CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-7783
https://notcve.org/view.php?id=CVE-2018-7783
Schneider Electric SoMachine Basic prior to v1.6 SP1 suffers from an XML External Entity (XXE) vulnerability using the DTD parameter entities technique resulting in disclosure and retrieval of arbitrary data on the affected node via out-of-band (OOB) attack. The vulnerability is triggered when input passed to the xml parser is not sanitized while parsing the xml project/template file. Schneider Electric SoMachine Basic en versiones anteriores a la v1.6 SP1 sufre una vulnerabilidad XXE (XML External Entity) mediante la técnica de entidades de parámetros DTD, resultando en la revelación y recuperación de datos arbitrarios en el nodo afectado mediante un ataque OOB (out-of-band). La vulnerabilidad se desencadena cuando la entrada pasada al analizador xml no se sanea cuando se analiza el archivo de proyecto/plantilla xml. • https://www.schneider-electric.com/en/download/document/SEVD-2018-142-01 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2017-7966
https://notcve.org/view.php?id=CVE-2017-7966
A DLL Hijacking vulnerability in the programming software in Schneider Electric's SoMachine HVAC v2.1.0 allows a remote attacker to execute arbitrary code on the targeted system. The vulnerability exists due to the improper loading of a DLL. Una vulnerabilidad de secuestro de DLL en el software de programación de SoMachine HVAC versión v2.1.0 de Schneider Electric, permite que un atacante remoto ejecute código arbitrario en el sistema apuntado. La vulnerabilidad existe debido a la carga inapropiada de una DLL. • http://www.schneider-electric.com/en/download/document/SEVD-2017-125-02 http://www.securityfocus.com/bid/98446 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7965
https://notcve.org/view.php?id=CVE-2017-7965
A buffer overflow vulnerability exists in Programming Software executable AlTracePrint.exe, in Schneider Electric's SoMachine HVAC v2.1.0 for Modicon M171/M172 Controller. Existe una vulnerabilidad de desbordamiento de búfer en el ejecutable del Software de Programación AlTracePrint.exe, en SoMachine HVAC versión v2.1.0 de Schneider Electric para el controlador Modicon M171/M172. • http://www.schneider-electric.com/en/download/document/SEVD-2017-125-01 http://www.securityfocus.com/bid/98449 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2017-7574
https://notcve.org/view.php?id=CVE-2017-7574
Schneider Electric SoMachine Basic 1.4 SP1 and Schneider Electric Modicon TM221CE16R 1.3.3.3 devices have a hardcoded-key vulnerability. The Project Protection feature is used to prevent unauthorized users from opening an XML protected project file, by prompting the user for a password. This XML file is AES-CBC encrypted; however, the key used for encryption (SoMachineBasicSoMachineBasicSoMa) cannot be changed. After decrypting the XML file with this key, the user password can be found in the decrypted data. After reading the user password, the project can be opened and modified with the Schneider product. • http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2017-097-01 http://www.securityfocus.com/bid/97518 https://os-s.net/advisories/OSS-2017-02.pdf • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.5EPSS: 21%CPEs: 3EXPL: 0CVE-2016-4529 – Schneider Electric SoMachine HVAC AxEditGrid ActiveX Control SetDataIntf Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-4529
An unspecified ActiveX control in Schneider Electric SoMachine HVAC Programming Software for M171/M172 Controllers before 2.1.0 allows remote attackers to execute arbitrary code via unknown vectors, related to the INTERFACESAFE_FOR_UNTRUSTED_CALLER (aka safe for scripting) flag. Un control ActiveX no especificado en Schneider Electric SoMachine HVAC Programming Software para M171/M172 Controllers en versiones anteriores a 2.1.0 permite a atacantes remotos ejecutar código arbitrario a través de vectores desconocidos, relacionados con el indicador INTERFACESAFE_FOR_UNTRUSTED_CALLER (también conocido como secuencias de comandos para guardar). This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Schneider Electric SoMachine HVAC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the SetDataIntf method of the AxEditGrid control. The control has an untrusted pointer dereference vulnerability because it blindly calls an attacker-supplied memory address. • http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2016-161-01 http://www.securityfocus.com/bid/91778 http://www.zerodayinitiative.com/advisories/ZDI-16-440 https://ics-cert.us-cert.gov/advisories/ICSA-16-196-03 •