Skip to main content

Ecostruxure Operator Terminal Expert

12 CVEs product

Monthly

CVE-2023-1049 HIGH This Week

A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause execution of malicious code when an unsuspicious user loads a project file from the local. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Code Injection Ecostruxure Operator Terminal Expert Pro Face Blue
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-41671 HIGH PATCH This Week

A CWE-89: Improper Neutralization of Special Elements used in SQL Command (‘SQL Injection’) vulnerability exists that allows adversaries with local user privileges to craft a malicious SQL query and. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

SQLi Ecostruxure Operator Terminal Expert Pro Face Blue
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-41670 HIGH PATCH This Week

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Path Traversal Ecostruxure Operator Terminal Expert Pro Face Blue
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-41669 HIGH PATCH This Week

A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load a malicious DLL which could. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Jwt Attack Ecostruxure Operator Terminal Expert Pro Face Blue
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-41668 HIGH PATCH This Week

A CWE-704: Incorrect Project Conversion vulnerability exists that allows adversaries with local user privileges to load a project file from an adversary-controlled network share which could result in. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Ecostruxure Operator Terminal Expert Pro Face Blue
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-41667 HIGH PATCH This Week

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that allows adversaries with local user privileges to load a malicious DLL which could. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Path Traversal Ecostruxure Operator Terminal Expert Pro Face Blue
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-41666 HIGH This Week

A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists that allows adversaries with local user privileges to load a malicious DLL which could lead to execution of malicious. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Jwt Attack Ecostruxure Operator Terminal Expert Pro Face Blue
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2020-7497 CRITICAL Act Now

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Ecostruxure Operator Terminal Expert
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2020-7496 HIGH This Week

A CWE-88: Argument Injection or Modification vulnerability exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD)which could cause unauthorized write. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ecostruxure Operator Terminal Expert
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2020-7495 MEDIUM This Month

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability during zip file extraction exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Ecostruxure Operator Terminal Expert
NVD
CVSS 3.1
5.5
EPSS
0.9%
CVE-2020-7494 HIGH This Week

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal Ecostruxure Operator Terminal Expert
NVD
CVSS 3.1
7.8
EPSS
1.3%
CVE-2020-7493 HIGH This Week

A CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE SQLi Ecostruxure Operator Terminal Expert
NVD
CVSS 3.1
7.8
EPSS
1.1%
EPSS 1% CVSS 7.8
HIGH This Week

A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause execution of malicious code when an unsuspicious user loads a project file from the local. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Code Injection Ecostruxure Operator Terminal Expert +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A CWE-89: Improper Neutralization of Special Elements used in SQL Command (‘SQL Injection’) vulnerability exists that allows adversaries with local user privileges to craft a malicious SQL query and. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

SQLi Ecostruxure Operator Terminal Expert Pro Face Blue
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Path Traversal Ecostruxure Operator Terminal Expert Pro Face Blue
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load a malicious DLL which could. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Jwt Attack Ecostruxure Operator Terminal Expert +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A CWE-704: Incorrect Project Conversion vulnerability exists that allows adversaries with local user privileges to load a project file from an adversary-controlled network share which could result in. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Ecostruxure Operator Terminal Expert Pro Face Blue
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that allows adversaries with local user privileges to load a malicious DLL which could. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Path Traversal Ecostruxure Operator Terminal Expert Pro Face Blue
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists that allows adversaries with local user privileges to load a malicious DLL which could lead to execution of malicious. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Jwt Attack Ecostruxure Operator Terminal Expert +1
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Ecostruxure Operator Terminal Expert
NVD
EPSS 1% CVSS 7.8
HIGH This Week

A CWE-88: Argument Injection or Modification vulnerability exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD)which could cause unauthorized write. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ecostruxure Operator Terminal Expert
NVD
EPSS 1% CVSS 5.5
MEDIUM This Month

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability during zip file extraction exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Ecostruxure Operator Terminal Expert
NVD
EPSS 1% CVSS 7.8
HIGH This Week

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal Ecostruxure Operator Terminal Expert
NVD
EPSS 1% CVSS 7.8
HIGH This Week

A CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE SQLi Ecostruxure Operator Terminal Expert
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy