Page 4 of 757 results (0.003 seconds)

CVSS: 6.4EPSS: 0%CPEs: 4EXPL: 0

CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability exists that could cause escalation of privileges when an attacker abuses a limited admin account. CWE-367: Existe una vulnerabilidad de condición de ejecución de tiempo de verificación y tiempo de uso (TOCTOU) que podría provocar una escalada de privilegios cuando un atacante abusa de una cuenta de administrador limitada. • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-163-04.pdf • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •

CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0

CWE-552: Files or Directories Accessible to External Parties vulnerability exists which may prevent user to update the device firmware and prevent proper behavior of the webserver when specific files or directories are removed from the filesystem. CWE-552: Existe una vulnerabilidad de archivos o directorios accesibles a terceros que puede impedir que el usuario actualice el firmware del dispositivo e impedir el comportamiento adecuado del servidor web cuando se eliminan archivos o directorios específicos del sistema de archivos. • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-163-01.pdf • CWE-552: Files or Directories Accessible to External Parties •

CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0

CWE-502: Deserialization of Untrusted Data vulnerability exists that could cause remote code execution when a malicious project file is loaded into the application by a valid user. CWE-502: Existe una vulnerabilidad de deserialización de datos no confiables que podría causar la ejecución remota de código cuando un usuario válido carga un archivo de proyecto malicioso en la aplicación. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric EcoStruxure Power Design - Ecodial. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the BinSerializer class. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-072-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-072-02.pdf • CWE-502: Deserialization of Untrusted Data •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

CWE-798: Use of hard-coded credentials vulnerability exists that could cause local privilege escalation when logged in as a non-administrative user. CWE-798: Existe una vulnerabilidad en el uso de credenciales codificadas que podría provocar una escalada de privilegios locales al iniciar sesión como usuario no administrativo. This vulnerability allows local attackers to escalate privileges on affected installations of Schneider Electric EcoStruxure IT Gateway. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the installer. The issue results from the use of hard-coded credentials. • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-044-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-044-03.pdf • CWE-798: Use of Hard-coded Credentials •

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0

CWE-287: Improper Authentication vulnerability exists that could cause unauthorized tampering of device configuration over NFC communication. CWE-287: Existe una vulnerabilidad de autenticación incorrecta que podría provocar una manipulación no autorizada de la configuración del dispositivo a través de la comunicación NFC. • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-044-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-044-02.pdf • CWE-287: Improper Authentication •