Filtered by vendor Schneider-electric
Subscribe
Total
751 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-5629 | 1 Schneider-electric | 32 Eb450, Eb450 Firmware, Eb45e and 29 more | 2024-02-28 | N/A | 6.1 MEDIUM |
A CWE-601:URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability exists that could cause disclosure of information through phishing attempts over HTTP. | |||||
CVE-2023-3953 | 1 Schneider-electric | 1 Pro-face Gp-pro Ex | 2024-02-28 | N/A | 5.3 MEDIUM |
A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause memory corruption when an authenticated user opens a tampered log file from GP-Pro EX. | |||||
CVE-2023-5391 | 1 Schneider-electric | 3 Ecostruxure Power Monitoring Expert, Ecostruxure Power Operation With Advanced Reports, Ecostruxure Power Scada Operation With Advanced Reports | 2024-02-28 | N/A | 9.8 CRITICAL |
A CWE-502: Deserialization of untrusted data vulnerability exists that could allow an attacker to execute arbitrary code on the targeted system by sending a specifically crafted packet to the application. | |||||
CVE-2023-4516 | 1 Schneider-electric | 1 Interactive Graphical Scada System | 2024-02-28 | N/A | 7.8 HIGH |
A CWE-306: Missing Authentication for Critical Function vulnerability exists in the IGSS Update Service that could allow a local attacker to change update source, potentially leading to remote code execution when the attacker force an update containing malicious content. | |||||
CVE-2023-5402 | 1 Schneider-electric | 1 C-bus Toolkit | 2024-02-28 | N/A | 9.8 CRITICAL |
A CWE-269: Improper Privilege Management vulnerability exists that could cause a remote code execution when the transfer command is used over the network. | |||||
CVE-2023-5399 | 1 Schneider-electric | 1 Spacelogic C-bus Toolkit | 2024-02-28 | N/A | 9.8 CRITICAL |
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause tampering of files on the personal computer running C-Bus when using the File Command. | |||||
CVE-2023-37199 | 1 Schneider-electric | 1 Struxureware Data Center Expert | 2024-02-28 | N/A | 7.2 HIGH |
A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause remote code execution when an admin user on DCE tampers with backups which are then manually restored. | |||||
CVE-2023-27984 | 1 Schneider-electric | 3 Custom Reports, Igss Dashboard, Igss Data Server | 2024-02-28 | N/A | 8.8 HIGH |
A CWE-20: Improper Input Validation vulnerability exists in Custom Reports that could cause a macro to be executed, potentially leading to remote code execution when a user opens a malicious report file planted by an attacker. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040 and prior), IGSS Dashboard(DashBoard.exe)(V16.0.0.23040 and prior), Custom Reports(RMS16.dll)(V16.0.0.23040 and prior). | |||||
CVE-2022-43378 | 1 Schneider-electric | 10 Netbotz 355, Netbotz 355 Firmware, Netbotz 450 and 7 more | 2024-02-28 | N/A | 6.5 MEDIUM |
A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause the user to be tricked into performing unintended actions when external address frames are not properly restricted. Affected Products: NetBotz 4 - 355/450/455/550/570 (V4.7.0 and prior) | |||||
CVE-2023-2161 | 1 Schneider-electric | 1 Opc Factory Server | 2024-02-28 | N/A | 5.5 MEDIUM |
A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause unauthorized read access to the file system when a malicious configuration file is loaded on to the software by a local user. | |||||
CVE-2022-43376 | 1 Schneider-electric | 10 Netbotz 355, Netbotz 355 Firmware, Netbotz 450 and 7 more | 2024-02-28 | N/A | 6.1 MEDIUM |
A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause code and session manipulation when malicious code is inserted into the browser. Affected Products: NetBotz 4 - 355/450/455/550/570 (V4.7.0 and prior) | |||||
CVE-2023-29414 | 1 Schneider-electric | 1 Accutech Manager | 2024-02-28 | N/A | 7.8 HIGH |
A CWE-120: Buffer Copy without Checking Size of Input (Classic Buffer Overflow) vulnerability exists that could cause user privilege escalation if a local user sends specific string input to a local function call. | |||||
CVE-2023-25551 | 1 Schneider-electric | 1 Struxureware Data Center Expert | 2024-02-28 | N/A | 6.1 MEDIUM |
A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists on a DCE file upload endpoint when tampering with parameters over HTTP. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior) | |||||
CVE-2023-25556 | 1 Schneider-electric | 14 Merten Instabus Tastermodul 1fach System M, Merten Instabus Tastermodul 1fach System M Firmware, Merten Instabus Tastermodul 2fach System M and 11 more | 2024-02-28 | N/A | 8.8 HIGH |
A CWE-287: Improper Authentication vulnerability exists that could allow a device to be compromised when a key of less than seven digits is entered and the attacker has access to the KNX installation. | |||||
CVE-2023-28004 | 1 Schneider-electric | 2 Powerlogic Hdpm6000, Powerlogic Hdpm6000 Firmware | 2024-02-28 | N/A | 9.8 CRITICAL |
A CWE-129: Improper validation of an array index vulnerability exists where a specially crafted Ethernet request could result in denial of service or remote code execution. | |||||
CVE-2023-25550 | 1 Schneider-electric | 1 Struxureware Data Center Expert | 2024-02-28 | N/A | 9.8 CRITICAL |
A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that allows remote code execution via the “hostname” parameter when maliciously crafted hostname syntax is entered. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior) | |||||
CVE-2023-27982 | 1 Schneider-electric | 3 Custom Reports, Igss Dashboard, Igss Data Server | 2024-02-28 | N/A | 8.8 HIGH |
A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server that could cause manipulation of dashboard files in the IGSS project report directory, when an attacker sends specific crafted messages to the Data Server TCP port, this could lead to remote code execution when a victim eventually opens a malicious dashboard file. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040 and prior), IGSS Dashboard(DashBoard.exe)(V16.0.0.23040 and prior), Custom Reports(RMS16.dll)(V16.0.0.23040 and prior). | |||||
CVE-2023-25620 | 1 Schneider-electric | 16 140cpu65, 140cpu65 Firmware, Bmeh58s and 13 more | 2024-02-28 | N/A | 6.5 MEDIUM |
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause denial of service of the controller when a malicious project file is loaded onto the controller by an authenticated user. | |||||
CVE-2023-25619 | 1 Schneider-electric | 14 Bmeh58s, Bmeh58s Firmware, Bmep58s and 11 more | 2024-02-28 | N/A | 7.5 HIGH |
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause denial of service of the controller when communicating over the Modbus TCP protocol. | |||||
CVE-2023-25548 | 1 Schneider-electric | 1 Struxureware Data Center Expert | 2024-02-28 | N/A | 6.5 MEDIUM |
A CWE-863: Incorrect Authorization vulnerability exists that could allow access to device credentials on specific DCE endpoints not being properly secured when a hacker is using a low privileged user. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior) |