All the vulnerabilites related to Schneider Electric - EcoStruxure Operator Terminal Expert
cve-2022-41669
Vulnerability from cvelistv5
Published
2022-11-04 00:00
Modified
2024-08-03 12:49
Severity ?
EPSS score ?
Summary
A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load a malicious DLL which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior).
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:49:43.392Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2022-284-01/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EcoStruxure Operator Terminal Expert",
"vendor": "Schneider Electric",
"versions": [
{
"lessThanOrEqual": "Hotfix 1",
"status": "affected",
"version": "V3.3",
"versionType": "custom"
}
]
},
{
"product": "Pro-face BLUE",
"vendor": "Schneider Electric",
"versions": [
{
"lessThanOrEqual": "Hotfix 1",
"status": "affected",
"version": "V3.3",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load a malicious DLL which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347 Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-04T00:00:00",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"url": "https://www.se.com/ww/en/download/document/SEVD-2022-284-01/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2022-41669",
"datePublished": "2022-11-04T00:00:00",
"dateReserved": "2022-09-27T00:00:00",
"dateUpdated": "2024-08-03T12:49:43.392Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-41667
Vulnerability from cvelistv5
Published
2022-11-04 00:00
Modified
2024-08-03 12:49
Severity ?
EPSS score ?
Summary
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that allows adversaries with local user privileges to load a malicious DLL which could lead to execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior).
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:49:43.501Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2022-284-01/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EcoStruxure Operator Terminal Expert",
"vendor": "Schneider Electric",
"versions": [
{
"lessThanOrEqual": "Hotfix 1",
"status": "affected",
"version": "V3.3",
"versionType": "custom"
}
]
},
{
"product": "Pro-face BLUE",
"vendor": "Schneider Electric",
"versions": [
{
"lessThanOrEqual": "Hotfix 1",
"status": "affected",
"version": "V3.3",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability exists that allows adversaries with local user privileges to load a malicious DLL which could lead to execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-04T00:00:00",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"url": "https://www.se.com/ww/en/download/document/SEVD-2022-284-01/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2022-41667",
"datePublished": "2022-11-04T00:00:00",
"dateReserved": "2022-09-27T00:00:00",
"dateUpdated": "2024-08-03T12:49:43.501Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-41668
Vulnerability from cvelistv5
Published
2022-11-04 00:00
Modified
2024-08-03 12:49
Severity ?
EPSS score ?
Summary
A CWE-704: Incorrect Project Conversion vulnerability exists that allows adversaries with local user privileges to load a project file from an adversary-controlled network share which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior).
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:49:43.608Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2022-284-01/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EcoStruxure Operator Terminal Expert",
"vendor": "Schneider Electric",
"versions": [
{
"lessThanOrEqual": "Hotfix 1",
"status": "affected",
"version": "V3.3",
"versionType": "custom"
}
]
},
{
"product": "Pro-face BLUE",
"vendor": "Schneider Electric",
"versions": [
{
"lessThanOrEqual": "Hotfix 1",
"status": "affected",
"version": "V3.3",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-704: Incorrect Project Conversion vulnerability exists that allows adversaries with local user privileges to load a project file from an adversary-controlled network share which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-704",
"description": "CWE-704 Incorrect Type Conversion or Cast",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-04T00:00:00",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"url": "https://www.se.com/ww/en/download/document/SEVD-2022-284-01/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2022-41668",
"datePublished": "2022-11-04T00:00:00",
"dateReserved": "2022-09-27T00:00:00",
"dateUpdated": "2024-08-03T12:49:43.608Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-41666
Vulnerability from cvelistv5
Published
2022-11-04 00:00
Modified
2024-08-03 12:49
Severity ?
EPSS score ?
Summary
A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists that allows adversaries with local user privileges to load a malicious DLL which could lead to execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior).
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:49:43.908Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2022-284-01/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EcoStruxure Operator Terminal Expert",
"vendor": "Schneider Electric",
"versions": [
{
"lessThanOrEqual": "Hotfix 1",
"status": "affected",
"version": "V3.3",
"versionType": "custom"
}
]
},
{
"product": "Pro-face BLUE",
"vendor": "Schneider Electric",
"versions": [
{
"lessThanOrEqual": "Hotfix 1",
"status": "affected",
"version": "V3.3",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists that allows adversaries with local user privileges to load a malicious DLL which could lead to execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347 Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-04T00:00:00",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"url": "https://www.se.com/ww/en/download/document/SEVD-2022-284-01/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2022-41666",
"datePublished": "2022-11-04T00:00:00",
"dateReserved": "2022-09-27T00:00:00",
"dateUpdated": "2024-08-03T12:49:43.908Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-41671
Vulnerability from cvelistv5
Published
2022-11-04 00:00
Modified
2024-08-03 12:49
Severity ?
EPSS score ?
Summary
A CWE-89: Improper Neutralization of Special Elements used in SQL Command (‘SQL Injection’) vulnerability exists that allows adversaries with local user privileges to craft a malicious SQL query and execute as part of project migration which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior).
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:49:43.620Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2022-284-01/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EcoStruxure Operator Terminal Expert",
"vendor": "Schneider Electric",
"versions": [
{
"lessThanOrEqual": "Hotfix 1",
"status": "affected",
"version": "V3.3",
"versionType": "custom"
}
]
},
{
"product": "Pro-face BLUE",
"vendor": "Schneider Electric",
"versions": [
{
"lessThanOrEqual": "Hotfix 1",
"status": "affected",
"version": "V3.3",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-89: Improper Neutralization of Special Elements used in SQL Command (\u2018SQL Injection\u2019) vulnerability exists that allows adversaries with local user privileges to craft a malicious SQL query and execute as part of project migration which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-04T00:00:00",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"url": "https://www.se.com/ww/en/download/document/SEVD-2022-284-01/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2022-41671",
"datePublished": "2022-11-04T00:00:00",
"dateReserved": "2022-09-27T00:00:00",
"dateUpdated": "2024-08-03T12:49:43.620Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-41670
Vulnerability from cvelistv5
Published
2022-11-04 00:00
Modified
2024-08-03 12:49
Severity ?
EPSS score ?
Summary
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load malicious DLL which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior).
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:49:43.436Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2022-284-01/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EcoStruxure Operator Terminal Expert",
"vendor": "Schneider Electric",
"versions": [
{
"lessThanOrEqual": "Hotfix 1",
"status": "affected",
"version": "V3.3",
"versionType": "custom"
}
]
},
{
"product": "Pro-face BLUE",
"vendor": "Schneider Electric",
"versions": [
{
"lessThanOrEqual": "Hotfix 1",
"status": "affected",
"version": "V3.3",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load malicious DLL which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-04T00:00:00",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"url": "https://www.se.com/ww/en/download/document/SEVD-2022-284-01/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2022-41670",
"datePublished": "2022-11-04T00:00:00",
"dateReserved": "2022-09-27T00:00:00",
"dateUpdated": "2024-08-03T12:49:43.436Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}