CVSS: 7.3EPSS: 0%CPEs: 7EXPL: 0CVE-2015-1014
https://notcve.org/view.php?id=CVE-2015-1014
A successful exploit of these vulnerabilities requires the local user to load a crafted DLL file in the system directory on servers running Schneider Electric OFS v3.5 with version v7.40 of SCADA Expert Vijeo Citect/CitectSCADA, OFS v3.5 with version v7.30 of Vijeo Citect/CitectSCADA, and OFS v3.5 with version v7.20 of Vijeo Citect/CitectSCADA.. If the application attempts to open that file, the application could crash or allow the attacker to execute arbitrary code. Schneider Electric recommends vulnerable users upgrade the OFS to V3.5 and install the latest service pack (SP 6 or newer) for their associated version. Una explotación exitosa de estas vulnerabilidades requiere que el usuario local suba un archivo DLL manipulado en el directorio de sistemas en los servidores que ejecutan Schneider Electric OFS v3.5 con la versión v7.40 de SCADA Expert Vijeo Citect/CitectSCADA, OFS v3.5 con la versión v7.30 de Vijeo Citect/CitectSCADA y OFS v3.5 con la versiónv7.20 de Vijeo Citect/CitectSCADA. Si la aplicación intenta abrir ese archivo, podría cerrarse inesperadamente o permitir al atacante ejecutar código arbitrario. • https://ics-cert.us-cert.gov/advisories/ICSA-15-141-01 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 19EXPL: 0CVE-2013-2824
https://notcve.org/view.php?id=CVE-2013-2824
Schneider Electric StruxureWare SCADA Expert Vijeo Citect 7.40, Vijeo Citect 7.20 through 7.30SP1, CitectSCADA 7.20 through 7.30SP1, StruxureWare PowerSCADA Expert 7.30 through 7.30SR1, and PowerLogic SCADA 7.20 through 7.20SR1 do not properly handle exceptions, which allows remote attackers to cause a denial of service via a crafted packet. Schneider Electric StruxureWare SCADA Expert Vijeo Citect 7.40, Vijeo Citect 7.20 hasta 7.30SP1, CitectSCADA 7.20 hasta 7.30SP1, StruxureWare PowerSCADA Expert 7.30 hasta 7.30SR1 y PowerLogic SCADA 7.20 hasta 7.20SR1 no manejan debidamente las excepciones, lo que permite a atacantes remotos causar una denegación de servicio a través de un paquete manipulado. • http://ics-cert.us-cert.gov/advisories/ICSA-13-350-01 http://www.citect.schneider-electric.com/security-DoS •
CVSS: 6.9EPSS: 0%CPEs: 6EXPL: 0CVE-2013-2796
https://notcve.org/view.php?id=CVE-2013-2796
Schneider Electric Vijeo Citect 7.20 and earlier, CitectSCADA 7.20 and earlier, and PowerLogic SCADA 7.20 and earlier allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. Schneider Electric Vijeo Citect v7.20 y anteriores, CitectSCADA v7.20 y anteriores, y PowerLogic SCADA v7.20 y anteriores, permite a atacantes remotos leer ficheros, enviar peticiones HTTP a servidores intranet, o causar una denegación del servicio (consumo de CPU y memoria) a través de fichero XML que contiene una declaración de entidad externa, junto con una referencia de entidad, en relación con un fallo en XML External Entity (XXE). • http://ics-cert.us-cert.gov/advisories/ICSA-13-217-02 http://www.citect.schneider-electric.com/cs-HF720SP459363 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 94%CPEs: 3EXPL: 2CVE-2013-3075 – Mitsubishi MX ActiveX Component 3 - 'ActUWzd.dll' 'WzTitle' Remote Heap Spray
https://notcve.org/view.php?id=CVE-2013-3075
Multiple buffer overflows in ActUWzd.dll 1.0.0.1 in Mitsubishi MX Component 3, as distributed in Citect CitectFacilities 7.10 and CitectScada 7.10r1, allow remote attackers to execute arbitrary code via a long string, as demonstrated by a long WzTitle property value to a certain ActiveX control. Múltiples desbordamientos de búfer en ActUWzd.dll v1.0.0.1 en Mitsubishi MX componente 3, que distribuye en CitectFacilities Citect v7.10 y CitectSCADA v7.10r1, permite a atacantes remotos ejecutar código arbitrario a través de una cadena larga, como lo demuestra con un valor largo de la propiedad WzTitle a un determinado ActiveX control. • https://www.exploit-db.com/exploits/24886 http://www.exploit-db.com/exploits/24886 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.6EPSS: 0%CPEs: 2EXPL: 0CVE-2011-5163
https://notcve.org/view.php?id=CVE-2011-5163
Buffer overflow in an unspecified third-party component in the Batch module for Schneider Electric CitectSCADA before 7.20 and Mitsubishi MX4 SCADA before 7.20 allows local users to execute arbitrary code via a long string in a login sequence. Desbordamiento de búfer en un componente de terceros no especificado en el módulo de ejecución por lote para Schneider Electric CitectSCADA anterior a v7.20 y Mitsubishi MX4 SCADA anterior a v7.20 permite a usuarios locales ejecutar código arbitrario a través de una cadena larga en una secuencia de acceso. • http://secunia.com/advisories/46779 http://secunia.com/advisories/46786 http://www.citect.com/citectscada-batch http://www.osvdb.org/76937 http://www.securitytracker.com/id?1026306 http://www.us-cert.gov/control_systems/pdf/ICSA-11-279-02.pdf https://my.mitsubishi-automation.com/downloads_show.php?portal_id=1&doc_type=safety&scat=2&sstr=MX4%2CSCADA • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •