admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-30 18:04:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Added submission from Schneider Electric from 2018-07-02.

Browse Source
This commit is contained in:
CVE Team 2018-07-03 09:05:32 -04:00
parent 6169a20821
commit bc6099c823
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
25 changed files with 1156 additions and 75 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
2018/7xxx/CVE-2018-7763.json
View File

@ -1,8 +1,32 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "cybersecurity@schneider-electric.com",
"DATE_PUBLIC" : "2018-04-05T00:00:00",
"ID" : "CVE-2018-7763",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "U.Motion",
"version" : {
"version_data" : [
{
"version_value" : "U.motion Builder Software, all versions prior to v1.3.4"
}
]
}
}
]
},
"vendor_name" : "Schneider Electric SE"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +35,26 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "The vulnerability exists within css.inc.php. The 'css' parameter contains a directory traversal vulnerability"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Directory Traversal Information Disclosure"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-095-01/"
}
]
}

49
2018/7xxx/CVE-2018-7764.json
View File

@ -1,8 +1,32 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "cybersecurity@schneider-electric.com",
"DATE_PUBLIC" : "2018-04-05T00:00:00",
"ID" : "CVE-2018-7764",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "U.Motion",
"version" : {
"version_data" : [
{
"version_value" : "U.motion Builder Software, all versions prior to v1.3.4"
}
]
}
}
]
},
"vendor_name" : "Schneider Electric SE"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +35,26 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "The vulnerability exists within runscript.php applet. There is a directory traversal vulnerability in the processing of the 's' parameter of the applet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Directory Traversal Information Disclosure"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-095-01/"
}
]
}

49
2018/7xxx/CVE-2018-7765.json
View File

@ -1,8 +1,32 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "cybersecurity@schneider-electric.com",
"DATE_PUBLIC" : "2018-04-05T00:00:00",
"ID" : "CVE-2018-7765",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "U.Motion",
"version" : {
"version_data" : [
{
"version_value" : "U.motion Builder Software, all versions prior to v1.3.4"
}
]
}
}
]
},
"vendor_name" : "Schneider Electric SE"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +35,26 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "The vulnerability exists within processing of track_import_export.php. The underlying SQLite database query is subject to SQL injection on the object_id input parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "SQL Injection Remote Code Execution"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-095-01/"
}
]
}

49
2018/7xxx/CVE-2018-7766.json
View File

@ -1,8 +1,32 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "cybersecurity@schneider-electric.com",
"DATE_PUBLIC" : "2018-04-05T00:00:00",
"ID" : "CVE-2018-7766",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "U.Motion",
"version" : {
"version_data" : [
{
"version_value" : "U.motion Builder Software, all versions prior to v1.3.4"
}
]
}
}
]
},
"vendor_name" : "Schneider Electric SE"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +35,26 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "The vulnerability exists within processing of track_getdata.php. The underlying SQLite database query is subject to SQL injection on the id input parameter"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "SQL Injection Remote Code Execution"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-095-01/"
}
]
}

49
2018/7xxx/CVE-2018-7767.json
View File

@ -1,8 +1,32 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "cybersecurity@schneider-electric.com",
"DATE_PUBLIC" : "2018-04-05T00:00:00",
"ID" : "CVE-2018-7767",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "U.Motion",
"version" : {
"version_data" : [
{
"version_value" : "U.motion Builder Software, all versions prior to v1.3.4"
}
]
}
}
]
},
"vendor_name" : "Schneider Electric SE"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +35,26 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "The vulnerability exists within processing of loadtemplate.php. The underlying SQLite database query is subject to SQL injection on the tpl input parameter"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "SQL Injection Remote Code Execution"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-095-01/"
}
]
}

49
2018/7xxx/CVE-2018-7768.json
View File

@ -1,8 +1,32 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "cybersecurity@schneider-electric.com",
"DATE_PUBLIC" : "2018-04-05T00:00:00",
"ID" : "CVE-2018-7768",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "U.Motion",
"version" : {
"version_data" : [
{
"version_value" : "U.motion Builder Software, all versions prior to v1.3.4"
}
]
}
}
]
},
"vendor_name" : "Schneider Electric SE"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +35,26 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "The vulnerability exists within processing of loadtemplate.php. The underlying SQLite database query is subject to SQL injection on the tpl input parameter"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "SQL Injection Remote Code Execution"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-095-01/"
}
]
}

