Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
schneider-electric vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-32747
A CWE-290: Authentication Bypass by Spoofing vulnerability exists that could cause legitimate users to be locked out of devices or facilitate backdoor account creation by spoofing a device on the local network. Affected Products: EcoStruxure™ Cybersecurity Admin Expert (CAE...
Schneider-electric Ecostruxure Cybersecurity Admin Expert
NA
CVE-2022-22732
A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that could cause all remote domains to access the resources (data) supplied by the server when an attacker sends a fetch request from third-party site or malicious site. Affected Products: EcoStruxure Power Comm...
Schneider-electric Ecostruxure Power Commission
NA
CVE-2022-32521
A CWE 502: Deserialization of Untrusted Data vulnerability exists that could allow code to be remotely executed on the server when unsafely deserialized data is posted to the web server. Affected Products: Data Center Expert (Versions prior to V7.9.0)
Schneider-electric Data Center Expert
NA
CVE-2022-32524
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted time reduced data messages. Affected Products: IGSS Data Server - IGSSd...
Schneider-electric Interactive Graphical Scada System
NA
CVE-2022-32529
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted log data request messages. Affected Products: IGSS Data Server - IGSSda...
Schneider-electric Interactive Graphical Scada System
NA
CVE-2022-45788
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause arbitrary code execution, denial of service and loss of confidentiality & integrity when a malicious project file is loaded onto the controller. Affected Products: EcoStruxur...
Schneider-electric Ecostruxure Control Expert
Schneider-electric Ecostruxure Process Expert
Schneider-electric Modicon M340 Bmxp341000 Firmware -
Schneider-electric Modicon M340 Bmxp342000 Firmware -
Schneider-electric Modicon M340 Bmxp342010 Firmware -
Schneider-electric Modicon M340 Bmxp3420102 Firmware -
Schneider-electric Modicon M340 Bmxp342020 Firmware -
Schneider-electric Modicon M340 Bmxp342020h Firmware -
Schneider-electric Modicon M340 Bmxp342030 Firmware -
Schneider-electric Modicon M340 Bmxp3420302 Firmware -
Schneider-electric Modicon M340 Bmxp3420302h Firmware -
Schneider-electric Modicon M340 Bmxp342030h Firmware -
Schneider-electric Modicon M580 Bmeh582040 Firmware -
Schneider-electric Modicon M580 Bmeh582040c Firmware -
Schneider-electric Modicon M580 Bmeh582040s Firmware -
Schneider-electric Modicon M580 Bmeh584040 Firmware -
Schneider-electric Modicon M580 Bmeh584040c Firmware -
Schneider-electric Modicon M580 Bmeh584040s Firmware -
Schneider-electric Modicon M580 Bmeh586040 Firmware -
Schneider-electric Modicon M580 Bmeh586040c Firmware -
Schneider-electric Modicon M580 Bmeh586040s Firmware -
Schneider-electric Modicon M580 Bmep581020 Firmware -
NA
CVE-2022-2988
A CWE-787: Out-of-bounds Write vulnerability exists that could cause sensitive information leakage when accessing a malicious web page from the commissioning software. Affected Products: SoMachine HVAC (Versions prior to V2.1.0), EcoStruxure Machine Expert – HVAC (Versions ...
Schneider-electric Somachine Hvac
Schneider-electric Ecostruxure Machine Expert - Hvac
NA
CVE-2022-0222
A CWE-269: Improper Privilege Management vulnerability exists that could cause a denial of service of the Ethernet communication of the controller when sending a specific request over SNMP. Affected products: Modicon M340 CPUs(BMXP34* versions prior to V3.40), Modicon M340 X80 Et...
Schneider-electric Modicon M340 Bmxp341000 Firmware
Schneider-electric Modicon M340 Bmxp342000 Firmware
Schneider-electric Modicon M340 Bmxp342010 Firmware
Schneider-electric Modicon M340 Bmxp3420102 Firmware
Schneider-electric Modicon M340 Bmxp342020 Firmware
Schneider-electric Modicon M340 Bmxp342020h Firmware
Schneider-electric Modicon M340 Bmxp342030 Firmware
Schneider-electric Modicon M340 Bmxp3420302 Firmware
Schneider-electric Modicon M340 Bmxp3420302h Firmware
Schneider-electric Modicon M340 Bmxp342030h Firmware
Schneider-electric Modicon M340 Bmxnoe0100 Firmware -
Schneider-electric Modicon M340 Bmxnoe0110 Firmware -
Schneider-electric Modicon M340 Bmxnoe0110h Firmware -
Schneider-electric Modicon M340 Bmxnor0200h Firmware -
NA
CVE-2022-37301
A CWE-191: Integer Underflow (Wrap or Wraparound) vulnerability exists that could cause a denial of service of the controller due to memory access violations when using the Modbus TCP protocol. Affected products: Modicon M340 CPU (part numbers BMXP34*)(V3.40 and prior), Modicon M...
Schneider-electric Modicon M340 Bmx P34-2010 Firmware
Schneider-electric Modicon M340 Bmx P34-2030 Firmware
Schneider-electric Modicon M580 Bmeh582040 Firmware
Schneider-electric Modicon M580 Bmeh582040c Firmware
Schneider-electric Modicon M580 Bmeh582040s Firmware
Schneider-electric Modicon M580 Bmeh584040 Firmware
Schneider-electric Modicon M580 Bmeh584040c Firmware
Schneider-electric Modicon M580 Bmeh584040s Firmware
Schneider-electric Modicon M580 Bmeh586040 Firmware
Schneider-electric Modicon M580 Bmeh586040c Firmware
Schneider-electric Modicon M580 Bmeh586040s Firmware
Schneider-electric Modicon M580 Bmep581020 Firmware
Schneider-electric Modicon M580 Bmep581020h Firmware
Schneider-electric Modicon M580 Bmep582020 Firmware
Schneider-electric Modicon M580 Bmep582020h Firmware
Schneider-electric Modicon M580 Bmep582040 Firmware
Schneider-electric Modicon M580 Bmep582040h Firmware
Schneider-electric Modicon M580 Bmep582040s Firmware
Schneider-electric Modicon M580 Bmep583020 Firmware
Schneider-electric Modicon M580 Bmep583040 Firmware
Schneider-electric Modicon M580 Bmep584020 Firmware
Schneider-electric Modicon M580 Bmep584040 Firmware
NA
CVE-2022-41671
A CWE-89: Improper Neutralization of Special Elements used in SQL Command (‘SQL Injection’) vulnerability exists that allows adversaries with local user privileges to craft a malicious SQL query and execute as part of project migration which could result in execution ...
Schneider-electric Ecostruxure Operator Terminal Expert 3.3
Schneider-electric Ecostruxure Operator Terminal Expert
Schneider-electric Pro-face Blue 3.3
Schneider-electric Pro-face Blue
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »