Filtered by vendor Schneider-electric
Subscribe
Total
757 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-5313 | 1 Schneider-electric | 2 Evlink Home, Evlink Home Firmware | 2024-08-14 | N/A | 6.5 MEDIUM |
| CWE-668: Exposure of the Resource Wrong Sphere vulnerability exists that exposes a SSH interface over the product network interface. This does not allow to directly exploit the product or make any unintended operation as the SSH interface access is protected by an authentication mechanism. Impacts are limited to port scanning and fingerprinting activities as well as attempts to perform a potential denial of service attack on the exposed SSH interface. | |||||
| CVE-2013-2763 | 1 Schneider-electric | 24 Modicon M340 Bmx Noc 0401, Modicon M340 Bmx Noc 0401 Firmware, Modicon M340 Bmx Noe 0100 and 21 more | 2024-08-06 | 5.0 MEDIUM | N/A |
| The Schneider Electric M340 PLC modules allow remote attackers to cause a denial of service (resource consumption) via unspecified vectors. NOTE: the vendor reportedly disputes this issue because it "could not be duplicated" and "an attacker could not remotely exploit this observed behavior to deny PLC control functions. | |||||
| CVE-2021-22767 | 1 Schneider-electric | 4 Powerlogic Egx100, Powerlogic Egx100 Firmware, Powerlogic Egx300 and 1 more | 2024-08-03 | 7.5 HIGH | 9.8 CRITICAL |
| A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service or remote code execution via a specially crafted HTTP packet.This CVE ID is unique from CVE-2021-2276 | |||||
| CVE-2021-22765 | 1 Schneider-electric | 4 Powerlogic Egx100, Powerlogic Egx100 Firmware, Powerlogic Egx300 and 1 more | 2024-08-03 | 7.5 HIGH | 9.8 CRITICAL |
| A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service or remote code execution via a specially crafted HTTP packet | |||||
| CVE-2021-22766 | 1 Schneider-electric | 4 Powerlogic Egx100, Powerlogic Egx100 Firmware, Powerlogic Egx300 and 1 more | 2024-08-03 | 5.0 MEDIUM | 7.5 HIGH |
| A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service via a specially crafted HTTP packet | |||||
| CVE-2021-22768 | 1 Schneider-electric | 4 Powerlogic Egx100, Powerlogic Egx100 Firmware, Powerlogic Egx300 and 1 more | 2024-08-03 | 7.5 HIGH | 9.8 CRITICAL |
| A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service or remote code execution via a specially crafted HTTP packet.This CVE ID is unique from CVE-2021-22767 | |||||
| CVE-2022-26507 | 2 Att, Schneider-electric | 9 Xmill, Ecostruxure Control Expert, Ecostruxure Process Expert and 6 more | 2024-08-03 | 7.5 HIGH | 9.8 CRITICAL |
| A heap-based buffer overflow exists in XML Decompression DecodeTreeBlock in AT&T Labs Xmill 0.7. A crafted input file can lead to remote code execution. This is not the same as any of: CVE-2021-21810, CVE-2021-21811, CVE-2021-21812, CVE-2021-21815, CVE-2021-21825, CVE-2021-21826, CVE-2021-21828, CVE-2021-21829, or CVE-2021-21830. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | |||||
| CVE-2024-37038 | 1 Schneider-electric | 7 Sage 1410, Sage 1430, Sage 1450 and 4 more | 2024-07-25 | N/A | 8.8 HIGH |
| CWE-276: Incorrect Default Permissions vulnerability exists that could allow an authenticated user with access to the device’s web interface to perform unauthorized file and firmware uploads when crafting custom web requests. | |||||
| CVE-2024-37037 | 1 Schneider-electric | 7 Sage 1410, Sage 1430, Sage 1450 and 4 more | 2024-07-25 | N/A | 8.1 HIGH |
| CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability exists that could allow an authenticated user with access to the device’s web interface to corrupt files and impact device functionality when sending a crafted HTTP request. | |||||
