cbcvebase.

Schneider Electric Se Iiot Monitor 3.1.38 vulnerabilities

4 known vulnerabilities affecting schneider_electric_se/iiot_monitor_3.1.38.

Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH2MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2018-7836P2CRITICALCVSS 9.8vIIoT Monitor 3.1.382018-12-24
CVE-2018-7836 [CRITICAL] CWE-434 CVE-2018-7836: An unrestricted Upload of File with Dangerous Type vulnerability exists on numerous methods of the I An unrestricted Upload of File with Dangerous Type vulnerability exists on numerous methods of the IIoT Monitor 3.1.38 software that could allow upload and execution of malicious files.
nvd
CVE-2018-7835P3HIGHCVSS 7.5vIIoT Monitor 3.1.382018-12-24
CVE-2018-7835 [HIGH] CWE-22 CVE-2018-7835: An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exis An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in IIoT Monitor 3.1.38 which could allow access to files available to SYSTEM user.
nvd
CVE-2018-7837P3HIGHCVSS 7.5vIIoT Monitor 3.1.382018-12-24
CVE-2018-7837 [HIGH] CWE-611 CVE-2018-7837: An Improper Restriction of XML External Entity Reference ('XXE') vulnerability exists on numerous me An Improper Restriction of XML External Entity Reference ('XXE') vulnerability exists on numerous methods of the IIoT Monitor 3.1.38 software that could allow the software to resolve documents outside of the intended sphere of control, causing the software to embed incorrect documents into its output and expose restricted information.
nvd
CVE-2018-7839P4MEDIUMCVSS 5.5vIIoT Monitor 3.1.382019-02-06
CVE-2018-7839 [MEDIUM] CWE-310 CVE-2018-7839: A Cryptographic Issue (CWE-310) vulnerability exists in IIoT Monitor 3.1.38 which could allow inform A Cryptographic Issue (CWE-310) vulnerability exists in IIoT Monitor 3.1.38 which could allow information disclosure.
nvd
Schneider Electric Se Iiot Monitor 3.1.38 vulnerabilities | cvebase