Schneider-electric Ecostruxure Operator Terminal Expert — known CVE vulnerabilities
Every CVE whose affected-product data names Schneider-electric Ecostruxure Operator Terminal Expert, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (12)
CVE-2020-28221 — CVSS 9.8 (critical): A CWE-20: Improper Input Validation vulnerability exists in EcoStruxure™ Operator Terminal Expert and Pro-face BLUE (version details in…
CVE-2020-7497 — CVSS 9.8 (critical): A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in EcoStruxure Operator…
CVE-2020-7494 — CVSS 7.8 (high): A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in EcoStruxure Operator…
CVE-2023-1049 — CVSS 7.8 (high): A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause execution of malicious code when…
CVE-2020-7493 — CVSS 7.8 (high): A CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability exists in EcoStruxure Operator…
CVE-2022-41666 — CVSS 7.0 (high): A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists that allows adversaries with local user privileges to load…
CVE-2022-41667 — CVSS 7.0 (high): A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that allows adversaries with…
CVE-2022-41668 — CVSS 7.0 (high): A CWE-704: Incorrect Project Conversion vulnerability exists that allows adversaries with local user privileges to load a project file from…
CVE-2022-41669 — CVSS 7.0 (high): A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists in the SGIUtility component that allows adversaries with…
CVE-2022-41670 — CVSS 7.0 (high): A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in the SGIUtility component…
CVE-2022-41671 — CVSS 7.0 (high): A CWE-89: Improper Neutralization of Special Elements used in SQL Command (‘SQL Injection’) vulnerability exists that allows…
CVE-2020-7495 — CVSS 5.5 (medium): A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability during zip file extraction exists in…