Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
schneider-electric vulnerabilities and exploits
(subscribe to this query)
8.1
CVSSv3
CVE-2022-32747
A CWE-290: Authentication Bypass by Spoofing vulnerability exists that could cause legitimate users to be locked out of devices or facilitate backdoor account creation by spoofing a device on the local network. Affected Products: EcoStruxure™ Cybersecurity Admin Expert (CAE...
Schneider-electric Ecostruxure Cybersecurity Admin Expert
8.3
CVSSv3
CVE-2022-32748
A CWE-295: Improper Certificate Validation vulnerability exists that could cause the CAE software to give wrong data to end users when using CAE to configure devices. Additionally, credentials could leak which would enable an attacker the ability to log into the configuration too...
Schneider-electric Ecostruxure Cybersecurity Admin Expert
9.8
CVSSv3
CVE-2022-22731
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in a function that could allow an malicious user to create or overwrite critical files that are used to execute code, such as programs or libraries and cause pa...
Schneider-electric Ecostruxure Power Commission
7.5
CVSSv3
CVE-2022-22732
A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that could cause all remote domains to access the resources (data) supplied by the server when an attacker sends a fetch request from third-party site or malicious site. Affected Products: EcoStruxure Power Comm...
Schneider-electric Ecostruxure Power Commission
9.8
CVSSv3
CVE-2022-0223
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could allow an malicious user to create or overwrite critical files that are used to execute code, such as programs or libraries and cause unauthenticated ...
Schneider-electric Ecostruxure Power Commission
9.8
CVSSv3
CVE-2022-45788
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause arbitrary code execution, denial of service and loss of confidentiality & integrity when a malicious project file is loaded onto the controller. Affected Products: EcoStruxur...
Schneider-electric Ecostruxure Control Expert
Schneider-electric Ecostruxure Process Expert
Schneider-electric Modicon M340 Bmxp341000 Firmware -
Schneider-electric Modicon M340 Bmxp342000 Firmware -
Schneider-electric Modicon M340 Bmxp342010 Firmware -
Schneider-electric Modicon M340 Bmxp3420102 Firmware -
Schneider-electric Modicon M340 Bmxp342020 Firmware -
Schneider-electric Modicon M340 Bmxp342020h Firmware -
Schneider-electric Modicon M340 Bmxp342030 Firmware -
Schneider-electric Modicon M340 Bmxp3420302 Firmware -
Schneider-electric Modicon M340 Bmxp3420302h Firmware -
Schneider-electric Modicon M340 Bmxp342030h Firmware -
Schneider-electric Modicon M580 Bmeh582040 Firmware -
Schneider-electric Modicon M580 Bmeh582040c Firmware -
Schneider-electric Modicon M580 Bmeh582040s Firmware -
Schneider-electric Modicon M580 Bmeh584040 Firmware -
Schneider-electric Modicon M580 Bmeh584040c Firmware -
Schneider-electric Modicon M580 Bmeh584040s Firmware -
Schneider-electric Modicon M580 Bmeh586040 Firmware -
Schneider-electric Modicon M580 Bmeh586040c Firmware -
Schneider-electric Modicon M580 Bmeh586040s Firmware -
Schneider-electric Modicon M580 Bmep581020 Firmware -
7.5
CVSSv3
CVE-2022-2988
A CWE-787: Out-of-bounds Write vulnerability exists that could cause sensitive information leakage when accessing a malicious web page from the commissioning software. Affected Products: SoMachine HVAC (Versions prior to V2.1.0), EcoStruxure Machine Expert – HVAC (Versions ...
Schneider-electric Somachine Hvac
Schneider-electric Ecostruxure Machine Expert - Hvac
7.5
CVSSv3
CVE-2022-0222
A CWE-269: Improper Privilege Management vulnerability exists that could cause a denial of service of the Ethernet communication of the controller when sending a specific request over SNMP. Affected products: Modicon M340 CPUs(BMXP34* versions prior to V3.40), Modicon M340 X80 Et...
Schneider-electric Modicon M340 Bmxp341000 Firmware
Schneider-electric Modicon M340 Bmxp342000 Firmware
Schneider-electric Modicon M340 Bmxp342010 Firmware
Schneider-electric Modicon M340 Bmxp3420102 Firmware
Schneider-electric Modicon M340 Bmxp342020 Firmware
Schneider-electric Modicon M340 Bmxp342020h Firmware
Schneider-electric Modicon M340 Bmxp342030 Firmware
Schneider-electric Modicon M340 Bmxp3420302 Firmware
Schneider-electric Modicon M340 Bmxp3420302h Firmware
Schneider-electric Modicon M340 Bmxp342030h Firmware
Schneider-electric Modicon M340 Bmxnoe0100 Firmware -
Schneider-electric Modicon M340 Bmxnoe0110 Firmware -
Schneider-electric Modicon M340 Bmxnoe0110h Firmware -
Schneider-electric Modicon M340 Bmxnor0200h Firmware -
7.5
CVSSv3
CVE-2022-37301
A CWE-191: Integer Underflow (Wrap or Wraparound) vulnerability exists that could cause a denial of service of the controller due to memory access violations when using the Modbus TCP protocol. Affected products: Modicon M340 CPU (part numbers BMXP34*)(V3.40 and prior), Modicon M...
Schneider-electric Modicon M340 Bmx P34-2010 Firmware
Schneider-electric Modicon M340 Bmx P34-2030 Firmware
Schneider-electric Modicon M580 Bmeh582040 Firmware
Schneider-electric Modicon M580 Bmeh582040c Firmware
Schneider-electric Modicon M580 Bmeh582040s Firmware
Schneider-electric Modicon M580 Bmeh584040 Firmware
Schneider-electric Modicon M580 Bmeh584040c Firmware
Schneider-electric Modicon M580 Bmeh584040s Firmware
Schneider-electric Modicon M580 Bmeh586040 Firmware
Schneider-electric Modicon M580 Bmeh586040c Firmware
Schneider-electric Modicon M580 Bmeh586040s Firmware
Schneider-electric Modicon M580 Bmep581020 Firmware
Schneider-electric Modicon M580 Bmep581020h Firmware
Schneider-electric Modicon M580 Bmep582020 Firmware
Schneider-electric Modicon M580 Bmep582020h Firmware
Schneider-electric Modicon M580 Bmep582040 Firmware
Schneider-electric Modicon M580 Bmep582040h Firmware
Schneider-electric Modicon M580 Bmep582040s Firmware
Schneider-electric Modicon M580 Bmep583020 Firmware
Schneider-electric Modicon M580 Bmep583040 Firmware
Schneider-electric Modicon M580 Bmep584020 Firmware
Schneider-electric Modicon M580 Bmep584040 Firmware
7.8
CVSSv3
CVE-2022-41671
A CWE-89: Improper Neutralization of Special Elements used in SQL Command (‘SQL Injection’) vulnerability exists that allows adversaries with local user privileges to craft a malicious SQL query and execute as part of project migration which could result in execution ...
Schneider-electric Ecostruxure Operator Terminal Expert 3.3
Schneider-electric Ecostruxure Operator Terminal Expert
Schneider-electric Pro-face Blue 3.3
Schneider-electric Pro-face Blue
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »