 of 10 results (0.004 seconds)

CVSS: 4.6EPSS: 0%CPEs: 2EXPL: 0

Buffer overflow in an unspecified third-party component in the Batch module for Schneider Electric CitectSCADA before 7.20 and Mitsubishi MX4 SCADA before 7.20 allows local users to execute arbitrary code via a long string in a login sequence. Desbordamiento de búfer en un componente de terceros no especificado en el módulo de ejecución por lote para Schneider Electric CitectSCADA anterior a v7.20 y Mitsubishi MX4 SCADA anterior a v7.20 permite a usuarios locales ejecutar código arbitrario a través de una cadena larga en una secuencia de acceso. • http://secunia.com/advisories/46779 http://secunia.com/advisories/46786 http://www.citect.com/citectscada-batch http://www.osvdb.org/76937 http://www.securitytracker.com/id?1026306 http://www.us-cert.gov/control_systems/pdf/ICSA-11-279-02.pdf https://my.mitsubishi-automation.com/downloads_show.php?portal_id=1&doc_type=safety&scat=2&sstr=MX4%2CSCADA • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.0EPSS: 0%CPEs: 8EXPL: 0

Directory traversal vulnerability in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADAReports 4.10 and earlier allows remote attackers to read arbitrary files via unspecified vectors. Vulnerabilidad de salto de directorio en Schneider Electric Vijeo Historian v4.30 y anteriores, CitectHistorian v4.30 y anteriores, y CitectSCADAReports v4.10 y anteriores permite a atacantes remotos leer ficheros arbitrarios a través de vectores no especificados. • http://www.citect.com/index.php?option=com_content&view=article&id=1656&Itemid=1695 http://www.scada.schneider-electric.com/sites/scada/en/login/historian-vulnerability.page http://www.us-cert.gov/control_systems/pdf/ICSA-11-307-01.pdf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 9.3EPSS: 39%CPEs: 8EXPL: 0

Buffer overflow in the Steema TeeChart ActiveX control, as used in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADAReports 4.10 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service via unspecified vectors. Desbordamiento de búfer en el control ActiveX TeeChart Steema, tal como se utiliza en Schneider Electric Vijeo Historian v4.30 y anteriores, CitectHistorian v4.30 y anteriores, y CitectSCADAReports v4.10 y anteriores, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio a través de vectores no especificados. • http://www.citect.com/index.php?option=com_content&view=article&id=1656&Itemid=1695 http://www.scada.schneider-electric.com/sites/scada/en/login/historian-vulnerability.page http://www.us-cert.gov/control_systems/pdf/ICSA-11-307-01.pdf • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 0

Cross-site scripting (XSS) vulnerability in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADAReports 4.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Schneider Electric Vijeo Historian v4.30 y anteriores, CitectHistorian v4.30 y anteriores, y CitectSCADAReports v4.10 y anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://www.citect.com/index.php?option=com_content&view=article&id=1656&Itemid=1695 http://www.scada.schneider-electric.com/sites/scada/en/login/historian-vulnerability.page http://www.us-cert.gov/control_systems/pdf/ICSA-11-307-01.pdf https://exchange.xforce.ibmcloud.com/vulnerabilities/71503 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 0

Buffer overflow in the Steema TeeChart ActiveX control, as used in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADAReports 4.10 and earlier, allows remote attackers to cause a denial of service via unspecified vectors. Desbordamiento de búfer en el control ActiveX TeeChart Steema, tal como se utiliza en Schneider Electric Vijeo Historian v4.30 y anteriores, CitectHistorian v4.30 y anteriores, y CitectSCADAReports v4.10 y anteriores, permite a atacantes remotos provocar una denegación de servicio a través de vectores no especificados. • http://www.citect.com/index.php?option=com_content&view=article&id=1656&Itemid=1695 http://www.scada.schneider-electric.com/sites/scada/en/login/historian-vulnerability.page http://www.us-cert.gov/control_systems/pdf/ICSA-11-307-01.pdf • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •