Filtered by vendor Schneider-electric
Subscriptions
Total
753 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-7845 | 1 Schneider-electric | 8 Modicon M340, Modicon M340 Firmware, Modicon M580 and 5 more | 2024-08-05 | 7.5 High |
| A CWE-125: Out-of-bounds Read vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause the disclosure of unexpected data from the controller when reading specific memory blocks in the controller over Modbus. | ||||
| CVE-2018-7850 | 1 Schneider-electric | 8 Modicon M340, Modicon M340 Firmware, Modicon M580 and 5 more | 2024-08-05 | 5.3 Medium |
| A CWE-807: Reliance on Untrusted Inputs in a Security Decision vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause invalid information displayed in Unity Pro software. | ||||
| CVE-2018-7842 | 1 Schneider-electric | 8 Modicon M340, Modicon M340 Firmware, Modicon M580 and 5 more | 2024-08-05 | 9.8 Critical |
| A CWE-290: Authentication Bypass by Spoofing vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause an elevation of privilege by conducting a brute force attack on Modbus parameters sent to the controller. | ||||
| CVE-2018-7837 | 1 Schneider-electric | 1 Iiot Monior | 2024-08-05 | N/A |
| An Improper Restriction of XML External Entity Reference ('XXE') vulnerability exists on numerous methods of the IIoT Monitor 3.1.38 software that could allow the software to resolve documents outside of the intended sphere of control, causing the software to embed incorrect documents into its output and expose restricted information. | ||||
| CVE-2018-7829 | 1 Schneider-electric | 118 D6220, D6220 Firmware, D6220l and 115 more | 2024-08-05 | N/A |
| An Improper Neutralization of Special Elements in Query vulnerability exists in the 1st Gen. Pelco Sarix Enhanced Camera and Spectra Enhanced PTZ Camera which allows an attacker to execute arbitrary system commands. | ||||
| CVE-2018-7847 | 1 Schneider-electric | 8 Modicon M340, Modicon M340 Firmware, Modicon M580 and 5 more | 2024-08-05 | 9.8 Critical |
| A CWE-284: Improper Access Control vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service or potential code execution by overwriting configuration settings of the controller over Modbus. | ||||
| CVE-2018-7832 | 1 Schneider-electric | 1 Pro-face Gp-pro Ex | 2024-08-05 | N/A |
| An Improper Input Validation vulnerability exists in Pro-Face GP-Pro EX v4.08 and previous versions which could cause the execution arbitrary executable when GP-Pro EX is launched. | ||||
| CVE-2018-7828 | 1 Schneider-electric | 118 D6220, D6220 Firmware, D6220l and 115 more | 2024-08-05 | N/A |
| A Cross-Site Request Forgery (CSRF) vulnerability exists in the 1st Gen. Pelco Sarix Enhanced Camera and Spectra Enhanced PTZ Camera when an authenticated user clicks a specially crafted malicious link while logged into the camera. | ||||
| CVE-2018-7830 | 1 Schneider-electric | 8 Modicom Bmxnor0200h, Modicom Bmxnor0200h Firmware, Modicom M340 and 5 more | 2024-08-05 | N/A |
| Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where a denial of service can occur for ~1 minute by sending a specially crafted HTTP request. | ||||
| CVE-2018-7838 | 1 Schneider-electric | 36 Bmeh582040, Bmeh582040 Firmware, Bmeh582040c and 33 more | 2024-08-05 | 7.5 High |
| A CWE-119 Buffer Errors vulnerability exists in Modicon M580 CPU - BMEP582040, all versions before V2.90, and Modicon Ethernet Module BMENOC0301, all versions before V2.16, which could cause denial of service on the FTP service of the controller or the Ethernet BMENOC module when it receives a FTP CWD command with a data length greater than 1020 bytes. A power cycle is then needed to reactivate the FTP service. | ||||
| CVE-2018-7809 | 1 Schneider-electric | 8 Modicom Bmxnor0200h, Modicom Bmxnor0200h Firmware, Modicom M340 and 5 more | 2024-08-05 | N/A |
| An Unverified Password Change vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 which could allow an unauthenticated remote user to access the password delete function of the web server. | ||||
| CVE-2018-7825 | 1 Schneider-electric | 118 D6220, D6220 Firmware, D6220l and 115 more | 2024-08-05 | N/A |
| A Command Injection vulnerability exists in the web-based GUI of the 1st Gen PelcoSarix Enhanced Camera that could allow a remote attacker to execute arbitrary commands. | ||||
| CVE-2018-7814 | 1 Schneider-electric | 1 Guicon | 2024-08-05 | N/A |
| A Stack-based Buffer Overflow (CWE-121) vulnerability exists in Eurotherm by Schneider Electric GUIcon V2.0 (Gold Build 683.0) which could cause remote code to be executed when parsing a GD1 file | ||||
| CVE-2018-7826 | 1 Schneider-electric | 118 D6220, D6220 Firmware, D6220l and 115 more | 2024-08-05 | N/A |
| A Command Injection vulnerability exists in the web-based GUI of the 1st Gen Pelco Sarix Enhanced Camera that could allow a remote attacker to execute arbitrary commands. | ||||
| CVE-2018-7827 | 1 Schneider-electric | 118 D6220, D6220 Firmware, D6220l and 115 more | 2024-08-05 | N/A |
| A Cross-Site Scripting (XSS) vulnerability exists in the 1st Gen. Pelco Sarix Enhanced Camera and Spectra Enhanced PTZ Camera which a remote attacker can execute arbitrary HTML and script code in a user’s browser session. | ||||
| CVE-2018-7801 | 1 Schneider-electric | 2 Evlink Parking, Evlink Parking Firmware | 2024-08-05 | 8.8 High |
| A Code Injection vulnerability exists in EVLink Parking, v3.2.0-12_v1 and earlier, which could enable access with maximum privileges when a remote code execution is performed. | ||||
| CVE-2018-7810 | 1 Schneider-electric | 8 Modicom Bmxnor0200h, Modicom Bmxnor0200h Firmware, Modicom M340 and 5 more | 2024-08-05 | N/A |
| An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 allowing an attacker to craft a URL containing JavaScript that will be executed within the user's browser, potentially impacting the machine the browser is running on. | ||||
| CVE-2018-7817 | 1 Schneider-electric | 1 Zelio Soft 2 | 2024-08-05 | N/A |
| A Use After Free (CWE-416) vulnerability exists in Zelio Soft 2 v5.1 and prior versions which could cause remote code execution when opening a specially crafted Zelio Soft project file. | ||||
| CVE-2018-7798 | 1 Schneider-electric | 2 Modicon M221, Somachine Basic | 2024-08-05 | 8.2 High |
| A Insufficient Verification of Data Authenticity (CWE-345) vulnerability exists in the Modicon M221, all versions, which could cause a change of IPv4 configuration (IP address, mask and gateway) when remotely connected to the device. | ||||
| CVE-2018-7815 | 1 Schneider-electric | 1 Guicon | 2024-08-05 | N/A |
| A Type Confusion (CWE-843) vulnerability exists in Eurotherm by Schneider Electric GUIcon V2.0 (Gold Build 683.0) on c3core.dll which could cause remote code to be executed when parsing a GD1 file | ||||