Filtered by vendor Schneider-electric
Subscribe
Total
752 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-7550 | 1 Schneider-electric | 1 Interactive Graphical Scada System | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
A CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 and prior that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition. | |||||
CVE-2021-22702 | 1 Schneider-electric | 24 Powerlogic Ion7300, Powerlogic Ion7300 Firmware, Powerlogic Ion7400 and 21 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
A CWE-319: Cleartext transmission of sensitive information vulnerability exists in PowerLogic ION7400, ION7650, ION7700/73xx, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected versions), that could cause disclosure of user credentials when a malicious actor intercepts Telnet network traffic between a user and the device. | |||||
CVE-2020-7570 | 1 Schneider-electric | 1 Webreports | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
A CWE-79 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting Stored) vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause an authenticated remote user being able to inject arbitrary web script or HTML due to incorrect sanitization of user-supplied data and achieve a Cross-Site Scripting stored attack against other WebReport users. | |||||
CVE-2020-7559 | 1 Schneider-electric | 1 Ecostruxure Control Expert | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
A CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause a crash of the PLC simulator present in EcoStruxureª Control Expert software when receiving a specially crafted request over Modbus. | |||||
CVE-2020-7546 | 1 Schneider-electric | 5 Ecostruxure Energy Expert, Ecostruxure Power Monitoring Expert, Power Manager and 2 more | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
A CWE-79: Improper Neutralization of Input During Web Page Generation vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) that could allow an attacker to perform actions on behalf of the authorized user when accessing an affected webpage. | |||||
CVE-2020-7544 | 1 Schneider-electric | 1 Operator Terminal Expert Runtime | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
A CWE-269 Improper Privilege Management vulnerability exists in EcoStruxureª Operator Terminal Expert runtime (Vijeo XD) that could cause privilege escalation on the workstation when interacting directly with a driver installed by the runtime software of EcoStruxureª Operator Terminal Expert. | |||||
CVE-2020-28218 | 1 Schneider-electric | 2 Easergy T300, Easergy T300 Firmware | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists in Easergy T300 (firmware 2.7 and older), that would allow an attacker to trick a user into initiating an unintended action. | |||||
CVE-2020-7551 | 1 Schneider-electric | 1 Interactive Graphical Scada System | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
A CWE-787: Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247, that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition. | |||||
CVE-2020-7556 | 1 Schneider-electric | 1 Interactive Graphical Scada System | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
A CWE-787 Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition. | |||||
CVE-2021-22710 | 1 Schneider-electric | 1 Interactive Graphical Scada System | 2024-02-28 | 9.3 HIGH | 7.8 HIGH |
A CWE-119:Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Interactive Graphical SCADA System (IGSS) Definition (Def.exe) V15.0.0.21041 and prior, which could cause remote code execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition. | |||||
CVE-2020-7566 | 1 Schneider-electric | 2 Modicon M221, Modicon M221 Firmware | 2024-02-28 | 4.3 MEDIUM | 7.3 HIGH |
A CWE-334: Small Space of Random Values vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to break the encryption keys when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller. | |||||
CVE-2020-7562 | 1 Schneider-electric | 40 Modicon M340 Bmx Noc 0401, Modicon M340 Bmx Noc 0401 Firmware, Modicon M340 Bmx Noe 0100 and 37 more | 2024-02-28 | 5.8 MEDIUM | 8.1 HIGH |
A CWE-125: Out-of-Bounds Read vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details) which could cause a segmentation fault or a buffer overflow when uploading a specially crafted file on the controller over FTP. | |||||
CVE-2020-7547 | 1 Schneider-electric | 5 Ecostruxure Energy Expert, Ecostruxure Power Monitoring Expert, Power Manager and 2 more | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
A CWE-284: Improper Access Control vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) that could allow a user the ability to perform actions via the web interface at a higher privilege level. | |||||
CVE-2020-7565 | 1 Schneider-electric | 2 Modicon M221, Modicon M221 Firmware | 2024-02-28 | 4.3 MEDIUM | 7.3 HIGH |
A CWE-326: Inadequate Encryption Strength vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to break the encryption key when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller. | |||||
CVE-2020-28209 | 2 Microsoft, Schneider-electric | 2 Windows, Enterprise Server Installer | 2024-02-28 | 4.4 MEDIUM | 7.0 HIGH |
A CWE-428 Windows Unquoted Search Path vulnerability exists in EcoStruxure Building Operation Enterprise Server installer V1.9 - V3.1 and Enterprise Central installer V2.0 - V3.1 that could cause any local Windows user who has write permission on at least one of the subfolders of the Connect Agent service binary path, being able to gain the privilege of the user who started the service. By default, the Enterprise Server and Enterprise Central is always installed at a location requiring Administrator privileges so the vulnerability is only valid if the application has been installed on a non-secure location. | |||||
CVE-2020-28216 | 1 Schneider-electric | 2 Easergy T300, Easergy T300 Firmware | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Easergy T300 (firmware 2.7 and older), that would allow an attacker to read network traffic over HTTP protocol. | |||||
CVE-2020-28211 | 1 Schneider-electric | 1 Ecostruxure Control Expert | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
A CWE-863: Incorrect Authorization vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause bypass of authentication when overwriting memory using a debugger. | |||||
CVE-2020-7563 | 1 Schneider-electric | 40 Modicon M340 Bmx Noc 0401, Modicon M340 Bmx Noc 0401 Firmware, Modicon M340 Bmx Noe 0100 and 37 more | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
A CWE-787: Out-of-bounds Write vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details) which could cause corruption of data, a crash, or code execution when uploading a specially crafted file on the controller over FTP. | |||||
CVE-2020-7548 | 1 Schneider-electric | 14 Acti9 Powertag Link, Acti9 Powertag Link Firmware, Acti9 Powertag Link Hd and 11 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
A CWE-330 - Use of Insufficiently Random Values vulnerability exists in Smartlink, PowerTag, and Wiser Series Gateways (see security notification for version information) that could allow unauthorized users to login. | |||||
CVE-2020-7569 | 1 Schneider-electric | 1 Webreports | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
A CWE-434 Unrestricted Upload of File with Dangerous Type vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause an authenticated remote user being able to upload arbitrary files due to incorrect verification of user supplied files and achieve remote code execution. |