Filtered by vendor Schneider-electric
Subscribe
Total
757 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-9961 | 1 Schneider-electric | 1 Pro-face Gp Pro Ex | 2019-10-03 | 4.6 MEDIUM | 7.8 HIGH |
| A vulnerability exists in Schneider Electric's Pro-Face GP Pro EX version 4.07.000 that allows an attacker to execute arbitrary code. Malicious code installation requires an access to the computer. By placing a specific DLL/OCX file, an attacker is able to force the process to load arbitrary DLL and execute arbitrary code in the context of the process. | |||||
| CVE-2018-7811 | 1 Schneider-electric | 8 Modicom Bmxnor0200h, Modicom Bmxnor0200h Firmware, Modicom M340 and 5 more | 2019-10-02 | 5.0 MEDIUM | 9.8 CRITICAL |
| An Unverified Password Change vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 which could allow an unauthenticated remote user to access the change password function of the web server | |||||
| CVE-2018-7784 | 1 Schneider-electric | 1 U.motion | 2019-09-30 | 7.5 HIGH | 9.8 CRITICAL |
| In Schneider Electric U.motion Builder software versions prior to v1.3.4, this exploit occurs when the submitted data of an input string is evaluated as a command by the application. In this way, the attacker could execute code, read the stack, or cause a segmentation fault in the running application. | |||||
| CVE-2018-1126 | 5 Canonical, Debian, Procps-ng Project and 2 more | 10 Ubuntu Linux, Debian Linux, Procps-ng and 7 more | 2019-07-30 | 7.5 HIGH | 9.8 CRITICAL |
| procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading to truncation/integer overflow issues. This flaw is related to CVE-2018-1124. | |||||
| CVE-2018-7839 | 1 Schneider-electric | 1 Iiot Monitor | 2019-06-07 | 2.1 LOW | 5.5 MEDIUM |
| A Cryptographic Issue (CWE-310) vulnerability exists in IIoT Monitor 3.1.38 which could allow information disclosure. | |||||
| CVE-2018-7832 | 1 Schneider-electric | 1 Pro-face Gp-pro Ex | 2019-05-28 | 6.5 MEDIUM | 8.8 HIGH |
| An Improper Input Validation vulnerability exists in Pro-Face GP-Pro EX v4.08 and previous versions which could cause the execution arbitrary executable when GP-Pro EX is launched. | |||||
| CVE-2018-7825 | 1 Schneider-electric | 118 D6220, D6220 Firmware, D6220l and 115 more | 2019-05-28 | 6.5 MEDIUM | 8.8 HIGH |
| A Command Injection vulnerability exists in the web-based GUI of the 1st Gen PelcoSarix Enhanced Camera that could allow a remote attacker to execute arbitrary commands. | |||||
| CVE-2018-7826 | 1 Schneider-electric | 118 D6220, D6220 Firmware, D6220l and 115 more | 2019-05-28 | 6.5 MEDIUM | 8.8 HIGH |
| A Command Injection vulnerability exists in the web-based GUI of the 1st Gen Pelco Sarix Enhanced Camera that could allow a remote attacker to execute arbitrary commands. | |||||
| CVE-2018-7828 | 1 Schneider-electric | 118 D6220, D6220 Firmware, D6220l and 115 more | 2019-05-28 | 6.8 MEDIUM | 8.8 HIGH |
| A Cross-Site Request Forgery (CSRF) vulnerability exists in the 1st Gen. Pelco Sarix Enhanced Camera and Spectra Enhanced PTZ Camera when an authenticated user clicks a specially crafted malicious link while logged into the camera. | |||||
| CVE-2018-7780 | 1 Schneider-electric | 40 Ibp1110-1er, Ibp1110-1er Firmware, Ibp219-1er and 37 more | 2019-05-24 | 7.5 HIGH | 9.8 CRITICAL |
| In Schneider Electric Pelco Sarix Professional 1st generation cameras with firmware versions prior to 3.29.69, a buffer overflow vulnerability exist in cgi program "set". | |||||
| CVE-2018-7829 | 1 Schneider-electric | 118 D6220, D6220 Firmware, D6220l and 115 more | 2019-05-24 | 9.0 HIGH | 8.8 HIGH |
