Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Schneider-electric Subscribe
Filtered by product Ecostruxure Operator Terminal Expert

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 5 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-28221 1 Schneider-electric 42 Ecostruxure Operator Terminal Expert, Gp-4104g, Gp-4104w and 39 more 2021-02-12 9.3 HIGH 9.8 CRITICAL
A CWE-20: Improper Input Validation vulnerability exists in EcoStruxureâ„¢ Operator Terminal Expert and Pro-face BLUE (version details in the notification) that could cause arbitrary code execution when the Ethernet Download feature is enable on the HMI.
CVE-2020-7497 1 Schneider-electric 1 Ecostruxure Operator Terminal Expert 2020-06-19 7.5 HIGH 9.8 CRITICAL
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD)which could cause arbitrary application execution when the computer starts.
CVE-2020-7495 1 Schneider-electric 1 Ecostruxure Operator Terminal Expert 2020-06-19 4.3 MEDIUM 5.5 MEDIUM
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability during zip file extraction exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD) which could cause unauthorized write access outside of expected path folder when opening the project file.
CVE-2020-7494 1 Schneider-electric 1 Ecostruxure Operator Terminal Expert 2020-06-19 6.8 MEDIUM 7.8 HIGH
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD) which could cause malicious code execution when opening the project file.
CVE-2020-7493 1 Schneider-electric 1 Ecostruxure Operator Terminal Expert 2020-06-17 6.8 MEDIUM 7.8 HIGH
A CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD) which could cause malicious code execution when opening the project file.