CVSS: 7.5EPSS: 0%CPEs: 28EXPL: 0CVE-2021-22787
https://notcve.org/view.php?id=CVE-2021-22787
11 Feb 2022 — A CWE-20: Improper Input Validation vulnerability exists that could cause denial of service of the device when an attacker sends a specially crafted HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (All Versions), Modicon Premium Processors with integrated Ethernet (Copro): TSXP574634, TSXP575634, TSXP576634 (All Versions), Modicon Q... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-257-02 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 28EXPL: 0CVE-2021-22785
https://notcve.org/view.php?id=CVE-2021-22785
11 Feb 2022 — A CWE-200: Information Exposure vulnerability exists that could cause sensitive information of files located in the web root directory to leak when an attacker sends a HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (All Versions), Modicon Premium Processors with integrated Ethernet (Copro): TSXP574634, TSXP575634, TSXP576634 (All V... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-257-02 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-22796
https://notcve.org/view.php?id=CVE-2021-22796
11 Feb 2022 — A CWE-287: Improper Authentication vulnerability exists that could allow remote code execution when a malicious file is uploaded. Affected Product: C-Bus Toolkit (V1.15.9 and prior), C-Gate Server (V2.11.7 and prior) Una CWE-287: Se presenta una vulnerabilidad de Autenticación Inapropiada que podría permitir una ejecución de código remota cuando es cargado un archivo malicioso. Producto afectado: C-Bus Toolkit (versiones V1.15.9 y anteriores), C-Gate Server (versiones V2.11.7 y anteriores) • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-103-01 • CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 0%CPEs: 85EXPL: 0CVE-2021-22817
https://notcve.org/view.php?id=CVE-2021-22817
09 Feb 2022 — A CWE-276: Incorrect Default Permissions vulnerability exists that could cause unauthorized access to the base installation directory leading to local privilege escalation. Affected Product: Harmony/Magelis iPC Series (All Versions), Vijeo Designer (All Versions prior to V6.2 SP11 Multiple HotFix 4), Vijeo Designer Basic (All Versions prior to V1.2.1) Una CWE-276: Se presenta una vulnerabilidad de Permisos incorrectos por Defecto que podría causar un acceso no autorizado al directorio de instalación base co... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-06 • CWE-276: Incorrect Default Permissions •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-24321
https://notcve.org/view.php?id=CVE-2022-24321
09 Feb 2022 — A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause Denial of Service against the Geo SCADA server when receiving a malformed HTTP request. Affected Product: ClearSCADA (All Versions), EcoStruxure Geo SCADA Expert 2019 (All Versions), EcoStruxure Geo SCADA Expert 2020 (All Versions) Una CWE-754: Se presenta una vulnerabilidad de Comprobación Inapropiada de Condiciones Inusuales o Excepcionales que podría causar una denegación de servicio contra el servidor G... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-05 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 0CVE-2022-24320
https://notcve.org/view.php?id=CVE-2022-24320
09 Feb 2022 — A CWE-295: Improper Certificate Validation vulnerability exists that could allow a Man-in-theMiddle attack when communications between the client and Geo SCADA database server are intercepted. Affected Product: ClearSCADA (All Versions), EcoStruxure Geo SCADA Expert 2019 (All Versions), EcoStruxure Geo SCADA Expert 2020 (All Versions) Una CWE-295: Se presenta una vulnerabilidad de Comprobación Inapropiada de Certificados que podría permitir un ataque de tipo Man-in-theMiddle cuando son interceptadas las com... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-05 • CWE-295: Improper Certificate Validation •
CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 0CVE-2022-24319
https://notcve.org/view.php?id=CVE-2022-24319
09 Feb 2022 — A CWE-295: Improper Certificate Validation vulnerability exists that could allow a Man-in-theMiddle attack when communications between the client and Geo SCADA web server are intercepted. Affected Product: ClearSCADA (All Versions), EcoStruxure Geo SCADA Expert 2019 (All Versions), EcoStruxure Geo SCADA Expert 2020 (All Versions) Una CWE-295: Se presenta una vulnerabilidad de Comprobación de Certificados inapropiada que podría permitir un ataque de tipo Man-in-theMiddle cuando son interceptadas las comunica... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-05 • CWE-295: Improper Certificate Validation •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2022-22812
https://notcve.org/view.php?id=CVE-2022-22812
09 Feb 2022 — A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause a web session compromise when an attacker injects and then executes arbitrary malicious JavaScript code inside the target browser. Affected Product: spaceLYnk (V2.6.2 and prior), Wiser for KNX (formerly homeLYnk) (V2.6.2 and prior), fellerLYnk (V2.6.2 and prior) Una CWE-79: Se presenta una vulnerabilidad de Neutralización Inadecuada de Entradas Durante la Generación de Páginas... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-04 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-24318
https://notcve.org/view.php?id=CVE-2022-24318
09 Feb 2022 — A CWE-326: Inadequate Encryption Strength vulnerability exists that could cause non-encrypted communication with the server when outdated versions of the ViewX client are used. Affected Product: ClearSCADA (All Versions), EcoStruxure Geo SCADA Expert 2019 (All Versions), EcoStruxure Geo SCADA Expert 2020 (All Versions) Una CWE-326: Se presenta una vulnerabilidad de Fuerza de Encriptación que podría causar una comunicación no encriptada con el servidor cuando son usadas versiones obsoletas del cliente ViewX.... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-05 • CWE-326: Inadequate Encryption Strength •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-22811
https://notcve.org/view.php?id=CVE-2022-22811
09 Feb 2022 — A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists that could induce users to perform unintended actions, leading to the override of the system�s configurations when an attacker persuades a user to visit a rogue website. Affected Product: spaceLYnk (V2.6.2 and prior), Wiser for KNX (formerly homeLYnk) (V2.6.2 and prior), fellerLYnk (V2.6.2 and prior) Una CWE-352: Se presenta una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) que podría inducir a usuarios a llevar a cabo acciones no ... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-04 • CWE-352: Cross-Site Request Forgery (CSRF) •