Filtered by vendor Schneider-electric
Subscribe
Total
767 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-2824 | 1 Schneider-electric | 4 Citectscada, Powerlogic Scada, Struxureware Powerscada Expert and 1 more | 2026-04-29 | 7.8 HIGH | N/A |
| Schneider Electric StruxureWare SCADA Expert Vijeo Citect 7.40, Vijeo Citect 7.20 through 7.30SP1, CitectSCADA 7.20 through 7.30SP1, StruxureWare PowerSCADA Expert 7.30 through 7.30SR1, and PowerLogic SCADA 7.20 through 7.20SR1 do not properly handle exceptions, which allows remote attackers to cause a denial of service via a crafted packet. | |||||
| CVE-2012-0930 | 1 Schneider-electric | 1 Modicon Quantum Plc | 2026-04-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Schneider Electric Modicon Quantum PLC allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-0759 | 1 Schneider-electric | 1 Floating License Manager | 2026-04-29 | 6.9 MEDIUM | N/A |
| Unquoted Windows search path vulnerability in Schneider Electric Floating License Manager 1.0.0 through 1.4.0 allows local users to gain privileges via a Trojan horse application with a name composed of an initial substring of a path that contains a space character. | |||||
| CVE-2013-2796 | 1 Schneider-electric | 3 Citectscada, Powerlogic Scada, Vijeo Citect | 2026-04-29 | 6.9 MEDIUM | N/A |
| Schneider Electric Vijeo Citect 7.20 and earlier, CitectSCADA 7.20 and earlier, and PowerLogic SCADA 7.20 and earlier allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |||||
| CVE-2013-0664 | 1 Schneider-electric | 3 Modicon M340, Modicon Premium, Modicon Quantum Plc | 2026-04-29 | 8.5 HIGH | N/A |
| The FactoryCast service on the Schneider Electric Quantum 140NOE77111 and 140NWM10000, M340 BMXNOE0110x, and Premium TSXETY5103 PLC modules allows remote authenticated users to send Modbus messages, and consequently execute arbitrary code, by embedding these messages in SOAP HTTP POST requests. | |||||
| CVE-2012-0931 | 1 Schneider-electric | 1 Modicon Quantum Plc | 2026-04-29 | 7.5 HIGH | 9.8 CRITICAL |
| Schneider Electric Modicon Quantum PLC does not perform authentication between the Unity software and PLC, which allows remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors. | |||||
| CVE-2011-4859 | 1 Schneider-electric | 21 M340 Ethernet Module Bmxnoe0100, M340 Ethernet Module Bmxnoe0110, M340 Ethernet Module Bmxp342020 and 18 more | 2026-04-29 | 10.0 HIGH | N/A |
| The Schneider Electric Quantum Ethernet Module, as used in the Quantum 140NOE771* and 140CPU65* modules, the Premium TSXETY* and TSXP57* modules, the M340 BMXNOE01* and BMXP3420* modules, and the STB DIO STBNIC2212 and STBNIP2* modules, uses hardcoded passwords for the (1) AUTCSE, (2) AUT_CSE, (3) fdrusers, (4) ftpuser, (5) loader, (6) nic2212, (7) nimrohs2212, (8) nip2212, (9) noe77111_v500, (10) ntpupdate, (11) pcfactory, (12) sysdiag, (13) target, (14) test, (15) USER, and (16) webserver accounts, which makes it easier for remote attackers to obtain access via the (a) TELNET, (b) Windriver Debug, or (c) FTP port. | |||||
| CVE-2013-0687 | 1 Schneider-electric | 1 Micom S1 Studio | 2026-04-29 | 6.6 MEDIUM | N/A |
| The installer routine in Schneider Electric MiCOM S1 Studio uses world-writable permissions for executable files, which allows local users to modify the service or the configuration files, and consequently gain privileges or trigger incorrect protective-relay operation, via a Trojan horse executable file. | |||||
| CVE-2011-4034 | 1 Schneider-electric | 3 Citecthistorian, Citectscada Reports, Vijeo Historian | 2026-04-29 | 9.3 HIGH | N/A |
| Buffer overflow in the Steema TeeChart ActiveX control, as used in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADAReports 4.10 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service via unspecified vectors. | |||||
