Filtered by vendor Schneider-electric
Subscribe
Total
758 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-22699 | 1 Schneider-electric | 4 Modicon M241, Modicon M241 Firmware, Modicon M251 and 1 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| Improper Input Validation vulnerability exists in Modicon M241/M251 logic controllers firmware prior to V5.1.9.1 that could cause denial of service when specific crafted requests are sent to the controller over HTTP. | |||||
| CVE-2021-22698 | 1 Schneider-electric | 1 Ecostruxure Power Build - Rapsody | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists in the EcoStruxure Power Build - Rapsody software (V2.1.13 and prior) that could allow a stack-based buffer overflow to occur which could result in remote code execution when a malicious SSD file is uploaded and improperly parsed. | |||||
| CVE-2021-22697 | 1 Schneider-electric | 1 Ecostruxure Power Build - Rapsody | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists in the EcoStruxure Power Build - Rapsody software (V2.1.13 and prior) that could allow a use-after-free condition which could result in remote code execution when a malicious SSD file is uploaded and improperly parsed. | |||||
| CVE-2020-7573 | 1 Schneider-electric | 1 Webreports | 2024-11-21 | 6.4 MEDIUM | 6.5 MEDIUM |
| A CWE-284 Improper Access Control vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause a remote attacker being able to access a restricted web resources due to improper access control. | |||||
| CVE-2020-7572 | 1 Schneider-electric | 1 Webreports | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A CWE-611 Improper Restriction of XML External Entity Reference vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause an authenticated remote user being able to inject arbitrary XML code and obtain disclosure of confidential data, denial of service, server side request forgery due to improper configuration of the XML parser. | |||||
| CVE-2020-7571 | 1 Schneider-electric | 1 Webreports | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A CWE-79 Multiple Improper Neutralization of Input During Web Page Generation (Cross-site Scripting Reflected) vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause a remote attacker to inject arbitrary web script or HTML due to incorrect sanitization of user supplied data and achieve a Cross-Site Scripting reflected attack against other WebReport users. | |||||
| CVE-2020-7570 | 1 Schneider-electric | 1 Webreports | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A CWE-79 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting Stored) vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause an authenticated remote user being able to inject arbitrary web script or HTML due to incorrect sanitization of user-supplied data and achieve a Cross-Site Scripting stored attack against other WebReport users. | |||||
| CVE-2020-7569 | 1 Schneider-electric | 1 Webreports | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A CWE-434 Unrestricted Upload of File with Dangerous Type vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause an authenticated remote user being able to upload arbitrary files due to incorrect verification of user supplied files and achieve remote code execution. | |||||
| CVE-2020-7568 | 1 Schneider-electric | 2 Modicon M221, Modicon M221 Firmware | 2024-11-21 | 3.3 LOW | 4.3 MEDIUM |
| A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Modicon M221 (all references, all versions) that could allow non sensitive information disclosure when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller. | |||||
| CVE-2020-7567 | 1 Schneider-electric | 2 Modicon M221, Modicon M221 Firmware | 2024-11-21 | 2.9 LOW | 5.7 MEDIUM |
| A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to find the password hash when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller and broke the encryption keys. | |||||
| CVE-2020-7566 | 1 Schneider-electric | 2 Modicon M221, Modicon M221 Firmware | 2024-11-21 | 4.3 MEDIUM | 7.3 HIGH |
| A CWE-334: Small Space of Random Values vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to break the encryption keys when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller. | |||||
| CVE-2020-7565 | 1 Schneider-electric | 2 Modicon M221, Modicon M221 Firmware | 2024-11-21 | 4.3 MEDIUM | 7.3 HIGH |
| A CWE-326: Inadequate Encryption Strength vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to break the encryption key when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller. | |||||
| CVE-2020-7564 | 1 Schneider-electric | 40 Modicon M340 Bmx Noc 0401, Modicon M340 Bmx Noc 0401 Firmware, Modicon M340 Bmx Noe 0100 and 37 more | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details) which could cause write access and the execution of commands when uploading a specially crafted file on the controller over FTP. | |||||
| CVE-2020-7563 | 1 Schneider-electric | 40 Modicon M340 Bmx Noc 0401, Modicon M340 Bmx Noc 0401 Firmware, Modicon M340 Bmx Noe 0100 and 37 more | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A CWE-787: Out-of-bounds Write vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details) which could cause corruption of data, a crash, or code execution when uploading a specially crafted file on the controller over FTP. | |||||
| CVE-2020-7562 | 1 Schneider-electric | 40 Modicon M340 Bmx Noc 0401, Modicon M340 Bmx Noc 0401 Firmware, Modicon M340 Bmx Noe 0100 and 37 more | 2024-11-21 | 5.8 MEDIUM | 8.1 HIGH |
| A CWE-125: Out-of-Bounds Read vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details) which could cause a segmentation fault or a buffer overflow when uploading a specially crafted file on the controller over FTP. | |||||
| CVE-2020-7561 | 1 Schneider-electric | 2 Easergy T300, Easergy T300 Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A CWE-306: Missing Authentication for Critical Function vulnerability exists in Easergy T300 (with firmware 2.7 and older) that could cause a wide range of problems, including information exposure, denial of service, and command execution when access to a resource from an attacker is not restricted or incorrectly restricted. | |||||
| CVE-2020-7560 | 1 Schneider-electric | 2 Ecostruxure Control Expert, Unity Pro | 2024-11-21 | 6.8 MEDIUM | 8.6 HIGH |
| A CWE-123: Write-what-where Condition vulnerability exists in EcoStruxure™ Control Expert (all versions) and Unity Pro (former name of EcoStruxure™ Control Expert) (all versions), that could cause a crash of the software or unexpected code execution when opening a malicious file in EcoStruxure™ Control Expert software. | |||||
| CVE-2020-7559 | 1 Schneider-electric | 1 Ecostruxure Control Expert | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause a crash of the PLC simulator present in EcoStruxureª Control Expert software when receiving a specially crafted request over Modbus. | |||||
| CVE-2020-7558 | 1 Schneider-electric | 1 Interactive Graphical Scada System | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| A CWE-787 Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition. | |||||
| CVE-2020-7557 | 1 Schneider-electric | 1 Interactive Graphical Scada System | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| A CWE-125 Out-of-bounds Read vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition. | |||||