| An Improper Neutralization of Special Elements in Query vulnerability exists in the 1st Gen. Pelco Sarix Enhanced Camera and Spectra Enhanced PTZ Camera which allows an attacker to execute arbitrary system commands. | |||||
| CVE-2019-6816 | 1 Schneider-electric | 2 Modicon Quantum, Modicon Quantum Firmware | 2019-05-23 | 6.4 MEDIUM | 9.1 CRITICAL |
| In Modicon Quantum all firmware versions, a CWE-94: Code Injection vulnerability could cause an unauthorized firmware modification with possible Denial of Service when using Modbus protocol. | |||||
| CVE-2018-7765 | 1 Schneider-electric | 1 U.motion Builder | 2019-05-14 | 6.8 MEDIUM | 8.8 HIGH |
| The vulnerability exists within processing of track_import_export.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the object_id input parameter. | |||||
| CVE-2017-9963 | 1 Schneider-electric | 1 Powerscada Anywhere | 2019-04-23 | 5.8 MEDIUM | 8.1 HIGH |
| A cross-site request forgery vulnerability exists on the Secure Gateway component of Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 for multiple state-changing requests. This type of attack requires some level of social engineering in order to get a legitimate user to click on or access a malicious link/site containing the CSRF attack. | |||||
| CVE-2014-9198 | 1 Schneider-electric | 5 Etg3000 Factorycast Hmi Gateway Firmware, Tsxetg3000, Tsxetg3010 and 2 more | 2019-04-15 | 10.0 HIGH | N/A |
| The FTP server on the Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware through 1.60 IR 04 has hardcoded credentials, which makes it easier for remote attackers to obtain access via an FTP session. | |||||
| CVE-2018-7800 | 1 Schneider-electric | 2 Evlink Parking, Evlink Parking Firmware | 2019-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| A Hard-coded Credentials vulnerability exists in EVLink Parking, v3.2.0-12_v1 and earlier, which could enable an attacker to gain access to the device. | |||||
| CVE-2018-7802 | 1 Schneider-electric | 2 Evlink Parking, Evlink Parking Firmware | 2019-02-28 | 6.5 MEDIUM | 8.8 HIGH |
| A SQL Injection vulnerability exists in EVLink Parking, v3.2.0-12_v1 and earlier, which could give access to the web interface with full privileges. | |||||
| CVE-2018-7797 | 1 Schneider-electric | 3 Ecostruxure Energy Expert, Ecostruxure Power Monitoring Expert, Ecostruxure Power Scada Operation | 2019-02-11 | 5.8 MEDIUM | 6.1 MEDIUM |
| A URL redirection vulnerability exists in Power Monitoring Expert, Energy Expert (formerly Power Manager) - EcoStruxure Power Monitoring Expert (PME) v8.2 (all editions), EcoStruxure Energy Expert 1.3 (formerly Power Manager), EcoStruxure Power SCADA Operation (PSO) 8.2 Advanced Reports and Dashboards Module, EcoStruxure Power Monitoring Expert (PME) v9.0, EcoStruxure Energy Expert v2.0, and EcoStruxure Power SCADA Operation (PSO) 9.0 Advanced Reports and Dashboards Module which could cause a phishing attack when redirected to a malicious site. | |||||
| CVE-2018-7815 | 1 Schneider-electric | 1 Guicon | 2019-02-08 | 6.8 MEDIUM | 7.8 HIGH |
| A Type Confusion (CWE-843) vulnerability exists in Eurotherm by Schneider Electric GUIcon V2.0 (Gold Build 683.0) on c3core.dll which could cause remote code to be executed when parsing a GD1 file | |||||
| CVE-2018-7813 | 1 Schneider-electric | 1 Guicon | 2019-02-07 | 6.8 MEDIUM | 7.8 HIGH |
| A Type Confusion (CWE-843) vulnerability exists in Eurotherm by Schneider Electric GUIcon V2.0 (Gold Build 683.0) on pcwin.dll which could cause remote code to be executed when parsing a GD1 file | |||||