Filtered by vendor Schneider-electric
Subscribe
Total
767 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-6462 | 1 Schneider-electric | 22 Bmxnoc0401, Bmxnoc0401 Firmware, Bmxnoe0100 and 19 more | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Reflected Cross-Site Scripting (nonpersistent) allows an attacker to craft a specific URL, which contains Java script that will be executed on the Schneider Electric Modicon BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, or BMXP342030H PLC client browser. | |||||
| CVE-2015-6461 | 1 Schneider-electric | 22 Bmxnoc0401, Bmxnoc0401 Firmware, Bmxnoe0100 and 19 more | 2024-11-21 | 5.5 MEDIUM | 5.4 MEDIUM |
| Remote file inclusion allows an attacker to craft a specific URL referencing the Schneider Electric Modicon BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, or BMXP342030H PLC web server, which, when launched, will result in the browser redirecting to a remote file via a Java script loaded with the web page. | |||||
| CVE-2015-1014 | 1 Schneider-electric | 3 Citectscada, Opc Factory Server, Scada Expert Vijeo Citect | 2024-11-21 | 4.4 MEDIUM | 7.3 HIGH |
| A successful exploit of these vulnerabilities requires the local user to load a crafted DLL file in the system directory on servers running Schneider Electric OFS v3.5 with version v7.40 of SCADA Expert Vijeo Citect/CitectSCADA, OFS v3.5 with version v7.30 of Vijeo Citect/CitectSCADA, and OFS v3.5 with version v7.20 of Vijeo Citect/CitectSCADA.. If the application attempts to open that file, the application could crash or allow the attacker to execute arbitrary code. Schneider Electric recommends vulnerable users upgrade the OFS to V3.5 and install the latest service pack (SP 6 or newer) for their associated version. | |||||
| CVE-2024-10575 | 1 Schneider-electric | 1 Ecostruxure It Gateway | 2024-11-19 | N/A | 9.8 CRITICAL |
| CWE-862: Missing Authorization vulnerability exists that could cause unauthorized access when enabled on the network and potentially impacting connected devices. | |||||
| CVE-2024-9409 | 1 Schneider-electric | 6 Powerlogic Pm5320, Powerlogic Pm5320 Firmware, Powerlogic Pm5340 and 3 more | 2024-11-19 | N/A | 7.5 HIGH |
| CWE-400: An Uncontrolled Resource Consumption vulnerability exists that could cause the device to become unresponsive resulting in communication loss when a large amount of IGMP packets is present in the network. | |||||
| CVE-2024-8422 | 1 Schneider-electric | 1 Zelio Soft 2 | 2024-10-16 | N/A | 7.8 HIGH |
| CWE-416: Use After Free vulnerability exists that could cause arbitrary code execution, denial of service and loss of confidentiality & integrity when application user opens a malicious Zelio Soft 2 project file. | |||||
| CVE-2024-8306 | 1 Schneider-electric | 2 Vijeo Designer, Vijeo Designer Embedded In Ecostruxure Machine Expert | 2024-09-18 | N/A | 7.8 HIGH |
| CWE-269: Improper Privilege Management vulnerability exists that could cause unauthorized access, loss of confidentiality, integrity and availability of the workstation when non-admin authenticated user tries to perform privilege escalation by tampering with the binaries. | |||||