NotCVE - vendor:"Aveva" product:"Intouch"

Page 3 of 18 results (0.004 seconds)

CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 1

CVE-2018-10620

https://notcve.org/view.php?id=CVE-2018-10620

AVEVA InduSoft Web Studio v8.1 and v8.1SP1, and InTouch Machine Edition v2017 8.1 and v2017 8.1 SP1 a remote user could send a carefully crafted packet to exploit a stack-based buffer overflow vulnerability during tag, alarm, or event related actions such as read and write, with potential for code to be executed. En AVEVA InduSoft Web Studio v8.1 y v8.1SP1 e InTouch Machine Edition v2017 8.1 y v2017 8.1 SP1, un usuario remoto podría enviar un paquete cuidadosamente manipulado para explotar una vulnerabilidad de desbordamiento de búfer basado en pila durante acciones relacionadas con etiquetas, alarmas o eventos, tales como la lectura y la escritura, con la posibilidad de que se ejecute código. • http://www.securityfocus.com/bid/104870 https://ics-cert.us-cert.gov/advisories/ICSA-18-200-01 https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec128%28002%29.pdf https://www.tenable.com/security/research/tra-2018-19 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2017-5156

https://notcve.org/view.php?id=CVE-2017-5156

A Cross-Site Request Forgery issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. The client request may be forged from a different site. This will allow an external site to access internal RDP systems on behalf of the currently logged in user. Un problema CSRF fue descubierto en Schneider Electric Wonderware InTouch Access Anywhere, versión 11.5.2 y en versiones anteriores. La solicitud del cliente puede falsificarse desde un sitio diferente. • http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000114 http://www.securityfocus.com/bid/97256 https://ics-cert.us-cert.gov/advisories/ICSA-17-089-01 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2017-5160

https://notcve.org/view.php?id=CVE-2017-5160

An Inadequate Encryption Strength issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. The software will connect via Transport Layer Security without verifying the peer's SSL certificate properly. Se ha descubierto un problema Inadequate Encryption Strength en Schneider Electric Wonderware InTouch Access Anywhere, versión 11.5.2 y en versiones anteriores. El software se conectará a través de Transport Layer Security sin verificar correctamente el certificado SSL de los pares. • http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000114 http://www.securityfocus.com/bid/97256 https://ics-cert.us-cert.gov/advisories/ICSA-17-089-01 • CWE-326: Inadequate Encryption Strength •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2017-5158

https://notcve.org/view.php?id=CVE-2017-5158

An Information Exposure issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. Credentials may be exposed to external systems via specific URL parameters, as arbitrary destination addresses may be specified. Se ha descubierto un problema de exposición de la información en Schneider Electric Wonderware InTouch Access Anywhere, versión 11.5.2 y en versiones anteriores. Las credenciales pueden estar expuestas a sistemas externos a través de parámetros específicos de URL, se pueden especificar direcciones de destino arbitrarias. • http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000114 http://www.securityfocus.com/bid/97256 https://ics-cert.us-cert.gov/advisories/ICSA-17-089-01 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0

CVE-2015-0997

https://notcve.org/view.php?id=CVE-2015-0997

Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 provide an HMI user interface that lists all valid usernames, which makes it easier for remote attackers to obtain access via a brute-force password-guessing attack. Schneider Electric InduSoft Web Studio anterior a 7.1.3.4 SP3 Patch 4 y InTouch Machine Edition 2014 anterior a 7.1.3.4 SP3 Patch 4 proporcionan una interfaz de usuario HMI que lista todos los nombres de usuario válidos, lo que facilita a atacantes remotos obtener el acceso a través de un ataque de adivinación de contraseñas de fuerza bruta. • http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-054-01 http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-054-02 https://ics-cert.us-cert.gov/advisories/ICSA-15-085-01 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

1 2 3 4