Filtered by vendor Schneider-electric
Subscriptions
Total
753 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-37037 | 1 Schneider-electric | 7 Sage 1410, Sage 1430, Sage 1450 and 4 more | 2024-08-02 | 8.1 High |
CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability exists that could allow an authenticated user with access to the device’s web interface to corrupt files and impact device functionality when sending a crafted HTTP request. | ||||
CVE-2024-37039 | 1 Schneider-electric | 7 Sage 1410, Sage 1430, Sage 1450 and 4 more | 2024-08-02 | 5.9 Medium |
CWE-252: Unchecked Return Value vulnerability exists that could cause denial of service of the device when an attacker sends a specially crafted HTTP request. | ||||
CVE-2024-37038 | 1 Schneider-electric | 7 Sage 1410, Sage 1430, Sage 1450 and 4 more | 2024-08-02 | 7.5 High |
CWE-276: Incorrect Default Permissions vulnerability exists that could allow an authenticated user with access to the device’s web interface to perform unauthorized file and firmware uploads when crafting custom web requests. | ||||
CVE-2024-6528 | 1 Schneider-electric | 10 Modicon Lmc058, Modicon Lmc058 Firmware, Modicon M241 and 7 more | 2024-08-01 | 5.4 Medium |
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause a vulnerability leading to a cross-site scripting condition where attackers can have a victim’s browser run arbitrary JavaScript when they visit a page containing the injected payload. | ||||
CVE-2024-6407 | 1 Schneider-electric | 2 Whc-5918a, Whc-5918a Firmware | 2024-08-01 | 9.8 Critical |
CWE-200: Information Exposure vulnerability exists that could cause disclosure of credentials when a specially crafted message is sent to the device. | ||||
CVE-2024-5681 | 1 Schneider-electric | 1 Ecostruxure Foxboro Dcs Control Core Services | 2024-08-01 | 7.8 High |
CWE-20: Improper Input Validation vulnerability exists that could cause local denial-of-service, privilege escalation, and potentially kernel execution when a malicious actor with local user access crafts a script/program using an IOCTL call in the Foxboro.sys driver. | ||||
CVE-2024-5680 | 1 Schneider-electric | 1 Ecostruxure Foxboro Dcs Control Core Services | 2024-08-01 | 7.1 High |
CWE-129: Improper Validation of Array Index vulnerability exists that could cause local denial-of-service when a malicious actor with local user access crafts a script/program using an IOCTL call in the Foxboro.sys driver. | ||||
CVE-2024-5557 | 1 Schneider-electric | 4 Spacelogic As-b, Spacelogic As-b Firmware, Spacelogic As-p and 1 more | 2024-08-01 | 4.5 Medium |
CWE-532: Insertion of Sensitive Information into Log File vulnerability exists that could cause exposure of SNMP credentials when an attacker has access to the controller logs. | ||||
CVE-2024-5679 | 1 Schneider-electric | 1 Ecostruxure Foxboro Dcs Control Core Services | 2024-08-01 | 7.1 High |
CWE-787: Out-of-Bounds Write vulnerability exists that could cause local denial-of-service, or kernel memory leak when a malicious actor with local user access crafts a script/program using an IOCTL call in the Foxboro.sys driver. | ||||
CVE-2024-5560 | 1 Schneider-electric | 7 Sage 1410, Sage 1430, Sage 1450 and 4 more | 2024-08-01 | 5.3 Medium |
CWE-125: Out-of-bounds Read vulnerability exists that could cause denial of service of the device’s web interface when an attacker sends a specially crafted HTTP request. | ||||
CVE-2024-5558 | 1 Schneider-electric | 4 Spacelogic As-b, Spacelogic As-b Firmware, Spacelogic As-p and 1 more | 2024-08-01 | 6.4 Medium |
CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability exists that could cause escalation of privileges when an attacker abuses a limited admin account. | ||||
CVE-2024-2602 | 1 Schneider-electric | 1 Foxrtu Station | 2024-08-01 | 7.3 High |
CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could result in remote code execution when an authenticated user executes a saved project file that has been tampered by a malicious actor. | ||||
CVE-2024-0865 | 1 Schneider-electric | 1 Ecostruxure It Gateway | 2024-08-01 | 7.8 High |
CWE-798: Use of hard-coded credentials vulnerability exists that could cause local privilege escalation when logged in as a non-administrative user. |