49
2018/7xxx/CVE-2018-7769.json
View File

@ -1,8 +1,32 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "cybersecurity@schneider-electric.com",
"DATE_PUBLIC" : "2018-04-05T00:00:00",
"ID" : "CVE-2018-7769",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "U.Motion",
"version" : {
"version_data" : [
{
"version_value" : "U.motion Builder Software, all versions prior to v1.3.4"
}
]
}
}
]
},
"vendor_name" : "Schneider Electric SE"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +35,26 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "The vulnerability exists within processing of xmlserver.php. The underlying SQLite database query is subject to SQL injection on the id input parameter"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "SQL Injection Remote Code Execution"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-095-01/"
}
]
}

49
2018/7xxx/CVE-2018-7770.json
View File

@ -1,8 +1,32 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "cybersecurity@schneider-electric.com",
"DATE_PUBLIC" : "2018-04-05T00:00:00",
"ID" : "CVE-2018-7770",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "U.Motion",
"version" : {
"version_data" : [
{
"version_value" : "U.motion Builder Software, all versions prior to v1.3.4"
}
]
}
}
]
},
"vendor_name" : "Schneider Electric SE"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +35,26 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "The vulnerability exists within processing of sendmail.php. The applet allows callers to select arbitrary files to send to an arbitrary email address."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Path Traversal Information Disclosure"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-095-01/"
}
]
}

49
2018/7xxx/CVE-2018-7771.json
View File

@ -1,8 +1,32 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "cybersecurity@schneider-electric.com",
"DATE_PUBLIC" : "2018-04-05T00:00:00",
"ID" : "CVE-2018-7771",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "U.Motion",
"version" : {
"version_data" : [
{
"version_value" : "U.motion Builder Software, all versions prior to v1.3.4"
}
]
}
}
]
},
"vendor_name" : "Schneider Electric SE"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +35,26 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "The vulnerability exists within processing of editscript.php. A directory traversal vulnerability allows a caller with standard user privileges to write arbitrary php files anywhere in the web service directory tree."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Directory Traversal Remote Code Execution"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-095-01/"
}
]
}

49
2018/7xxx/CVE-2018-7772.json
View File

@ -1,8 +1,32 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "cybersecurity@schneider-electric.com",
"DATE_PUBLIC" : "2018-04-05T00:00:00",
"ID" : "CVE-2018-7772",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "U.Motion",
"version" : {
"version_data" : [
{
"version_value" : "U.motion Builder Software, all versions prior to v1.3.4"
}
]
}
}
]
},
"vendor_name" : "Schneider Electric SE"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +35,26 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "The vulnerability exists within processing of applets which are exposed on the web service. The underlying SQLite database query to determine whether a user is logged in is subject to SQL injection on the loginSeed parameter, which can be embedded in the HTTP cookie of the request"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "SQL Injection Remote Code Execution"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-095-01/"
}
]
}

49
2018/7xxx/CVE-2018-7773.json
View File

@ -1,8 +1,32 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "cybersecurity@schneider-electric.com",
"DATE_PUBLIC" : "2018-04-05T00:00:00",
"ID" : "CVE-2018-7773",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "U.Motion",
"version" : {
"version_data" : [
{
"version_value" : "U.motion Builder Software, all versions prior to v1.3.4"
}
]
}
}
]
},
"vendor_name" : "Schneider Electric SE"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +35,26 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "The vulnerability exists within processing of nfcserver.php. The underlying SQLite database query is subject to SQL injection on the sessionid input parameter"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "SQL Injection Remote Code Execution"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-095-01/"
}
]
}

49
2018/7xxx/CVE-2018-7774.json
View File

@ -1,8 +1,32 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "cybersecurity@schneider-electric.com",
"DATE_PUBLIC" : "2018-04-05T00:00:00",
"ID" : "CVE-2018-7774",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "U.Motion",
"version" : {
"version_data" : [
{
"version_value" : "U.motion Builder Software, all versions prior to v1.3.4"
}
]
}
}
]
},
"vendor_name" : "Schneider Electric SE"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +35,26 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "The vulnerability exists within processing of localize.php. The underlying SQLite database query is subject to SQL injection on the username input parameter"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "SQL Injection Remote Code Execution"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-095-01/"
}
]
}

