Vulnerabilities (CVE)

Filtered by vendor Schneider-electric Subscribe
Total 755 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-24322 1 Schneider-electric 1 Ecostruxure Control Expert 2024-11-21 4.3 MEDIUM 5.3 MEDIUM
A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause a disruption of communication between the Modicon controller and the engineering software when an attacker is able to intercept and manipulate specific Modbus response data. Affected Product: EcoStruxure Control Expert (V15.0 SP1 and prior)
CVE-2022-24321 1 Schneider-electric 3 Clearscada, Ecostruxure Geo Scada Expert 2019, Ecostruxure Geo Scada Expert 2020 2024-11-21 5.0 MEDIUM 7.5 HIGH
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause Denial of Service against the Geo SCADA server when receiving a malformed HTTP request. Affected Product: ClearSCADA (All Versions), EcoStruxure Geo SCADA Expert 2019 (All Versions), EcoStruxure Geo SCADA Expert 2020 (All Versions)
CVE-2022-24320 1 Schneider-electric 3 Clearscada, Ecostruxure Geo Scada Expert 2019, Ecostruxure Geo Scada Expert 2020 2024-11-21 4.3 MEDIUM 5.9 MEDIUM
A CWE-295: Improper Certificate Validation vulnerability exists that could allow a Man-in-theMiddle attack when communications between the client and Geo SCADA database server are intercepted. Affected Product: ClearSCADA (All Versions), EcoStruxure Geo SCADA Expert 2019 (All Versions), EcoStruxure Geo SCADA Expert 2020 (All Versions)
CVE-2022-24319 1 Schneider-electric 3 Clearscada, Ecostruxure Geo Scada Expert 2019, Ecostruxure Geo Scada Expert 2020 2024-11-21 4.3 MEDIUM 5.9 MEDIUM
A CWE-295: Improper Certificate Validation vulnerability exists that could allow a Man-in-theMiddle attack when communications between the client and Geo SCADA web server are intercepted. Affected Product: ClearSCADA (All Versions), EcoStruxure Geo SCADA Expert 2019 (All Versions), EcoStruxure Geo SCADA Expert 2020 (All Versions)
CVE-2022-24318 1 Schneider-electric 3 Clearscada, Ecostruxure Geo Scada Expert 2019, Ecostruxure Geo Scada Expert 2020 2024-11-21 5.0 MEDIUM 7.5 HIGH
A CWE-326: Inadequate Encryption Strength vulnerability exists that could cause non-encrypted communication with the server when outdated versions of the ViewX client are used. Affected Product: ClearSCADA (All Versions), EcoStruxure Geo SCADA Expert 2019 (All Versions), EcoStruxure Geo SCADA Expert 2020 (All Versions)
CVE-2022-24317 1 Schneider-electric 1 Interactive Graphical Scada System Data Server 2024-11-21 5.0 MEDIUM 7.5 HIGH
A CWE-862: Missing Authorization vulnerability exists that could cause information exposure when an attacker sends a specific message. Affected Product: Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior)
CVE-2022-24316 1 Schneider-electric 1 Interactive Graphical Scada System Data Server 2024-11-21 5.0 MEDIUM 7.5 HIGH
A CWE-665: Improper Initialization vulnerability exists that could cause information exposure when an attacker sends a specially crafted message. Affected Product: Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior)
CVE-2022-24315 1 Schneider-electric 1 Interactive Graphical Scada System Data Server 2024-11-21 5.0 MEDIUM 7.5 HIGH
A CWE-125: Out-of-bounds Read vulnerability exists that could cause denial of service when an attacker repeatedly sends a specially crafted message. Affected Product: Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior)
CVE-2022-24314 1 Schneider-electric 1 Interactive Graphical Scada System Data Server 2024-11-21 5.0 MEDIUM 7.5 HIGH
A CWE-125: Out-of-bounds Read vulnerability exists that could cause memory leaks potentially resulting in denial of service when an attacker repeatedly sends a specially crafted message. Affected Product: Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior)
CVE-2022-24313 1 Schneider-electric 1 Interactive Graphical Scada System Data Server 2024-11-21 7.5 HIGH 9.8 CRITICAL
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow potentially leading to remote code execution when an attacker sends a specially crafted message. Affected Product: Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior)
CVE-2022-24312 1 Schneider-electric 1 Interactive Graphical Scada System Data Server 2024-11-21 7.5 HIGH 9.8 CRITICAL
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists that could cause modification of an existing file by adding at end of file or create a new file in the context of the Data Server potentially leading to remote code execution when an attacker sends a specially crafted message. Affected Product: Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior)
CVE-2022-24311 1 Schneider-electric 1 Interactive Graphical Scada System Data Server 2024-11-21 7.5 HIGH 9.8 CRITICAL
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists that could cause modification of an existing file by inserting at beginning of file or create a new file in the context of the Data Server potentially leading to remote code execution when an attacker sends a specially crafted message. Affected Product: Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior)
CVE-2022-24310 1 Schneider-electric 1 Interactive Graphical Scada System Data Server 2024-11-21 7.5 HIGH 9.8 CRITICAL
A CWE-190: Integer Overflow or Wraparound vulnerability exists that could cause heap-based buffer overflow, leading to denial of service and potentially remote code execution when an attacker sends multiple specially crafted messages. Affected Product: Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior)
CVE-2022-22813 1 Schneider-electric 66 Easergy P141, Easergy P141 Firmware, Easergy P142 and 63 more 2024-11-21 7.5 HIGH 9.8 CRITICAL
A CWE-798: Use of Hard-coded Credentials vulnerability exists. If an attacker were to obtain the TLS cryptographic key and take active control of the Courier tunneling communication network, they could potentially observe and manipulate traffic associated with product configuration.
