Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Scadapack_7x_remote_connect
(Schneider\-Electric)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 4 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-09-16 | CVE-2020-7528 | A CWE-502 Deserialization of Untrusted Data vulnerability exists in SCADAPack 7x Remote Connect (V3.6.3.574 and prior) which could allow arbitrary code execution when an attacker builds a custom .PRJ file containing a malicious serialized buffer. | Scadapack_7x_remote_connect | 7.8 | ||
| 2020-09-16 | CVE-2020-7529 | A CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Transversal') vulnerability exists in SCADAPack 7x Remote Connect (V3.6.3.574 and prior) which allows an attacker to place content in any unprotected folder on the target system using a crafted .RCZ file. | Scadapack_7x_remote_connect | 5.5 | ||
| 2020-09-16 | CVE-2020-7530 | A CWE-285 Improper Authorization vulnerability exists in SCADAPack 7x Remote Connect (V3.6.3.574 and prior) which allows improper access to executable code folders. | Scadapack_7x_remote_connect | 8.8 | ||
| 2020-09-16 | CVE-2020-7531 | A CWE-284 Improper Access Control vulnerability exists in SCADAPack 7x Remote Connect (V3.6.3.574 and prior) which allows an attacker to place executables in a specific folder and run code whenever RemoteConnect is executed by the user. | Scadapack_7x_remote_connect | 7.8 |