Skip to main content

Schneider Electric

174 CVEs vendor

Monthly

CVE-2023-29413 HIGH PATCH This Week

A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause Denial-of-Service when accessed by an unauthenticated user on the Schneider UPS Monitor service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Schneider Electric Authentication Bypass Apc Easy Ups Online Monitoring Software Easy Ups Online Monitoring Software
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2020-7524 HIGH This Week

Out-of-bounds Write vulnerability exists in Modicon M218 Logic Controller (V5.0.0.7 and prior) which could cause Denial of Service when sending specific crafted IPV4 packet to the controller: Sending. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Schneider Electric Denial Of Service Memory Corruption Modicon M218 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-7523 HIGH This Week

Improper Privilege Management vulnerability exists in Schneider Electric Modbus Serial Driver (see security notification for versions) which could cause local privilege escalation when the Modbus. Rated high severity (CVSS 7.8). No vendor patch available.

Schneider Electric Privilege Escalation Modbus Driver Suite Modbus Serial Driver
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-7520 MEDIUM PATCH This Month

A CWE-601: URL Redirection to Untrusted Site ('Open Redirect') vulnerability exists in Schneider Electric Software Update (SESU), V2.4.0 and prior, which could cause execution of malicious code on. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required.

Schneider Electric Microsoft Open Redirect Software Update Utility
NVD
CVSS 3.1
4.7
EPSS
0.9%
CVE-2019-10953 HIGH This Week

ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - Programmable Logic Controllers, multiple versions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Siemens Denial Of Service Abb Schneider Electric
NVD VulDB GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2018-7799 HIGH This Week

A DLL hijacking vulnerability exists in Schneider Electric Software Update (SESU), all versions prior to V2.2.0, which could allow an attacker to execute arbitrary code on the targeted system when. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Schneider Electric RCE Software Update Utility
NVD
CVSS 3.0
7.8
EPSS
2.8%
CVE-2018-7792 HIGH This Week

A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Schneider Electric Modicon M221 Firmware
NVD VulDB
CVSS 3.1
7.5
EPSS
0.2%
CVE-2018-7791 CRITICAL Act Now

A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Schneider Electric Modicon M221 Firmware
NVD VulDB
CVSS 3.1
9.8
EPSS
0.4%
CVE-2018-7790 CRITICAL Act Now

An Information Management Error vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Schneider Electric Modicon M221 Firmware
NVD VulDB
CVSS 3.1
9.8
EPSS
1.5%
CVE-2018-7795 MEDIUM This Month

A Cross Protocol Injection vulnerability exists in Schneider Electric's PowerLogic (PM5560 prior to FW version 2.5.4) product. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric XSS Java Powerlogic Pm5560 Firmware
NVD VulDB
CVSS 3.1
5.4
EPSS
0.3%
CVE-2018-7789 HIGH This Week

An Improper Check for Unusual or Exceptional Conditions vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Schneider Electric Modicon M221 Firmware
NVD VulDB
CVSS 3.1
7.5
EPSS
0.7%
CVE-2018-7787 MEDIUM This Month

In Schneider Electric U.motion Builder software versions prior to v1.3.4, this vulnerability is due to improper validation of input of context parameter in HTTP GET request. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Information Disclosure U Motion Builder
NVD
CVSS 3.0
5.3
EPSS
1.1%
CVE-2018-7786 MEDIUM This Month

In Schneider Electric U.motion Builder software versions prior to v1.3.4, a cross site scripting (XSS) vulnerability exists which could allow injection of malicious scripts. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric XSS U Motion Builder
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-7785 CRITICAL Act Now

In Schneider Electric U.motion Builder software versions prior to v1.3.4, a remote command injection allows authentication bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Authentication Bypass Command Injection U Motion Builder
NVD
CVSS 3.0
9.8
EPSS
3.1%
CVE-2018-7784 CRITICAL Act Now

In Schneider Electric U.motion Builder software versions prior to v1.3.4, this exploit occurs when the submitted data of an input string is evaluated as a command by the application. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Information Disclosure U Motion
NVD
CVSS 3.0
9.8
EPSS
2.3%
CVE-2018-7783 HIGH This Week

Schneider Electric SoMachine Basic prior to v1.6 SP1 suffers from an XML External Entity (XXE) vulnerability using the DTD parameter entities technique resulting in disclosure and retrieval of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric XXE Somachine Basic
NVD
CVSS 3.0
7.5
EPSS
1.6%
CVE-2018-7782 HIGH This Week

In Schneider Electric Pelco Sarix Professional 1st generation cameras with firmware versions prior to 3.29.69, authenticated users can view passwords in clear text. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Schneider Electric Information Disclosure Imps110 1 Firmware Imps110 1E Firmware Imps110 1Er Firmware +17
NVD
CVSS 3.0
8.8
EPSS
0.8%
CVE-2018-7781 HIGH This Week

In Schneider Electric Pelco Sarix Professional 1st generation cameras with firmware versions prior to 3.29.69, by sending a specially crafted request an authenticated user can view password in clear. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Schneider Electric Privilege Escalation Imps110 1 Firmware Imps110 1E Firmware Imps110 1Er Firmware +17
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2018-7780 CRITICAL Act Now

