Filtered by vendor Schneider-electric Subscriptions
Total 762 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2020-7521 1 Schneider-electric 1 Apc Easy Ups Online Software 2024-11-21 9.8 Critical
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in SFAPV9601 - APC Easy UPS On-Line Software (V2.0 and earlier) when accessing a vulnerable method of `FileUploadServlet` which may lead to uploading executable files to non-specified directories.
CVE-2020-7520 1 Schneider-electric 1 Software Update Utility 2024-11-21 4.7 Medium
A CWE-601: URL Redirection to Untrusted Site ('Open Redirect') vulnerability exists in Schneider Electric Software Update (SESU), V2.4.0 and prior, which could cause execution of malicious code on the victim's machine. In order to exploit this vulnerability, an attacker requires privileged access on the engineering workstation to modify a Windows registry key which would divert all traffic updates to go through a server in the attacker's possession. A man-in-the-middle attack is then used to complete the exploit.
CVE-2020-7519 1 Schneider-electric 1 Easergy Builder 2024-11-21 7.5 High
A CWE-521: Weak Password Requirements vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker to compromise a user account.
CVE-2020-7518 1 Schneider-electric 1 Easergy Builder 2024-11-21 7.5 High
A CWE-20: Improper input validation vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker to modify project configuration files.
CVE-2020-7517 1 Schneider-electric 1 Easergy Builder 2024-11-21 5.5 Medium
A CWE-312: Cleartext Storage of Sensitive Information vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker to read user credentials.
CVE-2020-7516 1 Schneider-electric 1 Easergy Builder 2024-11-21 7.8 High
A CWE-316: Cleartext Storage of Sensitive Information in Memory vulnerability exists in Easergy Builder V1.4.7.2 and prior which could allow an attacker access to login credentials.
CVE-2020-7515 1 Schneider-electric 1 Easergy Builder 2024-11-21 7.8 High
A CWE-321: Use of hard-coded cryptographic key stored in cleartext vulnerability exists in Easergy Builder V1.4.7.2 and prior which could allow an attacker to decrypt a password.
CVE-2020-7514 1 Schneider-electric 1 Easergy Builder 2024-11-21 7.8 High
A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker access to the authorization credentials for a device and gain full access.
CVE-2020-7513 1 Schneider-electric 2 Easergy T300, Easergy T300 Firmware 2024-11-21 7.5 High
A CWE-312: Cleartext Storage of Sensitive Information vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to intercept traffic and read configuration data.
CVE-2020-7512 1 Schneider-electric 2 Easergy T300, Easergy T300 Firmware 2024-11-21 9.8 Critical
A CWE-1103: Use of Platform-Dependent Third Party Components with vulnerabilities vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to exploit the component.
CVE-2020-7511 1 Schneider-electric 2 Easergy T300, Easergy T300 Firmware 2024-11-21 7.5 High
A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to acquire a password by brute force.
CVE-2020-7510 1 Schneider-electric 2 Easergy T300, Easergy T300 Firmware 2024-11-21 7.5 High
A CWE-200: Information Exposure vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow attacker to obtain private keys.
CVE-2020-7509 1 Schneider-electric 2 Easergy T300, Easergy T300 Firmware 2024-11-21 7.2 High
A CWE-269: Improper privilege management (write) vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to elevate their privileges and delete files.
CVE-2020-7508 1 Schneider-electric 2 Easergy T300, Easergy T300 Firmware 2024-11-21 9.8 Critical
A CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to gain full access by brute force.
CVE-2020-7507 1 Schneider-electric 2 Easergy T300, Easergy T300 Firmware 2024-11-21 7.5 High
A CWE-400: Uncontrolled Resource Consumption vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to login multiple times resulting in a denial of service.
CVE-2020-7506 1 Schneider-electric 2 Easergy T300, Easergy T300 Firmware 2024-11-21 7.5 High
A CWE-200: Information Exposure vulnerability exists in Easergy T300, Firmware V1.5.2 and prior, which could allow an attacker to pack or unpack the archive with the firmware for the controller and modules using the usual tar archiver resulting in an information exposure.
CVE-2020-7505 1 Schneider-electric 2 Easergy T300, Easergy T300 Firmware 2024-11-21 7.2 High
A CWE-494 Download of Code Without Integrity Check vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to inject data with dangerous content into the firmware and execute arbitrary code on the system.
CVE-2020-7504 1 Schneider-electric 2 Easergy T300, Easergy T300 Firmware 2024-11-21 5.3 Medium
A CWE-20: Improper Input Validation vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to disable the webserver service on the device when specially crafted network packets are sent.
CVE-2020-7503 1 Schneider-electric 2 Easergy T300, Easergy T300 Firmware 2024-11-21 8.8 High
A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to execute malicious commands on behalf of a legitimate user when xsrf-token data is intercepted.
CVE-2020-7502 1 Schneider-electric 2 Modicon M218, Modicon M218 Firmware 2024-11-21 7.5 High
A CWE-787: Out-of-bounds Write vulnerability exists in Modicon M218 Logic Controller (Firmware version 4.3 and prior), which may cause a Denial of Service when specific TCP/IP crafted packets are sent to the Modicon M218 Logic Controller.