A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability exists on EcoStruxure Machine Expert – Basic or SoMachine Basic programming software (versions in security notification). The result of this vulnerability, DLL substitution, could allow the transference of malicious code to the controller.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HSchneider Electric Ecostruxure Machine Expert
APPSchneider-Electricwszystkie wersjeSchneider Electric Modicon M100
HWSchneider-Electricwszystkie wersjeSchneider Electric Modicon M100 Firmware
OSSchneider-Electricwszystkie wersjeSchneider Electric Modicon M200
HWSchneider-Electricwszystkie wersjeSchneider Electric Modicon M200 Firmware
OSSchneider-Electricwszystkie wersjeSchneider Electric Modicon M221
HWSchneider-Electricwszystkie wersjeSchneider Electric Modicon M221 Firmware
OSSchneider-Electricwszystkie wersjeSchneider Electric Somachine Basic
APPSchneider-Electricwszystkie wersje
Powiązane podatności
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists in Harmony/HMI Prod...
A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists which could allow the attacker ...
An Information Management Error vulnerability exists in Schneider Electric's Modicon M221 product (all referen...
A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric's Modicon M221 produc...
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause ...