Filtered by vendor Schneider-electric
Subscribe
Total
758 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-6017 | 1 Schneider-electric | 30 Bmxnoc0401, Bmxnoc0401 Firmware, Bmxnoe0100 and 27 more | 2025-04-20 | 7.8 HIGH | 7.5 HIGH |
| A Resource Exhaustion issue was discovered in Schneider Electric Modicon M340 PLC BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP341000, BMXP342000, BMXP3420102, BMXP3420102CL, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, and BMXP342030H. A remote attacker could send a specially crafted set of packets to the PLC causing it to freeze, requiring the operator to physically press the reset button on the PLC in order to recover. | |||||
| CVE-2017-7969 | 1 Schneider-electric | 3 Citect Anywhere, Powerscada Anywhere, Powerscada Expert | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery vulnerability exists on the Secure Gateway component of Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 for multiple state-changing requests. This type of attack requires some level of social engineering in order to get a legitimate user to click on or access a malicious link/site containing the CSRF attack. | |||||
| CVE-2017-9957 | 1 Schneider-electric | 1 U.motion Builder | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the web service contains a hidden system account with a hardcoded password. An attacker can use this information to log into the system with high-privilege credentials. | |||||
| CVE-2017-9629 | 1 Schneider-electric | 1 Wonderware Archestra Logger | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| A Stack-Based Buffer Overflow issue was discovered in Schneider Electric Wonderware ArchestrA Logger, versions 2017.426.2307.1 and prior. The stack-based buffer overflow vulnerability has been identified, which may allow a remote attacker to execute arbitrary code in the context of a highly privileged account. | |||||
| CVE-2017-9961 | 1 Schneider-electric | 1 Pro-face Gp Pro Ex | 2025-04-20 | 4.6 MEDIUM | 7.8 HIGH |
| A vulnerability exists in Schneider Electric's Pro-Face GP Pro EX version 4.07.000 that allows an attacker to execute arbitrary code. Malicious code installation requires an access to the computer. By placing a specific DLL/OCX file, an attacker is able to force the process to load arbitrary DLL and execute arbitrary code in the context of the process. | |||||
| CVE-2016-8354 | 1 Schneider-electric | 1 Unity Pro | 2025-04-20 | 5.1 MEDIUM | 7.0 HIGH |
| An issue was discovered in Schneider Electric Unity PRO prior to V11.1. Unity projects can be compiled as x86 instructions and loaded onto the PLC Simulator delivered with Unity PRO. These x86 instructions are subsequently executed directly by the simulator. A specially crafted patched Unity project file can make the simulator execute malicious code by redirecting the control flow of these instructions. | |||||
| CVE-2017-7575 | 1 Schneider-electric | 2 Modicon Tm221ce16r, Modicon Tm221ce16r Firmware | 2025-04-20 | 5.0 MEDIUM | 9.8 CRITICAL |
| Schneider Electric Modicon TM221CE16R 1.3.3.3 devices allow remote attackers to discover the application-protection password via a \x00\x01\x00\x00\x00\x05\x01\x5a\x00\x03\x00 request to the Modbus port (502/tcp). Subsequently the application may be arbitrarily downloaded, modified, and uploaded. | |||||
| CVE-2017-6033 | 1 Schneider-electric | 1 Interactive Graphical Scada System | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| A DLL Hijacking issue was discovered in Schneider Electric Interactive Graphical SCADA System (IGSS) Software, Version 12 and previous versions. The software will execute a malicious file if it is named the same as a legitimate file and placed in a location that is earlier in the search path. | |||||
| CVE-2017-7689 | 1 Schneider-electric | 2 Homelynk Controller Lss100100, Homelynk Controller Lss100100 Firmware | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| A Command Injection vulnerability in Schneider Electric homeLYnk Controller exists in all versions before 1.5.0. | |||||
| CVE-2017-7971 | 1 Schneider-electric | 3 Citect Anywhere, Powerscada Anywhere, Powerscada Expert | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the use of outdated cipher suites and improper verification of peer SSL Certificate. | |||||
