Ecostruxure Operator Terminal Expert Schneider Electric Ecostruxure Operator Terminal Expert

Do you want an email whenever new security vulnerabilities are reported in Schneider Electric Ecostruxure Operator Terminal Expert?

By the Year

In 2024 there have been 0 vulnerabilities in Schneider Electric Ecostruxure Operator Terminal Expert . Last year Ecostruxure Operator Terminal Expert had 1 security vulnerability published. Right now, Ecostruxure Operator Terminal Expert is on track to have less security vulnerabilities in 2024 than it did last year.

Year Vulnerabilities Average Score
2024 0 0.00
2023 1 7.80
2022 6 7.80
2021 0 0.00
2020 0 0.00
2019 0 0.00
2018 0 0.00

It may take a day or so for new Ecostruxure Operator Terminal Expert vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Schneider Electric Ecostruxure Operator Terminal Expert Security Vulnerabilities

A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists

CVE-2023-1049 7.8 - High - June 14, 2023

A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause execution of malicious code when an unsuspicious user loads a project file from the local filesystem into the HMI.

Code Injection

A CWE-89: Improper Neutralization of Special Elements used in SQL Command (SQL Injection) vulnerability exists

CVE-2022-41671 7.8 - High - November 04, 2022

A CWE-89: Improper Neutralization of Special Elements used in SQL Command (SQL Injection) vulnerability exists that allows adversaries with local user privileges to craft a malicious SQL query and execute as part of project migration which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior).

SQL Injection

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in the SGIUtility component

CVE-2022-41670 7.8 - High - November 04, 2022

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load malicious DLL which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior).

Directory traversal

A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists in the SGIUtility component

CVE-2022-41669 7.8 - High - November 04, 2022

A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load a malicious DLL which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior).

Improper Verification of Cryptographic Signature

A CWE-704: Incorrect Project Conversion vulnerability exists

CVE-2022-41668 7.8 - High - November 04, 2022

A CWE-704: Incorrect Project Conversion vulnerability exists that allows adversaries with local user privileges to load a project file from an adversary-controlled network share which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior).

Incorrect Type Conversion or Cast

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists

CVE-2022-41667 7.8 - High - November 04, 2022

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that allows adversaries with local user privileges to load a malicious DLL which could lead to execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior).

Directory traversal

A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists

CVE-2022-41666 7.8 - High - November 04, 2022

A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists that allows adversaries with local user privileges to load a malicious DLL which could lead to execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior).

Improper Verification of Cryptographic Signature

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Schneider Electric Pro Face Blue or by Schneider Electric? Click the Watch button to subscribe.

subscribe