CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-7817 – Schneider Electric ZelioSoft2 ZM2 File Parsing Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-7817
09 Jan 2019 — A Use After Free (CWE-416) vulnerability exists in Zelio Soft 2 v5.1 and prior versions which could cause remote code execution when opening a specially crafted Zelio Soft project file. Existe una vulnerabilidad de uso de memoria previamente liberada (CWE-416) en Zelio Soft 2, en versiones v5.1 y anteriores, que podría provocar la ejecución remota de código al abrir un archivo de proyecto Zelio Soft especialmente manipulado. This vulnerability allows remote attackers to execute arbitrary code on vulnerable ... • http://www.securityfocus.com/bid/106481 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-7802
https://notcve.org/view.php?id=CVE-2018-7802
24 Dec 2018 — A SQL Injection vulnerability exists in EVLink Parking, v3.2.0-12_v1 and earlier, which could give access to the web interface with full privileges. Existe una vulnerabilidad de inyección SQL en EVLink Parking, en versiones v3.2.0-12_v1 y anteriores, lo que podría otorgar acceso a la interfaz web con privilegios totales. • http://www.securityfocus.com/bid/106807 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-7837 – Schneider Electric IIoT Monitor RuleMgmt addRule XML External Entity Processing Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2018-7837
24 Dec 2018 — An Improper Restriction of XML External Entity Reference ('XXE') vulnerability exists on numerous methods of the IIoT Monitor 3.1.38 software that could allow the software to resolve documents outside of the intended sphere of control, causing the software to embed incorrect documents into its output and expose restricted information. Existe una vulnerabilidad de restricción incorrecta de XEE (XML External Entity) en numerosos métodos del software de IIoT Monitor 3.1.38 que podría permitir que el software r... • http://www.securityfocus.com/bid/106484 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 0CVE-2018-7800
https://notcve.org/view.php?id=CVE-2018-7800
24 Dec 2018 — A Hard-coded Credentials vulnerability exists in EVLink Parking, v3.2.0-12_v1 and earlier, which could enable an attacker to gain access to the device. Existe una vulnerabilidad de credenciales embebidas en EVLink Parking, en versiones v3.2.0-12_v1 y anteriores, lo que podría permitir que un atacante obtenga acceso al dispositivo. • http://www.securityfocus.com/bid/106807 • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-7835 – Schneider Electric IIoT Monitor downloadCSV Directory Traversal Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2018-7835
24 Dec 2018 — An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in IIoT Monitor 3.1.38 which could allow access to files available to SYSTEM user. Existe una vulnerabilidad de limitación incorrecta de un nombre de ruta en un directorio restringido ("salto de directorio") en IIoT Monitor 3.1.38, lo que podría permitir el acceso a archivos disponibles para el usuario SYSTEM. This vulnerability allows remote attackers to disclose sensitive information on vulnerable instal... • http://www.securityfocus.com/bid/106484 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-7796
https://notcve.org/view.php?id=CVE-2018-7796
24 Dec 2018 — A Buffer Error vulnerability exists in PowerSuite 2, all released versions (VW3A8104 & Patches), which could cause an overflow in the memcpy function, leading to corruption of data and program instability. Existe una vulnerabilidad de error en el búfer en PowerSuite 2, en todas las versiones publicadas (parches VW3A8104) que podría provocar un desbordamiento en la función memcpy, lo que conduce a la corrupción de los datos y a la inestabilidad del programa. • https://www.schneider-electric.com/en/download/document/SEVD-2018-351-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2018-7832
https://notcve.org/view.php?id=CVE-2018-7832
24 Dec 2018 — An Improper Input Validation vulnerability exists in Pro-Face GP-Pro EX v4.08 and previous versions which could cause the execution arbitrary executable when GP-Pro EX is launched. Existe una vulnerabilidad de validación de entradas en Pro-Face GP-Pro EX, en versiones v4.08 y anteriores, lo que podría provocar la ejecución de archivos ejecutables arbitrarios cuando se inicia GP-Pro EX. • http://www.securityfocus.com/bid/106441 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 0CVE-2018-7836 – Schneider Electric IIoT Monitor UpgradeMgmt upload Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-7836
24 Dec 2018 — An unrestricted Upload of File with Dangerous Type vulnerability exists on numerous methods of the IIoT Monitor 3.1.38 software that could allow upload and execution of malicious files. Existe una vulnerabilidad de subida sin restricción de archivos con tipos peligrosos en numerosos métodos del software de IIoT Monitor 3.1.38 que podría permitir la subida y ejecución de archivos maliciosos. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Schneider Electric... • http://www.securityfocus.com/bid/106484 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 21%CPEs: 2EXPL: 1CVE-2018-7801
https://notcve.org/view.php?id=CVE-2018-7801
24 Dec 2018 — A Code Injection vulnerability exists in EVLink Parking, v3.2.0-12_v1 and earlier, which could enable access with maximum privileges when a remote code execution is performed. Existe una vulnerabilidad de inyección de código en EVLink Parking, en versiones v3.2.0-12_v1 y anteriores, lo que podría permitir el acceso con máximos privilegios cuando se ejecuta código de forma remota. • http://seclists.org/fulldisclosure/2021/Jul/32 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.7EPSS: 0%CPEs: 4EXPL: 0CVE-2018-7793
https://notcve.org/view.php?id=CVE-2018-7793
24 Dec 2018 — A Credential Management vulnerability exists in FoxView HMI SCADA (All Foxboro DCS, Foxboro Evo, and IA Series versions prior to Foxboro DCS Control Core Services 9.4 (CCS 9.4) and FoxView 10.5.) which could cause unauthorized disclosure, modification, or disruption in service when the password is modified without permission. Existe una vulnerabilidad de gestión de credenciales en FoxView HMI SCADA (todas las versiones de Foxboro DCS, Foxboro Evo e IA Series anteriores a Foxboro DCS Control Core Services 9.... • https://www.schneider-electric.com/en/download/document/SEVD-2018-353-03 •