Vulnerabilities > Schneider Electric > Ecostruxure Operator Terminal Expert > Critical

DATE	CVE	VULNERABILITY TITLE	RISK
2021-01-26	CVE-2020-28221	Unspecified vulnerability in Schneider-Electric products A CWE-20: Improper Input Validation vulnerability exists in EcoStruxure™ Operator Terminal Expert and Pro-face BLUE (version details in the notification) that could cause arbitrary code execution when the Ethernet Download feature is enable on the HMI. network low complexity schneider-electric critical	9.8
2020-06-16	CVE-2020-7497	Path Traversal vulnerability in Schneider-Electric Ecostruxure Operator Terminal Expert 3.0/3.1 A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD)which could cause arbitrary application execution when the computer starts. network low complexity schneider-electric CWE-22 critical	9.8

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.