Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
schneider-electric vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-28004
A CWE-129: Improper validation of an array index vulnerability exists where a specially crafted Ethernet request could result in denial of service or remote code execution.
Schneider-electric Powerlogic Hdpm6000 Firmware
NA
CVE-2023-29410
A CWE-20: Improper Input Validation vulnerability exists that could allow an authenticated malicious user to gain the same privilege as the application on the server when a malicious payload is provided over HTTP for the server to execute.
Schneider-electric Insighthome Firmware
Schneider-electric Insighthome Firmware 1.16
Schneider-electric Insightfacility Firmware
Schneider-electric Insightfacility Firmware 1.16
Schneider-electric Conext Gateway Firmware
Schneider-electric Conext Gateway Firmware 1.16
NA
CVE-2023-29411
A CWE-306: Missing Authentication for Critical Function vulnerability exists that could allow changes to administrative credentials, leading to potential remote code execution without requiring prior authentication on the Java RMI interface.
Schneider-electric Apc Easy Ups Online Monitoring Software
Schneider-electric Easy Ups Online Monitoring Software
NA
CVE-2023-29412
A CWE-78: Improper Handling of Case Sensitivity vulnerability exists that could cause remote code execution when manipulating internal methods through Java RMI interface.
Schneider-electric Apc Easy Ups Online Monitoring Software
Schneider-electric Easy Ups Online Monitoring Software
NA
CVE-2023-29413
A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause Denial-of-Service when accessed by an unauthenticated user on the Schneider UPS Monitor service.
Schneider-electric Apc Easy Ups Online Monitoring Software
Schneider-electric Easy Ups Online Monitoring Software
NA
CVE-2022-43378
A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause the user to be tricked into performing unintended actions when external address frames are not properly restricted. Affected Products: NetBotz 4 - 355/450/455/550/570 (V4.7.0 a...
Schneider-electric Netbotz 355 Firmware
Schneider-electric Netbotz 450 Firmware
Schneider-electric Netbotz 455 Firmware
Schneider-electric Netbotz 550 Firmware
Schneider-electric Netbotz 570 Firmware
NA
CVE-2023-28003
A CWE-613: Insufficient Session Expiration vulnerability exists that could allow an malicious user to maintain unauthorized access over a hijacked session in PME after the legitimate user has signed out of their account.
Schneider-electric Ecostruxure Power Monitoring Expert
NA
CVE-2023-25547
A CWE-863: Incorrect Authorization vulnerability exists that could allow remote code execution on upload and install packages when a hacker is using a low privileged user account. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)
Schneider-electric Struxureware Data Center Expert
NA
CVE-2023-25548
A CWE-863: Incorrect Authorization vulnerability exists that could allow access to device credentials on specific DCE endpoints not being properly secured when a hacker is using a low privileged user. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)
Schneider-electric Struxureware Data Center Expert
NA
CVE-2023-25549
A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that allows for remote code execution when using a parameter of the DCE network settings endpoint. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)
Schneider-electric Struxureware Data Center Expert
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »