VYPR

Vendor CVEs

Schneider Electric

All CVEs

722 total · sorted by risk
  • CVE-2024-11999HigDec 17, 2024
    risk 0.57cvss 8.8epss 0.01

    CWE-1104: Use of Unmaintained Third-Party Components vulnerability exists that could cause complete control of the device when an authenticated user installs malicious code into HMI product.

  • CVE-2020-7534HigFeb 4, 2022
    risk 0.57cvss 8.8epss 0.00

    A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists on the web server used, that could cause a leak of sensitive data or unauthorized actions on the web server during the time the user is logged in. Affected Products: Modicon M340 CPUs: BMXP34 (All Versions),…

  • CVE-2020-7564HigNov 18, 2020
    risk 0.57cvss 8.8epss 0.01

    A CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details) which could cause write…

  • CVE-2020-7563HigNov 18, 2020
    risk 0.57cvss 8.8epss 0.01

    A CWE-787: Out-of-bounds Write vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details) which could cause corruption of data, a crash, or code execution when uploading…

  • CVE-2018-7782HigJul 3, 2018
    risk 0.57cvss 8.8epss 0.01

    In Schneider Electric Pelco Sarix Professional 1st generation cameras with firmware versions prior to 3.29.69, authenticated users can view passwords in clear text.

  • CVE-2018-7781HigJul 3, 2018
    risk 0.57cvss 8.8epss 0.01

    In Schneider Electric Pelco Sarix Professional 1st generation cameras with firmware versions prior to 3.29.69, by sending a specially crafted request an authenticated user can view password in clear text and results in privilege escalation.

  • CVE-2018-7774HigJul 3, 2018
    risk 0.57cvss 8.8epss 0.01

    The vulnerability exists within processing of localize.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the username input parameter.

  • CVE-2018-7773HigJul 3, 2018
    risk 0.57cvss 8.8epss 0.01

    The vulnerability exists within processing of nfcserver.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the sessionid input parameter.

  • CVE-2018-7772HigJul 3, 2018
    risk 0.57cvss 8.8epss 0.01

    The vulnerability exists within processing of applets which are exposed on the web service in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query to determine whether a user is logged in is subject to SQL injection on the…

  • CVE-2018-7769HigJul 3, 2018
    risk 0.57cvss 8.8epss 0.01

    The vulnerability exists within processing of xmlserver.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the id input parameter.

  • CVE-2018-7768HigJul 3, 2018
    risk 0.57cvss 8.8epss 0.01

    The vulnerability exists within processing of loadtemplate.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the tpl input parameter.

  • CVE-2018-7767HigJul 3, 2018
    risk 0.57cvss 8.8epss 0.01

    The vulnerability exists within processing of editobject.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the type input parameter.

  • CVE-2018-7766HigJul 3, 2018
    risk 0.57cvss 8.8epss 0.01

    The vulnerability exists within processing of track_getdata.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the id input parameter.

  • CVE-2018-7765HigJul 3, 2018
    risk 0.57cvss 8.8epss 0.03

    The vulnerability exists within processing of track_import_export.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the object_id input parameter.

  • CVE-2018-7240HigApr 18, 2018
    risk 0.57cvss 8.8epss 0.03

    A vulnerability exists in Schneider Electric's Modicon Quantum in all versions of the communication modules which could allow arbitrary code execution. An FTP command used to upgrade the firmware of the module can be misused to cause a denial of service, or in extreme cases, to…

  • CVE-2018-7230HigMar 9, 2018
    risk 0.57cvss 8.8epss 0.02

    A XML external entity (XXE) vulnerability exists in the import.cgi of the web interface component of the Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67.

  • CVE-2017-7969HigSep 26, 2017
    risk 0.57cvss 8.8epss 0.01

    A cross-site request forgery vulnerability exists on the Secure Gateway component of Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 for multiple state-changing requests. This type…

  • CVE-2017-7966HigJun 7, 2017
    risk 0.57cvss 8.8epss 0.02

    A DLL Hijacking vulnerability in the programming software in Schneider Electric's SoMachine HVAC v2.1.0 allows a remote attacker to execute arbitrary code on the targeted system. The vulnerability exists due to the improper loading of a DLL.

