Filtered by vendor Schneider-electric
Subscribe
Total
755 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-22788 | 1 Schneider-electric | 28 140cpu65150, 140cpu65150 Firmware, 140noc77101 and 25 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A CWE-787: Out-of-bounds Write vulnerability exists that could cause denial of service when an attacker sends a specially crafted HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (All Versions), Modicon Premium Processors with integrated Ethernet (Copro): TSXP574634, TSXP575634, TSXP576634 (All Versions), Modicon Quantum Processors with Integrated Ethernet (Copro): 140CPU65xxxxx (All Versions), Modicon Quantum Communication Modules: 140NOE771x1, 140NOC78x00, 140NOC77101 (All Versions), Modicon Premium Communication Modules: TSXETY4103, TSXETY5103 (All Versions) | |||||
| CVE-2021-22787 | 1 Schneider-electric | 28 140cpu65150, 140cpu65150 Firmware, 140noc77101 and 25 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A CWE-20: Improper Input Validation vulnerability exists that could cause denial of service of the device when an attacker sends a specially crafted HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (All Versions), Modicon Premium Processors with integrated Ethernet (Copro): TSXP574634, TSXP575634, TSXP576634 (All Versions), Modicon Quantum Processors with Integrated Ethernet (Copro): 140CPU65xxxxx (All Versions), Modicon Quantum Communication Modules: 140NOE771x1, 140NOC78x00, 140NOC77101 (All Versions), Modicon Premium Communication Modules: TSXETY4103, TSXETY5103 (All Versions) | |||||
| CVE-2021-22786 | 1 Schneider-electric | 82 Modicon M340 Bmxp341000, Modicon M340 Bmxp341000 Firmware, Modicon M340 Bmxp342000 and 79 more | 2024-11-21 | N/A | 7.5 HIGH |
| A CWE-200: Information Exposure vulnerability exists that could cause the exposure of sensitive information stored on the memory of the controller when communicating over the Modbus TCP protocol. Affected Products: Modicon M340 CPU (part numbers BMXP34*) (Versions prior to V3.30), Modicon M580 CPU (part numbers BMEP* and BMEH*) (Versions prior to SV3.20), Modicon MC80 (BMKC80) (Versions prior to V1.6), Modicon M580 CPU Safety (part numbers BMEP58*S and BMEH58*S) (All Versions), Modicon Momentum MDI (171CBU*) (Versions prior to V2.3), Legacy Modicon Quantum (All Versions) | |||||
| CVE-2021-22785 | 1 Schneider-electric | 28 140cpu65150, 140cpu65150 Firmware, 140noc77101 and 25 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A CWE-200: Information Exposure vulnerability exists that could cause sensitive information of files located in the web root directory to leak when an attacker sends a HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (All Versions), Modicon Premium Processors with integrated Ethernet (Copro): TSXP574634, TSXP575634, TSXP576634 (All Versions), Modicon Quantum Processors with Integrated Ethernet (Copro): 140CPU65xxxxx (All Versions), Modicon Quantum Communication Modules: 140NOE771x1, 140NOC78x00, 140NOC77101 (All Versions), Modicon Premium Communication Modules: TSXETY4103, TSXETY5103 (All Versions) | |||||
| CVE-2021-22784 | 1 Schneider-electric | 1 C-bus Toolkit | 2024-11-21 | 3.5 LOW | 5.7 MEDIUM |
| A CWE-306: Missing Authentication for Critical Function vulnerability exists in C-Bus Toolkit v1.15.8 and prior that could allow an attacker to use a crafted webpage to obtain remote access to the system. | |||||
| CVE-2021-22783 | 1 Schneider-electric | 1 Ritto Wiser Door | 2024-11-21 | 4.8 MEDIUM | 8.8 HIGH |
| A CWE-200: Information Exposure vulnerability exists which could allow a session hijack when the door panel is communicating with the door. Affected Product: Ritto Wiser Door (All versions) | |||||
| CVE-2021-22782 | 1 Schneider-electric | 3 Ecostruxure Control Expert, Ecostruxure Process Expert, Remoteconnect | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Missing Encryption of Sensitive Data vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all versions, that could cause an information leak allowing disclosure of network and process information, credentials or intellectual property when an attacker can access a project file. | |||||
| CVE-2021-22781 | 1 Schneider-electric | 3 Ecostruxure Control Expert, Ecostruxure Process Expert, Remoteconnect | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all versions, that could cause a leak of SMTP credential used for mailbox authentication when an attacker can access a project file. | |||||
| CVE-2021-22780 | 1 Schneider-electric | 3 Ecostruxure Control Expert, Ecostruxure Process Expert, Remoteconnect | 2024-11-21 | 3.6 LOW | 7.1 HIGH |
| Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all versions, that could cause unauthorized access to a project file protected by a password when this file is shared with untrusted sources. An attacker may bypass the password protection and be able to view and modify a project file. | |||||
| CVE-2021-22779 | 1 Schneider-electric | 61 Ecostruxure Control Expert, Ecostruxure Process Expert, Modicon M340 Bmxp341000 and 58 more | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| Authentication Bypass by Spoofing vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Control Expert V15.0 SP1, EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), SCADAPack RemoteConnect for x70 (all versions), Modicon M580 CPU (all versions - part numbers BMEP* and BMEH*), Modicon M340 CPU (all versions - part numbers BMXP34*), that could cause unauthorized access in read and write mode to the controller by spoofing the Modbus communication between the engineering software and the controller. | |||||
| CVE-2021-22778 | 1 Schneider-electric | 3 Ecostruxure Control Expert, Ecostruxure Process Expert, Remoteconnect | 2024-11-21 | 3.6 LOW | 7.1 HIGH |
| Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all versions, that could cause protected derived function blocks to be read or modified by unauthorized users when accessing a project file. | |||||
| CVE-2021-22777 | 1 Schneider-electric | 1 Sosafe Configurable | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| A CWE-502: Deserialization of Untrusted Data vulnerability exists that could cause code execution by opening a malicious project file. | |||||
| CVE-2021-22775 | 1 Schneider-electric | 1 Gp-pro Ex | 2024-11-21 | 4.4 MEDIUM | 7.8 HIGH |
| A CWE-427: Uncontrolled Search Path Element vulnerability exists in GP-Pro EX,V4.09.250 and prior, that could cause local code execution with elevated privileges when installing the software. | |||||
| CVE-2021-22774 | 1 Schneider-electric | 12 Evlink City Evc1s22p4, Evlink City Evc1s22p4 Firmware, Evlink City Evc1s7p4 and 9 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A CWE-759: Use of a One-Way Hash without a Salt vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could lead an attacker to get knowledge of charging station user account credentials using dictionary attacks techniques. | |||||
| CVE-2021-22773 | 1 Schneider-electric | 12 Evlink City Evc1s22p4, Evlink City Evc1s22p4 Firmware, Evlink City Evc1s7p4 and 9 more | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A CWE-620: Unverified Password Change vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could allow an attacker connected to the charging station web server to modify the password of a user. | |||||
| CVE-2021-22772 | 1 Schneider-electric | 6 T200e, T200e Firmware, T200i and 3 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A CWE-306: Missing Authentication for Critical Function vulnerability exists in Easergy T200 ((Modbus) SC2-04MOD-07000100 and earlier), Easergy T200 ((IEC104) SC2-04IEC-07000100 and earlier), and Easergy T200 ((DNP3) SC2-04DNP-07000102 and earlier) that could cause unauthorized operation when authentication is bypassed. | |||||
| CVE-2021-22771 | 1 Schneider-electric | 2 Easergy T300, Easergy T300 Firmware | 2024-11-21 | 6.0 MEDIUM | 7.3 HIGH |
| A CWE-1236: Improper Neutralization of Formula Elements in a CSV File vulnerability exists in Easergy T300 with firmware V2.7.1 and older that would allow arbitrary command execution. | |||||
| CVE-2021-22770 | 1 Schneider-electric | 2 Easergy T300, Easergy T300 Firmware | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A CWE-200: Information Exposure vulnerability exists in Easergy T300 with firmware V2.7.1 and older that exposes sensitive information to an actor not explicitly authorized to have access to that information. | |||||
| CVE-2021-22769 | 1 Schneider-electric | 2 Easergy T300, Easergy T300 Firmware | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| A CWE-552: Files or Directories Accessible to External Parties vulnerability exists in Easergy T300 with firmware V2.7.1 and older that could expose files or directory content when access from an attacker is not restricted or incorrectly restricted. | |||||
| CVE-2021-22768 | 1 Schneider-electric | 4 Powerlogic Egx100, Powerlogic Egx100 Firmware, Powerlogic Egx300 and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service or remote code execution via a specially crafted HTTP packet.This CVE ID is unique from CVE-2021-22767 | |||||