Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
schneider-electric vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2023-5987
A CWE-79 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) vulnerability that could cause a vulnerability leading to a cross site scripting condition where attackers can have a victim’s browser run arbitrary JavaScript when they visit a pag...
Schneider-electric Ecostruxure Power Monitoring Expert 2020
Schneider-electric Ecostruxure Power Monitoring Expert 2021
5.3
CVSSv3
CVE-2023-6032
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause a file system enumeration and file download when an attacker navigates to the Network Management Card via HTTPS.
Schneider-electric Galaxy Vl Firmware 12.21
Schneider-electric Galaxy Vs Firmware 6.82
9.8
CVSSv3
CVE-2023-5391
A CWE-502: Deserialization of untrusted data vulnerability exists that could allow an malicious user to execute arbitrary code on the targeted system by sending a specifically crafted packet to the application.
Schneider-electric Ecostruxure Power Scada Operation With Advanced Reports
Schneider-electric Ecostruxure Power Operation With Advanced Reports
Schneider-electric Ecostruxure Power Monitoring Expert
9.8
CVSSv3
CVE-2023-5399
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause tampering of files on the personal computer running C-Bus when using the File Command.
Schneider-electric Spacelogic C-bus Toolkit
9.8
CVSSv3
CVE-2023-5402
A CWE-269: Improper Privilege Management vulnerability exists that could cause a remote code execution when the transfer command is used over the network.
Schneider-electric C-bus Toolkit
7.8
CVSSv3
CVE-2023-4516
A CWE-306: Missing Authentication for Critical Function vulnerability exists in the IGSS Update Service that could allow a local malicious user to change update source, potentially leading to remote code execution when the attacker force an update containing malicious content.
Schneider-electric Interactive Graphical Scada System
5.3
CVSSv3
CVE-2023-3953
A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause memory corruption when an authenticated user opens a tampered log file from GP-Pro EX.
Schneider-electric Pro-face Gp-pro Ex
7.8
CVSSv3
CVE-2023-29414
A CWE-120: Buffer Copy without Checking Size of Input (Classic Buffer Overflow) vulnerability exists that could cause user privilege escalation if a local user sends specific string input to a local function call.
Schneider-electric Accutech Manager
7.2
CVSSv3
CVE-2023-37199
A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause remote code execution when an admin user on DCE tampers with backups which are then manually restored.
Schneider-electric Struxureware Data Center Expert
8.8
CVSSv3
CVE-2023-37196
A CWE-89: Improper Neutralization of Special Elements vulnerability used in an SQL Command ('SQL Injection') vulnerability exists that could allow a user already authenticated on DCE to access unauthorized content, change, or delete content, or perform unauthorized act...
Schneider-electric Struxureware Data Center Expert
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »