VYPR
Vendor

Schneider Electric

Schneider Electric SE is a French multinational corporation that specializes in energy technology, covering electrification, automation, and digitalization for industry and homes.

Founded 1836
Products
421
CVEs
722
Across products
604
Status
Private

Products

421
View all 421 products →

Recent CVEs

722
View all 722 CVEs →
  • CVE-2017-6026CriJun 30, 2017
    risk 0.65cvss 9.1epss 0.32

    A Use of Insufficiently Random Values issue was discovered in Schneider Electric Modicon PLCs Modicon M241, firmware versions prior to Version 4.0.5.11, and Modicon M251, firmware versions prior to Version 4.0.5.11. The session numbers generated by the web application are…

  • CVE-2017-5178CriMar 8, 2017
    risk 0.65cvss 9.8epss 0.14

    An issue was discovered in Schneider Electric Tableau Server/Desktop Versions 7.0 to 10.1.3 in Wonderware Intelligence Versions 2014R3 and prior. These versions contain a system account that is installed by default. The default system account is difficult to configure with…

  • CVE-2016-8352CriFeb 13, 2017
    risk 0.65cvss 10.0epss 0.04

    An issue was discovered in Schneider Electric ConneXium firewalls TCSEFEC23F3F20 all versions, TCSEFEC23F3F21 all versions, TCSEFEC23FCF20 all versions, TCSEFEC23FCF21 all versions, and TCSEFEC2CF3F20 all versions. A stack-based buffer overflow can be triggered during the SNMP…

  • CVE-2021-22768CriJun 11, 2021
    risk 0.64cvss 9.8epss 0.03

    A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service or remote code execution via a specially crafted HTTP packet.This CVE ID is unique from CVE-2021-22767

  • CVE-2021-22767CriJun 11, 2021
    risk 0.64cvss 9.8epss 0.03

    A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service or remote code execution via a specially crafted HTTP packet.This CVE ID is unique from CVE-2021-2276

  • CVE-2021-22765CriJun 11, 2021
    risk 0.64cvss 9.8epss 0.03

    A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service or remote code execution via a specially crafted HTTP packet

  • CVE-2021-22763CriJun 11, 2021
    risk 0.64cvss 9.8epss 0.02

    A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists in PowerLogic PM55xx, PowerLogic PM8ECC, PowerLogic EGX100 and PowerLogic EGX300 (see security notification for version infromation) that could allow an attacker administrator level access to…

  • CVE-2020-7489CriApr 22, 2020
    risk 0.64cvss 9.8epss 0.02

    A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability exists on EcoStruxure Machine Expert – Basic or SoMachine Basic programming software (versions in security notification). The result of this…

  • CVE-2018-7791CriAug 29, 2018
    risk 0.64cvss 9.8epss 0.02

    A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to overwrite the original password with their password. If an…

  • CVE-2018-7790CriAug 29, 2018
    risk 0.64cvss 9.8epss 0.02

    An Information Management Error vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to replay authentication sequences. If an attacker exploits this vulnerability…

  • CVE-2018-7785CriJul 3, 2018
    risk 0.64cvss 9.8epss 0.03

    In Schneider Electric U.motion Builder software versions prior to v1.3.4, a remote command injection allows authentication bypass.

  • CVE-2018-7784CriJul 3, 2018
    risk 0.64cvss 9.8epss 0.02

    In Schneider Electric U.motion Builder software versions prior to v1.3.4, this exploit occurs when the submitted data of an input string is evaluated as a command by the application. In this way, the attacker could execute code, read the stack, or cause a segmentation fault in…

  • CVE-2018-7780CriJul 3, 2018
    risk 0.64cvss 9.8epss 0.01

    In Schneider Electric Pelco Sarix Professional 1st generation cameras with firmware versions prior to 3.29.69, a buffer overflow vulnerability exist in cgi program "set".

  • CVE-2018-7778CriJul 3, 2018
    risk 0.64cvss 9.8epss 0.02

    In Schneider Electric Evlink Charging Station versions prior to v3.2.0-12_v1, the Web Interface has an issue that may allow a remote attacker to gain administrative privileges without properly authenticating remote users.

  • CVE-2018-8840CriApr 18, 2018
    risk 0.64cvss 9.8epss 0.08

    A remote attacker could send a carefully crafted packet in InduSoft Web Studio v8.1 and prior versions, and/or InTouch Machine Edition 2017 v8.1 and prior versions during a tag, alarm, or event related action such as read and write, which may allow remote code execution.

  • CVE-2018-7761CriApr 18, 2018
    risk 0.64cvss 9.8epss 0.02

    A vulnerability exists in the HTTP request parser in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200 which could allow arbitrary code execution.

  • CVE-2018-7760CriApr 18, 2018
    risk 0.64cvss 9.8epss 0.01

    An authorization bypass vulnerability exists in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200. Requests to CGI functions allow malicious users to bypass authorization.

  • CVE-2018-7246CriApr 18, 2018
    risk 0.64cvss 9.8epss 0.01

    A cleartext transmission of sensitive information vulnerability exists in Schneider Electric's 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. he integrated web server (Port 80/443/TCP) of the affected devices could allow remote attackers to…

  • CVE-2018-7243CriApr 18, 2018
    risk 0.64cvss 9.8epss 0.03

    An authorization bypass vulnerability exists In Schneider Electric's 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. The integrated web server (Port 80/443/TCP) of the affected devices could allow a remote attacker to get a full access to device,…

  • CVE-2018-7242CriApr 18, 2018
    risk 0.64cvss 9.8epss 0.02

    Vulnerable hash algorithms exists in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules. The algorithm used to encrypt the password is vulnerable to hash collision attacks.