CVE-2022-22812 1 Schneider-electric 6 Fellerlynk, Fellerlynk Firmware, Spacelynk and 3 more 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause a web session compromise when an attacker injects and then executes arbitrary malicious JavaScript code inside the target browser. Affected Product: spaceLYnk (V2.6.2 and prior), Wiser for KNX (formerly homeLYnk) (V2.6.2 and prior), fellerLYnk (V2.6.2 and prior)
CVE-2022-22811 1 Schneider-electric 6 Fellerlynk, Fellerlynk Firmware, Spacelynk and 3 more 2024-11-21 8.8 HIGH 8.1 HIGH
A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists that could induce users to perform unintended actions, leading to the override of the system?s configurations when an attacker persuades a user to visit a rogue website. Affected Product: spaceLYnk (V2.6.2 and prior), Wiser for KNX (formerly homeLYnk) (V2.6.2 and prior), fellerLYnk (V2.6.2 and prior)
CVE-2022-22810 1 Schneider-electric 6 Fellerlynk, Fellerlynk Firmware, Spacelynk and 3 more 2024-11-21 5.0 MEDIUM 9.8 CRITICAL
A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could allow an attacker to manipulate the admin after numerous attempts at guessing credentials. Affected Product: spaceLYnk (V2.6.2 and prior), Wiser for KNX (formerly homeLYnk) (V2.6.2 and prior), fellerLYnk (V2.6.2 and prior)
CVE-2022-22809 1 Schneider-electric 6 Fellerlynk, Fellerlynk Firmware, Spacelynk and 3 more 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
A CWE-306: Missing Authentication for Critical Function vulnerability exists that could allow modifications of the touch configurations in an unauthorized manner when an attacker attempts to modify the touch configurations. Affected Product: spaceLYnk (V2.6.2 and prior), Wiser for KNX (formerly homeLYnk) (V2.6.2 and prior), fellerLYnk (V2.6.2 and prior)
CVE-2022-22808 1 Schneider-electric 14 Hmibscea53d1edb, Hmibscea53d1edb Firmware, Hmibscea53d1edl and 11 more 2024-11-21 6.8 MEDIUM 8.8 HIGH
A CWE-352: Cross-Site Request Forgery (CSRF) exists that could cause a remote attacker to gain unauthorized access to the product when conducting cross-domain attacks based on same-origin policy or cross-site request forgery protections bypass. Affected Product: EcoStruxure EV Charging Expert (formerly known as EVlink Load Management System): (HMIBSCEA53D1EDB, HMIBSCEA53D1EDS, HMIBSCEA53D1EDM, HMIBSCEA53D1EDL, HMIBSCEA53D1ESS, HMIBSCEA53D1ESM, HMIBSCEA53D1EML) (All Versions prior to SP8 (Version 01) V4.0.0.13)
CVE-2022-22807 1 Schneider-electric 14 Hmibscea53d1edb, Hmibscea53d1edb Firmware, Hmibscea53d1edl and 11 more 2024-11-21 4.3 MEDIUM 7.4 HIGH
A CWE-1021 Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause unintended modifications of the product settings or user accounts when deceiving the user to use the web interface rendered within iframes. Affected Product: EcoStruxure EV Charging Expert (formerly known as EVlink Load Management System): (HMIBSCEA53D1EDB, HMIBSCEA53D1EDS, HMIBSCEA53D1EDM, HMIBSCEA53D1EDL, HMIBSCEA53D1ESS, HMIBSCEA53D1ESM, HMIBSCEA53D1EML) (All Versions prior to SP8 (Version 01) V4.0.0.13)