| CVE-2024-37039 | 1 Schneider-electric | 7 Sage 1410, Sage 1430, Sage 1450 and 4 more | 2024-07-25 | N/A | 7.5 HIGH |
| CWE-252: Unchecked Return Value vulnerability exists that could cause denial of service of the device when an attacker sends a specially crafted HTTP request. | |||||
| CVE-2024-37040 | 1 Schneider-electric | 7 Sage 1410, Sage 1430, Sage 1450 and 4 more | 2024-07-25 | N/A | 8.1 HIGH |
| CWE-120: Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’) vulnerability exists that could allow a user with access to the device’s web interface to cause a fault on the device when sending a malformed HTTP request. | |||||
| CVE-2024-5558 | 1 Schneider-electric | 4 Spacelogic As-b, Spacelogic As-b Firmware, Spacelogic As-p and 1 more | 2024-07-25 | N/A | 6.4 MEDIUM |
| CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability exists that could cause escalation of privileges when an attacker abuses a limited admin account. | |||||
| CVE-2024-5557 | 1 Schneider-electric | 4 Spacelogic As-b, Spacelogic As-b Firmware, Spacelogic As-p and 1 more | 2024-07-25 | N/A | 4.5 MEDIUM |
| CWE-532: Insertion of Sensitive Information into Log File vulnerability exists that could cause exposure of SNMP credentials when an attacker has access to the controller logs. | |||||
| CVE-2024-5560 | 1 Schneider-electric | 7 Sage 1410, Sage 1430, Sage 1450 and 4 more | 2024-07-25 | N/A | 7.5 HIGH |
| CWE-125: Out-of-bounds Read vulnerability exists that could cause denial of service of the device’s web interface when an attacker sends a specially crafted HTTP request. | |||||
| CVE-2024-0865 | 1 Schneider-electric | 1 Ecostruxure It Gateway | 2024-07-19 | N/A | 7.8 HIGH |
| CWE-798: Use of hard-coded credentials vulnerability exists that could cause local privilege escalation when logged in as a non-administrative user. | |||||
| CVE-2024-2602 | 1 Schneider-electric | 1 Foxrtu Station | 2024-07-12 | N/A | 7.8 HIGH |
| CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could result in remote code execution when an authenticated user executes a saved project file that has been tampered by a malicious actor. | |||||
| CVE-2024-5680 | 1 Schneider-electric | 1 Ecostruxure Foxboro Dcs Control Core Services | 2024-07-12 | N/A | 5.5 MEDIUM |
| CWE-129: Improper Validation of Array Index vulnerability exists that could cause local denial-of-service when a malicious actor with local user access crafts a script/program using an IOCTL call in the Foxboro.sys driver. | |||||
| CVE-2024-5679 | 1 Schneider-electric | 1 Ecostruxure Foxboro Dcs Control Core Services | 2024-07-12 | N/A | 7.1 HIGH |
| CWE-787: Out-of-Bounds Write vulnerability exists that could cause local denial-of-service, or kernel memory leak when a malicious actor with local user access crafts a script/program using an IOCTL call in the Foxboro.sys driver. | |||||
| CVE-2024-5681 | 1 Schneider-electric | 1 Ecostruxure Foxboro Dcs Control Core Services | 2024-07-12 | N/A | 7.8 HIGH |
| CWE-20: Improper Input Validation vulnerability exists that could cause local denial-of-service, privilege escalation, and potentially kernel execution when a malicious actor with local user access crafts a script/program using an IOCTL call in the Foxboro.sys driver. | |||||
| CVE-2024-6528 | 1 Schneider-electric | 10 Modicon Lmc058, Modicon Lmc058 Firmware, Modicon M241 and 7 more | 2024-07-12 | N/A | 6.1 MEDIUM |
| CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause a vulnerability leading to a cross-site scripting condition where attackers can have a victim’s browser run arbitrary JavaScript when they visit a page containing the injected payload. | |||||