cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-8306,https://securityvulnerability.io/vulnerability/CVE-2024-8306,Unauthorized Access to Workstation via Tampering with Binaries,"An improper privilege management vulnerability has been identified in Schneider Electric's workstation software. This flaw allows non-admin authenticated users to escalate privileges by tampering with binaries. If exploited, this vulnerability may result in unauthorized access, potentially compromising the confidentiality, integrity, and availability of the workstation. Businesses using affected versions of Schneider Electric’s software should be aware of these risks and take recommended security measures to mitigate potential threats.",Schneider Electric,"Vijeo Designer,Vijeo Designer Embedded In Ecostruxure™ Machine Expert",7.8,HIGH,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-09-11T15:05:31.560Z,0
CVE-2021-22817,https://securityvulnerability.io/vulnerability/CVE-2021-22817,Incorrect Default Permissions in Harmony and Vijeo Designer by Schneider Electric,"A vulnerability exists in Schneider Electric's Harmony and Vijeo Designer products due to incorrect default permissions. This misconfiguration can lead to unauthorized access to the base installation directory, potentially allowing an attacker to perform local privilege escalation. Affected products include all versions of Harmony/Magelis iPC Series and earlier versions of Vijeo Designer and Vijeo Designer Basic. Users are advised to review their system configurations and apply necessary updates to mitigate the risk.",Schneider Electric,"Harmony/magelis Ipc Series (all Versions), Vijeo Designer (all Versions Prior To V6.2 Sp11 Multiple Hotfix 4), Vijeo Designer Basic (all Versions Prior To V1.2.1)",7.8,HIGH,0.00044999999227002263,false,,false,false,false,,,false,false,,2022-02-09T22:05:12.000Z,0
CVE-2021-22704,https://securityvulnerability.io/vulnerability/CVE-2021-22704,Improper Limitation of Pathname Vulnerability in Harmony HMI and Vijeo Designer by Schneider Electric,"A vulnerability exists in Harmony/HMI Products configured by Vijeo Designer and EcoStruxure Machine Expert, allowing improper restriction of access to certain directories. This flaw can enable attackers to exploit the system over FTP, potentially leading to unauthorized access to sensitive system information or a Denial of Service. Users are encouraged to upgrade to the latest versions of the affected software to mitigate these risks.",Schneider Electric,"Harmony/hmi Products Configured By Vijeo Designer (all Versions Prior To V6.2 Sp11 ), Vijeo Designer Basic (all Versions Prior To V1.2), Or Ecostruxure Machine Expert (all Versions Prior To V2.0)",9.1,CRITICAL,0.0027600000612437725,false,,false,false,false,,,false,false,,2021-09-02T16:53:31.000Z,0
CVE-2021-22705,https://securityvulnerability.io/vulnerability/CVE-2021-22705,Improper Memory Buffer Management in Schneider Electric's Vijeo Designer and EcoStruxure Machine Expert,"This vulnerability arises from improper management of memory buffers in Schneider Electric's Vijeo Designer and EcoStruxure Machine Expert software. An attacker could exploit this flaw to disrupt normal operations, potentially leading to unintended denial of service or unauthorized access to sensitive system information. Users interacting directly with the driver associated with these products may be the most affected, emphasizing the importance of regular software updates and security best practices to mitigate risks.",Schneider Electric,Harmony Hmi Products Configured By Vijeo Designer (all Versions Prior To V6.2 Sp11 ) Or Ecostruxure Machine Expert (all Versions Prior To V2.0),7.8,HIGH,0.00046999999904073775,false,,false,false,false,,,false,false,,2021-05-26T19:19:18.000Z,0
CVE-2020-7501,https://securityvulnerability.io/vulnerability/CVE-2020-7501,Hard-coded Credentials Vulnerability in Vijeo Designer by Schneider Electric,"A vulnerability exists in Schneider Electric's Vijeo Designer Basic and Vijeo Designer products that allows malicious actors to exploit hard-coded credentials. This security flaw enables unauthorized read and write access during the upload and download of project files or firmware, posing a significant risk to the integrity and confidentiality of systems using this software.",Schneider Electric,Vijeo Designer Basic (v1.1 Hotfix 16 And Prior) And Vijeo Designer (v6.2 Sp9 And Prior),8.8,HIGH,0.0010400000028312206,false,,false,false,false,,,false,false,,2020-06-16T19:40:23.000Z,0
CVE-2020-7490,https://securityvulnerability.io/vulnerability/CVE-2020-7490,Untrusted Search Path Vulnerability in Vijeo Designer by Schneider Electric,"A vulnerability exists in Vijeo Designer and Vijeo Designer Basic due to an untrusted search path, allowing the loading of malicious DLL libraries. Exploiting this flaw enables attackers to execute arbitrary code on the affected system, posing significant security risks to users operating the software versions specified.",Schneider Electric,Vijeo Designer Basic (v1.1 Hotfix 15 And Prior) And Vijeo Designer (v6.9 Sp9 And Prior),7.8,HIGH,0.0007200000109151006,false,,false,false,false,,,false,false,,2020-04-22T18:48:47.000Z,0