cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-11999,https://securityvulnerability.io/vulnerability/CVE-2024-11999,Third-Party Component Vulnerability in Schneider Electric HMI Products,"CVE-2024-11999 is a critical vulnerability categorized as CWE-1104, related to the use of unmaintained third-party components in Schneider Electric's HMI products. This issue allows authenticated users to execute malicious code, potentially granting them complete control over the device. If successfully exploited, attackers could manipulate device functions, leading to unauthorized access and severe operational risks. Organizations using affected versions must take preventive action to secure their HMI systems against this risk. Comprehensive patching and adopting stringent security measures are essential to mitigate potential outcomes.",Schneider Electric,"Harmony (formerly Magelis) Hmist6, Hmistm6, Hmig3u, Hmig3x, Hmisto7 Series With Ecostruxure Operator Terminal Expert Runtime,Pfxst6000, Pfxstm6000, Pfxsp5000, Pfxgp4100 Series With Pro-face Blue Runtime",8.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-17T06:13:00.636Z,0
CVE-2023-1049,https://securityvulnerability.io/vulnerability/CVE-2023-1049,Code Injection Flaw in Schneider Electric HMI Software,"A code injection vulnerability exists within Schneider Electric's HMI software that can allow an adversary to execute unauthorized commands. This vulnerability is triggered when an unsuspecting user loads a project file from their local filesystem, potentially opening the door to malicious code execution. Proper precautions and security measures should be implemented to mitigate the risks associated with this vulnerability.",Schneider Electric,"EcoStruxure™ Operator Terminal Expert,Pro-face BLUE",7.8,HIGH,0.0006300000241026282,false,,false,false,false,,,false,false,,2023-06-14T08:15:00.000Z,0
CVE-2022-41667,https://securityvulnerability.io/vulnerability/CVE-2022-41667,Path Traversal Vulnerability in EcoStruxure Operator Terminal Expert and Pro-face BLUE by Schneider Electric,"A vulnerability exists that allows adversaries with local user privileges to exploit improper pathname limitations, enabling the loading of malicious DLL files. This can lead to unauthorized execution of harmful code within affected versions of EcoStruxure Operator Terminal Expert and Pro-face BLUE, compromising the integrity and security of the systems involved. Users should ensure their software is updated to mitigate this risk.",Schneider Electric,"Ecostruxure Operator Terminal Expert,Pro-face Blue",7,HIGH,0.0009299999801442027,false,,false,false,false,,,false,false,,2022-11-04T00:00:00.000Z,0
CVE-2022-41666,https://securityvulnerability.io/vulnerability/CVE-2022-41666,Improper Verification of Cryptographic Signature in EcoStruxure Operator Terminal Expert and Pro-face BLUE,"A vulnerability exists in Schneider Electric's EcoStruxure Operator Terminal Expert and Pro-face BLUE products due to improper verification of cryptographic signatures. This flaw permits attackers with local user privileges to load a malicious dynamic-link library (DLL), which can lead to unauthorized execution of malicious code. This poses a significant security risk, making it crucial for users to apply the relevant patches and updates to secure their systems.",Schneider Electric,"Ecostruxure Operator Terminal Expert,Pro-face Blue",7,HIGH,0.00044999999227002263,false,,false,false,false,,,false,false,,2022-11-04T00:00:00.000Z,0
CVE-2022-41668,https://securityvulnerability.io/vulnerability/CVE-2022-41668,Project Conversion Vulnerability in EcoStruxure Operator Terminal Expert and Pro-face BLUE,"An incorrect project conversion vulnerability exists in EcoStruxure Operator Terminal Expert and Pro-face BLUE, enabling adversaries with local user privileges to exploit this flaw. By loading a project file from a network share controlled by an attacker, an adversary could execute malicious code, significantly compromising system integrity and security.",Schneider Electric,"Ecostruxure Operator Terminal Expert,Pro-face Blue",7,HIGH,0.0008999999845400453,false,,false,false,false,,,false,false,,2022-11-04T00:00:00.000Z,0
CVE-2022-41669,https://securityvulnerability.io/vulnerability/CVE-2022-41669,Improper Verification of Cryptographic Signature in EcoStruxure and Pro-face BLUE,"A vulnerability exists in the SGIUtility component found in EcoStruxure Operator Terminal Expert and Pro-face BLUE. This vulnerability enables attackers with local user privileges to potentially load a malicious Dynamic Link Library (DLL). The exploitation of this flaw could allow adversaries to execute arbitrary code, leading to system compromise and unauthorized actions. Users of affected versions must apply updates to mitigate the risk associated with this security issue.",Schneider Electric,"Ecostruxure Operator Terminal Expert,Pro-face Blue",7,HIGH,0.0008999999845400453,false,,false,false,false,,,false,false,,2022-11-04T00:00:00.000Z,0
