Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
schneider-electric vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-25553
A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists on a DCE endpoint through the logging capabilities of the webserver. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)
Schneider-electric Struxureware Data Center Expert
NA
CVE-2023-25554
A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that allows a local privilege escalation on the appliance when a maliciously crafted Operating System command is entered on the device. Affected pr...
Schneider-electric Struxureware Data Center Expert
NA
CVE-2023-25555
A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could allow a user that knows the credentials to execute unprivileged shell commands on the appliance over SSH. Affected products: StruxureWar...
Schneider-electric Struxureware Data Center Expert
NA
CVE-2022-43378
A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause the user to be tricked into performing unintended actions when external address frames are not properly restricted. Affected Products: NetBotz 4 - 355/450/455/550/570 (V4.7.0 a...
Schneider-electric Netbotz 355 Firmware
Schneider-electric Netbotz 450 Firmware
Schneider-electric Netbotz 455 Firmware
Schneider-electric Netbotz 550 Firmware
Schneider-electric Netbotz 570 Firmware
NA
CVE-2023-28003
A CWE-613: Insufficient Session Expiration vulnerability exists that could allow an malicious user to maintain unauthorized access over a hijacked session in PME after the legitimate user has signed out of their account.
Schneider-electric Ecostruxure Power Monitoring Expert
NA
CVE-2022-34755
A CWE-427 - Uncontrolled Search Path Element vulnerability exists that could allow an attacker with a local privileged account to place a specially crafted file on the target machine, which may give the attacker the ability to execute arbitrary code during the installation proce...
Schneider-electric Easergy Builder Installer
NA
CVE-2022-43376
A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause code and session manipulation when malicious code is inserted into the browser. Affected Products: NetBotz 4 - 355/450/455/550/570 (V4.7...
Schneider-electric Netbotz 355 Firmware
Schneider-electric Netbotz 450 Firmware
Schneider-electric Netbotz 455 Firmware
Schneider-electric Netbotz 550 Firmware
Schneider-electric Netbotz 570 Firmware
NA
CVE-2022-43377
A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could cause account takeover when a brute force attack is performed on the account. Affected Products: NetBotz 4 - 355/450/455/550/570 (V4.7.0 and prior)
Schneider-electric Netbotz 355 Firmware
Schneider-electric Netbotz 450 Firmware
Schneider-electric Netbotz 455 Firmware
Schneider-electric Netbotz 550 Firmware
Schneider-electric Netbotz 570 Firmware
NA
CVE-2023-25556
A CWE-287: Improper Authentication vulnerability exists that could allow a device to be compromised when a key of less than seven digits is entered and the attacker has access to the KNX installation.
Schneider-electric Merten Instabus Tastermodul 1fach System M Firmware 1.0
Schneider-electric Merten Instabus Tastermodul 2fach System M Firmware 1.0
Schneider-electric Merten Tasterschnittstelle 4fach Plus Firmware 1.0
Schneider-electric Merten Tasterschnittstelle 4fach Plus Firmware 1.2
Schneider-electric Merten Knx Argus 180\\/2\\,20m Up System Firmware 1.0
Schneider-electric Merten Jalousie-\\/schaltaktor Reg-k\\/8x\\/16x\\/10 M. Hb Firmware 1.0
Schneider-electric Merten Knx Uni-dimmaktor Ll Reg-k\\/2x230\\/300 W Firmware 1.0
Schneider-electric Merten Knx Uni-dimmaktor Ll Reg-k\\/2x230\\/300 W Firmware 1.1
Schneider-electric Merten Knx Schaltakt.2x6a Up M.2 Eing. Firmware 0.1
NA
CVE-2023-1548
A CWE-269: Improper Privilege Management vulnerability exists that could cause a local user to perform a denial of service through the console server service that is part of EcoStruxure Control Expert. Affected Products: EcoStruxure Control Expert (V15.1 and above)
Schneider-electric Ecostruxure Control Expert
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »