Vulnerabilities > SE
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-11-19 | CVE-2020-7573 | Improper Access Control vulnerability in SE Webreports 1.9/3.1 A CWE-284 Improper Access Control vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause a remote attacker being able to access a restricted web resources due to improper access control. | 6.4 |
2020-11-19 | CVE-2020-7572 | XXE vulnerability in SE Webreports 1.9/3.1 A CWE-611 Improper Restriction of XML External Entity Reference vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause an authenticated remote user being able to inject arbitrary XML code and obtain disclosure of confidential data, denial of service, server side request forgery due to improper configuration of the XML parser. | 6.5 |
2020-11-19 | CVE-2020-7571 | Cross-Site Scripting vulnerability in SE Webreports 1.9/3.1 A CWE-79 Multiple Improper Neutralization of Input During Web Page Generation (Cross-site Scripting Reflected) vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause a remote attacker to inject arbitrary web script or HTML due to incorrect sanitization of user supplied data and achieve a Cross-Site Scripting reflected attack against other WebReport users. | 3.5 |
2020-11-19 | CVE-2020-7570 | Cross-Site Scripting vulnerability in SE Webreports 1.9/3.1 A CWE-79 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting Stored) vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause an authenticated remote user being able to inject arbitrary web script or HTML due to incorrect sanitization of user-supplied data and achieve a Cross-Site Scripting stored attack against other WebReport users. | 3.5 |
2020-11-19 | CVE-2020-7569 | Unrestricted Upload of File With Dangerous Type vulnerability in SE Webreports 1.9/3.1 A CWE-434 Unrestricted Upload of File with Dangerous Type vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause an authenticated remote user being able to upload arbitrary files due to incorrect verification of user supplied files and achieve remote code execution. | 6.5 |
2020-11-19 | CVE-2020-7559 | Classic Buffer Overflow vulnerability in SE Ecostruxure Control Expert A CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause a crash of the PLC simulator present in EcoStruxureª Control Expert software when receiving a specially crafted request over Modbus. | 5.0 |
2020-11-19 | CVE-2020-7544 | Improper Privilege Management vulnerability in SE Operator Terminal Expert Runtime 3.1 A CWE-269 Improper Privilege Management vulnerability exists in EcoStruxureª Operator Terminal Expert runtime (Vijeo XD) that could cause privilege escalation on the workstation when interacting directly with a driver installed by the runtime software of EcoStruxureª Operator Terminal Expert. | 7.2 |
2020-11-19 | CVE-2020-7538 | Improper Check for Unusual OR Exceptional Conditions vulnerability in SE Ecostruxure Control Expert A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause a crash of the PLC simulator present in EcoStruxureª Control Expert software when receiving a specially crafted request over Modbus. | 5.0 |
2020-11-19 | CVE-2020-28213 | Download of Code Without Integrity Check vulnerability in SE Ecostruxure Control Expert A CWE-494: Download of Code Without Integrity Check vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause unauthorized command execution when sending specially crafted requests over Modbus. | 6.5 |
2020-11-19 | CVE-2020-28212 | Improper Restriction of Excessive Authentication Attempts vulnerability in SE Ecostruxure Control Expert A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause unauthorized command execution when a brute force attack is done over Modbus. | 7.5 |