In Schneider Electric Pelco Sarix Professional 1st generation cameras with firmware versions prior to 3.29.69, a buffer overflow vulnerability exist in cgi program "set". Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Buffer Overflow Imps110 1 Firmware Imps110 1E Firmware Imps110 1Er Firmware +17
NVD
CVSS 3.0
9.8
EPSS
1.2%
CVE-2018-7779 HIGH This Week

In Schneider Electric Wiser for KNX V2.1.0 and prior, homeLYnk V2.0.1 and prior; and spaceLYnk V2.1.0 and prior, weak and unprotected FTP access could allow an attacker unauthorized access. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Authentication Bypass Homelynk Firmware Spacelynk Firmware Wiser For Knx Firmware
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2018-7778 CRITICAL Act Now

In Schneider Electric Evlink Charging Station versions prior to v3.2.0-12_v1, the Web Interface has an issue that may allow a remote attacker to gain administrative privileges without properly. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Authentication Bypass Evlink Charging Station Firmware
NVD
CVSS 3.0
9.8
EPSS
2.1%
CVE-2018-7777 HIGH POC THREAT This Week

The vulnerability is due to insufficient handling of update_file request parameter on update_module.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Schneider Electric Information Disclosure PHP U Motion Builder
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
31.8%
CVE-2018-7776 MEDIUM This Month

The vulnerability exists within error.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Information Disclosure PHP U Motion Builder
NVD
CVSS 3.0
4.3
EPSS
0.7%
CVE-2018-7774 HIGH This Week

The vulnerability exists within processing of localize.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Schneider Electric PHP U Motion Builder
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2018-7773 HIGH This Week

The vulnerability exists within processing of nfcserver.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Schneider Electric PHP U Motion Builder
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2018-7772 HIGH This Week

The vulnerability exists within processing of applets which are exposed on the web service in Schneider Electric U.motion Builder software versions prior to v1.3.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Schneider Electric U Motion Builder
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2018-7771 HIGH This Week

The vulnerability exists within processing of editscript.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Schneider Electric Path Traversal PHP U Motion Builder
NVD
CVSS 3.0
8.0
EPSS
1.4%
CVE-2018-7770 MEDIUM This Month

The vulnerability exists within processing of sendmail.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Path Traversal PHP U Motion
NVD
CVSS 3.0
6.5
EPSS
1.3%
CVE-2018-7769 HIGH This Week

The vulnerability exists within processing of xmlserver.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Schneider Electric PHP U Motion Builder
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2018-7768 HIGH This Week

The vulnerability exists within processing of loadtemplate.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Schneider Electric PHP U Motion Builder
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2018-7767 HIGH This Week

The vulnerability exists within processing of editobject.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Schneider Electric PHP U Motion Builder
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2018-7766 HIGH This Week

The vulnerability exists within processing of track_getdata.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Schneider Electric PHP U Motion Builder
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2018-7765 HIGH POC This Week

The vulnerability exists within processing of track_import_export.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Schneider Electric PHP U Motion Builder
NVD
CVSS 3.0
8.8
EPSS
2.9%
CVE-2018-7764 MEDIUM This Month

The vulnerability exists within runscript.php applet in Schneider Electric U.motion Builder software versions prior to v1.3.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Path Traversal PHP U Motion Builder
NVD
CVSS 3.0
4.3
EPSS
1.3%
CVE-2018-7763 MEDIUM This Month

The vulnerability exists within css.inc.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Path Traversal PHP U Motion Builder
NVD
CVSS 3.0
4.3
EPSS
1.3%
CVE-2018-8872 HIGH This Week

In Schneider Electric Triconex Tricon MP model 3008 firmware versions 10.0-10.4, system calls read directly from memory addresses within the control program area without any verification. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Schneider Electric Buffer Overflow Triconex Tricon Mp 3008 Firmware
NVD
CVSS 3.0
8.1
EPSS
2.3%
CVE-2018-7522 MEDIUM This Month

In Schneider Electric Triconex Tricon MP model 3008 firmware versions 10.0-10.4, when a system call is made, registers are stored to a fixed memory location. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Schneider Electric Buffer Overflow Triconex Tricon Mp 3008 Firmware
NVD
CVSS 3.0
6.7
EPSS
0.4%
CVE-2018-7762 HIGH This Week

A vulnerability exists in the web services to process SOAP requests in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200 which could allow result in a buffer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Buffer Overflow Bmxnor0200 Firmware Bmxnor0200H Firmware 140Cpu65150 Firmware +54
NVD
CVSS 3.0
7.5
EPSS
1.3%
CVE-2018-7761 CRITICAL Act Now

A vulnerability exists in the HTTP request parser in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200 which could allow arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric RCE Bmxnor0200 Firmware Bmxnor0200H Firmware 140Cpu65150 Firmware +54
NVD
CVSS 3.0
9.8
EPSS
2.1%
CVE-2018-7760 CRITICAL Act Now