49
2018/7xxx/CVE-2018-7775.json
View File

@ -1,8 +1,32 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "cybersecurity@schneider-electric.com",
"DATE_PUBLIC" : "2018-04-05T00:00:00",
"ID" : "CVE-2018-7775",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "U.Motion",
"version" : {
"version_data" : [
{
"version_value" : "U.motion Builder Software, all versions prior to v1.3.4"
}
]
}
}
]
},
"vendor_name" : "Schneider Electric SE"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +35,26 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "The vulnerability exists within error.php. System information is returned to the attacker that contains sensitive data."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Error Information Disclosure"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-095-01/"
}
]
}

49
2018/7xxx/CVE-2018-7776.json
View File

@ -1,8 +1,32 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "cybersecurity@schneider-electric.com",
"DATE_PUBLIC" : "2018-04-05T00:00:00",
"ID" : "CVE-2018-7776",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "U.Motion",
"version" : {
"version_data" : [
{
"version_value" : "U.motion Builder Software, all versions prior to v1.3.4"
}
]
}
}
]
},
"vendor_name" : "Schneider Electric SE"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +35,26 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "The vulnerability is due to insufficient handling of update_file request parameter on update_module.php. A remote, authenticated attacker can exploit this vulnerability by sending a crafted request to the target server."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-095-01/"
}
]
}

49
2018/7xxx/CVE-2018-7777.json
View File

@ -1,8 +1,32 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "cybersecurity@schneider-electric.com",
"DATE_PUBLIC" : "2018-04-05T00:00:00",
"ID" : "CVE-2018-7777",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "U.Motion",
"version" : {
"version_data" : [
{
"version_value" : "U.motion Builder Software, all versions prior to v1.3.4"
}
]
}
}
]
},
"vendor_name" : "Schneider Electric SE"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +35,26 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Malicious clients can upload and cause the smbd server to execute a shared library from a writable share"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Samba Remote Code Execution"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-095-01/"
}
]
}

49
2018/7xxx/CVE-2018-7778.json
View File

@ -1,8 +1,32 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "cybersecurity@schneider-electric.com",
"DATE_PUBLIC" : "2018-04-19T00:00:00",
"ID" : "CVE-2018-7778",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Evlink Charging Station",
"version" : {
"version_data" : [
{
"version_value" : "Web Interface, all versions prior to v3.2.0-12_v1"
}
]
}
}
]
},
"vendor_name" : "Schneider Electric SE"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +35,26 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "EVlink Web Interface has an issue that may allow a remote attacker to gain administrative privileges without properly authenticating remote users."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cookie Modification Privilege Escalation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-109-01/"
}
]
}

55
2018/7xxx/CVE-2018-7779.json
View File

@ -1,8 +1,38 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "cybersecurity@schneider-electric.com",
"DATE_PUBLIC" : "2018-04-19T00:00:00",
"ID" : "CVE-2018-7779",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Wiser for KNX",
"version" : {
"version_data" : [
{
"version_value" : "Wiser for KNX, V2.1.0 and prior"
},
{
"version_value" : "homeLYnk V2.0.1 and prior"
},
{
"version_value" : "spaceLYnk V2.1.0 and prior"
}
]
}
}
]
},
"vendor_name" : "Schneider Electric SE"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +41,26 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Weak and Unprotected FTP access could allow an attacker unauthorized access."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Weak and unprotected FTP access"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-109-02/"
}
]
}

49
2018/7xxx/CVE-2018-7780.json
View File

@ -1,8 +1,32 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "cybersecurity@schneider-electric.com",
"DATE_PUBLIC" : "2018-04-24T00:00:00",
"ID" : "CVE-2018-7780",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Pelco Sarix Professional V1",
"version" : {
"version_data" : [
{
"version_value" : "Pelco Sarix Pro 1 st generation with firmware versions prior to 3.29.69"
}
]
}
}
]
},
"vendor_name" : "Schneider Electric SE"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +35,26 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "A buffer overflow vulnerability exist in cgi program \"set\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Buffer Overflow"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-114-01/"
}
]
}

49
2018/7xxx/CVE-2018-7781.json
View File

@ -1,8 +1,32 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "cybersecurity@schneider-electric.com",
"DATE_PUBLIC" : "2018-04-24T00:00:00",
"ID" : "CVE-2018-7781",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Pelco Sarix Professional V1",
"version" : {
"version_data" : [
{
"version_value" : "Pelco Sarix Pro 1 st generation with firmware versions prior to 3.29.69"
}
]
}
}
]
},
"vendor_name" : "Schneider Electric SE"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +35,26 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "By sending a specially crafted request an authenticated user can view password in clear text and results in privilege escalation"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Authenticated password disclosure and privilege escalation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-114-01/"
}
]
}

