CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0CVE-2020-7489
https://notcve.org/view.php?id=CVE-2020-7489
22 Apr 2020 — A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability exists on EcoStruxure Machine Expert – Basic or SoMachine Basic programming software (versions in security notification). The result of this vulnerability, DLL substitution, could allow the transference of malicious code to the controller. A CWE-74: Hay una vulnerabilidad de Neutralización Inapropiada de Elementos Especiales en una Salida Utilizada por un Componente Descendente ('Inject... • https://www.se.com/ww/en/download/document/SEVD-2020-105-01 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2018-7823
https://notcve.org/view.php?id=CVE-2018-7823
22 May 2019 — A Environment (CWE-2) vulnerability exists in SoMachine Basic, all versions, and Modicon M221(all references, all versions prior to firmware V1.10.0.0) which could cause remote launch of SoMachine Basic when sending crafted ethernet message. Existe una vulnerabilidad de entorno (CWE-2) en SoMachine Basic, todas las versiones y Modicon M221 (todas las referencias, todas las versiones anteriores al firmware V1.10.0.0), que podría generar el inicio remoto de SoMachine Basic cuando se envía un mensaje Ethernet ... • https://www.schneider-electric.com/en/download/document/SEVD-2019-045-01 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2018-7822
https://notcve.org/view.php?id=CVE-2018-7822
22 May 2019 — An Incorrect Default Permissions (CWE-276) vulnerability exists in SoMachine Basic, all versions, and Modicon M221(all references, all versions prior to firmware V1.10.0.0) which could cause unauthorized access to SoMachine Basic resource files when logged on the system hosting SoMachine Basic. Existe una vulnerabilidad de permisos predeterminados incorrectos (CWE-276) en SoMachine Basic, todas las versiones, y Modicon M221 (todas las referencias, todas las versiones anteriores al firmware V1.10.0.0), que p... • https://www.schneider-electric.com/en/download/document/SEVD-2019-045-01 • CWE-276: Incorrect Default Permissions •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2018-7821
https://notcve.org/view.php?id=CVE-2018-7821
22 May 2019 — An Environment (CWE-2) vulnerability exists in SoMachine Basic, all versions, and Modicon M221(all references, all versions prior to firmware V1.10.0.0) which could cause cycle time impact when flooding the M221 ethernet interface while the Ethernet/IP adapter is activated. Existe una vulnerabilidad de entorno (CWE-2) en SoMachine Basic, todas las versiones, y Modicon M221 (todas las referencias, todas las versiones anteriores al firmware V1.10.0.0), que podría generar un impacto en el tiempo del ciclo al i... • https://www.schneider-electric.com/en/download/document/SEVD-2019-045-01 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 8.2EPSS: 0%CPEs: 2EXPL: 0CVE-2018-7798
https://notcve.org/view.php?id=CVE-2018-7798
02 Nov 2018 — A Insufficient Verification of Data Authenticity (CWE-345) vulnerability exists in the Modicon M221, all versions, which could cause a change of IPv4 configuration (IP address, mask and gateway) when remotely connected to the device. Existe una vulnerabilidad de verificación insuficiente de autenticidad de datos (CWE-345) en Modicon Modicon M221, todas las versiones, lo que podría provocar un cambio en la configuración IPv4 (dirección IP, máscara y puerta de enlace) al conectarse remotamente al dispositivo. • http://www.securityfocus.com/bid/105970 • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-7783
https://notcve.org/view.php?id=CVE-2018-7783
03 Jul 2018 — Schneider Electric SoMachine Basic prior to v1.6 SP1 suffers from an XML External Entity (XXE) vulnerability using the DTD parameter entities technique resulting in disclosure and retrieval of arbitrary data on the affected node via out-of-band (OOB) attack. The vulnerability is triggered when input passed to the xml parser is not sanitized while parsing the xml project/template file. Schneider Electric SoMachine Basic en versiones anteriores a la v1.6 SP1 sufre una vulnerabilidad XXE (XML External Entity) ... • https://www.schneider-electric.com/en/download/document/SEVD-2018-142-01 • CWE-611: Improper Restriction of XML External Entity Reference •