CVE-2022-41670,https://securityvulnerability.io/vulnerability/CVE-2022-41670,Path Traversal Vulnerability in EcoStruxure Operator Terminal Expert and Pro-face BLUE by Schneider Electric,"A path traversal vulnerability exists in the SGIUtility component of selected Schneider Electric products, allowing adversaries with local user privileges to manipulate file paths. By exploiting this flaw, attackers can load and execute malicious DLL files, compromising system integrity. This issue primarily affects EcoStruxure Operator Terminal Expert and Pro-face BLUE versions prior to V3.3 Hotfix 1, necessitating immediate attention and remediation for affected users.",Schneider Electric,"Ecostruxure Operator Terminal Expert,Pro-face Blue",7,HIGH,0.0009299999801442027,false,,false,false,false,,,false,false,,2022-11-04T00:00:00.000Z,0
CVE-2022-41671,https://securityvulnerability.io/vulnerability/CVE-2022-41671,SQL Injection Vulnerability in EcoStruxure Operator Terminal Expert and Pro-face BLUE,"A vulnerability exists in EcoStruxure Operator Terminal Expert and Pro-face BLUE due to improper neutralization of special elements used in SQL commands, enabling local adversaries to execute crafted SQL queries during project migration. This could lead to the execution of malicious code, compromising the integrity and security of the affected systems. Users are advised to update to the latest versions to mitigate the risks associated with this vulnerability.",Schneider Electric,"Ecostruxure Operator Terminal Expert,Pro-face Blue",7,HIGH,0.0008999999845400453,false,,false,false,false,,,false,false,,2022-11-04T00:00:00.000Z,0
CVE-2020-28221,https://securityvulnerability.io/vulnerability/CVE-2020-28221,Improper Input Validation in EcoStruxure™ Operator Terminal Expert by Schneider Electric,An improper input validation vulnerability exists in EcoStruxure™ Operator Terminal Expert and Pro-face BLUE. This flaw could allow an attacker to execute arbitrary code on the HMI when the Ethernet Download feature is enabled. Users are advised to disable this feature and implement security measures to protect their systems.,Schneider Electric,"Ecostruxure™ Operator Terminal Expert 3.1 Service Pack 1a And Prior Running On Harmony Hmis Hmist6 Series, Hmig3u In Hmigtu Series, Hmisto Series And Pro-face Blue 3.1 Service Pack 1a And Prior Running On Pro-face Hmis: St6000 Series, Sp-5b41 In Sp5000 Series, Gp4100 Series",9.8,CRITICAL,0.0040799998678267,false,,false,false,false,,,false,false,,2021-01-26T18:15:00.000Z,0
CVE-2020-7497,https://securityvulnerability.io/vulnerability/CVE-2020-7497,Path Traversal Vulnerability in EcoStruxure Operator Terminal Expert by Schneider Electric,"A path traversal vulnerability exists in EcoStruxure Operator Terminal Expert, which may allow attackers to execute arbitrary applications upon system startup. This flaw can potentially be exploited to manipulate file paths, leading to unauthorized access and execution of malicious code. Users are advised to apply necessary updates and patches to mitigate this issue.",Schneider Electric,Ecostruxure Operator Terminal Expert 3.1 Service Pack 1 And Prior (formerly Known As Vijeo Xd),9.8,CRITICAL,0.003100000089034438,false,,false,false,false,,,false,false,,2020-06-16T19:13:57.000Z,0
CVE-2020-7495,https://securityvulnerability.io/vulnerability/CVE-2020-7495,Path Traversal Vulnerability in EcoStruxure Operator Terminal Expert by Schneider Electric,"A path traversal vulnerability exists in EcoStruxure Operator Terminal Expert, previously known as Vijeo XD, that allows an attacker to manipulate zip file extraction processes. This vulnerability could permit unauthorized write access outside designated project folders, potentially compromising sensitive data and the integrity of the application. Users are recommended to apply available patches to mitigate these risks.",Schneider Electric,Ecostruxure Operator Terminal Expert 3.1 Service Pack 1 And Prior (formerly Known As Vijeo Xd),5.5,MEDIUM,0.0007699999841861427,false,,false,false,false,,,false,false,,2020-06-16T19:11:55.000Z,0
CVE-2020-7494,https://securityvulnerability.io/vulnerability/CVE-2020-7494,Path Traversal Vulnerability in EcoStruxure Operator Terminal Expert by Schneider Electric,"A vulnerability exists within EcoStruxure Operator Terminal Expert that allows for improper restriction of file paths. This weakness could enable an attacker to craft a malicious project file that, when opened, executes arbitrary code, potentially compromising system integrity and allowing unauthorized access to sensitive areas of the filesystem.",Schneider Electric,Ecostruxure Operator Terminal Expert 3.1 Service Pack 1 And Prior (formerly Known As Vijeo Xd),7.8,HIGH,0.0009899999713525176,false,,false,false,false,,,false,false,,2020-06-16T19:11:04.000Z,0
CVE-2020-7493,https://securityvulnerability.io/vulnerability/CVE-2020-7493,SQL Injection Vulnerability in EcoStruxure Operator Terminal Expert by Schneider Electric,"A vulnerability exists in EcoStruxure Operator Terminal Expert that allows for improper handling of special elements within SQL commands. This could lead to execution of malicious code when a project file is opened, potentially exposing sensitive information and compromising system integrity. Affected users are advised to update to the latest version to mitigate the risk associated with these vulnerabilities.",Schneider Electric,Ecostruxure Operator Terminal Expert 3.1 Service Pack 1 And Prior (formerly Known As Vijeo Xd),7.8,HIGH,0.0009800000116229057,false,,false,false,false,,,false,false,,2020-06-16T19:10:35.000Z,0