Filtered by vendor Schneider-electric
Subscribe
Total
755 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-5815 | 1 Schneider-electric | 6 Ion5000, Ion7300, Ion7500 and 3 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. No authentication is configured by default. An unauthorized user can access the device management portal and make configuration changes. | |||||
| CVE-2016-5809 | 1 Schneider-electric | 6 Ion5000, Ion7300, Ion7500 and 3 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. There is no CSRF Token generated to authenticate the user during a session. Successful exploitation of this vulnerability can allow unauthorized configuration changes to be made and saved. | |||||
| CVE-2016-4529 | 1 Schneider-electric | 3 M171, M172, Somachine Hvac Firmware | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
| An unspecified ActiveX control in Schneider Electric SoMachine HVAC Programming Software for M171/M172 Controllers before 2.1.0 allows remote attackers to execute arbitrary code via unknown vectors, related to the INTERFACESAFE_FOR_UNTRUSTED_CALLER (aka safe for scripting) flag. | |||||
| CVE-2016-4520 | 1 Schneider-electric | 1 Pelco Digital Sentry Video Management System Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Schneider Electric Pelco Digital Sentry Video Management System with firmware before 7.14 has hardcoded credentials, which allows remote attackers to obtain access, and consequently execute arbitrary code, via unspecified vectors. | |||||
| CVE-2016-4513 | 1 Schneider-electric | 2 Powerlogic Pm8ecc, Powerlogic Pm8ecc Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Schneider Electric PowerLogic PM8ECC module before 2.651 for PowerMeter 800 devices allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2016-2292 | 1 Schneider-electric | 4 Proface Gp-pro Ex Ex-ed, Proface Gp-pro Ex Pfxexedls, Proface Gp-pro Ex Pfxexedv and 1 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Stack-based buffer overflow in Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before 4.05.000, PFXEXEDLS before 4.05.000, and PFXEXGRPLS before 4.05.000 allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2016-2291 | 1 Schneider-electric | 4 Proface Gp-pro Ex Ex-ed, Proface Gp-pro Ex Pfxexedls, Proface Gp-pro Ex Pfxexedv and 1 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before 4.05.000, PFXEXEDLS before 4.05.000, and PFXEXGRPLS before 4.05.000 allow remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors. | |||||
| CVE-2016-2290 | 1 Schneider-electric | 4 Proface Gp-pro Ex Ex-ed, Proface Gp-pro Ex Pfxexedls, Proface Gp-pro Ex Pfxexedv and 1 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Heap-based buffer overflow in Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before 4.05.000, PFXEXEDLS before 4.05.000, and PFXEXGRPLS before 4.05.000 allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2016-2278 | 1 Schneider-electric | 4 Struxureware Building Operations Automation Server As, Struxureware Building Operations Automation Server As-p, Struxureware Building Operations Automation Server As-p Firmware and 1 more | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| Schneider Electric Struxureware Building Operations Automation Server AS 1.7 and earlier and AS-P 1.7 and earlier allows remote authenticated administrators to execute arbitrary OS commands by defeating an msh (aka Minimal Shell) protection mechanism. | |||||
| CVE-2015-8561 | 1 Schneider-electric | 1 Proclima | 2024-11-21 | 6.8 MEDIUM | N/A |
| The F1BookView ActiveX control in F1 Bookview in Schneider Electric ProClima before 6.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted integer value to the (1) AttachToSS, (2) CopyAll, (3) CopyRange, (4) CopyRangeEx, or (5) SwapTable method, a different vulnerability than CVE-2015-7918. | |||||
