Page 58 of 763 results (0.005 seconds)

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to missing size checks, when a malicious WSP (Workspace) file is being parsed by IGSS Definition. Un CWE-787: Se presenta una vulnerabilidad de escritura fuera de límites en IGSS Definition (Def.exe) versiones V15.0.0.21140 y anteriores, que podría resultar en la pérdida de datos o una ejecución de código remota debido a una falta de comprobaciones de tamaño, cuando un archivo WSP (espacio de trabajo) malicioso está siendo analizado por IGSS Definition This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric IGSS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of WSP files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. • http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-01 • CWE-787: Out-of-bounds Write •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in remote code execution, when a malicious CGF or WSP file is being parsed by IGSS Definition. Un CWE-22: Limitación Inapropiada de un Nombre de Ruta a un Directorio Restringido en IGSS Definition (Def.exe) versiones V15.0.0.21140 y anteriores, que podría resultar en una ejecución de código remota, cuando un archivo CGF o WSP malicioso está siendo analizado por IGSS Definition This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric IGSS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of WSP and CGF files. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the current user. • http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-01 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21041 and prior that could result in loss of data or remote code execution due to missing length checks, when a malicious CGF file is imported to IGSS Definition. Un CWE-787: Se presenta una vulnerabilidad de escritura fuera de límites en IGSS Definition (Def.exe) versiones V15.0.0.21041 y anteriores que podría resultar en la pérdida de datos o una ejecución de código remota debido a una falta de comprobaciones de longitud, cuando es importado un archivo CGF malicioso a IGSS Definition This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric IGSS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CGF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. • http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-01 • CWE-787: Out-of-bounds Write •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in disclosure of information or remote code e+F15xecution due to missing length check on user supplied data, when a malicious CGF file is imported to IGSS Definition. Un CWE-119: Se presenta una vulnerabilidad de Restricción Inapropiada de las Operaciones dentro de los Límites de un Búfer de Memoria en IGSS Definition (Def.exe) versiones V15.0.0.21140 y anteriores que podría resultar en una divulgación de información o a una ejecución de código remota e+F15 debido a una falta de comprobación de la longitud de los datos suministrados por el usuario, cuando es importado un archivo CGF malicioso a IGSS Definition This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric IGSS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CGF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. • http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 3.9EPSS: 0%CPEs: 5EXPL: 0

Improper Check for Unusual or Exceptional Conditions vulnerability exists in Triconex Model 3009 MP installed on Tricon V11.3.x systems that could cause module reset when TCM receives malformed TriStation packets while the write-protect keyswitch is in the program position. This CVE ID is unique from CVE-2021-22742, CVE-2021-22744, CVE-2021-22745, and CVE-2021-22746. Se presenta una vulnerabilidad de Comprobación Inapropiada de Condiciones Inusuales o Excepcionales en Triconex Model 3009 MP instalado en sistemas Tricon versión V11.3.x, que podría causar el reinicio del módulo cuando el TCM recibe paquetes TriStation malformados mientras el interruptor de llave de protección contra escritura está en la posición de programa. Este ID de CVE es diferente de CVE-2021-22742, CVE-2021-22744, CVE-2021-22745 y CVE-2021-22746 • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-130-03 • CWE-754: Improper Check for Unusual or Exceptional Conditions •