Security Vulnerabilities - CVEs Published In July 2018
Whale Browser before 1.0.41.8 displays no URL information but only a title of a web page on the browser's address bar when visiting a blank page, which allows an attacker to display a malicious web page with a fake domain name.
CVSS Score
5.3
EPSS Score
0.002
Published
2018-07-03
The vulnerability exists within processing of localize.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the username input parameter.
CVSS Score
8.8
EPSS Score
0.003
Published
2018-07-03
The vulnerability exists within error.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. System information is returned to the attacker that contains sensitive data.
CVSS Score
4.3
EPSS Score
0.004
Published
2018-07-03
The vulnerability is due to insufficient handling of update_file request parameter on update_module.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. A remote, authenticated attacker can exploit this vulnerability by sending a crafted request to the target server.
CVSS Score
8.8
EPSS Score
0.082
Published
2018-07-03
In Schneider Electric Evlink Charging Station versions prior to v3.2.0-12_v1, the Web Interface has an issue that may allow a remote attacker to gain administrative privileges without properly authenticating remote users.
CVSS Score
9.8
EPSS Score
0.007
Published
2018-07-03
In Schneider Electric Wiser for KNX V2.1.0 and prior, homeLYnk V2.0.1 and prior; and spaceLYnk V2.1.0 and prior, weak and unprotected FTP access could allow an attacker unauthorized access.
CVSS Score
7.5
EPSS Score
0.004
Published
2018-07-03
In Schneider Electric Pelco Sarix Professional 1st generation cameras with firmware versions prior to 3.29.69, a buffer overflow vulnerability exist in cgi program "set".
CVSS Score
9.8
EPSS Score
0.005
Published
2018-07-03
In Schneider Electric Pelco Sarix Professional 1st generation cameras with firmware versions prior to 3.29.69, by sending a specially crafted request an authenticated user can view password in clear text and results in privilege escalation.
CVSS Score
8.8
EPSS Score
0.001
Published
2018-07-03
In Schneider Electric Pelco Sarix Professional 1st generation cameras with firmware versions prior to 3.29.69, authenticated users can view passwords in clear text.
CVSS Score
8.8
EPSS Score
0.002
Published
2018-07-03
Schneider Electric SoMachine Basic prior to v1.6 SP1 suffers from an XML External Entity (XXE) vulnerability using the DTD parameter entities technique resulting in disclosure and retrieval of arbitrary data on the affected node via out-of-band (OOB) attack. The vulnerability is triggered when input passed to the xml parser is not sanitized while parsing the xml project/template file.
CVSS Score
7.5
EPSS Score
0.003
Published
2018-07-03