Filtered by vendor Schneider-electric
Subscribe
Total
758 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-7536 | 1 Schneider-electric | 20 Bmxnoe0100, Bmxnoe0100 Firmware, Bmxnoe0110 and 17 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| A CWE-754:Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M340 CPUs (BMXP34* versions prior to V3.30) Modicon M340 Communication Ethernet modules (BMXNOE0100 (H) versions prior to V3.4 BMXNOE0110 (H) versions prior to V6.6 BMXNOR0200H all versions), that could cause the device to be unreachable when modifying network parameters over SNMP. | |||||
| CVE-2020-7535 | 1 Schneider-electric | 42 140cpu65150, 140cpu65150 Firmware, 140cpu65160 and 39 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal' Vulnerability Type) vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause disclosure of information when sending a specially crafted request to the controller over HTTP. | |||||
| CVE-2020-7534 | 1 Schneider-electric | 20 140cpu65, 140cpu65 Firmware, 140noc78000 and 17 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists on the web server used, that could cause a leak of sensitive data or unauthorized actions on the web server during the time the user is logged in. Affected Products: Modicon M340 CPUs: BMXP34 (All Versions), Modicon Quantum CPUs with integrated Ethernet (Copro): 140CPU65 (All Versions), Modicon Premium CPUs with integrated Ethernet (Copro): TSXP57 (All Versions), Modicon M340 ethernet modules: (BMXNOC0401, BMXNOE01, BMXNOR0200H) (All Versions), Modicon Quantum and Premium factory cast communication modules: (140NOE77111, 140NOC78*00, TSXETY5103, TSXETY4103) (All Versions) | |||||
| CVE-2020-7533 | 1 Schneider-electric | 32 140cpu65260, 140cpu65260 Firmware, 140noc77101 and 29 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A CWE-255: Credentials Management vulnerability exists in Web Server on Modicon M340, Modicon Quantum and ModiconPremium Legacy offers and their Communication Modules (see security notification for version information) which could cause the execution of commands on the webserver without authentication when sending specially crafted HTTP requests. | |||||
| CVE-2020-7532 | 1 Schneider-electric | 1 Scadapack X70 Security Administrator | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| A CWE-502 Deserialization of Untrusted Data vulnerability exists in SCADAPack x70 Security Administrator (V1.2.0 and prior) which could allow arbitrary code execution when an attacker builds a custom .SDB file containing a malicious serialized buffer. | |||||
| CVE-2020-7531 | 1 Schneider-electric | 1 Scadapack 7x Remote Connect | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| A CWE-284 Improper Access Control vulnerability exists in SCADAPack 7x Remote Connect (V3.6.3.574 and prior) which allows an attacker to place executables in a specific folder and run code whenever RemoteConnect is executed by the user. | |||||
| CVE-2020-7530 | 1 Schneider-electric | 1 Scadapack 7x Remote Connect | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A CWE-285 Improper Authorization vulnerability exists in SCADAPack 7x Remote Connect (V3.6.3.574 and prior) which allows improper access to executable code folders. | |||||
| CVE-2020-7529 | 1 Schneider-electric | 1 Scadapack 7x Remote Connect | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| A CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Transversal') vulnerability exists in SCADAPack 7x Remote Connect (V3.6.3.574 and prior) which allows an attacker to place content in any unprotected folder on the target system using a crafted .RCZ file. | |||||
| CVE-2020-7528 | 1 Schneider-electric | 1 Scadapack 7x Remote Connect | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| A CWE-502 Deserialization of Untrusted Data vulnerability exists in SCADAPack 7x Remote Connect (V3.6.3.574 and prior) which could allow arbitrary code execution when an attacker builds a custom .PRJ file containing a malicious serialized buffer. | |||||
| CVE-2020-7527 | 1 Schneider-electric | 1 Somove | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Incorrect Default Permission vulnerability exists in SoMove (V2.8.1) and prior which could cause elevation of privilege and provide full access control to local system users to SoMove component and services when a SoMove installer script is launched. | |||||
| CVE-2020-7525 | 1 Schneider-electric | 4 Spacelynk, Spacelynk Firmware, Wiser For Knx and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Improper Restriction of Excessive Authentication Attempts vulnerability exists in all hardware versions of spaceLYnk and Wiser for KNX (formerly homeLYnk) which could allow an attacker to guess a password when brute force is used. | |||||
| CVE-2020-7524 | 1 Schneider-electric | 2 Modicon M218, Modicon M218 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Out-of-bounds Write vulnerability exists in Modicon M218 Logic Controller (V5.0.0.7 and prior) which could cause Denial of Service when sending specific crafted IPV4 packet to the controller: Sending a specific IPv4 protocol package to Schneider Electric Modicon M218 Logic Controller can cause IPv4 devices to go down. The device does not work properly and must be powered back on to return to normal. | |||||
| CVE-2020-7523 | 1 Schneider-electric | 2 Modbus Driver Suite, Modbus Serial Driver | 2024-11-21 | 4.4 MEDIUM | 7.8 HIGH |
| Improper Privilege Management vulnerability exists in Schneider Electric Modbus Serial Driver (see security notification for versions) which could cause local privilege escalation when the Modbus Serial Driver service is invoked. The driver does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor. | |||||
| CVE-2020-7522 | 1 Schneider-electric | 1 Apc Easy Ups Online Software | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in SFAPV9601 - APC Easy UPS On-Line Software (V2.0 and earlier) when accessing a vulnerable method of `SoundUploadServlet` which may lead to uploading executable files to non-specified directories. | |||||
| CVE-2020-7521 | 1 Schneider-electric | 1 Apc Easy Ups Online Software | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in SFAPV9601 - APC Easy UPS On-Line Software (V2.0 and earlier) when accessing a vulnerable method of `FileUploadServlet` which may lead to uploading executable files to non-specified directories. | |||||
| CVE-2020-7520 | 1 Schneider-electric | 1 Software Update Utility | 2024-11-21 | 4.0 MEDIUM | 4.7 MEDIUM |
| A CWE-601: URL Redirection to Untrusted Site ('Open Redirect') vulnerability exists in Schneider Electric Software Update (SESU), V2.4.0 and prior, which could cause execution of malicious code on the victim's machine. In order to exploit this vulnerability, an attacker requires privileged access on the engineering workstation to modify a Windows registry key which would divert all traffic updates to go through a server in the attacker's possession. A man-in-the-middle attack is then used to complete the exploit. | |||||
| CVE-2020-7519 | 1 Schneider-electric | 1 Easergy Builder | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A CWE-521: Weak Password Requirements vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker to compromise a user account. | |||||
| CVE-2020-7518 | 1 Schneider-electric | 1 Easergy Builder | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A CWE-20: Improper input validation vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker to modify project configuration files. | |||||
| CVE-2020-7517 | 1 Schneider-electric | 1 Easergy Builder | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| A CWE-312: Cleartext Storage of Sensitive Information vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker to read user credentials. | |||||
| CVE-2020-7516 | 1 Schneider-electric | 1 Easergy Builder | 2024-11-21 | 2.1 LOW | 7.8 HIGH |
| A CWE-316: Cleartext Storage of Sensitive Information in Memory vulnerability exists in Easergy Builder V1.4.7.2 and prior which could allow an attacker access to login credentials. | |||||