Schneider Electric
Schneider Electric SE is a French multinational corporation that specializes in energy technology, covering electrification, automation, and digitalization for industry and homes.
Products
421- 72 CVEs
- 50 CVEs
- 46 CVEs
- 29 CVEs
- 26 CVEs
- 26 CVEs
- 25 CVEs
- 21 CVEs
- 20 CVEs
- 19 CVEs
- 19 CVEs
- 19 CVEs
- 18 CVEs
- 17 CVEs
- 16 CVEs
- 15 CVEs
- 15 CVEs
- 15 CVEs
- 14 CVEs
- 13 CVEs
- 13 CVEs
- 13 CVEs
- 12 CVEs
- 12 CVEs
- 10 CVEs
- 10 CVEs
- 10 CVEs
- 10 CVEs
- 10 CVEs
- 9 CVEs
- View all 421 products →
Recent CVEs
722| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-6026 | Cri | 0.65 | 9.1 | 0.32 | Jun 30, 2017 | A Use of Insufficiently Random Values issue was discovered in Schneider Electric Modicon PLCs Modicon M241, firmware versions prior to Version 4.0.5.11, and Modicon M251, firmware versions prior to Version 4.0.5.11. The session numbers generated by the web application are… | ||
| CVE-2017-5178 | Cri | 0.65 | 9.8 | 0.14 | Mar 8, 2017 | An issue was discovered in Schneider Electric Tableau Server/Desktop Versions 7.0 to 10.1.3 in Wonderware Intelligence Versions 2014R3 and prior. These versions contain a system account that is installed by default. The default system account is difficult to configure with… | ||
| CVE-2016-8352 | Cri | 0.65 | 10.0 | 0.04 | Feb 13, 2017 | An issue was discovered in Schneider Electric ConneXium firewalls TCSEFEC23F3F20 all versions, TCSEFEC23F3F21 all versions, TCSEFEC23FCF20 all versions, TCSEFEC23FCF21 all versions, and TCSEFEC2CF3F20 all versions. A stack-based buffer overflow can be triggered during the SNMP… | ||
| CVE-2021-22768 | Cri | 0.64 | 9.8 | 0.03 | Jun 11, 2021 | A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service or remote code execution via a specially crafted HTTP packet.This CVE ID is unique from CVE-2021-22767 | ||
| CVE-2021-22767 | Cri | 0.64 | 9.8 | 0.03 | Jun 11, 2021 | A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service or remote code execution via a specially crafted HTTP packet.This CVE ID is unique from CVE-2021-2276 | ||
| CVE-2021-22765 | Cri | 0.64 | 9.8 | 0.03 | Jun 11, 2021 | A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service or remote code execution via a specially crafted HTTP packet | ||
| CVE-2021-22763 | Cri | 0.64 | 9.8 | 0.02 | Jun 11, 2021 | A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists in PowerLogic PM55xx, PowerLogic PM8ECC, PowerLogic EGX100 and PowerLogic EGX300 (see security notification for version infromation) that could allow an attacker administrator level access to… | ||
| CVE-2020-7489 | Cri | 0.64 | 9.8 | 0.02 | Apr 22, 2020 | A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability exists on EcoStruxure Machine Expert – Basic or SoMachine Basic programming software (versions in security notification). The result of this… | ||
| CVE-2018-7791 | Cri | 0.64 | 9.8 | 0.02 | Aug 29, 2018 | A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to overwrite the original password with their password. If an… | ||
| CVE-2018-7790 | Cri | 0.64 | 9.8 | 0.02 | Aug 29, 2018 | An Information Management Error vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to replay authentication sequences. If an attacker exploits this vulnerability… | ||
| CVE-2018-7785 | Cri | 0.64 | 9.8 | 0.03 | Jul 3, 2018 | In Schneider Electric U.motion Builder software versions prior to v1.3.4, a remote command injection allows authentication bypass. | ||
| CVE-2018-7784 | Cri | 0.64 | 9.8 | 0.02 | Jul 3, 2018 | In Schneider Electric U.motion Builder software versions prior to v1.3.4, this exploit occurs when the submitted data of an input string is evaluated as a command by the application. In this way, the attacker could execute code, read the stack, or cause a segmentation fault in… | ||
| CVE-2018-7780 | Cri | 0.64 | 9.8 | 0.01 | Jul 3, 2018 | In Schneider Electric Pelco Sarix Professional 1st generation cameras with firmware versions prior to 3.29.69, a buffer overflow vulnerability exist in cgi program "set". | ||
| CVE-2018-7778 | Cri | 0.64 | 9.8 | 0.02 | Jul 3, 2018 | In Schneider Electric Evlink Charging Station versions prior to v3.2.0-12_v1, the Web Interface has an issue that may allow a remote attacker to gain administrative privileges without properly authenticating remote users. | ||
| CVE-2018-8840 | Cri | 0.64 | 9.8 | 0.08 | Apr 18, 2018 | A remote attacker could send a carefully crafted packet in InduSoft Web Studio v8.1 and prior versions, and/or InTouch Machine Edition 2017 v8.1 and prior versions during a tag, alarm, or event related action such as read and write, which may allow remote code execution. | ||
| CVE-2018-7761 | Cri | 0.64 | 9.8 | 0.02 | Apr 18, 2018 | A vulnerability exists in the HTTP request parser in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200 which could allow arbitrary code execution. | ||
| CVE-2018-7760 | Cri | 0.64 | 9.8 | 0.01 | Apr 18, 2018 | An authorization bypass vulnerability exists in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200. Requests to CGI functions allow malicious users to bypass authorization. | ||
| CVE-2018-7246 | Cri | 0.64 | 9.8 | 0.01 | Apr 18, 2018 | A cleartext transmission of sensitive information vulnerability exists in Schneider Electric's 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. he integrated web server (Port 80/443/TCP) of the affected devices could allow remote attackers to… | ||
