Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Ecostruxure_operator_terminal_expert
(Schneider\-Electric)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 12 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-11-04 | CVE-2022-41671 | A CWE-89: Improper Neutralization of Special Elements used in SQL Command (‘SQL Injection’) vulnerability exists that allows adversaries with local user privileges to craft a malicious SQL query and execute as part of project migration which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior). | Ecostruxure_operator_terminal_expert, Pro\-Face_blue | 7.8 | ||
| 2023-06-14 | CVE-2023-1049 | A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause execution of malicious code when an unsuspicious user loads a project file from the local filesystem into the HMI. | Ecostruxure_operator_terminal_expert, Pro\-Face_blue | 7.8 |