Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Somachine
(Schneider\-Electric)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 7 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2017-04-06 | CVE-2017-7574 | Schneider Electric SoMachine Basic 1.4 SP1 and Schneider Electric Modicon TM221CE16R 1.3.3.3 devices have a hardcoded-key vulnerability. The Project Protection feature is used to prevent unauthorized users from opening an XML protected project file, by prompting the user for a password. This XML file is AES-CBC encrypted; however, the key used for encryption (SoMachineBasicSoMachineBasicSoMa) cannot be changed. After decrypting the XML file with this key, the user password can be found in... | Modicon_tm221ce16r_firmware, Somachine | 9.8 | ||
| 2014-04-01 | CVE-2013-0662 | Multiple stack-based buffer overflows in ModbusDrv.exe in Schneider Electric Modbus Serial Driver 1.10 through 3.2 allow remote attackers to execute arbitrary code via a large buffer-size value in a Modbus Application Header. | Concept, Modbus_serial_driver, Modbuscommdtm_sl, Opc_factory_server, Pl7, Powersuite, Sft2841, Somachine, Somove, Twidosuite, Unity_pro, Unityloader, Somachine | N/A | ||
| 2020-04-22 | CVE-2020-7487 | A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists which could allow the attacker to execute malicious code on the Modicon M218, M241, M251, and M258 controllers. | Ecostruxure_machine_expert, Modicon_m218_firmware, Modicon_m241_firmware, Modicon_m251_firmware, Modicon_m258_firmware, Somachine, Somachine_motion | 9.8 | ||
| 2020-04-22 | CVE-2020-7488 | A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists which could leak sensitive information transmitted between the software and the Modicon M218, M241, M251, and M258 controllers. | Ecostruxure_machine_expert, Modicon_m218_firmware, Modicon_m241_firmware, Modicon_m251_firmware, Modicon_m258_firmware, Somachine, Somachine_motion | 7.5 | ||
| 2020-12-11 | CVE-2020-28220 | A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Modicon M258 Firmware (All versions prior to V5.0.4.11) and SoMachine/SoMachine Motion software (All versions), that could cause a buffer overflow when the length of a file transferred to the webserver is not verified. | Modicon_m258_firmware, Somachine, Somachine_motion | 6.8 | ||
| 2017-06-07 | CVE-2017-7966 | A DLL Hijacking vulnerability in the programming software in Schneider Electric's SoMachine HVAC v2.1.0 allows a remote attacker to execute arbitrary code on the targeted system. The vulnerability exists due to the improper loading of a DLL. | Somachine | 8.8 | ||
| 2015-02-01 | CVE-2014-9200 | Stack-based buffer overflow in an unspecified DLL file in a DTM development kit in Schneider Electric Unity Pro, SoMachine, SoMove, SoMove Lite, Modbus Communication Library 2.2.6 and earlier, CANopen Communication Library 1.0.2 and earlier, EtherNet/IP Communication Library 1.0.0 and earlier, EM X80 Gateway DTM (MB TCP/SL), Advantys DTM for OTB, Advantys DTM for STB, KINOS DTM, SOLO DTM, and Xantrex DTMs allows remote attackers to execute arbitrary code via unspecified vectors. | Somachine, Somove, Somove_lite, Unity_pro | N/A |