A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load a malicious DLL which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior).
The product does not verify, or incorrectly verifies, the cryptographic signature for data.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Ecostruxure_operator_terminal_expert | Schneider-electric | * | 3.3 (excluding) |
Ecostruxure_operator_terminal_expert | Schneider-electric | 3.3 (including) | 3.3 (including) |
Ecostruxure_operator_terminal_expert | Schneider-electric | 3.3-hotfix1 (including) | 3.3-hotfix1 (including) |
Pro-face_blue | Schneider-electric | * | 3.3 (excluding) |
Pro-face_blue | Schneider-electric | 3.3 (including) | 3.3 (including) |
Pro-face_blue | Schneider-electric | 3.3-hotfix1 (including) | 3.3-hotfix1 (including) |