An authorization bypass vulnerability exists in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Authentication Bypass Bmxnor0200 Firmware Bmxnor0200H Firmware 140Cpu65150 Firmware +54
NVD
CVSS 3.0
9.8
EPSS
1.5%
CVE-2018-7759 HIGH This Week

A buffer overflow vulnerability exists in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Buffer Overflow Bmxnor0200 Firmware Bmxnor0200H Firmware 140Cpu65150 Firmware +54
NVD
CVSS 3.0
7.5
EPSS
1.3%
CVE-2018-7758 MEDIUM This Month

A denial of service vulnerability exists in Schneider Electric's MiCOM Px4x (P540 range excluded) with legacy Ethernet board, MiCOM P540D Range with Legacy Ethernet Board, and MiCOM Px4x Rejuvenated. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Denial Of Service Micom P141 Firmware Micom P142 Firmware Micom P143 Firmware +20
NVD
CVSS 3.0
6.5
EPSS
0.6%
CVE-2018-7246 CRITICAL Act Now

A cleartext transmission of sensitive information vulnerability exists in Schneider Electric's 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Information Disclosure 66074 Mge Network Management Card Transverse
NVD
CVSS 3.0
9.8
EPSS
0.9%
CVE-2018-7245 CRITICAL Act Now

An improper authorization vulnerability exists In Schneider Electric's 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Authentication Bypass 66074 Mge Network Management Card Transverse
NVD
CVSS 3.0
9.1
EPSS
1.3%
CVE-2018-7244 MEDIUM This Month

An information disclosure vulnerability exists In Schneider Electric's 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Information Disclosure 66074 Mge Network Management Card Transverse
NVD
CVSS 3.0
5.3
EPSS
1.1%
CVE-2018-7243 CRITICAL Act Now

An authorization bypass vulnerability exists In Schneider Electric's 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Authentication Bypass 66074 Mge Network Management Card Transverse
NVD
CVSS 3.0
9.8
EPSS
2.8%
CVE-2018-7242 CRITICAL Act Now

Vulnerable hash algorithms exists in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Information Disclosure Bmxnor0200 Firmware Bmxnor0200H Firmware 140Cpu65150 Firmware +54
NVD
CVSS 3.0
9.8
EPSS
1.9%
CVE-2018-7241 CRITICAL Act Now

Hard coded accounts exist in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Authentication Bypass Bmxnor0200 Firmware Bmxnor0200H Firmware 140Cpu65150 Firmware +54
NVD
CVSS 3.0
9.8
EPSS
3.8%
CVE-2018-7240 HIGH This Week

A vulnerability exists in Schneider Electric's Modicon Quantum in all versions of the communication modules which could allow arbitrary code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Schneider Electric Buffer Overflow RCE Denial Of Service Memory Corruption +13
NVD
CVSS 3.0
8.8
EPSS
3.3%
CVE-2018-7239 HIGH This Week

A DLL hijacking vulnerability exists in Schneider Electric's SoMove Software and associated DTM software components in all versions prior to 2.6.2 which could allow an attacker to execute arbitrary. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Schneider Electric RCE Atv Lift Dtm Atv12 Dtm Atv212 Dtm +10
NVD
CVSS 3.0
7.8
EPSS
2.9%
CVE-2018-7238 CRITICAL PATCH Act Now

A buffer overflow vulnerability exist in the web-based GUI of Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow an unauthenticated, remote. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Schneider Electric RCE Buffer Overflow Mps110 1 Firmware Imps110 1Er Firmware +18
NVD
CVSS 3.1
9.8
EPSS
2.8%
CVE-2018-7237 CRITICAL PATCH Act Now

A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow a remote attacker to delete arbitrary system file due to lack of. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Schneider Electric Information Disclosure Mps110 1 Firmware Imps110 1Er Firmware Ibps110 1Er Firmware +17
NVD
CVSS 3.1
9.1
EPSS
1.7%
CVE-2018-7236 HIGH PATCH This Week

A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could enable SSH service due to lack of authentication for /login/bin/set_param. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Schneider Electric Authentication Bypass Mps110 1 Firmware Imps110 1Er Firmware Ibps110 1Er Firmware +17
NVD
CVSS 3.1
8.1
EPSS
1.3%
CVE-2018-7235 HIGH PATCH This Week

A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow arbitrary system file download due to lack of validation of the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Schneider Electric Information Disclosure Mps110 1 Firmware Imps110 1Er Firmware Ibps110 1Er Firmware +17
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2018-7234 HIGH PATCH This Week

A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow arbitrary system file download due to lack of validation of SSL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Schneider Electric Information Disclosure Mps110 1 Firmware Imps110 1Er Firmware Ibps110 1Er Firmware +17
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2018-7233 CRITICAL PATCH Act Now

A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow execution of commands due to lack of validation of the shell meta. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Schneider Electric Information Disclosure Mps110 1 Firmware Imps110 1Er Firmware Ibps110 1Er Firmware +17
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2018-7232 CRITICAL PATCH Act Now

