VYPR

Vendor CVEs

Schneider Electric

All CVEs

722 total · sorted by risk
  • CVE-2020-7540Dec 11, 2020
    risk 0.00cvss epss 0.02

    A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause…

  • CVE-2020-7539Dec 11, 2020
    risk 0.00cvss epss 0.01

    A CWE-754 Improper Check for Unusual or Exceptional Conditions vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause a…

  • CVE-2020-7537Dec 11, 2020
    risk 0.00cvss epss 0.01

    A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see security notifications for affected versions), that could cause denial of service when a specially…

  • CVE-2020-7535Dec 11, 2020
    risk 0.00cvss epss 0.01

    A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal' Vulnerability Type) vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification…

  • CVE-2020-28219Dec 11, 2020
    risk 0.00cvss epss 0.00

    A CWE-522: Insufficiently Protected Credentials vulnerability exists in EcoStruxure Geo SCADA Expert 2019 (Original release and Monthly Updates to September 2020, from 81.7268.1 to 81.7578.1) and EcoStruxure Geo SCADA Expert 2020 (Original release and Monthly Updates to…

  • CVE-2020-28218Dec 11, 2020
    risk 0.00cvss epss 0.01

    A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists in Easergy T300 (firmware 2.7 and older), that would allow an attacker to trick a user into initiating an unintended action.

  • CVE-2020-28217Dec 11, 2020
    risk 0.00cvss epss 0.01

    A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Easergy T300 (firmware 2.7 and older), that would allow an attacker to read network traffic over HTTP protocol.

  • CVE-2020-28216Dec 11, 2020
    risk 0.00cvss epss 0.01

    A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Easergy T300 (firmware 2.7 and older), that would allow an attacker to read network traffic over HTTP protocol.

  • CVE-2020-28215Dec 11, 2020
    risk 0.00cvss epss 0.02

    A CWE-862: Missing Authorization vulnerability exists in Easergy T300 (firmware 2.7 and older), that could cause a wide range of problems, including information exposures, denial of service, and arbitrary code execution when access control checks are not applied consistently.

  • CVE-2020-7536Dec 11, 2020
    risk 0.00cvss epss 0.01

    A CWE-754:Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M340 CPUs (BMXP34* versions prior to V3.30) Modicon M340 Communication Ethernet modules (BMXNOE0100 (H) versions prior to V3.4 BMXNOE0110 (H) versions prior to V6.6 BMXNOR0200H all…

  • CVE-2020-7548Dec 1, 2020
    risk 0.00cvss epss 0.01

    A CWE-330 - Use of Insufficiently Random Values vulnerability exists in Smartlink, PowerTag, and Wiser Series Gateways (see security notification for version information) that could allow unauthorized users to login.

  • CVE-2020-7558Nov 19, 2020
    risk 0.00cvss epss 0.02

    A CWE-787 Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition.

  • CVE-2020-7557Nov 19, 2020
    risk 0.00cvss epss 0.02

    A CWE-125 Out-of-bounds Read vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition.

  • CVE-2020-7556Nov 19, 2020
    risk 0.00cvss epss 0.02

    A CWE-787 Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition.

  • CVE-2020-7555Nov 19, 2020
    risk 0.00cvss epss 0.02

    A CWE-787 Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition.

  • CVE-2020-7554Nov 19, 2020
    risk 0.00cvss epss 0.02

    A CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition.

  • CVE-2020-7553Nov 19, 2020
    risk 0.00cvss epss 0.02

    A CWE-787 Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition.

  • CVE-2020-7552Nov 19, 2020
    risk 0.00cvss epss 0.02

    A CWE-787: Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247, that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition.

  • CVE-2020-7551Nov 19, 2020
    risk 0.00cvss epss 0.02

    A CWE-787: Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247, that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition.

  • CVE-2020-7573Nov 19, 2020
    risk 0.00cvss epss 0.01

    A CWE-284 Improper Access Control vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause a remote attacker being able to access a restricted web resources due to improper access control.

  • CVE-2020-7572Nov 19, 2020
    risk 0.00cvss epss 0.02

    A CWE-611 Improper Restriction of XML External Entity Reference vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause an authenticated remote user being able to inject arbitrary XML code and obtain disclosure of confidential data, denial…

  • CVE-2020-7571Nov 19, 2020
    risk 0.00cvss epss 0.01

    A CWE-79 Multiple Improper Neutralization of Input During Web Page Generation (Cross-site Scripting Reflected) vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause a remote attacker to inject arbitrary web script or HTML due to incorrect…

  • CVE-2020-7570Nov 19, 2020
    risk 0.00cvss epss 0.01

    A CWE-79 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting Stored) vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause an authenticated remote user being able to inject arbitrary web script or HTML due to…

  • CVE-2020-7569Nov 19, 2020
    risk 0.00cvss epss 0.02

    A CWE-434 Unrestricted Upload of File with Dangerous Type vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause an authenticated remote user being able to upload arbitrary files due to incorrect verification of user supplied files and…

  • CVE-2020-7561Nov 19, 2020
    risk 0.00cvss epss 0.03

    A CWE-306: Missing Authentication for Critical Function vulnerability exists in Easergy T300 (with firmware 2.7 and older) that could cause a wide range of problems, including information exposure, denial of service, and command execution when access to a resource from an…

  • CVE-2020-7532Sep 16, 2020
    risk 0.00cvss epss 0.01

    A CWE-502 Deserialization of Untrusted Data vulnerability exists in SCADAPack x70 Security Administrator (V1.2.0 and prior) which could allow arbitrary code execution when an attacker builds a custom .SDB file containing a malicious serialized buffer.

