Filtered by vendor Schneider-electric Subscriptions
Total 762 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2018-7242 1 Schneider-electric 114 140cpu31110, 140cpu31110 Firmware, 140cpu31110c and 111 more 2024-11-21 N/A
Vulnerable hash algorithms exists in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules. The algorithm used to encrypt the password is vulnerable to hash collision attacks.
CVE-2018-7241 1 Schneider-electric 114 140cpu31110, 140cpu31110 Firmware, 140cpu31110c and 111 more 2024-11-21 N/A
Hard coded accounts exist in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules.
CVE-2018-7240 1 Schneider-electric 26 140cpu31110, 140cpu31110 Firmware, 140cpu31110c and 23 more 2024-11-21 N/A
A vulnerability exists in Schneider Electric's Modicon Quantum in all versions of the communication modules which could allow arbitrary code execution. An FTP command used to upgrade the firmware of the module can be misused to cause a denial of service, or in extreme cases, to load a malicious firmware.
CVE-2018-7239 1 Schneider-electric 13 Atv12 Dtm, Atv212 Dtm, Atv312 Dtm and 10 more 2024-11-21 N/A
A DLL hijacking vulnerability exists in Schneider Electric's SoMove Software and associated DTM software components in all versions prior to 2.6.2 which could allow an attacker to execute arbitrary code.
CVE-2018-7238 1 Schneider-electric 40 Ibp1110-1er, Ibp1110-1er Firmware, Ibp219-1er and 37 more 2024-11-21 9.8 Critical
A buffer overflow vulnerability exist in the web-based GUI of Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow an unauthenticated, remote attacker to execute arbitrary code.
CVE-2018-7237 1 Schneider-electric 40 Ibp1110-1er, Ibp1110-1er Firmware, Ibp219-1er and 37 more 2024-11-21 9.1 Critical
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow a remote attacker to delete arbitrary system file due to lack of validation of the /login/bin/set_param to the file name with the value of 'system.delete.sd_file'
CVE-2018-7236 1 Schneider-electric 40 Ibp1110-1er, Ibp1110-1er Firmware, Ibp219-1er and 37 more 2024-11-21 8.1 High
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could enable SSH service due to lack of authentication for /login/bin/set_param could enable SSH service.
CVE-2018-7235 1 Schneider-electric 40 Ibp1110-1er, Ibp1110-1er Firmware, Ibp219-1er and 37 more 2024-11-21 7.5 High
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow arbitrary system file download due to lack of validation of the shell meta characters with the value of 'system.download.sd_file'
CVE-2018-7234 1 Schneider-electric 40 Ibp1110-1er, Ibp1110-1er Firmware, Ibp219-1er and 37 more 2024-11-21 7.5 High
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow arbitrary system file download due to lack of validation of SSL certificate.
CVE-2018-7233 1 Schneider-electric 40 Ibp1110-1er, Ibp1110-1er Firmware, Ibp219-1er and 37 more 2024-11-21 9.8 Critical
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow execution of commands due to lack of validation of the shell meta characters with the value of 'model_name' or 'mac_address'.
CVE-2018-7232 1 Schneider-electric 40 Ibp1110-1er, Ibp1110-1er Firmware, Ibp219-1er and 37 more 2024-11-21 9.8 Critical
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow execution of commands due to lack of validation of the shell meta characters with the value of 'network.ieee8021x.delete_certs'.
CVE-2018-7231 1 Schneider-electric 40 Ibp1110-1er, Ibp1110-1er Firmware, Ibp219-1er and 37 more 2024-11-21 9.8 Critical
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow execution of commands due to lack of validation of the shell meta characters with the value of 'system.opkg.remove'.
CVE-2018-7230 1 Schneider-electric 40 Ibp1110-1er, Ibp1110-1er Firmware, Ibp219-1er and 37 more 2024-11-21 8.8 High
A XML external entity (XXE) vulnerability exists in the import.cgi of the web interface component of the Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67.
CVE-2018-7229 1 Schneider-electric 40 Ibp1110-1er, Ibp1110-1er Firmware, Ibp219-1er and 37 more 2024-11-21 9.8 Critical
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow an unauthenticated, remote attacker to bypass authentication and gain administrator privileges because the use of hardcoded credentials.
CVE-2018-7228 1 Schneider-electric 40 Ibp1110-1er, Ibp1110-1er Firmware, Ibp219-1er and 37 more 2024-11-21 9.8 Critical
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow an unauthenticated, remote attacker to bypass authentication and get the administrator privileges.
CVE-2018-7227 1 Schneider-electric 40 Ibp1110-1er, Ibp1110-1er Firmware, Ibp219-1er and 37 more 2024-11-21 5.3 Medium
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow retrieving of specially crafted URLs without authentication that can reveal sensitive information to an attacker.
CVE-2018-3693 7 Arm, Fujitsu, Intel and 4 more 230 Cortex-a, Cortex-r, M12-1 and 227 more 2024-11-21 5.6 Medium
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis.
CVE-2018-3639 12 Arm, Canonical, Debian and 9 more 330 Cortex-a, Ubuntu Linux, Debian Linux and 327 more 2024-11-21 5.5 Medium
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.
CVE-2018-2815 6 Canonical, Debian, Hp and 3 more 15 Ubuntu Linux, Debian Linux, Xp7 Command View and 12 more 2024-11-21 5.3 Medium
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
CVE-2018-2814 6 Canonical, Debian, Hp and 3 more 14 Ubuntu Linux, Debian Linux, Xp7 Command View and 11 more 2024-11-21 8.3 High
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).