A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow execution of commands due to lack of validation of the shell meta. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Schneider Electric Information Disclosure Mps110 1 Firmware Imps110 1Er Firmware Ibps110 1Er Firmware +17
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2018-7231 CRITICAL PATCH Act Now

A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow execution of commands due to lack of validation of the shell meta. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Schneider Electric Information Disclosure Mps110 1 Firmware Imps110 1Er Firmware Ibps110 1Er Firmware +17
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2018-7230 HIGH PATCH This Week

A XML external entity (XXE) vulnerability exists in the import.cgi of the web interface component of the Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Schneider Electric XXE Mps110 1 Firmware Imps110 1Er Firmware Ibps110 1Er Firmware +17
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2018-7229 CRITICAL PATCH Act Now

A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow an unauthenticated, remote attacker to bypass authentication and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Schneider Electric Authentication Bypass Mps110 1 Firmware Imps110 1Er Firmware Ibps110 1Er Firmware +17
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2018-7228 CRITICAL PATCH Act Now

A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow an unauthenticated, remote attacker to bypass authentication and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Schneider Electric Authentication Bypass Mps110 1 Firmware Imps110 1Er Firmware Ibps110 1Er Firmware +17
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2018-7227 MEDIUM PATCH This Month

A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow retrieving of specially crafted URLs without authentication that. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Schneider Electric Authentication Bypass Mps110 1 Firmware Imps110 1Er Firmware Ibps110 1Er Firmware +17
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2017-14024 CRITICAL Act Now

A Stack-based Buffer Overflow issue was discovered in Schneider Electric InduSoft Web Studio v8.0 SP2 Patch 1 and prior versions, and InTouch Machine Edition v8.0 SP2 Patch 1 and prior versions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Schneider Electric Wonderware Indusoft Web Studio Wonderware Intouch
NVD
CVSS 3.0
9.8
EPSS
3.5%
CVE-2017-13997 CRITICAL Act Now

A Missing Authentication for Critical Function issue was discovered in Schneider Electric InduSoft Web Studio v8.0 SP2 or prior, and InTouch Machine Edition v8.0 SP2 or prior. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Schneider Electric Wonderware Indusoft Web Studio Wonderware Intouch
NVD
CVSS 3.0
9.8
EPSS
1.6%
CVE-2017-9962 HIGH This Week

Schneider Electric's ClearSCADA versions released prior to August 2017 are susceptible to a memory allocation vulnerability, whereby malformed requests can be sent to ClearSCADA client applications. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Schneider Electric Clearscada
NVD
CVSS 3.0
7.5
EPSS
0.6%
CVE-2017-9961 HIGH This Week

A vulnerability exists in Schneider Electric's Pro-Face GP Pro EX version 4.07.000 that allows an attacker to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Schneider Electric Pro Face Gp Pro Ex
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-9960 MEDIUM This Month

An information disclosure vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the system response to error provides more information than should. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Information Disclosure U Motion Builder
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2017-9959 MEDIUM This Month

A vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the system accepts reboot in session from unauthenticated users, supporting a denial of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Schneider Electric U Motion Builder
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-9958 HIGH This Week

An improper access control vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an improper handling of the system configuration can allow an. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Schneider Electric U Motion Builder
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-9957 CRITICAL Act Now

A vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the web service contains a hidden system account with a hardcoded password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Schneider Electric U Motion Builder
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2017-9956 HIGH This Week

An authentication bypass vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the system contains a hard-coded valid session. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Schneider Electric U Motion Builder
NVD
CVSS 3.0
7.3
EPSS
0.5%
CVE-2017-7974 CRITICAL Act Now

A path traversal information disclosure vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an unauthenticated user can execute arbitrary code and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Schneider Electric RCE U Motion Builder
NVD
CVSS 3.0
9.8
EPSS
7.8%
CVE-2017-7973 CRITICAL Act Now

A SQL injection vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an unauthenticated user can use calls to various paths allowing performance of. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Schneider Electric U Motion Builder
NVD
CVSS 3.0
9.8
EPSS
0.3%
CVE-2017-7972 MEDIUM PATCH This Month

A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the ability to. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Schneider Electric Information Disclosure Powerscada Anywhere Citect Anywhere
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-7971 MEDIUM PATCH This Month

A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the use of. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Schneider Electric Information Disclosure Powerscada Anywhere Citect Anywhere
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2017-7970 MEDIUM PATCH This Month

A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the ability to. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Schneider Electric Information Disclosure Powerscada Anywhere Citect Anywhere
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2017-7969 HIGH PATCH This Week

A cross-site request forgery vulnerability exists on the Secure Gateway component of Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Schneider Electric Powerscada Anywhere Citect Anywhere
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2017-9631 HIGH This Week

A Null Pointer Dereference issue was discovered in Schneider Electric Wonderware ArchestrA Logger, versions 2017.426.2307.1 and prior. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Schneider Electric Wonderware Archestra Logger
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2017-9629 CRITICAL Act Now

A Stack-Based Buffer Overflow issue was discovered in Schneider Electric Wonderware ArchestrA Logger, versions 2017.426.2307.1 and prior. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 19.7% and no vendor patch available.

