Filtered by vendor Schneider-electric Subscriptions
Total 765 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2022-32529 1 Schneider-electric 1 Interactive Graphical Scada System 2025-02-05 9.8 Critical
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted log data request messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170)
CVE-2022-24324 1 Schneider-electric 1 Interactive Graphical Scada System 2025-02-05 9.8 Critical
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow potentially leading to remote code execution when an attacker sends a specially crafted message. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22073)
CVE-2022-2329 1 Schneider-electric 1 Interactive Graphical Scada System 2025-02-05 9.8 Critical
A CWE-190: Integer Overflow or Wraparound vulnerability exists that could cause heap-based buffer overflow, leading to denial of service and potentially remote code execution when an attacker sends multiple specially crafted messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22073)
CVE-2022-42970 2 Microsoft, Schneider-electric 8 Windows 10, Windows 11, Windows 7 and 5 more 2025-02-05 9.8 Critical
A CWE-306: Missing Authentication for Critical Function The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GA), APC Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GA-01-22261), Schneider Electric Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GS), Schneider Electric Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GS-01-22261)
CVE-2022-42971 2 Microsoft, Schneider-electric 8 Windows 10, Windows 11, Windows 7 and 5 more 2025-02-05 9.8 Critical
A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could cause remote code execution when the attacker uploads a malicious JSP file. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GA), APC Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GA-01-22261), Schneider Electric Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GS), Schneider Electric Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GS-01-22261)
CVE-2022-0223 1 Schneider-electric 1 Ecostruxure Power Commission 2025-02-05 6.5 Medium
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could allow an attacker to create or overwrite critical files that are used to execute code, such as programs or libraries and cause unauthenticated code execution. Affected Products: EcoStruxure Power Commission (Versions prior to V2.22)
CVE-2022-22731 1 Schneider-electric 1 Ecostruxure Power Commission 2025-02-05 6.5 Medium
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in a function that could allow an attacker to create or overwrite critical files that are used to execute code, such as programs or libraries and cause path traversal attacks. Affected Products: EcoStruxure Power Commission (Versions prior to V2.22)
CVE-2022-22732 1 Schneider-electric 1 Ecostruxure Power Commission 2025-02-05 3.9 Low
A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that could cause all remote domains to access the resources (data) supplied by the server when an attacker sends a fetch request from third-party site or malicious site. Affected Products: EcoStruxure Power Commission (Versions prior to V2.22)
CVE-2022-2988 1 Schneider-electric 2 Ecostruxure Machine Expert - Hvac, Somachine Hvac 2025-02-05 4.3 Medium
A CWE-787: Out-of-bounds Write vulnerability exists that could cause sensitive information leakage when accessing a malicious web page from the commissioning software. Affected Products: SoMachine HVAC (Versions prior to V2.1.0), EcoStruxure Machine Expert – HVAC (Versions prior to V1.4.0)
CVE-2022-32512 1 Schneider-electric 1 Canbrass 2025-02-05 5.3 Medium
A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause remote code execution when a command which exploits this vulnerability is utilized. Affected Products: CanBRASS (Versions prior to V7.5.1)
CVE-2022-32515 1 Schneider-electric 2 Conext Combox, Conext Combox Firmware 2025-02-05 8.6 High
A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could cause brute force attacks to take over the admin account when the product does not implement a rate limit mechanism on the admin authentication form. Affected Products: Conext™ ComBox (All Versions)
CVE-2022-32516 1 Schneider-electric 2 Conext Combox, Conext Combox Firmware 2025-02-05 7.5 High
A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists that could cause system’s configurations override and cause a reboot loop when the product suffers from POST-Based Cross-Site Request Forgery (CSRF). Affected Products: Conext™ ComBox (All Versions)
CVE-2022-32517 1 Schneider-electric 2 Conext Combox, Conext Combox Firmware 2025-02-05 6.5 Medium
A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause an adversary to trick the interface user/admin into interacting with the application in an unintended way when the product does not implement restrictions on the ability to render within frames on external addresses. Affected Products: Conext™ ComBox (All Versions)
CVE-2022-32518 1 Schneider-electric 1 Data Center Expert 2025-02-05 8 High
A CWE-522: Insufficiently Protected Credentials vulnerability exists that could result in unwanted access to a DCE instance when performed over a network by a malicious third-party. This CVE is unique from CVE-2022-32520. Affected Products: Data Center Expert (Versions prior to V7.9.0)
CVE-2022-32519 1 Schneider-electric 1 Data Center Expert 2025-02-05 8 High
A CWE-257: Storing Passwords in a Recoverable Format vulnerability exists that could result in unwanted access to a DCE instance when performed over a network by a malicious third-party. Affected Products: Data Center Expert (Versions prior to V7.9.0)
CVE-2022-32520 1 Schneider-electric 1 Data Center Expert 2025-02-05 8 High
A CWE-522: Insufficiently Protected Credentials vulnerability exists that could result in unwanted access to a DCE instance when performed over a network by a malicious third-party. This CVE is unique from CVE-2022-32518. Affected Products: Data Center Expert (Versions prior to V7.9.0)
CVE-2022-32521 1 Schneider-electric 1 Data Center Expert 2025-02-05 7.1 High
A CWE 502: Deserialization of Untrusted Data vulnerability exists that could allow code to be remotely executed on the server when unsafely deserialized data is posted to the web server. Affected Products: Data Center Expert (Versions prior to V7.9.0)
CVE-2022-32528 1 Schneider-electric 1 Interactive Graphical Scada System 2025-02-05 8.6 High
A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause access to manipulate and read specific files in the IGSS project report directory, potentially leading to a denial-of-service condition when an attacker sends specific messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170)
CVE-2022-32747 1 Schneider-electric 1 Ecostruxure Cybersecurity Admin Expert 2025-02-05 8 High
A CWE-290: Authentication Bypass by Spoofing vulnerability exists that could cause legitimate users to be locked out of devices or facilitate backdoor account creation by spoofing a device on the local network. Affected Products: EcoStruxure™ Cybersecurity Admin Expert (CAE) (Versions prior to 2.2)
CVE-2022-32748 1 Schneider-electric 1 Ecostruxure Cybersecurity Admin Expert 2025-02-05 7.9 High
A CWE-295: Improper Certificate Validation vulnerability exists that could cause the CAE software to give wrong data to end users when using CAE to configure devices. Additionally, credentials could leak which would enable an attacker the ability to log into the configuration tool and compromise other devices in the network. Affected Products: EcoStruxure™ Cybersecurity Admin Expert (CAE) (Versions prior to 2.2)