| CVE-2018-7243 | Cri | 0.64 | 9.8 | 0.03 | Apr 18, 2018 | An authorization bypass vulnerability exists In Schneider Electric's 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. The integrated web server (Port 80/443/TCP) of the affected devices could allow a remote attacker to get a full access to device,… | ||
| CVE-2018-7242 | Cri | 0.64 | 9.8 | 0.02 | Apr 18, 2018 | Vulnerable hash algorithms exists in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules. The algorithm used to encrypt the password is vulnerable to hash collision attacks. |
- risk 0.65cvss 9.1epss 0.32
A Use of Insufficiently Random Values issue was discovered in Schneider Electric Modicon PLCs Modicon M241, firmware versions prior to Version 4.0.5.11, and Modicon M251, firmware versions prior to Version 4.0.5.11. The session numbers generated by the web application are…
- risk 0.65cvss 9.8epss 0.14
An issue was discovered in Schneider Electric Tableau Server/Desktop Versions 7.0 to 10.1.3 in Wonderware Intelligence Versions 2014R3 and prior. These versions contain a system account that is installed by default. The default system account is difficult to configure with…
- risk 0.65cvss 10.0epss 0.04
An issue was discovered in Schneider Electric ConneXium firewalls TCSEFEC23F3F20 all versions, TCSEFEC23F3F21 all versions, TCSEFEC23FCF20 all versions, TCSEFEC23FCF21 all versions, and TCSEFEC2CF3F20 all versions. A stack-based buffer overflow can be triggered during the SNMP…
- risk 0.64cvss 9.8epss 0.03
A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service or remote code execution via a specially crafted HTTP packet.This CVE ID is unique from CVE-2021-22767
- risk 0.64cvss 9.8epss 0.03
A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service or remote code execution via a specially crafted HTTP packet.This CVE ID is unique from CVE-2021-2276
- risk 0.64cvss 9.8epss 0.03
A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service or remote code execution via a specially crafted HTTP packet
- risk 0.64cvss 9.8epss 0.02
A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists in PowerLogic PM55xx, PowerLogic PM8ECC, PowerLogic EGX100 and PowerLogic EGX300 (see security notification for version infromation) that could allow an attacker administrator level access to…
- risk 0.64cvss 9.8epss 0.02
A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability exists on EcoStruxure Machine Expert – Basic or SoMachine Basic programming software (versions in security notification). The result of this…
- risk 0.64cvss 9.8epss 0.02
A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to overwrite the original password with their password. If an…
- risk 0.64cvss 9.8epss 0.02
An Information Management Error vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to replay authentication sequences. If an attacker exploits this vulnerability…
- risk 0.64cvss 9.8epss 0.03
In Schneider Electric U.motion Builder software versions prior to v1.3.4, a remote command injection allows authentication bypass.
- risk 0.64cvss 9.8epss 0.02
In Schneider Electric U.motion Builder software versions prior to v1.3.4, this exploit occurs when the submitted data of an input string is evaluated as a command by the application. In this way, the attacker could execute code, read the stack, or cause a segmentation fault in…
- risk 0.64cvss 9.8epss 0.01
In Schneider Electric Pelco Sarix Professional 1st generation cameras with firmware versions prior to 3.29.69, a buffer overflow vulnerability exist in cgi program "set".
- risk 0.64cvss 9.8epss 0.02
In Schneider Electric Evlink Charging Station versions prior to v3.2.0-12_v1, the Web Interface has an issue that may allow a remote attacker to gain administrative privileges without properly authenticating remote users.
- risk 0.64cvss 9.8epss 0.08
A remote attacker could send a carefully crafted packet in InduSoft Web Studio v8.1 and prior versions, and/or InTouch Machine Edition 2017 v8.1 and prior versions during a tag, alarm, or event related action such as read and write, which may allow remote code execution.
- risk 0.64cvss 9.8epss 0.02
A vulnerability exists in the HTTP request parser in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200 which could allow arbitrary code execution.
- risk 0.64cvss 9.8epss 0.01
An authorization bypass vulnerability exists in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200. Requests to CGI functions allow malicious users to bypass authorization.
- risk 0.64cvss 9.8epss 0.01
A cleartext transmission of sensitive information vulnerability exists in Schneider Electric's 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. he integrated web server (Port 80/443/TCP) of the affected devices could allow remote attackers to…
- risk 0.64cvss 9.8epss 0.03
An authorization bypass vulnerability exists In Schneider Electric's 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. The integrated web server (Port 80/443/TCP) of the affected devices could allow a remote attacker to get a full access to device,…
- risk 0.64cvss 9.8epss 0.02
Vulnerable hash algorithms exists in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules. The algorithm used to encrypt the password is vulnerable to hash collision attacks.