  • CVE-2017-5156HigApr 20, 2017
    risk 0.57cvss 8.8epss 0.01

    A Cross-Site Request Forgery issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. The client request may be forged from a different site. This will allow an external site to access internal RDP systems on behalf of the…

  • CVE-2016-2290HigApr 6, 2016
    risk 0.57cvss 8.8epss 0.02

    Heap-based buffer overflow in Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before 4.05.000, PFXEXEDLS before 4.05.000, and PFXEXGRPLS before 4.05.000 allows remote attackers to execute arbitrary code via unspecified vectors.

  • CVE-2017-9627HigJul 7, 2017
    risk 0.56cvss 8.6epss 0.04

    An Uncontrolled Resource Consumption issue was discovered in Schneider Electric Wonderware ArchestrA Logger, versions 2017.426.2307.1 and prior. The uncontrolled resource consumption vulnerability could allow an attacker to exhaust the memory resources of the machine, causing a…

  • CVE-2017-6019HigApr 7, 2017
    risk 0.55cvss 7.5epss 0.37

    An issue was discovered in Schneider Electric Conext ComBox, model 865-1058, all firmware versions prior to V3.03 BN 830. A series of rapid requests to the device may cause it to reboot.

  • CVE-2020-7562HigNov 18, 2020
    risk 0.53cvss 8.1epss 0.01

    A CWE-125: Out-of-Bounds Read vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details) which could cause a segmentation fault or a buffer overflow when uploading a…

  • CVE-2019-6820HigMay 22, 2019
    risk 0.53cvss 8.2epss 0.01

    A CWE-306: Missing Authentication for Critical Function vulnerability exists which could cause a modification of device IP configuration (IP address, network mask and gateway IP address) when a specific Ethernet frame is received in all versions of: Modicon M100, Modicon M200,…

  • CVE-2018-7798HigNov 2, 2018
    risk 0.53cvss 8.2epss 0.01

    A Insufficient Verification of Data Authenticity (CWE-345) vulnerability exists in the Modicon M221, all versions, which could cause a change of IPv4 configuration (IP address, mask and gateway) when remotely connected to the device.

  • CVE-2018-8872HigMay 4, 2018
    risk 0.53cvss 8.1epss 0.02

    In Schneider Electric Triconex Tricon MP model 3008 firmware versions 10.0-10.4, system calls read directly from memory addresses within the control program area without any verification. Manipulating this data could allow attacker data to be copied anywhere within memory.

  • CVE-2018-7236HigMar 9, 2018
    risk 0.53cvss 8.1epss 0.01

    A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could enable SSH service due to lack of authentication for /login/bin/set_param could enable SSH service.

  • CVE-2017-9963HigFeb 12, 2018
    risk 0.53cvss 8.1epss 0.00

    A cross-site request forgery vulnerability exists on the Secure Gateway component of Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 for multiple state-changing requests. This type…

  • CVE-2018-7771HigJul 3, 2018
    risk 0.52cvss 8.0epss 0.01

    The vulnerability exists within processing of editscript.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. A directory traversal vulnerability allows a caller with standard user privileges to write arbitrary php files anywhere in the web service…

  • CVE-2025-13845HigJan 15, 2026
    risk 0.51cvss 7.8epss 0.00

    CWE-416: Use After Free vulnerability that could cause remote code execution when the end user imports the malicious project file (SSD file) into Rapsody.

  • CVE-2018-7239HigMar 9, 2018
    risk 0.51cvss 7.8epss 0.03

    A DLL hijacking vulnerability exists in Schneider Electric's SoMove Software and associated DTM software components in all versions prior to 2.6.2 which could allow an attacker to execute arbitrary code.

  • CVE-2017-9967HigFeb 12, 2018
    risk 0.51cvss 7.8epss 0.00

    A security misconfiguration vulnerability exists in Schneider Electric's IGSS SCADA Software versions 12 and prior. Security configuration settings such as Address Space Layout Randomization (ASLR) and Data Execution prevention (DEP) were not properly configured resulting in…

  • CVE-2017-9961HigSep 26, 2017
    risk 0.51cvss 7.8epss 0.00

    A vulnerability exists in Schneider Electric's Pro-Face GP Pro EX version 4.07.000 that allows an attacker to execute arbitrary code. Malicious code installation requires an access to the computer. By placing a specific DLL/OCX file, an attacker is able to force the process to…

  • CVE-2017-9958HigSep 26, 2017
    risk 0.51cvss 7.8epss 0.00

    An improper access control vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an improper handling of the system configuration can allow an attacker to execute arbitrary code under the context of root.

