Filtered by vendor Schneider-electric
Subscribe
Total
732 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-7798 | 1 Schneider-electric | 2 Modicon M221, Somachine Basic | 2023-12-10 | 6.4 MEDIUM | 8.2 HIGH |
A Insufficient Verification of Data Authenticity (CWE-345) vulnerability exists in the Modicon M221, all versions, which could cause a change of IPv4 configuration (IP address, mask and gateway) when remotely connected to the device. | |||||
CVE-2018-7802 | 1 Schneider-electric | 2 Evlink Parking, Evlink Parking Firmware | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
A SQL Injection vulnerability exists in EVLink Parking, v3.2.0-12_v1 and earlier, which could give access to the web interface with full privileges. | |||||
CVE-2018-7792 | 1 Schneider-electric | 2 Modicon M221, Modicon M221 Firmware | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to decode the password using rainbow table. | |||||
CVE-2018-7836 | 1 Schneider-electric | 1 Iiot Monitor | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An unrestricted Upload of File with Dangerous Type vulnerability exists on numerous methods of the IIoT Monitor 3.1.38 software that could allow upload and execution of malicious files. | |||||
CVE-2018-7814 | 1 Schneider-electric | 1 Guicon | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
A Stack-based Buffer Overflow (CWE-121) vulnerability exists in Eurotherm by Schneider Electric GUIcon V2.0 (Gold Build 683.0) which could cause remote code to be executed when parsing a GD1 file | |||||
CVE-2018-7813 | 1 Schneider-electric | 1 Guicon | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
A Type Confusion (CWE-843) vulnerability exists in Eurotherm by Schneider Electric GUIcon V2.0 (Gold Build 683.0) on pcwin.dll which could cause remote code to be executed when parsing a GD1 file | |||||
CVE-2018-7809 | 1 Schneider-electric | 8 Modicom Bmxnor0200h, Modicom Bmxnor0200h Firmware, Modicom M340 and 5 more | 2023-12-10 | 6.4 MEDIUM | 9.8 CRITICAL |
An Unverified Password Change vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 which could allow an unauthenticated remote user to access the password delete function of the web server. | |||||
CVE-2018-7835 | 1 Schneider-electric | 1 Iiot Monior | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in IIoT Monitor 3.1.38 which could allow access to files available to SYSTEM user. | |||||
CVE-2018-7796 | 1 Schneider-electric | 1 Powersuite 2 | 2023-12-10 | 6.8 MEDIUM | 6.3 MEDIUM |
A Buffer Error vulnerability exists in PowerSuite 2, all released versions (VW3A8104 & Patches), which could cause an overflow in the memcpy function, leading to corruption of data and program instability. | |||||
CVE-2018-7831 | 1 Schneider-electric | 8 Modicom Bmxnor0200h, Modicom Bmxnor0200h Firmware, Modicom M340 and 5 more | 2023-12-10 | 4.3 MEDIUM | 8.8 HIGH |
An Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 allowing an attacker to send a specially crafted URL to a currently authenticated web server user to execute a password change on the web server. | |||||
CVE-2018-7804 | 1 Schneider-electric | 8 Modicom Bmxnor0200h, Modicom Bmxnor0200h Firmware, Modicom M340 and 5 more | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
A URL Redirection to Untrusted Site vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where a user clicking on a specially crafted link can be redirected to a URL of the attacker's choosing. | |||||
CVE-2018-7833 | 1 Schneider-electric | 8 Modicom Bmxnor0200h, Modicom Bmxnor0200h Firmware, Modicom M340 and 5 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An Improper Check for Unusual or Exceptional Conditions vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where an unauthenticated user can send a specially crafted XML data via a POST request to cause the web server to become unavailable | |||||
CVE-2018-7832 | 1 Schneider-electric | 1 Pro-face Gp-pro Ex | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
An Improper Input Validation vulnerability exists in Pro-Face GP-Pro EX v4.08 and previous versions which could cause the execution arbitrary executable when GP-Pro EX is launched. | |||||
CVE-2018-7807 | 1 Schneider-electric | 1 Struxureware Data Center Expert | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
Data Center Expert, versions 7.5.0 and earlier, allows for the upload of a zip file from its user interface to the server. A carefully crafted, malicious file could be mistakenly uploaded by an authenticated user via this feature which could contain path traversal file names. As such, it could allow for the arbitrary upload of files contained with the zip onto the server file system outside of the intended directory. This is leveraging the more commonly known ZipSlip vulnerability within Java code. | |||||
CVE-2018-7795 | 1 Schneider-electric | 2 Powerlogic Pm5560, Powerlogic Pm5560 Firmware | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
A Cross Protocol Injection vulnerability exists in Schneider Electric's PowerLogic (PM5560 prior to FW version 2.5.4) product. The vulnerability makes the product susceptible to cross site scripting attack on its web browser. User inputs can be manipulated to cause execution of java script code. | |||||
CVE-2018-7811 | 1 Schneider-electric | 8 Modicom Bmxnor0200h, Modicom Bmxnor0200h Firmware, Modicom M340 and 5 more | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
An Unverified Password Change vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 which could allow an unauthenticated remote user to access the change password function of the web server | |||||
CVE-2018-7793 | 1 Schneider-electric | 4 Foxboro Dcs, Foxboro Evo, Foxview and 1 more | 2023-12-10 | 4.6 MEDIUM | 8.7 HIGH |
A Credential Management vulnerability exists in FoxView HMI SCADA (All Foxboro DCS, Foxboro Evo, and IA Series versions prior to Foxboro DCS Control Core Services 9.4 (CCS 9.4) and FoxView 10.5.) which could cause unauthorized disclosure, modification, or disruption in service when the password is modified without permission. | |||||
CVE-2018-7806 | 1 Schneider-electric | 1 Struxureware Data Center Operation | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
Data Center Operation allows for the upload of a zip file from its user interface to the server. A carefully crafted, malicious file could be mistakenly uploaded by an authenticated user via this feature which could contain path traversal file names. As such, it could allow for the arbitrary upload of files contained with the zip onto the server file system outside of the intended directory. This is leveraging the more commonly known ZipSlip vulnerability within Java code. | |||||
CVE-2018-2618 | 6 Canonical, Debian, Hp and 3 more | 16 Ubuntu Linux, Debian Linux, Xp7 Command View and 13 more | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). | |||||
CVE-2018-7779 | 1 Schneider-electric | 6 Homelynk, Homelynk Firmware, Spacelynk and 3 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
In Schneider Electric Wiser for KNX V2.1.0 and prior, homeLYnk V2.0.1 and prior; and spaceLYnk V2.1.0 and prior, weak and unprotected FTP access could allow an attacker unauthorized access. |