Total
2 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-28221 | 1 Schneider-electric | 42 Ecostruxure Operator Terminal Expert, Gp-4104g, Gp-4104w and 39 more | 2024-11-21 | 9.3 HIGH | 9.8 CRITICAL |
A CWE-20: Improper Input Validation vulnerability exists in EcoStruxure™ Operator Terminal Expert and Pro-face BLUE (version details in the notification) that could cause arbitrary code execution when the Ethernet Download feature is enable on the HMI. | |||||
CVE-2019-6833 | 1 Schneider-electric | 49 Hmig2u, Hmig3u, Hmig3ufc and 46 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
A CWE-754 – Improper Check for Unusual or Exceptional Conditions vulnerability exists in Magelis HMI Panels (all versions of - HMIGTO, HMISTO, XBTGH, HMIGTU, HMIGTUX, HMISCU, HMISTU, XBTGT, XBTGT, HMIGXO, HMIGXU), which could cause a temporary freeze of the HMI when a high rate of frames is received. When the attack stops, the buffered commands are processed by the HMI panel. |