Schneider-Electric: Security Vulnerabilities
A Hard-coded Credentials vulnerability exists in EVLink Parking, v3.2.0-12_v1 and earlier, which could enable an attacker to gain access to the device.
CVSS Score
9.8
EPSS Score
0.012
Published
2018-12-24
A Code Injection vulnerability exists in EVLink Parking, v3.2.0-12_v1 and earlier, which could enable access with maximum privileges when a remote code execution is performed.
CVSS Score
8.8
EPSS Score
0.213
Published
2018-12-24
A SQL Injection vulnerability exists in EVLink Parking, v3.2.0-12_v1 and earlier, which could give access to the web interface with full privileges.
CVSS Score
8.8
EPSS Score
0.009
Published
2018-12-24
An Improper Input Validation vulnerability exists in Pro-Face GP-Pro EX v4.08 and previous versions which could cause the execution arbitrary executable when GP-Pro EX is launched.
CVSS Score
8.8
EPSS Score
0.013
Published
2018-12-24
An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in IIoT Monitor 3.1.38 which could allow access to files available to SYSTEM user.
CVSS Score
7.5
EPSS Score
0.004
Published
2018-12-24
An unrestricted Upload of File with Dangerous Type vulnerability exists on numerous methods of the IIoT Monitor 3.1.38 software that could allow upload and execution of malicious files.
CVSS Score
9.8
EPSS Score
0.023
Published
2018-12-24
An Improper Restriction of XML External Entity Reference ('XXE') vulnerability exists on numerous methods of the IIoT Monitor 3.1.38 software that could allow the software to resolve documents outside of the intended sphere of control, causing the software to embed incorrect documents into its output and expose restricted information.
CVSS Score
7.5
EPSS Score
0.004
Published
2018-12-24
A URL redirection vulnerability exists in Power Monitoring Expert, Energy Expert (formerly Power Manager) - EcoStruxure Power Monitoring Expert (PME) v8.2 (all editions), EcoStruxure Energy Expert 1.3 (formerly Power Manager), EcoStruxure Power SCADA Operation (PSO) 8.2 Advanced Reports and Dashboards Module, EcoStruxure Power Monitoring Expert (PME) v9.0, EcoStruxure Energy Expert v2.0, and EcoStruxure Power SCADA Operation (PSO) 9.0 Advanced Reports and Dashboards Module which could cause a phishing attack when redirected to a malicious site.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-12-17
A URL Redirection to Untrusted Site vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where a user clicking on a specially crafted link can be redirected to a URL of the attacker's choosing.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-12-17
An Information Exposure through Discrepancy vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where the web server sends different responses in a way that exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.
CVSS Score
7.5
EPSS Score
0.008
Published
2018-12-17