| CVE-2015-7937 | 1 Schneider-electric | 13 Bmxnoc0401, Bmxnoe0100, Bmxnoe0100h and 10 more | 2024-11-21 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in the GoAhead Web Server on Schneider Electric Modicon M340 PLC BMXNOx and BMXPx devices allows remote attackers to execute arbitrary code via a long password in HTTP Basic Authentication data. | |||||
| CVE-2015-7921 | 1 Schneider-electric | 4 Proface Gp-pro Ex Ex-ed, Proface Gp-pro Ex Pfxexedls, Proface Gp-pro Ex Pfxexedv and 1 more | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| The FTP server in Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before 4.05.000, PFXEXEDLS before 4.05.000, and PFXEXGRPLS before 4.05.000 has hardcoded credentials, which makes it easier for remote attackers to bypass authentication by leveraging knowledge of these credentials. | |||||
| CVE-2015-7918 | 1 Schneider-electric | 1 Proclima | 2024-11-21 | 6.8 MEDIUM | N/A |
| Multiple buffer overflows in the F1BookView ActiveX control in F1 Bookview in Schneider Electric ProClima before 6.2 allow remote attackers to execute arbitrary code via the (1) Attach, (2) DefinedName, (3) DefinedNameLocal, (4) ODBCPrepareEx, (5) ObjCreatePolygon, (6) SetTabbedTextEx, or (7) SetValidationRule method, a different vulnerability than CVE-2015-8561. | |||||
| CVE-2015-6485 | 1 Schneider-electric | 8 Sage 1410, Sage 1430, Sage 1450 and 5 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Schneider Electric Telvent Sage 2300 RTUs with firmware before C3413-500-S01, and LANDAC II-2, Sage 1410, Sage 1430, Sage 1450, Sage 2400, and Sage 3030M RTUs with firmware before C3414-500-S02J2, allow remote attackers to obtain sensitive information from device memory by reading a padding field of an Ethernet packet. | |||||
| CVE-2015-6462 | 1 Schneider-electric | 22 Bmxnoc0401, Bmxnoc0401 Firmware, Bmxnoe0100 and 19 more | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Reflected Cross-Site Scripting (nonpersistent) allows an attacker to craft a specific URL, which contains Java script that will be executed on the Schneider Electric Modicon BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, or BMXP342030H PLC client browser. | |||||
| CVE-2015-6461 | 1 Schneider-electric | 22 Bmxnoc0401, Bmxnoc0401 Firmware, Bmxnoe0100 and 19 more | 2024-11-21 | 5.5 MEDIUM | 5.4 MEDIUM |
| Remote file inclusion allows an attacker to craft a specific URL referencing the Schneider Electric Modicon BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, or BMXP342030H PLC web server, which, when launched, will result in the browser redirecting to a remote file via a Java script loaded with the web page. | |||||
| CVE-2015-3977 | 1 Schneider-electric | 1 Imt25 Magnetic Flow Dtm | 2024-11-21 | 7.7 HIGH | N/A |
| Buffer overflow in Schneider Electric IMT25 Magnetic Flow DTM before 1.500.004 for the HART Protocol allows remote authenticated users to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HART reply. | |||||
| CVE-2015-3963 | 2 Schneider-electric, Windriver | 14 Sage 1210, Sage 1230, Sage 1250 and 11 more | 2024-11-21 | 5.8 MEDIUM | N/A |
| Wind River VxWorks before 5.5.1, 6.5.x through 6.7.x before 6.7.1.1, 6.8.x before 6.8.3, 6.9.x before 6.9.4.4, and 7.x before 7 ipnet_coreip 1.2.2.0, as used on Schneider Electric SAGE RTU devices before J2 and other devices, does not properly generate TCP initial sequence number (ISN) values, which makes it easier for remote attackers to spoof TCP sessions by predicting an ISN value. | |||||
| CVE-2015-3962 | 1 Schneider-electric | 1 Struxureware Building Expert Multi-purpose Management | 2024-11-21 | 5.0 MEDIUM | N/A |
| Schneider Electric StruxureWare Building Expert MPM before 2.15 does not use encryption for the client-server data stream, which allows remote attackers to discover credentials by sniffing the network. | |||||
| CVE-2015-3940 | 1 Schneider-electric | 1 Wonderware System Platform 2014 | 2024-11-21 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in Schneider Electric Wonderware System Platform before 2014 R2 Patch 01 allows local users to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||