U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. VulnerabilitiesSearch And Statistics

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:schneider-electric:pro-face_blue:3.3:-:*:*:*:*:*:*
  • CPE Name Search: true
There are 7 matching records.
Displaying matches 1 through 7.
Vuln ID Summary CVSS Severity
CVE-2023-1049

A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause execution of malicious code when an unsuspicious user loads a project file from the local filesystem into the HMI.

Published: June 14, 2023; 4:15:08 AM -0400 		V4.0:(not available)
 V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2022-41671

A CWE-89: Improper Neutralization of Special Elements used in SQL Command (‘SQL Injection’) vulnerability exists that allows adversaries with local user privileges to craft a malicious SQL query and execute as part of project migration which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior).

Published: November 04, 2022; 11:15:10 AM -0400 		V4.0:(not available)
 V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2022-41670

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load malicious DLL which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior).

Published: November 04, 2022; 10:15:10 AM -0400 		V4.0:(not available)
 V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2022-41669

A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load a malicious DLL which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior).

Published: November 04, 2022; 9:15:11 AM -0400 		V4.0:(not available)
 V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2022-41668

A CWE-704: Incorrect Project Conversion vulnerability exists that allows adversaries with local user privileges to load a project file from an adversary-controlled network share which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior).

Published: November 04, 2022; 8:15:20 AM -0400 		V4.0:(not available)
 V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2022-41667

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that allows adversaries with local user privileges to load a malicious DLL which could lead to execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior).

Published: November 04, 2022; 8:15:19 AM -0400 		V4.0:(not available)
 V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2022-41666

A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists that allows adversaries with local user privileges to load a malicious DLL which could lead to execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior).

Published: November 04, 2022; 1:15:09 AM -0400 		V4.0:(not available)
 V3.1: 7.8 HIGH
V2.0:(not available)