← Back

Pro Face Blue

pro-face_blue

Vendor: Schneider Electric • 8 CVEs

CVEs (8)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2023-1049
1Schneider Electric
2Ecostruxure Operator Terminal Expert
Pro Face Blue
Nov 21, 2024
Jun 14, 2023
N/A· v4
7.8 HIGH· v3
N/A· v2
A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause execution of malicious code when an unsuspicious user loads a project file from the local filesystem into the HMI...Show more
A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause execution of malicious code when an unsuspicious user loads a project file from the local filesystem into the HMI. Show less
CVE-2022-41671
1Schneider Electric
2Ecostruxure Operator Terminal Expert
Pro Face Blue
Nov 21, 2024
Nov 4, 2022
N/A· v4
7.8 HIGH· v3
N/A· v2
A CWE-89: Improper Neutralization of Special Elements used in SQL Command (‘SQL Injection’) vulnerability exists that allows adversaries with local user privileges to craft a malicious SQL query and execute as part of pr...Show more
A CWE-89: Improper Neutralization of Special Elements used in SQL Command (‘SQL Injection’) vulnerability exists that allows adversaries with local user privileges to craft a malicious SQL query and execute as part of project migration which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior).Show less
CVE-2022-41670
1Schneider Electric
2Ecostruxure Operator Terminal Expert
Pro Face Blue
Nov 21, 2024
Nov 4, 2022
N/A· v4
7.8 HIGH· v3
N/A· v2
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load malicious DLL which cou...Show more
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load malicious DLL which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior).Show less
CVE-2022-41669
1Schneider Electric
2Ecostruxure Operator Terminal Expert
Pro Face Blue
Nov 21, 2024
Nov 4, 2022
N/A· v4
7.8 HIGH· v3
N/A· v2
A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load a malicious DLL which could result in execution of m...Show more
A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load a malicious DLL which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior).Show less
CVE-2022-41668
1Schneider Electric
2Ecostruxure Operator Terminal Expert
Pro Face Blue
Nov 21, 2024
Nov 4, 2022
N/A· v4
7.8 HIGH· v3
N/A· v2
A CWE-704: Incorrect Project Conversion vulnerability exists that allows adversaries with local user privileges to load a project file from an adversary-controlled network share which could result in execution of malicio...Show more
A CWE-704: Incorrect Project Conversion vulnerability exists that allows adversaries with local user privileges to load a project file from an adversary-controlled network share which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior).Show less
CVE-2022-41667
1Schneider Electric
2Ecostruxure Operator Terminal Expert
Pro Face Blue
Nov 21, 2024
Nov 4, 2022
N/A· v4
7.8 HIGH· v3
N/A· v2
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that allows adversaries with local user privileges to load a malicious DLL which could lead to execution of ma...Show more
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that allows adversaries with local user privileges to load a malicious DLL which could lead to execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior).Show less
CVE-2022-41666
1Schneider Electric
2Ecostruxure Operator Terminal Expert
Pro Face Blue
Nov 21, 2024
Nov 4, 2022
N/A· v4
7.8 HIGH· v3
N/A· v2
A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists that allows adversaries with local user privileges to load a malicious DLL which could lead to execution of malicious code. Affected Produc...Show more
A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists that allows adversaries with local user privileges to load a malicious DLL which could lead to execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior).Show less
CVE-2020-28221
1Schneider Electric
2Ecostruxure Operator Terminal Expert
Pro Face Blue
Nov 21, 2024
Jan 26, 2021
N/A· v4
9.8 CRITICAL· v3
9.3 HIGH· v2
A CWE-20: Improper Input Validation vulnerability exists in EcoStruxure™ Operator Terminal Expert and Pro-face BLUE (version details in the notification) that could cause arbitrary code execution when the Ethernet Downlo...Show more
A CWE-20: Improper Input Validation vulnerability exists in EcoStruxure™ Operator Terminal Expert and Pro-face BLUE (version details in the notification) that could cause arbitrary code execution when the Ethernet Download feature is enable on the HMI.Show less