| CVE-2011-4860 | 1 Schneider-electric | 3 Quantum Ethernet Module 140noe77100, Quantum Ethernet Module 140noe77101, Quantum Ethernet Module 140noe77111 | 2026-04-29 | 10.0 HIGH | N/A |
| The ComputePassword function in the Schneider Electric Quantum Ethernet Module on the NOE 771 device (aka the Quantum 140NOE771* module) generates the password for the fwupgrade account by performing a calculation on the MAC address, which makes it easier for remote attackers to obtain access via a (1) ARP request message or (2) Neighbor Solicitation message. | |||||
| CVE-2013-2761 | 1 Schneider-electric | 1 Modicon M340 | 2026-04-29 | 4.0 MEDIUM | N/A |
| The Schneider Electric M340 BMXNOE01xx and BMXP3420xx PLC modules allow remote authenticated users to cause a denial of service (module crash) via crafted FTP traffic, as demonstrated by the FileZilla FTP client. | |||||
| CVE-2025-13845 | 1 Schneider-electric | 1 Ecostruxure Power Build - Rapsody | 2026-04-27 | N/A | 7.8 HIGH |
| CWE-416: Use After Free vulnerability that could cause remote code execution when the end user imports the malicious project file (SSD file) into Rapsody. | |||||
| CVE-2026-2403 | 1 Schneider-electric | 1 Powerchute Serial Shutdown | 2026-04-22 | N/A | 4.3 MEDIUM |
| CWE-1284 Improper Validation of Specified Quantity in Input vulnerability exists that could cause Event and Data Log truncation impacting log integrity when a Web Admin user alters the POST /logsettings request payload. | |||||
| CVE-2026-2402 | 1 Schneider-electric | 1 Powerchute Serial Shutdown | 2026-04-22 | N/A | 5.3 MEDIUM |
| CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists that would allow an attacker to gain access to the user account by performing an arbitrary number of authentication attempts with different credentials on a sequence of requests to multiple endpoints. | |||||
| CVE-2026-2401 | 1 Schneider-electric | 1 Powerchute Serial Shutdown | 2026-04-22 | N/A | 5.0 MEDIUM |
| CWE-532 Insertion of Sensitive Information into Log File vulnerability exists that could cause confidential information to be exposed when a Web Admin user executes a malicious file provided by an attacker. | |||||
| CVE-2026-2400 | 1 Schneider-electric | 1 Powerchute Serial Shutdown | 2026-04-22 | N/A | 4.3 MEDIUM |
| CWE-93 Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability exists that could cause application user credentials to reset when a Web Admin user alters the POST /setPCBEDesc request payload. | |||||
| CVE-2026-2399 | 1 Schneider-electric | 1 Powerchute Serial Shutdown | 2026-04-22 | N/A | 6.1 MEDIUM |
| CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause critical files overwritten with text data when a Web Admin user alters the POST /REST/upssleep request payload. | |||||
| CVE-2026-2404 | 1 Schneider-electric | 1 Powerchute Serial Shutdown | 2026-04-22 | N/A | 5.3 MEDIUM |
| CWE-116 Improper Encoding or Escaping of Output vulnerability exists that could cause log injection and forged log when an attacker alters the POST /j_security check request payload. | |||||
| CVE-2026-2405 | 1 Schneider-electric | 1 Powerchute Serial Shutdown | 2026-04-22 | N/A | 6.5 MEDIUM |
| CWE-400 Uncontrolled Resource Consumption vulnerability exists that could cause excessive troubleshooting zip file creation and denial of service when a Web Admin user floods the system with POST /helpabout requests. | |||||
| CVE-2025-13844 | 1 Schneider-electric | 1 Ecostruxure Power Build - Rapsody | 2026-03-03 | N/A | 5.3 MEDIUM |
| CWE-415: Double Free vulnerability exists that could cause heap memory corruption when the end user imports a malicious project file (SSD file) shared by the attacker into Rapsody. | |||||