A CWE-704: Incorrect Project Conversion vulnerability exists that allows adversaries with local user privileges to load a project file from an adversary-controlled network share which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior).
The product does not correctly convert an object, resource, or structure from one type to a different type.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Ecostruxure_operator_terminal_expert | Schneider-electric | * | 3.3 (excluding) |
Ecostruxure_operator_terminal_expert | Schneider-electric | 3.3 (including) | 3.3 (including) |
Ecostruxure_operator_terminal_expert | Schneider-electric | 3.3-hf1 (including) | 3.3-hf1 (including) |
Pro-face_blue | Schneider-electric | * | 3.3 (excluding) |
Pro-face_blue | Schneider-electric | 3.3 (including) | 3.3 (including) |
Pro-face_blue | Schneider-electric | 3.3-hf1 (including) | 3.3-hf1 (including) |