Vulnerabilities (CVE)

Filtered by vendor Schneider-electric Subscribe
Total 732 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-26507 2 Att, Schneider-electric 9 Xmill, Ecostruxure Control Expert, Ecostruxure Process Expert and 6 more 2024-03-21 7.5 HIGH 9.8 CRITICAL
A heap-based buffer overflow exists in XML Decompression DecodeTreeBlock in AT&T Labs Xmill 0.7. A crafted input file can lead to remote code execution. This is not the same as any of: CVE-2021-21810, CVE-2021-21811, CVE-2021-21812, CVE-2021-21815, CVE-2021-21825, CVE-2021-21826, CVE-2021-21828, CVE-2021-21829, or CVE-2021-21830. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
CVE-2021-22768 1 Schneider-electric 4 Powerlogic Egx100, Powerlogic Egx100 Firmware, Powerlogic Egx300 and 1 more 2024-03-21 7.5 HIGH 9.8 CRITICAL
A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service or remote code execution via a specially crafted HTTP packet.This CVE ID is unique from CVE-2021-22767
CVE-2021-22767 1 Schneider-electric 4 Powerlogic Egx100, Powerlogic Egx100 Firmware, Powerlogic Egx300 and 1 more 2024-03-21 7.5 HIGH 9.8 CRITICAL
A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service or remote code execution via a specially crafted HTTP packet.This CVE ID is unique from CVE-2021-2276
CVE-2021-22766 1 Schneider-electric 4 Powerlogic Egx100, Powerlogic Egx100 Firmware, Powerlogic Egx300 and 1 more 2024-03-21 5.0 MEDIUM 7.5 HIGH
A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service via a specially crafted HTTP packet
CVE-2021-22765 1 Schneider-electric 4 Powerlogic Egx100, Powerlogic Egx100 Firmware, Powerlogic Egx300 and 1 more 2024-03-21 7.5 HIGH 9.8 CRITICAL
A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service or remote code execution via a specially crafted HTTP packet
CVE-2013-2763 1 Schneider-electric 24 Modicon M340 Bmx Noc 0401, Modicon M340 Bmx Noc 0401 Firmware, Modicon M340 Bmx Noe 0100 and 21 more 2024-03-21 5.0 MEDIUM N/A
The Schneider Electric M340 PLC modules allow remote attackers to cause a denial of service (resource consumption) via unspecified vectors. NOTE: the vendor reportedly disputes this issue because it "could not be duplicated" and "an attacker could not remotely exploit this observed behavior to deny PLC control functions.
CVE-2023-5391 1 Schneider-electric 3 Ecostruxure Power Monitoring Expert, Ecostruxure Power Operation With Advanced Reports, Ecostruxure Power Scada Operation With Advanced Reports 2024-02-01 N/A 9.8 CRITICAL
A CWE-502: Deserialization of untrusted data vulnerability exists that could allow an attacker to execute arbitrary code on the targeted system by sending a specifically crafted packet to the application.
CVE-2023-7032 1 Schneider-electric 1 Easergy Studio 2024-01-16 N/A 7.8 HIGH
A CWE-502: Deserialization of untrusted data vulnerability exists that could allow an attacker logged in with a user level account to gain higher privileges by providing a harmful serialized object.
CVE-2023-5630 1 Schneider-electric 32 Eb450, Eb450 Firmware, Eb45e and 29 more 2023-12-27 N/A 4.9 MEDIUM
A CWE-494: Download of Code Without Integrity Check vulnerability exists that could allow a privileged user to install an untrusted firmware.
CVE-2023-5629 1 Schneider-electric 32 Eb450, Eb450 Firmware, Eb45e and 29 more 2023-12-27 N/A 6.1 MEDIUM
A CWE-601:URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability exists that could cause disclosure of information through phishing attempts over HTTP.
CVE-2023-6407 2 Microsoft, Schneider-electric 6 Windows 10 1507, Windows 11 21h2, Windows Server 2016 and 3 more 2023-12-18 N/A 7.1 HIGH
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause arbitrary file deletion upon service restart when accessed by a local and low-privileged attacker.
CVE-2023-5984 1 Schneider-electric 4 Ion8650, Ion8650 Firmware, Ion8800 and 1 more 2023-12-14 N/A 4.9 MEDIUM
A CWE-494 Download of Code Without Integrity Check vulnerability exists that could allow modified firmware to be uploaded when an authorized admin user begins a firmware update procedure which could result in full control over the device.
CVE-2023-6032 1 Schneider-electric 4 Galaxy Vl, Galaxy Vl Firmware, Galaxy Vs and 1 more 2023-12-10 N/A 5.3 MEDIUM
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause a file system enumeration and file download when an attacker navigates to the Network Management Card via HTTPS.
CVE-2023-5985 1 Schneider-electric 4 Ion8650, Ion8650 Firmware, Ion8800 and 1 more 2023-12-10 N/A 4.8 MEDIUM
A CWE-79 Improper Neutralization of Input During Web Page Generation vulnerability exists that could cause compromise of a user’s browser when an attacker with admin privileges has modified system values.
CVE-2023-5987 1 Schneider-electric 1 Ecostruxure Power Monitoring Expert 2023-12-10 N/A 6.1 MEDIUM
A CWE-79 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) vulnerability that could cause a vulnerability leading to a cross site scripting condition where attackers can have a victim’s browser run arbitrary JavaScript when they visit a page containing the injected payload.
CVE-2023-5986 1 Schneider-electric 1 Ecostruxure Power Monitoring Expert 2023-12-10 N/A 6.1 MEDIUM
A CWE-601 URL Redirection to Untrusted Site vulnerability exists that could cause an openredirect vulnerability leading to a cross site scripting attack. By providing a URL-encoded input attackers can cause the software’s web application to redirect to the chosen domain after a successful login is performed.
CVE-2023-5402 1 Schneider-electric 1 C-bus Toolkit 2023-12-10 N/A 9.8 CRITICAL
A CWE-269: Improper Privilege Management vulnerability exists that could cause a remote code execution when the transfer command is used over the network.
CVE-2023-3953 1 Schneider-electric 1 Pro-face Gp-pro Ex 2023-12-10 N/A 5.3 MEDIUM
A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause memory corruption when an authenticated user opens a tampered log file from GP-Pro EX.
CVE-2023-4516 1 Schneider-electric 1 Interactive Graphical Scada System 2023-12-10 N/A 7.8 HIGH
A CWE-306: Missing Authentication for Critical Function vulnerability exists in the IGSS Update Service that could allow a local attacker to change update source, potentially leading to remote code execution when the attacker force an update containing malicious content.
CVE-2023-5399 1 Schneider-electric 1 Spacelogic C-bus Toolkit 2023-12-10 N/A 9.8 CRITICAL
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause tampering of files on the personal computer running C-Bus when using the File Command.