Page 28 of 808 results (0.009 seconds)

CVSS: 4.3EPSS: 0%CPEs: 12EXPL: 0

28 Jan 2022 — A CWE-1021 Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause unintended modifications of the product settings or user accounts when deceiving the user to use the web interface rendered within iframes. Affected Products: EVlink City EVC1S22P4 / EVC1S7P4 (All versions prior to R8 V3.4.0.2 ), EVlink Parking EVW2 / EVF2 / EVP2PE (All versions prior to R8 V3.4.0.2), and EVlink Smart Wallbox EVB1A (All versions prior to R8 V3.4.0.2) Una CWE-1021: Se presenta una vulnerabil... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-348-02 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •

CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 0

28 Jan 2022 — A CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists that could allow an attacker to gain unauthorized access to the charging station web interface by performing brute force attacks. Affected Products: EVlink City EVC1S22P4 / EVC1S7P4 (All versions prior to R8 V3.4.0.2 ), EVlink Parking EVW2 / EVF2 / EVP2PE (All versions prior to R8 V3.4.0.2), and EVlink Smart Wallbox EVB1A (All versions prior to R8 V3.4.0.2) Una CWE-307: Se presenta una vulnerabilidad de Restricción Inap... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-348-02 • CWE-307: Improper Restriction of Excessive Authentication Attempts •

CVSS: 8.8EPSS: 0%CPEs: 12EXPL: 0

28 Jan 2022 — A CVE-352 Cross-Site Request Forgery (CSRF) vulnerability exists that could allow an attacker to impersonate the user or carry out actions on their behalf when crafted malicious parameters are submitted in POST requests sent to the charging station web server. Affected Products: EVlink City EVC1S22P4 / EVC1S7P4 (All versions prior to R8 V3.4.0.2 ), EVlink Parking EVW2 / EVF2 / EVP2PE (All versions prior to R8 V3.4.0.2), and EVlink Smart Wallbox EVB1A (All versions prior to R8 V3.4.0.2) Se presenta una vulne... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-348-02 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 8.8EPSS: 0%CPEs: 12EXPL: 0

28 Jan 2022 — A CVE-352 Cross-Site Request Forgery (CSRF) vulnerability exists that could allow an attacker to impersonate the user or carry out actions on their behalf when crafted malicious parameters are submitted in POST requests sent to the charging station web server. Affected Products: EVlink City EVC1S22P4 / EVC1S7P4 (All versions prior to R8 V3.4.0.2 ), EVlink Parking EVW2 / EVF2 / EVP2PE (All versions prior to R8 V3.4.0.2), and EVlink Smart Wallbox EVB1A (All versions prior to R8 V3.4.0.2) Se presenta una vulne... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-348-02 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 8.8EPSS: 3%CPEs: 1EXPL: 0

08 Nov 2021 — A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could allow a remote code execution when a file is saved. Affected Product: C-Bus Toolkit (V1.15.9 and prior), C-Gate Server (V2.11.7 and prior) Una CWE-22: Se presenta una vulnerabilidad de Limitación Inapropiada de un Nombre de Ruta a un Directorio Restringido ("Path Traversal") que podría permitir una ejecución de código remota cuando es guardado un archivo. Producto afectado: C-Bus Toolkit ... • http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-103-01 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

19 Oct 2021 — A CWE-269: Improper Privilege Management vulnerability exists that could cause an arbitrary command execution when the software is configured with specially crafted event actions. Affected Product: ConneXium Network Manager Software (All Versions) Una CWE-269: Se presenta una vulnerabilidad de Administración de Privilegios Inapropiada que podría causar una ejecución de un comando arbitrario cuando el software está configurado con acciones de eventos especialmente diseñados. Producto afectado: Software Conne... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-285-02 • CWE-269: Improper Privilege Management •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

14 Oct 2021 — A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists that could cause disclosure of arbitrary files being read in the context of the user running IGSS, due to missing validation of user supplied data in network messages. Affected Product: Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21243 and prior) Una CWE-22: Se presenta una vulnerabilidad de Limitación Inapropiada de un Nombre de Ruta a un Directorio Restringido que podría causar la divulgación... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-285-03 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 9.8EPSS: 7%CPEs: 1EXPL: 0

14 Oct 2021 — A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in remote code execution due to missing length check on user supplied data, when a constructed message is received on the network. Affected Product: Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21243 and prior) Una CWE-120: Se presenta una vulnerabilidad de Copia del búfer sin Comprobar el Tamaño de la Entrada que podría resultar en una ejecución de código remota debido a una falta de comproba... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-285-03 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 0

14 Oct 2021 — A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could lead to remote code execution through a number of paths, when an attacker, writes arbitrary files to folders in context of the DC module, by sending constructed messages on the network. Affected Product: Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21243 and prior) Una CWE-434: Se presenta una vulnerabilidad de Carga no Restringida de Archivos con Tipo Peligroso que podría conllevar a una ejecuc... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-285-03 • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0

14 Oct 2021 — A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause deletion of arbitrary files in the context of the user running IGSS due to lack of validation of network messages. Affected Product: Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21243 and prior) Una CWE-306: Se presenta una vulnerabilidad de Falta de Autenticación para una Función Crítica que podría causar el borrado de archivos arbitrarios en el contexto del usuario que ejecuta IGSS, debido ... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-285-03 • CWE-306: Missing Authentication for Critical Function •