Buffer Overflow RCE Schneider Electric Stack Overflow Wonderware Archestra Logger
NVD
CVSS 3.1
9.8
EPSS
19.7%
CVE-2017-9627 HIGH This Week

An Uncontrolled Resource Consumption issue was discovered in Schneider Electric Wonderware ArchestrA Logger, versions 2017.426.2307.1 and prior. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Schneider Electric Wonderware Archestra Logger
NVD
CVSS 3.1
8.6
EPSS
2.3%
CVE-2017-6034 CRITICAL Act Now

An Authentication Bypass by Capture-Replay issue was discovered in Schneider Electric Modicon Modbus Protocol. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Schneider Electric
NVD VulDB GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2017-6032 MEDIUM This Month

A Violation of Secure Design Principles issue was discovered in Schneider Electric Modicon Modbus Protocol. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Information Disclosure Modbus Firmware
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2017-6030 MEDIUM This Month

A Predictable Value Range from Previous Values issue was discovered in Schneider Electric Modicon PLCs Modicon M221, firmware versions prior to Version 1.5.0.0, Modicon M241, firmware versions prior. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Information Disclosure
NVD VulDB GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2017-6028 CRITICAL Act Now

An Insufficiently Protected Credentials issue was discovered in Schneider Electric Modicon PLCs Modicon M241, all firmware versions, and Modicon M251, all firmware versions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Information Disclosure Modicon M241 Firmware Modicon M251 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2017-6026 CRITICAL POC THREAT Emergency

A Use of Insufficiently Random Values issue was discovered in Schneider Electric Modicon PLCs Modicon M241, firmware versions prior to Version 4.0.5.11, and Modicon M251, firmware versions prior to. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 18.6%.

Schneider Electric Information Disclosure Modicon M251 Firmware Modicon M241 Firmware
NVD Exploit-DB
CVSS 3.1
9.1
EPSS
18.6%
CVE-2017-6017 HIGH This Week

A Resource Exhaustion issue was discovered in Schneider Electric Modicon M340 PLC BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP341000, BMXP342000, BMXP3420102, BMXP3420102CL,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Schneider Electric Bmxnoc0401 Firmware Bmxnoe0100 Firmware Bmxnoe0110 Firmware +12
NVD
CVSS 3.0
7.5
EPSS
5.2%
CVE-2017-7966 HIGH This Week

A DLL Hijacking vulnerability in the programming software in Schneider Electric's SoMachine HVAC v2.1.0 allows a remote attacker to execute arbitrary code on the targeted system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Schneider Electric Somachine
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2017-7965 HIGH This Week

A buffer overflow vulnerability exists in Programming Software executable AlTracePrint.exe, in Schneider Electric's SoMachine HVAC v2.1.0 for Modicon M171/M172 Controller. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Schneider Electric Somachine Hvac
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2017-7968 HIGH This Week

An Incorrect Default Permissions issue was discovered in Schneider Electric Wonderware InduSoft Web Studio v8.0 Patch 3 and prior versions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Schneider Electric Privilege Escalation Wonderware Indusoft Web Studio
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-7907 MEDIUM This Month

An Improper XML Parser Configuration issue was discovered in Schneider Electric Wonderware Historian Client 2014 R2 SP1 and prior. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service XXE Schneider Electric Wonderware Historian Client
NVD
CVSS 3.0
6.6
EPSS
0.1%
EPSS 1% CVSS 7.5
HIGH PATCH This Week

A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause Denial-of-Service when accessed by an unauthenticated user on the Schneider UPS Monitor service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Schneider Electric Authentication Bypass Apc Easy Ups Online Monitoring Software +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Out-of-bounds Write vulnerability exists in Modicon M218 Logic Controller (V5.0.0.7 and prior) which could cause Denial of Service when sending specific crafted IPV4 packet to the controller: Sending. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Schneider Electric Denial Of Service +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Improper Privilege Management vulnerability exists in Schneider Electric Modbus Serial Driver (see security notification for versions) which could cause local privilege escalation when the Modbus. Rated high severity (CVSS 7.8). No vendor patch available.

Schneider Electric Privilege Escalation Modbus Driver Suite +1
NVD
EPSS 1% CVSS 4.7
MEDIUM PATCH This Month

A CWE-601: URL Redirection to Untrusted Site ('Open Redirect') vulnerability exists in Schneider Electric Software Update (SESU), V2.4.0 and prior, which could cause execution of malicious code on. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required.

