Filtered by vendor Schneider-electric
Subscriptions
Total
753 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-6407 | 2 Microsoft, Schneider-electric | 6 Windows 10 1507, Windows 11 21h2, Windows Server 2016 and 3 more | 2024-08-02 | 5.3 Medium |
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause arbitrary file deletion upon service restart when accessed by a local and low-privileged attacker. | ||||
CVE-2023-6032 | 1 Schneider-electric | 4 Galaxy Vl, Galaxy Vl Firmware, Galaxy Vs and 1 more | 2024-08-02 | 5.3 Medium |
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause a file system enumeration and file download when an attacker navigates to the Network Management Card via HTTPS. | ||||
CVE-2023-5986 | 1 Schneider-electric | 1 Ecostruxure Power Monitoring Expert | 2024-08-02 | 8.2 High |
A CWE-601 URL Redirection to Untrusted Site vulnerability exists that could cause an openredirect vulnerability leading to a cross site scripting attack. By providing a URL-encoded input attackers can cause the software’s web application to redirect to the chosen domain after a successful login is performed. | ||||
CVE-2023-5984 | 1 Schneider-electric | 4 Ion8650, Ion8650 Firmware, Ion8800 and 1 more | 2024-08-02 | 7.2 High |
A CWE-494 Download of Code Without Integrity Check vulnerability exists that could allow modified firmware to be uploaded when an authorized admin user begins a firmware update procedure which could result in full control over the device. | ||||
CVE-2023-5987 | 1 Schneider-electric | 1 Ecostruxure Power Monitoring Expert | 2024-08-02 | 6.1 Medium |
A CWE-79 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) vulnerability that could cause a vulnerability leading to a cross site scripting condition where attackers can have a victim’s browser run arbitrary JavaScript when they visit a page containing the injected payload. | ||||
CVE-2023-5629 | 1 Schneider-electric | 32 Eb450, Eb450 Firmware, Eb45e and 29 more | 2024-08-02 | 8.2 High |
A CWE-601:URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability exists that could cause disclosure of information through phishing attempts over HTTP. | ||||
CVE-2023-5630 | 1 Schneider-electric | 32 Eb450, Eb450 Firmware, Eb45e and 29 more | 2024-08-02 | 6.5 Medium |
A CWE-494: Download of Code Without Integrity Check vulnerability exists that could allow a privileged user to install an untrusted firmware. | ||||
CVE-2023-5399 | 1 Schneider-electric | 1 Spacelogic C-bus Toolkit | 2024-08-02 | 9.8 Critical |
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause tampering of files on the personal computer running C-Bus when using the File Command. | ||||
CVE-2023-5391 | 1 Schneider-electric | 3 Ecostruxure Power Monitoring Expert, Ecostruxure Power Operation With Advanced Reports, Ecostruxure Power Scada Operation With Advanced Reports | 2024-08-02 | 9.8 Critical |
A CWE-502: Deserialization of untrusted data vulnerability exists that could allow an attacker to execute arbitrary code on the targeted system by sending a specifically crafted packet to the application. | ||||
CVE-2023-5402 | 1 Schneider-electric | 1 C-bus Toolkit | 2024-08-02 | 9.8 Critical |
A CWE-269: Improper Privilege Management vulnerability exists that could cause a remote code execution when the transfer command is used over the network. | ||||
CVE-2023-4516 | 1 Schneider-electric | 1 Interactive Graphical Scada System | 2024-08-02 | 7.8 High |
A CWE-306: Missing Authentication for Critical Function vulnerability exists in the IGSS Update Service that could allow a local attacker to change update source, potentially leading to remote code execution when the attacker force an update containing malicious content. | ||||
CVE-2023-3953 | 1 Schneider-electric | 1 Pro-face Gp-pro Ex | 2024-08-02 | 5.3 Medium |
A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause memory corruption when an authenticated user opens a tampered log file from GP-Pro EX. | ||||
CVE-2023-3001 | 1 Schneider-electric | 1 Igss Dashboard | 2024-08-02 | 7.8 High |
A CWE-502: Deserialization of Untrusted Data vulnerability exists in the Dashboard module that could cause an interpretation of malicious payload data, potentially leading to remote code execution when an attacker gets the user to open a malicious file. | ||||
CVE-2023-2570 | 1 Schneider-electric | 1 Ecostruxure Foxboro Dcs Control Core Services | 2024-08-02 | 7 High |
A CWE-129: Improper Validation of Array Index vulnerability exists that could cause local denial-of-service, and potentially kernel execution when a malicious actor with local user access crafts a script/program using an unpredictable index to an IOCTL call in the Foxboro.sys driver. | ||||
CVE-2023-2569 | 1 Schneider-electric | 1 Ecostruxure Foxboro Dcs Control Core Services | 2024-08-02 | 7.8 High |
A CWE-787: Out-of-Bounds Write vulnerability exists that could cause local denial-of-service, elevation of privilege, and potentially kernel execution when a malicious actor with local user access crafts a script/program using an IOCTL call in the Foxboro.sys driver. | ||||
CVE-2023-2161 | 1 Schneider-electric | 1 Opc Factory Server | 2024-08-02 | 5 Medium |
A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause unauthorized read access to the file system when a malicious configuration file is loaded on to the software by a local user. | ||||
CVE-2023-1548 | 1 Schneider-electric | 1 Ecostruxure Control Expert | 2024-08-02 | 5.5 Medium |
A CWE-269: Improper Privilege Management vulnerability exists that could cause a local user to perform a denial of service through the console server service that is part of EcoStruxure Control Expert. Affected Products: EcoStruxure Control Expert (V15.1 and above) | ||||
CVE-2023-1049 | 1 Schneider-electric | 2 Ecostruxure Operator Terminal Expert, Pro-face Blue | 2024-08-02 | 7.8 High |
A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause execution of malicious code when an unsuspicious user loads a project file from the local filesystem into the HMI. | ||||
CVE-2023-0595 | 1 Schneider-electric | 4 Clearscada, Ecostruxure Geo Scada Expert 2019, Ecostruxure Geo Scada Expert 2020 and 1 more | 2024-08-02 | 5.3 Medium |
A CWE-117: Improper Output Neutralization for Logs vulnerability exists that could cause the misinterpretation of log files when malicious packets are sent to the Geo SCADA server's database web port (default 443). Affected products: EcoStruxure Geo SCADA Expert 2019, EcoStruxure Geo SCADA Expert 2020, EcoStruxure Geo SCADA Expert 2021(All Versions prior to October 2022), ClearSCADA (All Versions) | ||||
CVE-2024-37040 | 1 Schneider-electric | 7 Sage 1410, Sage 1430, Sage 1450 and 4 more | 2024-08-02 | 5.4 Medium |
CWE-120: Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’) vulnerability exists that could allow a user with access to the device’s web interface to cause a fault on the device when sending a malformed HTTP request. |