49
2018/7xxx/CVE-2018-7782.json
View File

@ -1,8 +1,32 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "cybersecurity@schneider-electric.com",
"DATE_PUBLIC" : "2018-04-24T00:00:00",
"ID" : "CVE-2018-7782",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Pelco Sarix Professional V1",
"version" : {
"version_data" : [
{
"version_value" : "Pelco Sarix Pro 1 st generation with firmware versions prior to 3.29.69"
}
]
}
}
]
},
"vendor_name" : "Schneider Electric SE"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +35,26 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Authenticated users can view passwords in clear text."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Authenticated password disclosure"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-114-01/"
}
]
}

49
2018/7xxx/CVE-2018-7783.json
View File

@ -1,8 +1,32 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "cybersecurity@schneider-electric.com",
"DATE_PUBLIC" : "2018-05-22T00:00:00",
"ID" : "CVE-2018-7783",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "SoMachine Basic",
"version" : {
"version_data" : [
{
"version_value" : "SoMachine Basic prior to v1.6 SP1"
}
]
}
}
]
},
"vendor_name" : "Schneider Electric SE"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +35,26 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "SoMachine Basic suffers from an XML External Entity (XXE) vulnerability using the DTD parameter entities technique resulting in disclosure and retrieval of arbitrary data on the affected node via out-of-band (OOB) attack. The vulnerability is triggered when input passed to the xml parser is not sanitized while parsing the xml project/template file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Out-Of-Band Remote Arbitrary Data Retrieval"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-142-01/"
}
]
}

49
2018/7xxx/CVE-2018-7784.json
View File

@ -1,8 +1,32 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "cybersecurity@schneider-electric.com",
"DATE_PUBLIC" : "2018-05-31T00:00:00",
"ID" : "CVE-2018-7784",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "U.motion Builder",
"version" : {
"version_data" : [
{
"version_value" : "U.motion Builder, all versions prior to 1.3.4"
}
]
}
}
]
},
"vendor_name" : "Schneider Electric SE"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +35,26 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "This exploit occurs when the submitted data of an input string is evaluated as a command by the application. In this way, the attacker could execute code, read the stack, or cause a segmentation fault in the running application."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Print Format Vulnerability"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-151-01/"
}
]
}

49
2018/7xxx/CVE-2018-7785.json
View File

@ -1,8 +1,32 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "cybersecurity@schneider-electric.com",
"DATE_PUBLIC" : "2018-05-31T00:00:00",
"ID" : "CVE-2018-7785",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "U.motion Builder",
"version" : {
"version_data" : [
{
"version_value" : "U.motion Builder, all versions prior to 1.3.4"
}
]
}
}
]
},
"vendor_name" : "Schneider Electric SE"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +35,26 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "A remote command injection allows authentication bypass"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Command Injection"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-151-01/"
}
]
}

49
2018/7xxx/CVE-2018-7786.json
View File

@ -1,8 +1,32 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "cybersecurity@schneider-electric.com",
"DATE_PUBLIC" : "2018-05-31T00:00:00",
"ID" : "CVE-2018-7786",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "U.motion Builder",
"version" : {
"version_data" : [
{
"version_value" : "U.motion Builder, all versions prior to 1.3.4"
}
]
}
}
]
},
"vendor_name" : "Schneider Electric SE"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +35,26 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "A cross site scripting (XSS) vulnerability exists which could allow injection of malicious scripts"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross Site Scripting"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-151-01/"
}
]
}

49
2018/7xxx/CVE-2018-7787.json
View File

@ -1,8 +1,32 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "cybersecurity@schneider-electric.com",
"DATE_PUBLIC" : "2018-05-31T00:00:00",
"ID" : "CVE-2018-7787",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "U.motion Builder",
"version" : {
"version_data" : [
{
"version_value" : "U.motion Builder, all versions prior to 1.3.4"
}
]
}
}
]
},
"vendor_name" : "Schneider Electric SE"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +35,26 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "This vulnerability is due to improper validation of input of context parameter in HTTP GET request"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Improper Input Validation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-151-01/"
}
]
}