Filtered by vendor Schneider-electric
Subscribe
Total
751 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-29410 | 1 Schneider-electric | 6 Conext Gateway, Conext Gateway Firmware, Insightfacility and 3 more | 2024-02-28 | N/A | 8.8 HIGH |
| A CWE-20: Improper Input Validation vulnerability exists that could allow an authenticated attacker to gain the same privilege as the application on the server when a malicious payload is provided over HTTP for the server to execute. | |||||
| CVE-2023-27981 | 1 Schneider-electric | 3 Custom Reports, Igss Dashboard, Igss Data Server | 2024-02-28 | N/A | 8.8 HIGH |
| A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists in Custom Reports that could cause a remote code execution when a victim tries to open a malicious report. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040 and prior), IGSS Dashboard(DashBoard.exe)(V16.0.0.23040 and prior), Custom Reports(RMS16.dll)(V16.0.0.23040 and prior). | |||||
| CVE-2023-37196 | 1 Schneider-electric | 1 Struxureware Data Center Expert | 2024-02-28 | N/A | 8.8 HIGH |
| A CWE-89: Improper Neutralization of Special Elements vulnerability used in an SQL Command ('SQL Injection') vulnerability exists that could allow a user already authenticated on DCE to access unauthorized content, change, or delete content, or perform unauthorized actions when tampering with the alert settings of endpoints on DCE. | |||||
| CVE-2023-28003 | 1 Schneider-electric | 1 Ecostruxure Power Monitoring Expert | 2024-02-28 | N/A | 8.8 HIGH |
| A CWE-613: Insufficient Session Expiration vulnerability exists that could allow an attacker to maintain unauthorized access over a hijacked session in PME after the legitimate user has signed out of their account. | |||||
| CVE-2023-27976 | 1 Schneider-electric | 1 Ecostruxure Control Expert | 2024-02-28 | N/A | 8.8 HIGH |
| A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that could cause remote code execution when a valid user visits a malicious link provided through the web endpoints. Affected Products: EcoStruxure Control Expert (V15.1 and above) | |||||
| CVE-2023-25547 | 1 Schneider-electric | 1 Struxureware Data Center Expert | 2024-02-28 | N/A | 8.8 HIGH |
| A CWE-863: Incorrect Authorization vulnerability exists that could allow remote code execution on upload and install packages when a hacker is using a low privileged user account. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior) | |||||
| CVE-2022-43377 | 1 Schneider-electric | 10 Netbotz 355, Netbotz 355 Firmware, Netbotz 450 and 7 more | 2024-02-28 | N/A | 7.5 HIGH |
| A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could cause account takeover when a brute force attack is performed on the account. Affected Products: NetBotz 4 - 355/450/455/550/570 (V4.7.0 and prior) | |||||
| CVE-2023-27977 | 1 Schneider-electric | 3 Custom Reports, Igss Dashboard, Igss Data Server | 2024-02-28 | N/A | 5.3 MEDIUM |
| A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server that could cause access to delete files in the IGSS project report directory, this could lead to loss of data when an attacker sends specific crafted messages to the Data Server TCP port. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040 and prior), IGSS Dashboard(DashBoard.exe)(V16.0.0.23040 and prior), Custom Reports(RMS16.dll)(V16.0.0.23040 and prior). | |||||
| CVE-2023-29411 | 2 Microsoft, Schneider-electric | 7 Windows 10, Windows 11, Windows Server 2016 and 4 more | 2024-02-28 | N/A | 9.8 CRITICAL |
| A CWE-306: Missing Authentication for Critical Function vulnerability exists that could allow changes to administrative credentials, leading to potential remote code execution without requiring prior authentication on the Java RMI interface. | |||||
| CVE-2023-27978 | 1 Schneider-electric | 3 Custom Reports, Igss Dashboard, Igss Data Server | 2024-02-28 | N/A | 7.8 HIGH |
| A CWE-502: Deserialization of Untrusted Data vulnerability exists in the Dashboard module that could cause an interpretation of malicious payload data, potentially leading to remote code execution when an attacker gets the user to open a malicious file. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040 and prior), IGSS Dashboard(DashBoard.exe)(V16.0.0.23040 and prior), Custom Reports(RMS16.dll)(V16.0.0.23040 and prior). | |||||
| CVE-2023-1049 | 1 Schneider-electric | 2 Ecostruxure Operator Terminal Expert, Pro-face Blue | 2024-02-28 | N/A | 7.8 HIGH |
| A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause execution of malicious code when an unsuspicious user loads a project file from the local filesystem into the HMI. | |||||
| CVE-2023-27979 | 1 Schneider-electric | 3 Custom Reports, Igss Dashboard, Igss Data Server | 2024-02-28 | N/A | 6.5 MEDIUM |
| A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server that could allow the renaming of files in the IGSS project report directory, this could lead to denial of service when an attacker sends specific crafted messages to the Data Server TCP port. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040 and prior), IGSS Dashboard(DashBoard.exe)(V16.0.0.23040 and prior), Custom Reports(RMS16.dll)(V16.0.0.23040 and prior). | |||||
| CVE-2023-37197 | 1 Schneider-electric | 1 Struxureware Data Center Expert | 2024-02-28 | N/A | 8.8 HIGH |
| A CWE-89: Improper Neutralization of Special Elements vulnerability used in an SQL Command ('SQL Injection') vulnerability exists that could allow a user already authenticated on DCE to access unauthorized content, change, or delete content, or perform unauthorized actions when tampering with the mass configuration settings of endpoints on DCE. | |||||
| CVE-2023-3001 | 1 Schneider-electric | 1 Igss Dashboard | 2024-02-28 | N/A | 7.8 HIGH |
| A CWE-502: Deserialization of Untrusted Data vulnerability exists in the Dashboard module that could cause an interpretation of malicious payload data, potentially leading to remote code execution when an attacker gets the user to open a malicious file. | |||||
| CVE-2023-1548 | 1 Schneider-electric | 1 Ecostruxure Control Expert | 2024-02-28 | N/A | 5.5 MEDIUM |
| A CWE-269: Improper Privilege Management vulnerability exists that could cause a local user to perform a denial of service through the console server service that is part of EcoStruxure Control Expert. Affected Products: EcoStruxure Control Expert (V15.1 and above) | |||||
| CVE-2023-25555 | 1 Schneider-electric | 1 Struxureware Data Center Expert | 2024-02-28 | N/A | 8.1 HIGH |
| A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could allow a user that knows the credentials to execute unprivileged shell commands on the appliance over SSH. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior) | |||||
| CVE-2022-46680 | 1 Schneider-electric | 10 Powerlogic Ion7400, Powerlogic Ion7400 Firmware, Powerlogic Ion8650 and 7 more | 2024-02-28 | N/A | 9.8 CRITICAL |
| A CWE-319: Cleartext transmission of sensitive information vulnerability exists that could cause disclosure of sensitive information, denial of service, or modification of data if an attacker is able to intercept network traffic. | |||||
| CVE-2023-27983 | 1 Schneider-electric | 3 Custom Reports, Igss Dashboard, Igss Data Server | 2024-02-28 | N/A | 5.3 MEDIUM |
| A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Data Server TCP interface that could allow deletion of reports from the IGSS project report directory, this would lead to loss of data when an attacker abuses this functionality. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040 and prior), IGSS Dashboard(DashBoard.exe)(V16.0.0.23040 and prior), Custom Reports(RMS16.dll)(V16.0.0.23040 and prior). | |||||
| CVE-2023-2569 | 1 Schneider-electric | 1 Ecostruxure Foxboro Dcs Control Core Services | 2024-02-28 | N/A | 7.8 HIGH |
| A CWE-787: Out-of-Bounds Write vulnerability exists that could cause local denial-of-service, elevation of privilege, and potentially kernel execution when a malicious actor with local user access crafts a script/program using an IOCTL call in the Foxboro.sys driver. | |||||
| CVE-2023-29413 | 2 Microsoft, Schneider-electric | 7 Windows 10, Windows 11, Windows Server 2016 and 4 more | 2024-02-28 | N/A | 7.5 HIGH |
| A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause Denial-of-Service when accessed by an unauthenticated user on the Schneider UPS Monitor service. | |||||