  • CVE-2020-7531Sep 16, 2020
    risk 0.00cvss epss 0.01

    A CWE-284 Improper Access Control vulnerability exists in SCADAPack 7x Remote Connect (V3.6.3.574 and prior) which allows an attacker to place executables in a specific folder and run code whenever RemoteConnect is executed by the user.

  • CVE-2020-7530Sep 16, 2020
    risk 0.00cvss epss 0.01

    A CWE-285 Improper Authorization vulnerability exists in SCADAPack 7x Remote Connect (V3.6.3.574 and prior) which allows improper access to executable code folders.

  • CVE-2020-7529Sep 16, 2020
    risk 0.00cvss epss 0.01

    A CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Transversal') vulnerability exists in SCADAPack 7x Remote Connect (V3.6.3.574 and prior) which allows an attacker to place content in any unprotected folder on the target system using a crafted .RCZ file.

  • CVE-2020-7527Aug 31, 2020
    risk 0.00cvss epss 0.00

    Incorrect Default Permission vulnerability exists in SoMove (V2.8.1) and prior which could cause elevation of privilege and provide full access control to local system users to SoMove component and services when a SoMove installer script is launched.

  • CVE-2020-7526Aug 31, 2020
    risk 0.00cvss epss 0.02

    Improper Input Validation vulnerability exists in PowerChute Business Edition (software V9.0.x and earlier) which could cause remote code execution when a script is executed during a shutdown event.

  • CVE-2020-7525Aug 31, 2020
    risk 0.00cvss epss 0.01

    Improper Restriction of Excessive Authentication Attempts vulnerability exists in all hardware versions of spaceLYnk and Wiser for KNX (formerly homeLYnk) which could allow an attacker to guess a password when brute force is used.

  • CVE-2020-7524Aug 31, 2020
    risk 0.00cvss epss 0.01

    Out-of-bounds Write vulnerability exists in Modicon M218 Logic Controller (V5.0.0.7 and prior) which could cause Denial of Service when sending specific crafted IPV4 packet to the controller: Sending a specific IPv4 protocol package to Schneider Electric Modicon M218 Logic…

  • CVE-2020-7523Aug 31, 2020
    risk 0.00cvss epss 0.00

    Improper Privilege Management vulnerability exists in Schneider Electric Modbus Serial Driver (see security notification for versions) which could cause local privilege escalation when the Modbus Serial Driver service is invoked. The driver does not properly assign, modify,…

  • CVE-2020-7522Aug 31, 2020
    risk 0.00cvss epss 0.02

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in SFAPV9601 - APC Easy UPS On-Line Software (V2.0 and earlier) when accessing a vulnerable method of `SoundUploadServlet` which may lead to uploading executable files to…

  • CVE-2020-7521Aug 31, 2020
    risk 0.00cvss epss 0.02

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in SFAPV9601 - APC Easy UPS On-Line Software (V2.0 and earlier) when accessing a vulnerable method of `FileUploadServlet` which may lead to uploading executable files to…

  • CVE-2020-7519Jul 23, 2020
    risk 0.00cvss epss 0.01

    A CWE-521: Weak Password Requirements vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker to compromise a user account.

  • CVE-2020-7518Jul 23, 2020
    risk 0.00cvss epss 0.01

    A CWE-20: Improper input validation vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker to modify project configuration files.

  • CVE-2020-7517Jul 23, 2020
    risk 0.00cvss epss 0.00

    A CWE-312: Cleartext Storage of Sensitive Information vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker to read user credentials.

  • CVE-2020-7516Jul 23, 2020
    risk 0.00cvss epss 0.00

    A CWE-316: Cleartext Storage of Sensitive Information in Memory vulnerability exists in Easergy Builder V1.4.7.2 and prior which could allow an attacker access to login credentials.

  • CVE-2020-7515Jul 23, 2020
    risk 0.00cvss epss 0.00

    A CWE-321: Use of hard-coded cryptographic key stored in cleartext vulnerability exists in Easergy Builder V1.4.7.2 and prior which could allow an attacker to decrypt a password.

  • CVE-2020-7514Jul 23, 2020
    risk 0.00cvss epss 0.00

    A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker access to the authorization credentials for a device and gain full access.

  • CVE-2020-7491Jul 23, 2020
    risk 0.00cvss epss 0.01

    **VERSION NOT SUPPORTED WHEN ASSIGNED** A legacy debug port account in TCMs installed in Tricon system versions 10.2.0 through 10.5.3 is visible on the network and could allow inappropriate access. This vulnerability was remediated in TCM version 10.5.4.

  • CVE-2020-7513Jun 16, 2020
    risk 0.00cvss epss 0.01

    A CWE-312: Cleartext Storage of Sensitive Information vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to intercept traffic and read configuration data.

  • CVE-2020-7512Jun 16, 2020
    risk 0.00cvss epss 0.01

    A CWE-1103: Use of Platform-Dependent Third Party Components with vulnerabilities vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to exploit the component.

  • CVE-2020-7511Jun 16, 2020
    risk 0.00cvss epss 0.01

    A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to acquire a password by brute force.

  • CVE-2020-7510Jun 16, 2020
    risk 0.00cvss epss 0.01

    A CWE-200: Information Exposure vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow attacker to obtain private keys.

  • CVE-2020-7509Jun 16, 2020
    risk 0.00cvss epss 0.01

    A CWE-269: Improper privilege management (write) vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to elevate their privileges and delete files.

  • CVE-2020-7508Jun 16, 2020
    risk 0.00cvss epss 0.01

    A CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to gain full access by brute force.

  • CVE-2020-7507Jun 16, 2020
    risk 0.00cvss epss 0.01

    A CWE-400: Uncontrolled Resource Consumption vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to login multiple times resulting in a denial of service.

Page 11 of 15