CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0CVE-2018-7839 – Schneider Electric IIoT Monitor Hard-coded Cryptographic Key Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2018-7839
16 Jan 2019 — A Cryptographic Issue (CWE-310) vulnerability exists in IIoT Monitor 3.1.38 which could allow information disclosure. Existe una vulnerabilidad de problema criptográfico (CWE-310) en IIoT Monitor 3.1.38 que podría permitir la divulgación de información. This vulnerability allows the decryption of the administrator password on vulnerable installations of Schneider Electric IIoT Monitor. Authentication is not required to exploit this vulnerability. The specific flaw exists within encryption of the administrat... • https://ics-cert.us-cert.gov/advisories/ICSA-19-008-02 • CWE-310: Cryptographic Issues •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 0CVE-2018-7836 – Schneider Electric IIoT Monitor UpgradeMgmt upload Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-7836
24 Dec 2018 — An unrestricted Upload of File with Dangerous Type vulnerability exists on numerous methods of the IIoT Monitor 3.1.38 software that could allow upload and execution of malicious files. Existe una vulnerabilidad de subida sin restricción de archivos con tipos peligrosos en numerosos métodos del software de IIoT Monitor 3.1.38 que podría permitir la subida y ejecución de archivos maliciosos. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Schneider Electric... • http://www.securityfocus.com/bid/106484 • CWE-434: Unrestricted Upload of File with Dangerous Type •