Filtered by vendor Schneider-electric Subscriptions
Total 762 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2021-22767 1 Schneider-electric 4 Powerlogic Egx100, Powerlogic Egx100 Firmware, Powerlogic Egx300 and 1 more 2024-11-21 9.8 Critical
A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service or remote code execution via a specially crafted HTTP packet.This CVE ID is unique from CVE-2021-2276
CVE-2021-22766 1 Schneider-electric 4 Powerlogic Egx100, Powerlogic Egx100 Firmware, Powerlogic Egx300 and 1 more 2024-11-21 7.5 High
A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service via a specially crafted HTTP packet
CVE-2021-22765 1 Schneider-electric 4 Powerlogic Egx100, Powerlogic Egx100 Firmware, Powerlogic Egx300 and 1 more 2024-11-21 9.8 Critical
A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service or remote code execution via a specially crafted HTTP packet
CVE-2021-22764 1 Schneider-electric 8 Powerlogic Pm5560, Powerlogic Pm5560 Firmware, Powerlogic Pm5561 and 5 more 2024-11-21 5.3 Medium
A CWE-287: Improper Authentication vulnerability exists in PowerLogic PM55xx, PowerLogic PM8ECC, PowerLogic EGX100 and PowerLogic EGX300 (see security notification for version infromation) that could cause loss of connectivity to the device via Modbus TCP protocol when an attacker sends a specially crafted HTTP request.
CVE-2021-22763 1 Schneider-electric 10 Powerlogic Pm5560, Powerlogic Pm5560 Firmware, Powerlogic Pm5561 and 7 more 2024-11-21 9.8 Critical
A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists in PowerLogic PM55xx, PowerLogic PM8ECC, PowerLogic EGX100 and PowerLogic EGX300 (see security notification for version infromation) that could allow an attacker administrator level access to a device.
CVE-2021-22762 1 Schneider-electric 1 Interactive Graphical Scada System 2024-11-21 7.8 High
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in remote code execution, when a malicious CGF or WSP file is being parsed by IGSS Definition.
CVE-2021-22761 1 Schneider-electric 1 Interactive Graphical Scada System 2024-11-21 7.8 High
A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in disclosure of information or remote code e+F15xecution due to missing length check on user supplied data, when a malicious CGF file is imported to IGSS Definition.
CVE-2021-22760 1 Schneider-electric 1 Interactive Graphical Scada System 2024-11-21 7.8 High
A CWE-763: Release of invalid pointer or reference vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to missing checks of user-supplied input data, when a malicious CGF file is imported to IGSS Definition.
CVE-2021-22759 1 Schneider-electric 1 Interactive Graphical Scada System 2024-11-21 7.8 High
A CWE-416: Use after free vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to use of unchecked input data, when a malicious CGF file is imported to IGSS Definition.
CVE-2021-22758 1 Schneider-electric 1 Interactive Graphical Scada System 2024-11-21 7.8 High
A CWE-824: Access of uninitialized pointer vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to lack validation of user-supplied input data, when a malicious CGF file is imported to IGSS Definition.
CVE-2021-22757 1 Schneider-electric 1 Interactive Graphical Scada System 2024-11-21 7.8 High
A CWE-125: Out-of-bounds read vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in disclosure of information or remote code execution due to lack of sanity checks on user-supplied input data, when a malicious CGF file is imported to IGSS Definition.
CVE-2021-22756 1 Schneider-electric 1 Interactive Graphical Scada System 2024-11-21 7.8 High
A CWE-125: Out-of-bounds read vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in disclosure of information or remote code execution due to lack of user-supplied data validation, when a malicious CGF file is imported to IGSS Definition.
CVE-2021-22755 1 Schneider-electric 1 Interactive Graphical Scada System 2024-11-21 7.8 High
A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in disclosure of information or remote code execution due to lack of sanity checks on user-supplied data, when a malicious CGF file is imported to IGSS Definition.
CVE-2021-22754 1 Schneider-electric 1 Interactive Graphical Scada System 2024-11-21 7.8 High
A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to lack of proper validation of user-supplied data, when a malicious CGF file is imported to IGSS Definition.
CVE-2021-22753 1 Schneider-electric 1 Interactive Graphical Scada System 2024-11-21 7.8 High
A CWE-125: Out-of-bounds read vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to missing length checks, when a malicious WSP file is being parsed by IGSS Definition.
CVE-2021-22752 1 Schneider-electric 1 Interactive Graphical Scada System 2024-11-21 7.8 High
A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to missing size checks, when a malicious WSP (Workspace) file is being parsed by IGSS Definition.
CVE-2021-22751 1 Schneider-electric 1 Interactive Graphical Scada System 2024-11-21 7.8 High
A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in disclosure of information or execution of arbitrary code due to lack of input validation, when a malicious CGF (Configuration Group File) file is imported to IGSS Definition.
CVE-2021-22750 1 Schneider-electric 1 Interactive Graphical Scada System 2024-11-21 7.8 High
A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21041 and prior that could result in loss of data or remote code execution due to missing length checks, when a malicious CGF file is imported to IGSS Definition.
CVE-2021-22749 1 Schneider-electric 2 Modicon X80 Bmxnor0200h Rtu, Modicon X80 Bmxnor0200h Rtu Firmware 2024-11-21 5.3 Medium
A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Modicon X80 BMXNOR0200H RTU SV1.70 IR22 and prior that could cause information leak concerning the current RTU configuration including communication parameters dedicated to telemetry, when a specially crafted HTTP request is sent to the web server of the module.
CVE-2021-22748 1 Schneider-electric 1 C-bus Toolkit 2024-11-21 8.8 High
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could allow a remote code execution when a file is saved. Affected Product: C-Bus Toolkit (V1.15.9 and prior), C-Gate Server (V2.11.7 and prior)