Schneider Electric Microsoft Open Redirect +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - Programmable Logic Controllers, multiple versions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Siemens Denial Of Service Abb +1
NVD VulDB GitHub
EPSS 3% CVSS 7.8
HIGH This Week

A DLL hijacking vulnerability exists in Schneider Electric Software Update (SESU), all versions prior to V2.2.0, which could allow an attacker to execute arbitrary code on the targeted system when. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Schneider Electric RCE Software Update Utility
NVD
EPSS 0% CVSS 7.5
HIGH This Week

A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Schneider Electric Modicon M221 Firmware
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL Act Now

A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Schneider Electric Modicon M221 Firmware
NVD VulDB
EPSS 2% CVSS 9.8
CRITICAL Act Now

An Information Management Error vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Schneider Electric Modicon M221 Firmware
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM This Month

A Cross Protocol Injection vulnerability exists in Schneider Electric's PowerLogic (PM5560 prior to FW version 2.5.4) product. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric XSS Java +1
NVD VulDB
EPSS 1% CVSS 7.5
HIGH This Week

An Improper Check for Unusual or Exceptional Conditions vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Schneider Electric Modicon M221 Firmware
NVD VulDB
EPSS 1% CVSS 5.3
MEDIUM This Month

In Schneider Electric U.motion Builder software versions prior to v1.3.4, this vulnerability is due to improper validation of input of context parameter in HTTP GET request. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Information Disclosure U Motion Builder
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

In Schneider Electric U.motion Builder software versions prior to v1.3.4, a cross site scripting (XSS) vulnerability exists which could allow injection of malicious scripts. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric XSS U Motion Builder
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

In Schneider Electric U.motion Builder software versions prior to v1.3.4, a remote command injection allows authentication bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Authentication Bypass Command Injection +1
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

In Schneider Electric U.motion Builder software versions prior to v1.3.4, this exploit occurs when the submitted data of an input string is evaluated as a command by the application. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Information Disclosure U Motion
NVD
EPSS 2% CVSS 7.5
HIGH This Week

Schneider Electric SoMachine Basic prior to v1.6 SP1 suffers from an XML External Entity (XXE) vulnerability using the DTD parameter entities technique resulting in disclosure and retrieval of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric XXE Somachine Basic
NVD
EPSS 1% CVSS 8.8
HIGH This Week

In Schneider Electric Pelco Sarix Professional 1st generation cameras with firmware versions prior to 3.29.69, authenticated users can view passwords in clear text. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Schneider Electric Information Disclosure Imps110 1 Firmware +19
NVD
EPSS 1% CVSS 8.8
HIGH This Week

In Schneider Electric Pelco Sarix Professional 1st generation cameras with firmware versions prior to 3.29.69, by sending a specially crafted request an authenticated user can view password in clear. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Schneider Electric Privilege Escalation Imps110 1 Firmware +19
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

In Schneider Electric Pelco Sarix Professional 1st generation cameras with firmware versions prior to 3.29.69, a buffer overflow vulnerability exist in cgi program "set". Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Buffer Overflow Imps110 1 Firmware +19
NVD
EPSS 1% CVSS 7.5
HIGH This Week

In Schneider Electric Wiser for KNX V2.1.0 and prior, homeLYnk V2.0.1 and prior; and spaceLYnk V2.1.0 and prior, weak and unprotected FTP access could allow an attacker unauthorized access. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Authentication Bypass Homelynk Firmware +2
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

In Schneider Electric Evlink Charging Station versions prior to v3.2.0-12_v1, the Web Interface has an issue that may allow a remote attacker to gain administrative privileges without properly. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Authentication Bypass Evlink Charging Station Firmware
NVD
EPSS 32% CVSS 8.8
HIGH POC THREAT This Week

The vulnerability is due to insufficient handling of update_file request parameter on update_module.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Schneider Electric Information Disclosure PHP +1
NVD Exploit-DB
EPSS 1% CVSS 4.3
MEDIUM This Month

The vulnerability exists within error.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Information Disclosure PHP +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

The vulnerability exists within processing of localize.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Schneider Electric PHP +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

The vulnerability exists within processing of nfcserver.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Schneider Electric PHP +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

The vulnerability exists within processing of applets which are exposed on the web service in Schneider Electric U.motion Builder software versions prior to v1.3.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Schneider Electric U Motion Builder
NVD
EPSS 1% CVSS 8.0
HIGH This Week

The vulnerability exists within processing of editscript.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Schneider Electric Path Traversal PHP +1
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

The vulnerability exists within processing of sendmail.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Path Traversal PHP +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

The vulnerability exists within processing of xmlserver.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Schneider Electric PHP +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

The vulnerability exists within processing of loadtemplate.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Schneider Electric PHP +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

The vulnerability exists within processing of editobject.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Schneider Electric PHP +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

The vulnerability exists within processing of track_getdata.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Schneider Electric PHP +1
NVD
EPSS 3% CVSS 8.8
HIGH POC This Week

The vulnerability exists within processing of track_import_export.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Schneider Electric PHP +1
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

The vulnerability exists within runscript.php applet in Schneider Electric U.motion Builder software versions prior to v1.3.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Path Traversal PHP +1
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

The vulnerability exists within css.inc.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Path Traversal PHP +1
NVD
EPSS 2% CVSS 8.1
HIGH This Week

In Schneider Electric Triconex Tricon MP model 3008 firmware versions 10.0-10.4, system calls read directly from memory addresses within the control program area without any verification. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Schneider Electric Buffer Overflow Triconex Tricon Mp 3008 Firmware
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In Schneider Electric Triconex Tricon MP model 3008 firmware versions 10.0-10.4, when a system call is made, registers are stored to a fixed memory location. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Schneider Electric Buffer Overflow Triconex Tricon Mp 3008 Firmware
NVD
EPSS 1% CVSS 7.5
HIGH This Week

A vulnerability exists in the web services to process SOAP requests in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200 which could allow result in a buffer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Buffer Overflow Bmxnor0200 Firmware +56
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

A vulnerability exists in the HTTP request parser in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200 which could allow arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric RCE Bmxnor0200 Firmware +56
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

An authorization bypass vulnerability exists in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Authentication Bypass Bmxnor0200 Firmware +56
NVD
EPSS 1% CVSS 7.5
HIGH This Week

A buffer overflow vulnerability exists in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Buffer Overflow Bmxnor0200 Firmware +56
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

A denial of service vulnerability exists in Schneider Electric's MiCOM Px4x (P540 range excluded) with legacy Ethernet board, MiCOM P540D Range with Legacy Ethernet Board, and MiCOM Px4x Rejuvenated. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Denial Of Service Micom P141 Firmware +22
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

A cleartext transmission of sensitive information vulnerability exists in Schneider Electric's 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Information Disclosure 66074 Mge Network Management Card Transverse
NVD
EPSS 1% CVSS 9.1
CRITICAL Act Now

An improper authorization vulnerability exists In Schneider Electric's 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Authentication Bypass 66074 Mge Network Management Card Transverse
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

An information disclosure vulnerability exists In Schneider Electric's 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Information Disclosure 66074 Mge Network Management Card Transverse
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

An authorization bypass vulnerability exists In Schneider Electric's 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Authentication Bypass 66074 Mge Network Management Card Transverse
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

Vulnerable hash algorithms exists in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Information Disclosure Bmxnor0200 Firmware +56
NVD
EPSS 4% CVSS 9.8
CRITICAL Act Now

Hard coded accounts exist in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Authentication Bypass Bmxnor0200 Firmware +56
NVD
EPSS 3% CVSS 8.8
HIGH This Week

A vulnerability exists in Schneider Electric's Modicon Quantum in all versions of the communication modules which could allow arbitrary code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Schneider Electric Buffer Overflow RCE +15
NVD
EPSS 3% CVSS 7.8
HIGH This Week

A DLL hijacking vulnerability exists in Schneider Electric's SoMove Software and associated DTM software components in all versions prior to 2.6.2 which could allow an attacker to execute arbitrary. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Schneider Electric RCE Atv Lift Dtm +12
NVD
EPSS 3% CVSS 9.8
CRITICAL PATCH Act Now

A buffer overflow vulnerability exist in the web-based GUI of Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow an unauthenticated, remote. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Schneider Electric RCE Buffer Overflow +20
NVD
EPSS 2% CVSS 9.1
CRITICAL PATCH Act Now

A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow a remote attacker to delete arbitrary system file due to lack of. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Schneider Electric Information Disclosure Mps110 1 Firmware +19
NVD
EPSS 1% CVSS 8.1
HIGH PATCH This Week

A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could enable SSH service due to lack of authentication for /login/bin/set_param. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Schneider Electric Authentication Bypass Mps110 1 Firmware +19
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow arbitrary system file download due to lack of validation of the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Schneider Electric Information Disclosure Mps110 1 Firmware +19
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow arbitrary system file download due to lack of validation of SSL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Schneider Electric Information Disclosure Mps110 1 Firmware +19
NVD
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow execution of commands due to lack of validation of the shell meta. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Schneider Electric Information Disclosure Mps110 1 Firmware +19
NVD
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow execution of commands due to lack of validation of the shell meta. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Schneider Electric Information Disclosure Mps110 1 Firmware +19
NVD
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow execution of commands due to lack of validation of the shell meta. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Schneider Electric Information Disclosure Mps110 1 Firmware +19
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

A XML external entity (XXE) vulnerability exists in the import.cgi of the web interface component of the Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Schneider Electric XXE Mps110 1 Firmware +19
NVD
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow an unauthenticated, remote attacker to bypass authentication and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Schneider Electric Authentication Bypass Mps110 1 Firmware +19
NVD
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow an unauthenticated, remote attacker to bypass authentication and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Schneider Electric Authentication Bypass Mps110 1 Firmware +19
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow retrieving of specially crafted URLs without authentication that. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Schneider Electric Authentication Bypass Mps110 1 Firmware +19
NVD
EPSS 4% CVSS 9.8
CRITICAL Act Now

A Stack-based Buffer Overflow issue was discovered in Schneider Electric InduSoft Web Studio v8.0 SP2 Patch 1 and prior versions, and InTouch Machine Edition v8.0 SP2 Patch 1 and prior versions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Schneider Electric +2
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

