CVE-2017-7966
https://notcve.org/view.php?id=CVE-2017-7966
A DLL Hijacking vulnerability in the programming software in Schneider Electric's SoMachine HVAC v2.1.0 allows a remote attacker to execute arbitrary code on the targeted system. The vulnerability exists due to the improper loading of a DLL. Una vulnerabilidad de secuestro de DLL en el software de programación de SoMachine HVAC versión v2.1.0 de Schneider Electric, permite que un atacante remoto ejecute código arbitrario en el sistema apuntado. La vulnerabilidad existe debido a la carga inapropiada de una DLL. • http://www.schneider-electric.com/en/download/document/SEVD-2017-125-02 http://www.securityfocus.com/bid/98446 • CWE-427: Uncontrolled Search Path Element •
CVE-2017-7574
https://notcve.org/view.php?id=CVE-2017-7574
Schneider Electric SoMachine Basic 1.4 SP1 and Schneider Electric Modicon TM221CE16R 1.3.3.3 devices have a hardcoded-key vulnerability. The Project Protection feature is used to prevent unauthorized users from opening an XML protected project file, by prompting the user for a password. This XML file is AES-CBC encrypted; however, the key used for encryption (SoMachineBasicSoMachineBasicSoMa) cannot be changed. After decrypting the XML file with this key, the user password can be found in the decrypted data. After reading the user password, the project can be opened and modified with the Schneider product. • http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2017-097-01 http://www.securityfocus.com/bid/97518 https://os-s.net/advisories/OSS-2017-02.pdf • CWE-798: Use of Hard-coded Credentials •
CVE-2013-0662 – SEIG Modbus 3.4 - Denial of Service (PoC)
https://notcve.org/view.php?id=CVE-2013-0662
Multiple stack-based buffer overflows in ModbusDrv.exe in Schneider Electric Modbus Serial Driver 1.10 through 3.2 allow remote attackers to execute arbitrary code via a large buffer-size value in a Modbus Application Header. Múltiples desbordamientos de buffer basado en pila en ModbusDrv.exe en Schneider Electric Modbus Serial Driver 1.10 hasta 3.2 permiten a atacantes remotos ejecutar código arbitrario a través de un valor de tamaño de buffer grande en Modbus Application Header. SEIG Modbus version 3.4 suffers from a remote code execution vulnerability. • https://www.exploit-db.com/exploits/45219 https://www.exploit-db.com/exploits/45220 http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202013-070-01 http://ics-cert.us-cert.gov/advisories/ICSA-14-086-01 http://www.securityfocus.com/bid/66500 • CWE-787: Out-of-bounds Write •