Filtered by vendor Schneider-electric Subscriptions
Filtered by product Scadapack 474 Subscriptions
Total 2 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2021-22797 1 Schneider-electric 8 Ecostruxure Control Expert, Ecostruxure Process Expert, Remoteconnect and 5 more 2024-08-03 7.8 High
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal) vulnerability exists that could cause malicious script to be deployed in an unauthorized location and may result in code execution on the engineering workstation when a malicious project file is loaded in the engineering software. Affected Product: EcoStruxure Control Expert (V15.0 SP1 and prior, including former Unity Pro), EcoStruxure Process Expert (2020 and prior, including former HDCS), SCADAPack RemoteConnect for x70 (All versions)
CVE-2022-26507 2 Att, Schneider-electric 9 Xmill, Ecostruxure Control Expert, Ecostruxure Process Expert and 6 more 2024-08-03 9.8 Critical
A heap-based buffer overflow exists in XML Decompression DecodeTreeBlock in AT&T Labs Xmill 0.7. A crafted input file can lead to remote code execution. This is not the same as any of: CVE-2021-21810, CVE-2021-21811, CVE-2021-21812, CVE-2021-21815, CVE-2021-21825, CVE-2021-21826, CVE-2021-21828, CVE-2021-21829, or CVE-2021-21830. NOTE: This vulnerability only affects products that are no longer supported by the maintainer