Filtered by vendor Schneider-electric
Subscribe
Total
752 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-7521 | 1 Schneider-electric | 1 Apc Easy Ups Online Software | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in SFAPV9601 - APC Easy UPS On-Line Software (V2.0 and earlier) when accessing a vulnerable method of `FileUploadServlet` which may lead to uploading executable files to non-specified directories. | |||||
CVE-2020-7508 | 1 Schneider-electric | 2 Easergy T300, Easergy T300 Firmware | 2024-02-28 | 5.0 MEDIUM | 9.8 CRITICAL |
A CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to gain full access by brute force. | |||||
CVE-2020-7527 | 1 Schneider-electric | 1 Somove | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
Incorrect Default Permission vulnerability exists in SoMove (V2.8.1) and prior which could cause elevation of privilege and provide full access control to local system users to SoMove component and services when a SoMove installer script is launched. | |||||
CVE-2020-7528 | 1 Schneider-electric | 1 Scadapack 7x Remote Connect | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
A CWE-502 Deserialization of Untrusted Data vulnerability exists in SCADAPack 7x Remote Connect (V3.6.3.574 and prior) which could allow arbitrary code execution when an attacker builds a custom .PRJ file containing a malicious serialized buffer. | |||||
CVE-2020-7531 | 1 Schneider-electric | 1 Scadapack 7x Remote Connect | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
A CWE-284 Improper Access Control vulnerability exists in SCADAPack 7x Remote Connect (V3.6.3.574 and prior) which allows an attacker to place executables in a specific folder and run code whenever RemoteConnect is executed by the user. | |||||
CVE-2020-7520 | 1 Schneider-electric | 1 Software Update Utility | 2024-02-28 | 4.0 MEDIUM | 4.7 MEDIUM |
A CWE-601: URL Redirection to Untrusted Site ('Open Redirect') vulnerability exists in Schneider Electric Software Update (SESU), V2.4.0 and prior, which could cause execution of malicious code on the victim's machine. In order to exploit this vulnerability, an attacker requires privileged access on the engineering workstation to modify a Windows registry key which would divert all traffic updates to go through a server in the attacker's possession. A man-in-the-middle attack is then used to complete the exploit. | |||||
CVE-2020-7524 | 1 Schneider-electric | 2 Modicon M218, Modicon M218 Firmware | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Out-of-bounds Write vulnerability exists in Modicon M218 Logic Controller (V5.0.0.7 and prior) which could cause Denial of Service when sending specific crafted IPV4 packet to the controller: Sending a specific IPv4 protocol package to Schneider Electric Modicon M218 Logic Controller can cause IPv4 devices to go down. The device does not work properly and must be powered back on to return to normal. | |||||
CVE-2020-7512 | 1 Schneider-electric | 2 Easergy T300, Easergy T300 Firmware | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
A CWE-1103: Use of Platform-Dependent Third Party Components with vulnerabilities vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to exploit the component. | |||||
CVE-2020-7525 | 1 Schneider-electric | 4 Spacelynk, Spacelynk Firmware, Wiser For Knx and 1 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Improper Restriction of Excessive Authentication Attempts vulnerability exists in all hardware versions of spaceLYnk and Wiser for KNX (formerly homeLYnk) which could allow an attacker to guess a password when brute force is used. | |||||
CVE-2020-7516 | 1 Schneider-electric | 1 Easergy Builder | 2024-02-28 | 2.1 LOW | 7.8 HIGH |
A CWE-316: Cleartext Storage of Sensitive Information in Memory vulnerability exists in Easergy Builder V1.4.7.2 and prior which could allow an attacker access to login credentials. | |||||
CVE-2020-7492 | 1 Schneider-electric | 1 Gp-pro Ex Firmware | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
A CWE-521: Weak Password Requirements vulnerability exists in the GP-Pro EX V1.00 to V4.09.100 which could cause the discovery of the password when the user is entering the password because it is not masqueraded. | |||||
CVE-2020-7478 | 1 Schneider-electric | 1 Interactive Graphical Scada System | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory exists in IGSS (Versions 14 and prior using the service: IGSSupdate), which could allow a remote unauthenticated attacker to read arbitrary files from the IGSS server PC on an unrestricted or shared network when the IGSS Update Service is enabled. | |||||
CVE-2020-7491 | 1 Schneider-electric | 14 Tricon Tcm 4351, Tricon Tcm 4351 Firmware, Tricon Tcm 4351a and 11 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
**VERSION NOT SUPPORTED WHEN ASSIGNED** A legacy debug port account in TCMs installed in Tricon system versions 10.2.0 through 10.5.3 is visible on the network and could allow inappropriate access. This vulnerability was remediated in TCM version 10.5.4. | |||||
CVE-2020-7480 | 1 Schneider-electric | 22 Andover Continuum 5720, Andover Continuum 5720 Firmware, Andover Continuum 5740 and 19 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists in Andover Continuum (All versions), which could cause files on the application server filesystem to be viewable when an attacker interferes with an application's processing of XML data. | |||||
CVE-2020-7484 | 2 Microsoft, Schneider-electric | 4 Windows 7, Windows Nt, Windows Xp and 1 more | 2024-02-28 | 4.3 MEDIUM | 7.5 HIGH |
**VERSION NOT SUPPORTED WHEN ASSIGNED** A vulnerability with the former 'password' feature could allow a denial of service attack if the user is not following documented guidelines pertaining to dedicated TriStation connection and key-switch protection. This vulnerability was discovered and remediated in versions v4.9.1 and v4.10.1 on May 30, 2013. This feature is not present in version v4.9.1 and v4.10.1 through current. Therefore, the vulnerability is not present in these versions. | |||||
CVE-2020-7481 | 1 Schneider-electric | 22 Andover Continuum 5720, Andover Continuum 5720 Firmware, Andover Continuum 5740 and 19 more | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
A CWE-79:Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists Andover Continuum (All versions), which could enable a successful Cross-site Scripting (XSS attack) when using the products' web server. | |||||
CVE-2020-7522 | 1 Schneider-electric | 1 Apc Easy Ups Online Software | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in SFAPV9601 - APC Easy UPS On-Line Software (V2.0 and earlier) when accessing a vulnerable method of `SoundUploadServlet` which may lead to uploading executable files to non-specified directories. | |||||
CVE-2020-7503 | 1 Schneider-electric | 2 Easergy T300, Easergy T300 Firmware | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to execute malicious commands on behalf of a legitimate user when xsrf-token data is intercepted. | |||||
CVE-2020-7504 | 1 Schneider-electric | 2 Easergy T300, Easergy T300 Firmware | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
A CWE-20: Improper Input Validation vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to disable the webserver service on the device when specially crafted network packets are sent. | |||||
CVE-2020-7474 | 1 Schneider-electric | 1 Pmepxm0100 Prosoft Configurator | 2024-02-28 | 4.4 MEDIUM | 7.8 HIGH |
A CWE-427: Uncontrolled Search Path Element vulnerability exists in ProSoft Configurator (v1.002 and prior), for the PMEPXM0100 (H) module, which could cause the execution of untrusted code when using double click to open a project file which may trigger execution of a malicious DLL. |