  • CVE-2017-7968HigMay 19, 2017
    risk 0.51cvss 7.8epss 0.00

    An Incorrect Default Permissions issue was discovered in Schneider Electric Wonderware InduSoft Web Studio v8.0 Patch 3 and prior versions. Upon installation, Wonderware InduSoft Web Studio creates a new directory and two files, which are placed in the system's path and can be…

  • CVE-2017-6033HigApr 7, 2017
    risk 0.51cvss 7.8epss 0.01

    A DLL Hijacking issue was discovered in Schneider Electric Interactive Graphical SCADA System (IGSS) Software, Version 12 and previous versions. The software will execute a malicious file if it is named the same as a legitimate file and placed in a location that is earlier in…

  • CVE-2016-2278HigMar 2, 2016
    risk 0.51cvss 7.2epss 0.13

    Schneider Electric Struxureware Building Operations Automation Server AS 1.7 and earlier and AS-P 1.7 and earlier allows remote authenticated administrators to execute arbitrary OS commands by defeating an msh (aka Minimal Shell) protection mechanism.

  • CVE-2018-7852HigMay 22, 2019
    risk 0.50cvss 7.5epss 0.04

    A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service when an invalid private command parameter is sent to the controller over Modbus.

  • CVE-2024-6918HigAug 20, 2024
    risk 0.49cvss 7.5epss 0.00

    CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability exists that could cause a crash of the Accutech Manager when receiving a specially crafted request over port 2536/TCP.

  • CVE-2021-22788HigFeb 11, 2022
    risk 0.49cvss 7.5epss 0.01

    A CWE-787: Out-of-bounds Write vulnerability exists that could cause denial of service when an attacker sends a specially crafted HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet…

  • CVE-2021-22787HigFeb 11, 2022
    risk 0.49cvss 7.5epss 0.01

    A CWE-20: Improper Input Validation vulnerability exists that could cause denial of service of the device when an attacker sends a specially crafted HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340…

  • CVE-2021-22785HigFeb 11, 2022
    risk 0.49cvss 7.5epss 0.01

    A CWE-200: Information Exposure vulnerability exists that could cause sensitive information of files located in the web root directory to leak when an attacker sends a HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 (Versions prior to…

  • CVE-2021-22792HigSep 2, 2021
    risk 0.49cvss 7.5epss 0.01

    A CWE-476: NULL Pointer Dereference vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU (part numbers BMEP* and BMEH*, all…

  • CVE-2021-22766HigJun 11, 2021
    risk 0.49cvss 7.5epss 0.01

    A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service via a specially crafted HTTP packet

  • CVE-2021-22713HigMar 11, 2021
    risk 0.49cvss 7.5epss 0.01

    A CWE-119:Improper restriction of operations within the bounds of a memory buffer vulnerability exists in PowerLogic ION8650, ION8800, ION7650, ION7700/73xx, and ION83xx/84xx/85xx/8600 (see security notifcation for affected versions), which could cause the meter to reboot.

  • CVE-2021-22703HigFeb 19, 2021
    risk 0.49cvss 7.5epss 0.01

    A CWE-319: Cleartext transmission of sensitive information vulnerability exists in PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected versions), that could cause disclosure of user credentials when a malicious…

  • CVE-2021-22702HigFeb 19, 2021
    risk 0.49cvss 7.5epss 0.01

    A CWE-319: Cleartext transmission of sensitive information vulnerability exists in PowerLogic ION7400, ION7650, ION7700/73xx, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected versions), that could cause disclosure of user credentials…

  • CVE-2020-7488HigApr 22, 2020
    risk 0.49cvss 7.5epss 0.01

    A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists which could leak sensitive information transmitted between the software and the Modicon M218, M241, M251, and M258 controllers.

  • CVE-2020-7477HigMar 23, 2020
    risk 0.49cvss 7.5epss 0.01

    A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Quantum Ethernet Network module 140NOE771x1 (Versions 7.0 and prior), Quantum processors with integrated Ethernet – 140CPU65xxxxx (all Versions), and Premium processors with integrated…

  • CVE-2019-6857HigJan 6, 2020
    risk 0.49cvss 7.5epss 0.02

    A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service of the controller when reading specific…

Page 2 of 15