A Missing Authentication for Critical Function issue was discovered in Schneider Electric InduSoft Web Studio v8.0 SP2 or prior, and InTouch Machine Edition v8.0 SP2 or prior. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Schneider Electric Wonderware Indusoft Web Studio +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Schneider Electric's ClearSCADA versions released prior to August 2017 are susceptible to a memory allocation vulnerability, whereby malformed requests can be sent to ClearSCADA client applications. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Schneider Electric Clearscada
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A vulnerability exists in Schneider Electric's Pro-Face GP Pro EX version 4.07.000 that allows an attacker to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Schneider Electric Pro Face Gp Pro Ex
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

An information disclosure vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the system response to error provides more information than should. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Information Disclosure U Motion Builder
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the system accepts reboot in session from unauthenticated users, supporting a denial of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Schneider Electric U Motion Builder
NVD
EPSS 0% CVSS 7.8
HIGH This Week

An improper access control vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an improper handling of the system configuration can allow an. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Schneider Electric U Motion Builder
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

A vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the web service contains a hidden system account with a hardcoded password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Schneider Electric U Motion Builder
NVD
EPSS 0% CVSS 7.3
HIGH This Week

An authentication bypass vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the system contains a hard-coded valid session. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Schneider Electric U Motion Builder
NVD
EPSS 8% CVSS 9.8
CRITICAL Act Now

A path traversal information disclosure vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an unauthenticated user can execute arbitrary code and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Schneider Electric +2
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

A SQL injection vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an unauthenticated user can use calls to various paths allowing performance of. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Schneider Electric U Motion Builder
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the ability to. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Schneider Electric Information Disclosure Powerscada Anywhere +1
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the use of. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Schneider Electric Information Disclosure Powerscada Anywhere +1
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the ability to. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Schneider Electric Information Disclosure Powerscada Anywhere +1
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

A cross-site request forgery vulnerability exists on the Secure Gateway component of Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Schneider Electric Powerscada Anywhere +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

A Null Pointer Dereference issue was discovered in Schneider Electric Wonderware ArchestrA Logger, versions 2017.426.2307.1 and prior. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Schneider Electric +1
NVD
EPSS 20% CVSS 9.8
CRITICAL Act Now

A Stack-Based Buffer Overflow issue was discovered in Schneider Electric Wonderware ArchestrA Logger, versions 2017.426.2307.1 and prior. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 19.7% and no vendor patch available.

Buffer Overflow RCE Schneider Electric +2
NVD
EPSS 2% CVSS 8.6
HIGH This Week

An Uncontrolled Resource Consumption issue was discovered in Schneider Electric Wonderware ArchestrA Logger, versions 2017.426.2307.1 and prior. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Schneider Electric Wonderware Archestra Logger
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

An Authentication Bypass by Capture-Replay issue was discovered in Schneider Electric Modicon Modbus Protocol. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Schneider Electric
NVD VulDB GitHub
EPSS 0% CVSS 5.3
MEDIUM This Month

A Violation of Secure Design Principles issue was discovered in Schneider Electric Modicon Modbus Protocol. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Information Disclosure Modbus Firmware
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

A Predictable Value Range from Previous Values issue was discovered in Schneider Electric Modicon PLCs Modicon M221, firmware versions prior to Version 1.5.0.0, Modicon M241, firmware versions prior. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Information Disclosure
NVD VulDB GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

An Insufficiently Protected Credentials issue was discovered in Schneider Electric Modicon PLCs Modicon M241, all firmware versions, and Modicon M251, all firmware versions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Information Disclosure Modicon M241 Firmware +1
NVD
EPSS 19% CVSS 9.1
CRITICAL POC THREAT Emergency

A Use of Insufficiently Random Values issue was discovered in Schneider Electric Modicon PLCs Modicon M241, firmware versions prior to Version 4.0.5.11, and Modicon M251, firmware versions prior to. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 18.6%.

Schneider Electric Information Disclosure Modicon M251 Firmware +1
NVD Exploit-DB
EPSS 5% CVSS 7.5
HIGH This Week

A Resource Exhaustion issue was discovered in Schneider Electric Modicon M340 PLC BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP341000, BMXP342000, BMXP3420102, BMXP3420102CL,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Schneider Electric Bmxnoc0401 Firmware +14
NVD
EPSS 1% CVSS 8.8
HIGH This Week

A DLL Hijacking vulnerability in the programming software in Schneider Electric's SoMachine HVAC v2.1.0 allows a remote attacker to execute arbitrary code on the targeted system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Schneider Electric Somachine
NVD
EPSS 0% CVSS 7.3
HIGH This Week

A buffer overflow vulnerability exists in Programming Software executable AlTracePrint.exe, in Schneider Electric's SoMachine HVAC v2.1.0 for Modicon M171/M172 Controller. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Schneider Electric Somachine Hvac
NVD
EPSS 0% CVSS 7.8
HIGH This Week

An Incorrect Default Permissions issue was discovered in Schneider Electric Wonderware InduSoft Web Studio v8.0 Patch 3 and prior versions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Schneider Electric Privilege Escalation Wonderware Indusoft Web Studio
NVD
EPSS 0% CVSS 6.6
MEDIUM This Month

An Improper XML Parser Configuration issue was discovered in Schneider Electric Wonderware Historian Client 2014 R2 SP1 and prior. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service XXE Schneider Electric +1
NVD
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy