Filtered by vendor Schneider-electric
Subscribe
Total
767 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-3940 | 1 Schneider-electric | 1 Wonderware System Platform 2014 | 2025-04-12 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in Schneider Electric Wonderware System Platform before 2014 R2 Patch 01 allows local users to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2015-0997 | 2 Aveva, Schneider-electric | 2 Aveva Edge, Wonderware Intouch 2014 | 2025-04-12 | 5.0 MEDIUM | N/A |
| Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 provide an HMI user interface that lists all valid usernames, which makes it easier for remote attackers to obtain access via a brute-force password-guessing attack. | |||||
| CVE-2015-7921 | 1 Schneider-electric | 4 Proface Gp-pro Ex Ex-ed, Proface Gp-pro Ex Pfxexedls, Proface Gp-pro Ex Pfxexedv and 1 more | 2025-04-12 | 6.4 MEDIUM | 9.1 CRITICAL |
| The FTP server in Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before 4.05.000, PFXEXEDLS before 4.05.000, and PFXEXGRPLS before 4.05.000 has hardcoded credentials, which makes it easier for remote attackers to bypass authentication by leveraging knowledge of these credentials. | |||||
| CVE-2016-4513 | 1 Schneider-electric | 2 Powerlogic Pm8ecc, Powerlogic Pm8ecc Firmware | 2025-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Schneider Electric PowerLogic PM8ECC module before 2.651 for PowerMeter 800 devices allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-8390 | 1 Schneider-electric | 1 Vampset | 2025-04-12 | 4.4 MEDIUM | N/A |
| Multiple buffer overflows in Schneider Electric VAMPSET before 2.2.168 allow local users to gain privileges via malformed disturbance-recording data in a (1) CFG or (2) DAT file. | |||||
| CVE-2015-3977 | 1 Schneider-electric | 1 Imt25 Magnetic Flow Dtm | 2025-04-12 | 7.7 HIGH | N/A |
| Buffer overflow in Schneider Electric IMT25 Magnetic Flow DTM before 1.500.004 for the HART Protocol allows remote authenticated users to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HART reply. | |||||
| CVE-2015-3962 | 1 Schneider-electric | 1 Struxureware Building Expert Multi-purpose Management | 2025-04-12 | 5.0 MEDIUM | N/A |
| Schneider Electric StruxureWare Building Expert MPM before 2.15 does not use encryption for the client-server data stream, which allows remote attackers to discover credentials by sniffing the network. | |||||
| CVE-2023-25619 | 1 Schneider-electric | 14 Bmeh58s, Bmeh58s Firmware, Bmep58s and 11 more | 2025-02-05 | N/A | 7.5 HIGH |
| A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause denial of service of the controller when communicating over the Modbus TCP protocol. | |||||
| CVE-2023-6408 | 1 Schneider-electric | 90 Ecostruxure Control Expert, Ecostruxure Process Expert, Modicon M340 Bmxp341000 and 87 more | 2025-01-23 | N/A | 8.1 HIGH |
| CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability exists that could cause a denial of service and loss of confidentiality, integrity of controllers when conducting a Man in the Middle attack. | |||||
| CVE-2023-6409 | 1 Schneider-electric | 2 Ecostruxure Control Expert, Ecostruxure Process Expert | 2024-12-11 | N/A | 7.7 HIGH |
| CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause unauthorized access to a project file protected with application password when opening the file with EcoStruxure Control Expert. | |||||
| CVE-2023-27975 | 1 Schneider-electric | 2 Ecostruxure Control Expert, Ecostruxure Process Expert | 2024-12-11 | N/A | 7.1 HIGH |
| CWE-522: Insufficiently Protected Credentials vulnerability exists that could cause unauthorized access to the project file in EcoStruxure Control Expert when a local user tampers with the memory of the engineering workstation. | |||||
| CVE-2021-22764 | 1 Schneider-electric | 8 Powerlogic Pm5560, Powerlogic Pm5560 Firmware, Powerlogic Pm5561 and 5 more | 2024-11-24 | 5.0 MEDIUM | 5.3 MEDIUM |
| A CWE-287: Improper Authentication vulnerability exists in PowerLogic PM55xx, PowerLogic PM8ECC, PowerLogic EGX100 and PowerLogic EGX300 (see security notification for version infromation) that could cause loss of connectivity to the device via Modbus TCP protocol when an attacker sends a specially crafted HTTP request. | |||||
| CVE-2021-22763 | 1 Schneider-electric | 10 Powerlogic Pm5560, Powerlogic Pm5560 Firmware, Powerlogic Pm5561 and 7 more | 2024-11-24 | 10.0 HIGH | 9.8 CRITICAL |
| A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists in PowerLogic PM55xx, PowerLogic PM8ECC, PowerLogic EGX100 and PowerLogic EGX300 (see security notification for version infromation) that could allow an attacker administrator level access to a device. | |||||
| CVE-2024-6528 | 1 Schneider-electric | 10 Modicon Lmc058, Modicon Lmc058 Firmware, Modicon M241 and 7 more | 2024-11-21 | N/A | 5.4 MEDIUM |
| CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause a vulnerability leading to a cross-site scripting condition where attackers can have a victim’s browser run arbitrary JavaScript when they visit a page containing the injected payload. | |||||
| CVE-2024-6407 | 1 Schneider-electric | 2 Whc-5918a, Whc-5918a Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| CWE-200: Information Exposure vulnerability exists that could cause disclosure of credentials when a specially crafted message is sent to the device. | |||||
| CVE-2024-5681 | 1 Schneider-electric | 1 Ecostruxure Foxboro Dcs Control Core Services | 2024-11-21 | N/A | 7.8 HIGH |
| CWE-20: Improper Input Validation vulnerability exists that could cause local denial-of-service, privilege escalation, and potentially kernel execution when a malicious actor with local user access crafts a script/program using an IOCTL call in the Foxboro.sys driver. | |||||
| CVE-2024-5680 | 1 Schneider-electric | 1 Ecostruxure Foxboro Dcs Control Core Services | 2024-11-21 | N/A | 7.1 HIGH |
| CWE-129: Improper Validation of Array Index vulnerability exists that could cause local denial-of-service when a malicious actor with local user access crafts a script/program using an IOCTL call in the Foxboro.sys driver. | |||||
| CVE-2024-5679 | 1 Schneider-electric | 1 Ecostruxure Foxboro Dcs Control Core Services | 2024-11-21 | N/A | 7.1 HIGH |
| CWE-787: Out-of-Bounds Write vulnerability exists that could cause local denial-of-service, or kernel memory leak when a malicious actor with local user access crafts a script/program using an IOCTL call in the Foxboro.sys driver. | |||||
| CVE-2024-5560 | 1 Schneider-electric | 7 Sage 1410, Sage 1430, Sage 1450 and 4 more | 2024-11-21 | N/A | 5.3 MEDIUM |
| CWE-125: Out-of-bounds Read vulnerability exists that could cause denial of service of the device’s web interface when an attacker sends a specially crafted HTTP request. | |||||
| CVE-2024-5559 | 1 Schneider-electric | 2 Powerlogic P5, Powerlogic P5 Firmware | 2024-11-21 | N/A | 6.1 MEDIUM |
| CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists that could cause denial of service, device reboot, or an attacker gaining full control of the relay when a specially crafted reset token is entered into the front panel of the device. | |||||