Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
schneider-electric vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv3
CVE-2023-37198
A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause remote code execution when an admin user on DCE uploads or tampers with install packages.
Schneider-electric Struxureware Data Center Expert
8.8
CVSSv3
CVE-2023-37196
A CWE-89: Improper Neutralization of Special Elements vulnerability used in an SQL Command ('SQL Injection') vulnerability exists that could allow a user already authenticated on DCE to access unauthorized content, change, or delete content, or perform unauthorized act...
Schneider-electric Struxureware Data Center Expert
7.8
CVSSv3
CVE-2023-2569
A CWE-787: Out-of-Bounds Write vulnerability exists that could cause local denial-of-service, elevation of privilege, and potentially kernel execution when a malicious actor with local user access crafts a script/program using an IOCTL call in the Foxboro.sys driver.
Schneider-electric Ecostruxure Foxboro Dcs Control Core Services -
7.8
CVSSv3
CVE-2023-3001
A CWE-502: Deserialization of Untrusted Data vulnerability exists in the Dashboard module that could cause an interpretation of malicious payload data, potentially leading to remote code execution when an attacker gets the user to open a malicious file.
Schneider-electric Igss Dashboard
7.8
CVSSv3
CVE-2023-1049
A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause execution of malicious code when an unsuspicious user loads a project file from the local filesystem into the HMI.
Schneider-electric Ecostruxure Operator Terminal Expert 3.3
Schneider-electric Ecostruxure Operator Terminal Expert
Schneider-electric Pro-face Blue 3.3
Schneider-electric Pro-face Blue
7.8
CVSSv3
CVE-2023-2570
A CWE-129: Improper Validation of Array Index vulnerability exists that could cause local denial-of-service, and potentially kernel execution when a malicious actor with local user access crafts a script/program using an unpredictable index to an IOCTL call in the Foxboro.sys dr...
Schneider-electric Ecostruxure Foxboro Dcs Control Core Services -
9.8
CVSSv3
CVE-2022-46680
A CWE-319: Cleartext transmission of sensitive information vulnerability exists that could cause disclosure of sensitive information, denial of service, or modification of data if an attacker is able to intercept network traffic.
Schneider-electric Powerlogic Ion9000 Firmware
Schneider-electric Powerlogic Ion7400 Firmware
Schneider-electric Powerlogic Pm8000 Firmware
Schneider-electric Powerlogic Ion8650 Firmware -
Schneider-electric Powerlogic Ion8800 Firmware -
5.5
CVSSv3
CVE-2023-2161
A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause unauthorized read access to the file system when a malicious configuration file is loaded on to the software by a local user.
Schneider-electric Opc Factory Server 3.63
Schneider-electric Opc Factory Server
6.5
CVSSv3
CVE-2023-25620
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause denial of service of the controller when a malicious project file is loaded onto the controller by an authenticated user.
Schneider-electric Modicon M580 Firmware
Schneider-electric Modicon M340 Firmware
Schneider-electric Modicon Momentum Unity M1e Processor Firmware
Schneider-electric Modicon Mc80 Firmware
Schneider-electric 140cpu65 Firmware
Schneider-electric Tsxp57 Firmware
Schneider-electric Bmep58s Firmware
Schneider-electric Bmeh58s Firmware
7.5
CVSSv3
CVE-2023-25619
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause denial of service of the controller when communicating over the Modbus TCP protocol.
Schneider-electric Modicon M580 Firmware
Schneider-electric Modicon M340 Firmware
Schneider-electric Modicon Momentum Unity M1e Processor Firmware
Schneider-electric Modicon Mc80 Firmware
Schneider-electric Tsxp57 Firmware
Schneider-electric Bmep58s Firmware
Schneider-electric Bmeh58s Firmware
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
spoof
CVE-2024-34928
CVE-2024-5291
deserialization
CVE-2024-4471
CVE-2024-4956
CVE-2024-32002
CVE-2024-5227
unspecified
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »