Filtered by vendor Schneider-electric
Subscribe
Total
752 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-7792 | 1 Schneider-electric | 2 Modicon M221, Modicon M221 Firmware | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to decode the password using rainbow table. | |||||
CVE-2018-7791 | 1 Schneider-electric | 2 Modicon M221, Modicon M221 Firmware | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to overwrite the original password with their password. If an attacker exploits this vulnerability and overwrite the password, the attacker can upload the original program from the PLC. | |||||
CVE-2018-7831 | 1 Schneider-electric | 8 Modicom Bmxnor0200h, Modicom Bmxnor0200h Firmware, Modicom M340 and 5 more | 2024-02-28 | 4.3 MEDIUM | 8.8 HIGH |
An Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 allowing an attacker to send a specially crafted URL to a currently authenticated web server user to execute a password change on the web server. | |||||
CVE-2018-7804 | 1 Schneider-electric | 8 Modicom Bmxnor0200h, Modicom Bmxnor0200h Firmware, Modicom M340 and 5 more | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
A URL Redirection to Untrusted Site vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where a user clicking on a specially crafted link can be redirected to a URL of the attacker's choosing. | |||||
CVE-2018-7810 | 1 Schneider-electric | 8 Modicom Bmxnor0200h, Modicom Bmxnor0200h Firmware, Modicom M340 and 5 more | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 allowing an attacker to craft a URL containing JavaScript that will be executed within the user's browser, potentially impacting the machine the browser is running on. | |||||
CVE-2018-7813 | 1 Schneider-electric | 1 Guicon | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
A Type Confusion (CWE-843) vulnerability exists in Eurotherm by Schneider Electric GUIcon V2.0 (Gold Build 683.0) on pcwin.dll which could cause remote code to be executed when parsing a GD1 file | |||||
CVE-2018-7809 | 1 Schneider-electric | 8 Modicom Bmxnor0200h, Modicom Bmxnor0200h Firmware, Modicom M340 and 5 more | 2024-02-28 | 6.4 MEDIUM | 9.8 CRITICAL |
An Unverified Password Change vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 which could allow an unauthenticated remote user to access the password delete function of the web server. | |||||
CVE-2018-7835 | 1 Schneider-electric | 1 Iiot Monior | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in IIoT Monitor 3.1.38 which could allow access to files available to SYSTEM user. | |||||
CVE-2018-7798 | 1 Schneider-electric | 2 Modicon M221, Somachine Basic | 2024-02-28 | 6.4 MEDIUM | 8.2 HIGH |
A Insufficient Verification of Data Authenticity (CWE-345) vulnerability exists in the Modicon M221, all versions, which could cause a change of IPv4 configuration (IP address, mask and gateway) when remotely connected to the device. | |||||
CVE-2018-7802 | 1 Schneider-electric | 2 Evlink Parking, Evlink Parking Firmware | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
A SQL Injection vulnerability exists in EVLink Parking, v3.2.0-12_v1 and earlier, which could give access to the web interface with full privileges. | |||||
CVE-2018-7801 | 1 Schneider-electric | 2 Evlink Parking, Evlink Parking Firmware | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
A Code Injection vulnerability exists in EVLink Parking, v3.2.0-12_v1 and earlier, which could enable access with maximum privileges when a remote code execution is performed. | |||||
CVE-2018-7837 | 1 Schneider-electric | 1 Iiot Monior | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
An Improper Restriction of XML External Entity Reference ('XXE') vulnerability exists on numerous methods of the IIoT Monitor 3.1.38 software that could allow the software to resolve documents outside of the intended sphere of control, causing the software to embed incorrect documents into its output and expose restricted information. | |||||
CVE-2018-7800 | 1 Schneider-electric | 2 Evlink Parking, Evlink Parking Firmware | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
A Hard-coded Credentials vulnerability exists in EVLink Parking, v3.2.0-12_v1 and earlier, which could enable an attacker to gain access to the device. | |||||
CVE-2018-7807 | 1 Schneider-electric | 1 Struxureware Data Center Expert | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
Data Center Expert, versions 7.5.0 and earlier, allows for the upload of a zip file from its user interface to the server. A carefully crafted, malicious file could be mistakenly uploaded by an authenticated user via this feature which could contain path traversal file names. As such, it could allow for the arbitrary upload of files contained with the zip onto the server file system outside of the intended directory. This is leveraging the more commonly known ZipSlip vulnerability within Java code. | |||||
CVE-2018-7799 | 1 Schneider-electric | 1 Software Update Utility | 2024-02-28 | 9.3 HIGH | 7.8 HIGH |
A DLL hijacking vulnerability exists in Schneider Electric Software Update (SESU), all versions prior to V2.2.0, which could allow an attacker to execute arbitrary code on the targeted system when placing a specific DLL file. | |||||
CVE-2018-7830 | 1 Schneider-electric | 8 Modicom Bmxnor0200h, Modicom Bmxnor0200h Firmware, Modicom M340 and 5 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where a denial of service can occur for ~1 minute by sending a specially crafted HTTP request. | |||||
CVE-2018-7833 | 1 Schneider-electric | 8 Modicom Bmxnor0200h, Modicom Bmxnor0200h Firmware, Modicom M340 and 5 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
An Improper Check for Unusual or Exceptional Conditions vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where an unauthenticated user can send a specially crafted XML data via a POST request to cause the web server to become unavailable | |||||
CVE-2018-7796 | 1 Schneider-electric | 1 Powersuite 2 | 2024-02-28 | 6.8 MEDIUM | 6.3 MEDIUM |
A Buffer Error vulnerability exists in PowerSuite 2, all released versions (VW3A8104 & Patches), which could cause an overflow in the memcpy function, leading to corruption of data and program instability. | |||||
CVE-2017-9635 | 1 Schneider-electric | 1 Ampla Manufacturing Execution System | 2024-02-28 | 1.9 LOW | 3.9 LOW |
Schneider Electric Ampla MES 6.4 provides capability to configure users and their privileges. When Ampla MES users are configured to use Simple Security, a weakness in the password hashing algorithm could be exploited to reverse the user's password. Schneider Electric recommends that users of Ampla MES versions 6.4 and prior should upgrade to Ampla MES version 6.5 as soon as possible. | |||||
CVE-2017-9969 | 1 Schneider-electric | 1 Igss Mobile | 2024-02-28 | 2.1 LOW | 6.7 MEDIUM |
An information disclosure vulnerability exists in Schneider Electric's IGSS Mobile application version 3.01 and prior. Passwords are stored in clear text in the configuration which can result in exposure of sensitive information. |