| CVE-2016-5815 | 1 Schneider-electric | 6 Ion5000, Ion7300, Ion7500 and 3 more | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. No authentication is configured by default. An unauthorized user can access the device management portal and make configuration changes. | |||||
| CVE-2017-13997 | 1 Schneider-electric | 2 Wonderware Indusoft Web Studio, Wonderware Intouch | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| A Missing Authentication for Critical Function issue was discovered in Schneider Electric InduSoft Web Studio v8.0 SP2 or prior, and InTouch Machine Edition v8.0 SP2 or prior. InduSoft Web Studio provides the capability for an HMI client to trigger script execution on the server for the purposes of performing customized calculations or actions. A remote malicious entity could bypass the server authentication and trigger the execution of an arbitrary command. The command is executed under high privileges and could lead to a complete compromise of the server. | |||||
| CVE-2017-5155 | 1 Schneider-electric | 1 Wonderware Historian | 2025-04-20 | 7.5 HIGH | 7.3 HIGH |
| An issue was discovered in Schneider Electric Wonderware Historian 2014 R2 SP1 P01 and earlier. Wonderware Historian creates logins with default passwords, which can allow a malicious entity to compromise Historian databases. In some installation scenarios, resources beyond those created by Wonderware Historian may be compromised as well. | |||||
| CVE-2017-8371 | 1 Schneider-electric | 1 Struxureware Data Center Expert | 2025-04-20 | 4.0 MEDIUM | 6.8 MEDIUM |
| Schneider Electric StruxureWare Data Center Expert before 7.4.0 uses cleartext RAM storage for passwords, which might allow remote attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2017-6028 | 1 Schneider-electric | 4 Modicon M241, Modicon M241 Firmware, Modicon M251 and 1 more | 2025-04-20 | 5.0 MEDIUM | 9.8 CRITICAL |
| An Insufficiently Protected Credentials issue was discovered in Schneider Electric Modicon PLCs Modicon M241, all firmware versions, and Modicon M251, all firmware versions. Log-in credentials are sent over the network with Base64 encoding leaving them susceptible to sniffing. Sniffed credentials could then be used to log into the web application. | |||||
| CVE-2016-5818 | 1 Schneider-electric | 2 Powerlogic Pm8ecc, Powerlogic Pm8ecc Firmware | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Schneider Electric PowerLogic PM8ECC device 2.651 and older. Undocumented hard-coded credentials allow access to the device. | |||||
| CVE-2017-9956 | 1 Schneider-electric | 1 U.motion Builder | 2025-04-20 | 7.5 HIGH | 7.3 HIGH |
| An authentication bypass vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the system contains a hard-coded valid session. An attacker can use that session ID as part of the HTTP cookie of a web request, resulting in authentication bypass | |||||
| CVE-2017-9631 | 1 Schneider-electric | 1 Wonderware Archestra Logger | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| A Null Pointer Dereference issue was discovered in Schneider Electric Wonderware ArchestrA Logger, versions 2017.426.2307.1 and prior. The null pointer dereference vulnerability could allow an attacker to crash the logger process, causing a denial of service for logging and log-viewing (applications that use the Wonderware ArchestrA Logger continue to run when the Wonderware ArchestrA Logger service is unavailable). | |||||
| CVE-2017-6032 | 1 Schneider-electric | 2 Modbus, Modbus Firmware | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| A Violation of Secure Design Principles issue was discovered in Schneider Electric Modicon Modbus Protocol. The Modicon Modbus protocol has a session-related weakness making it susceptible to brute-force attacks. | |||||
| CVE-2017-7965 | 1 Schneider-electric | 1 Somachine Hvac | 2025-04-20 | 4.6 MEDIUM | 7.3 HIGH |
| A buffer overflow vulnerability exists in Programming Software executable AlTracePrint.exe, in Schneider Electric's SoMachine HVAC v2.1.0 for Modicon M171/M172 Controller. | |||||