NVD や CVE、ほか複数の脅威フィードを束ね、RCE など高リスクな事象を深く追える一覧です。CVSS と EPSS を組み合わせ、Exploit 参照や PoC の有無から悪用しやすさを追跡します。ベンダー修正や緩和策の文脈とあわせて優先度を決め、対応サイクルを短く保ちつつ重要資産を守る支援をします。
Assigner(CNA/発行元):[email protected] この条件を外す
| CVE | 説明 | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|
| CVE-2024-2230 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | 該当なし | 0.04% | 2024-06-12 | 2024-06-12 |
| CVE-2024-5679 | CWE-787: Out-of-Bounds Write vulnerability exists that could cause local denial-of-service, or kernel memory leak when a malicious actor with local user access crafts a script/program using an IOCTL call in the Foxboro.sys driver. | 7.1 | 0.06% | 2024-07-11 | 2026-06-17 |
| CVE-2026-1227 | CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause unauthorized disclosure of local files, interaction within the EBO system, or denial of service conditions when a local user uploads a specially crafted TGML graphics file to the EBO server from Workstation. | 7.0 | 0.06% | 2026-02-11 | 2026-06-17 |
| CVE-2024-5680 | CWE-129: Improper Validation of Array Index vulnerability exists that could cause local denial-of-service when a malicious actor with local user access crafts a script/program using an IOCTL call in the Foxboro.sys driver. | 7.1 | 0.07% | 2024-07-11 | 2026-06-17 |
| CVE-2022-32748 | A CWE-295: Improper Certificate Validation vulnerability exists that could cause the CAE software to give wrong data to end users when using CAE to configure devices. Additionally, credentials could leak which would enable an attacker the ability to log into the configuration tool and compromise other devices in the network. Affected Products: EcoStruxure™ Cybersecurity Admin Expert (CAE) (Versions prior to 2.2) | 7.9 | 0.07% | 2023-01-30 | 2026-06-17 |
| CVE-2024-10083 | CWE-20: Improper Input Validation vulnerability exists that could cause denial of service of engineering workstation when specific driver interface is invoked locally by an authenticated user with crafted input. | 6.8 | 0.07% | 2025-02-13 | 2026-06-17 |
| CVE-2024-5558 | CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability exists that could cause escalation of privileges when an attacker abuses a limited admin account. | 6.4 | 0.07% | 2024-06-12 | 2026-06-17 |
| CVE-2025-3899 | CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists in Certificates page on Webserver that could cause an unvalidated data injected by authenticated malicious user leading to modify or read data in a victim’s browser. | 5.1 | 0.07% | 2025-06-10 | 2026-06-17 |
| CVE-2026-2401 | CWE-532 Insertion of Sensitive Information into Log File vulnerability exists that could cause confidential information to be exposed when a Web Admin user executes a malicious file provided by an attacker. | 2.4 | 0.10% | 2026-04-14 | 2026-06-17 |
| CVE-2025-13905 | CWE-276: Incorrect Default Permissions vulnerability exists that could cause privilege escalation through the reverse shell when one or more executable service binaries are modified in the installation folder by a local user with normal privilege upon service restart. | 7.0 | 0.10% | 2026-01-29 | 2026-06-17 |
| CVE-2026-9651 | CWE-732 Incorrect Permission Assignment for Critical Resource vulnerability that could cause unauthorized disclosure of password hashes and potential account compromise when an attacker with privileged local access reads improperly protected system files. | 6.7 | 0.11% | 2026-06-25 | 2026-07-14 |
| CVE-2025-11567 | CWE-276: Incorrect Default Permissions vulnerability exists that could cause elevated system access when the target installation folder is not properly secured. | 7.3 | 0.11% | 2025-11-12 | 2026-06-17 |
| CVE-2021-22782 | Missing Encryption of Sensitive Data vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all versions, that could cause an information leak allowing disclosure of network and process information, credentials or intellectual property when an attacker can access a project file. | 5.5 | 0.11% | 2021-07-14 | 2026-06-16 |
| CVE-2022-41669 | A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load a malicious DLL which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior). | 7.0 | 0.11% | 2022-11-04 | 2026-06-17 |
| CVE-2024-8070 | CWE-312: Cleartext Storage of Sensitive Information vulnerability exists that exposes test credentials in the firmware binary | 8.5 | 0.11% | 2024-10-13 | 2026-06-17 |
| CVE-2025-11565 | CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause elevated system access when a Web Admin user on the local network tampers with the POST /REST/UpdateJRE request payload. | 7.3 | 0.12% | 2025-11-12 | 2026-06-17 |
| CVE-2026-6332 | CWE-312: Cleartext Storage of Sensitive Information vulnerability exists that could cause the disclosure of a sensitive information which could result in revealing protected source code and loss of confidentiality, When an authorized attacker accesses the source code for editing or compiling it. | 6.8 | 0.12% | 2026-05-14 | 2026-06-17 |
| CVE-2026-1226 | CWE‑94: Improper Control of Generation of Code vulnerability exists that could cause execution of untrusted or unintended code within the application when maliciously crafted design content is processed through a TGML graphics file. | 7.0 | 0.13% | 2026-02-11 | 2026-06-17 |
| CVE-2022-41666 | A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists that allows adversaries with local user privileges to load a malicious DLL which could lead to execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior). | 7.0 | 0.13% | 2022-11-04 | 2026-06-17 |
| CVE-2025-13844 | CWE-415: Double Free vulnerability exists that could cause heap memory corruption when the end user imports a malicious project file (SSD file) shared by the attacker into Rapsody. | 8.4 | 0.14% | 2026-01-15 | 2026-06-17 |