Search Results (Refine Search)

Search Parameters:
There are 145,141 matching records.
Displaying matches 181 through 200.
Vuln ID Summary CVSS Severity
CVE-2020-7571

A CWE-79 Multiple Improper Neutralization of Input During Web Page Generation (Cross-site Scripting Reflected) vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause a remote attacker to inject arbitrary web script or HTML due to incorrect sanitization of user supplied data and achieve a Cross-Site Scripting reflected attack against other WebReport users.

Published: November 19, 2020; 5:15:15 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2020-7570

A CWE-79 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting Stored) vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause an authenticated remote user being able to inject arbitrary web script or HTML due to incorrect sanitization of user-supplied data and achieve a Cross-Site Scripting stored attack against other WebReport users.

Published: November 19, 2020; 5:15:15 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2020-7569

A CWE-434 Unrestricted Upload of File with Dangerous Type vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause an authenticated remote user being able to upload arbitrary files due to incorrect verification of user supplied files and achieve remote code execution.

Published: November 19, 2020; 5:15:15 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2020-7568

A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Modicon M221 (all references, all versions) that could allow non sensitive information disclosure when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller.

Published: November 19, 2020; 5:15:15 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2020-7567

A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to find the password hash when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller and broke the encryption keys.

Published: November 19, 2020; 5:15:15 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2020-7566

A CWE-334: Small Space of Random Values vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to break the encryption keys when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller.

Published: November 19, 2020; 5:15:15 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2020-7565

A CWE-326: Inadequate Encryption Strength vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to break the encryption key when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller.

Published: November 19, 2020; 5:15:14 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2020-7561

A CWE-284: Improper Access Control vulnerability exists in Easergy T300 (with firmware 2.7 and older) that could cause a wide range of problems, including information exposure, denial of service, and command execution when access to a resource from an attacker is not restricted or incorrectly restricted.

Published: November 19, 2020; 5:15:14 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2020-7559

A CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause a crash of the PLC simulator present in EcoStruxureª Control Expert software when receiving a specially crafted request over Modbus.

Published: November 19, 2020; 5:15:14 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2020-7558

A CWE-787 Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition.

Published: November 19, 2020; 5:15:14 PM -0500
V3.1: 7.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2020-7557

A CWE-125 Out-of-bounds Read vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition.

Published: November 19, 2020; 5:15:14 PM -0500
V3.1: 7.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2020-7556

A CWE-787 Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition.

Published: November 19, 2020; 5:15:14 PM -0500
V3.1: 7.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2020-7555

A CWE-787 Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition.

Published: November 19, 2020; 5:15:14 PM -0500
V3.1: 7.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2020-7554

A CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition.

Published: November 19, 2020; 5:15:14 PM -0500
V3.1: 7.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2020-7553

A CWE-787 Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition.

Published: November 19, 2020; 5:15:14 PM -0500
V3.1: 7.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2020-7552

A CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition.

Published: November 19, 2020; 5:15:14 PM -0500
V3.1: 7.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2020-7551

A CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition.

Published: November 19, 2020; 5:15:14 PM -0500
V3.1: 7.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2020-7550

A CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 and prior that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition.

Published: November 19, 2020; 5:15:14 PM -0500
V3.1: 7.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2020-7544

A CWE-269 Improper Privilege Management vulnerability exists in EcoStruxureª Operator Terminal Expert runtime (Vijeo XD) that could cause privilege escalation on the workstation when interacting directly with a driver installed by the runtime software of EcoStruxureª Operator Terminal Expert.

Published: November 19, 2020; 5:15:14 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2020-7538

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause a crash of the PLC simulator present in EcoStruxureª Control Expert software when receiving a specially crafted request over Modbus.

Published: November 19, 2020; 5:15:14 PM -0500
V3.x:(not available)
V2.0:(not available)