Skip to main content

Pro Face Blue

7 CVEs product

Monthly

CVE-2023-1049 HIGH This Week

A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause execution of malicious code when an unsuspicious user loads a project file from the local. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Code Injection Ecostruxure Operator Terminal Expert Pro Face Blue
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-41671 HIGH PATCH This Week

A CWE-89: Improper Neutralization of Special Elements used in SQL Command (‘SQL Injection’) vulnerability exists that allows adversaries with local user privileges to craft a malicious SQL query and. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

SQLi Ecostruxure Operator Terminal Expert Pro Face Blue
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-41670 HIGH PATCH This Week

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Path Traversal Ecostruxure Operator Terminal Expert Pro Face Blue
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-41669 HIGH PATCH This Week

A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load a malicious DLL which could. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Jwt Attack Ecostruxure Operator Terminal Expert Pro Face Blue
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-41668 HIGH PATCH This Week

A CWE-704: Incorrect Project Conversion vulnerability exists that allows adversaries with local user privileges to load a project file from an adversary-controlled network share which could result in. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Ecostruxure Operator Terminal Expert Pro Face Blue
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-41667 HIGH PATCH This Week

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that allows adversaries with local user privileges to load a malicious DLL which could. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Path Traversal Ecostruxure Operator Terminal Expert Pro Face Blue
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-41666 HIGH This Week

A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists that allows adversaries with local user privileges to load a malicious DLL which could lead to execution of malicious. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Jwt Attack Ecostruxure Operator Terminal Expert Pro Face Blue
NVD
CVSS 3.1
7.8
EPSS
0.1%
EPSS 1% CVSS 7.8
HIGH This Week

A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause execution of malicious code when an unsuspicious user loads a project file from the local. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Code Injection Ecostruxure Operator Terminal Expert +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A CWE-89: Improper Neutralization of Special Elements used in SQL Command (‘SQL Injection’) vulnerability exists that allows adversaries with local user privileges to craft a malicious SQL query and. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

SQLi Ecostruxure Operator Terminal Expert Pro Face Blue
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Path Traversal Ecostruxure Operator Terminal Expert Pro Face Blue
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load a malicious DLL which could. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Jwt Attack Ecostruxure Operator Terminal Expert +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A CWE-704: Incorrect Project Conversion vulnerability exists that allows adversaries with local user privileges to load a project file from an adversary-controlled network share which could result in. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Ecostruxure Operator Terminal Expert Pro Face Blue
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that allows adversaries with local user privileges to load a malicious DLL which could. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Path Traversal Ecostruxure Operator Terminal Expert Pro Face Blue
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists that allows adversaries with local user privileges to load a malicious DLL which could lead to execution of malicious. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Jwt Attack Ecostruxure Operator Terminal Expert +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy