Filtered by vendor Schneider-electric
Subscriptions
Filtered by product Scadapack 570
Subscriptions
Total
2 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2021-22797 | 1 Schneider-electric | 8 Ecostruxure Control Expert, Ecostruxure Process Expert, Remoteconnect and 5 more | 2024-08-03 | 7.8 High |
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal) vulnerability exists that could cause malicious script to be deployed in an unauthorized location and may result in code execution on the engineering workstation when a malicious project file is loaded in the engineering software. Affected Product: EcoStruxure Control Expert (V15.0 SP1 and prior, including former Unity Pro), EcoStruxure Process Expert (2020 and prior, including former HDCS), SCADAPack RemoteConnect for x70 (All versions) | ||||
CVE-2022-26507 | 2 Att, Schneider-electric | 9 Xmill, Ecostruxure Control Expert, Ecostruxure Process Expert and 6 more | 2024-08-03 | 9.8 Critical |
A heap-based buffer overflow exists in XML Decompression DecodeTreeBlock in AT&T Labs Xmill 0.7. A crafted input file can lead to remote code execution. This is not the same as any of: CVE-2021-21810, CVE-2021-21811, CVE-2021-21812, CVE-2021-21815, CVE-2021-21825, CVE-2021-21826, CVE-2021-21828, CVE-2021-21829, or CVE-2021-21830. NOTE: This vulnerability only affects products that are no longer supported by the maintainer |
Page 1 of 1.