Filtered by vendor Schneider-electric
Subscriptions
Total
753 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-7783 | 1 Schneider-electric | 1 Somachine Basic | 2024-09-16 | N/A |
| Schneider Electric SoMachine Basic prior to v1.6 SP1 suffers from an XML External Entity (XXE) vulnerability using the DTD parameter entities technique resulting in disclosure and retrieval of arbitrary data on the affected node via out-of-band (OOB) attack. The vulnerability is triggered when input passed to the xml parser is not sanitized while parsing the xml project/template file. | ||||
| CVE-2011-4860 | 1 Schneider-electric | 3 Quantum Ethernet Module 140noe77100, Quantum Ethernet Module 140noe77101, Quantum Ethernet Module 140noe77111 | 2024-09-16 | N/A |
| The ComputePassword function in the Schneider Electric Quantum Ethernet Module on the NOE 771 device (aka the Quantum 140NOE771* module) generates the password for the fwupgrade account by performing a calculation on the MAC address, which makes it easier for remote attackers to obtain access via a (1) ARP request message or (2) Neighbor Solicitation message. | ||||
| CVE-2017-9969 | 1 Schneider-electric | 1 Igss Mobile | 2024-09-16 | N/A |
| An information disclosure vulnerability exists in Schneider Electric's IGSS Mobile application version 3.01 and prior. Passwords are stored in clear text in the configuration which can result in exposure of sensitive information. | ||||
| CVE-2017-9964 | 1 Schneider-electric | 1 Pelco Videoxpert | 2024-09-16 | N/A |
| A Path Traversal issue was discovered in Schneider Electric Pelco VideoXpert Enterprise all versions prior to 2.1. By sniffing communications, an unauthorized person can execute a directory traversal attack resulting in authentication bypass or session hijack. | ||||
| CVE-2018-7236 | 1 Schneider-electric | 40 Ibp1110-1er, Ibp1110-1er Firmware, Ibp219-1er and 37 more | 2024-09-16 | 8.1 High |
| A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could enable SSH service due to lack of authentication for /login/bin/set_param could enable SSH service. | ||||
| CVE-2017-8371 | 1 Schneider-electric | 1 Struxureware Data Center Expert | 2024-09-16 | N/A |
| Schneider Electric StruxureWare Data Center Expert before 7.4.0 uses cleartext RAM storage for passwords, which might allow remote attackers to obtain sensitive information via unspecified vectors. | ||||
| CVE-2018-7227 | 1 Schneider-electric | 40 Ibp1110-1er, Ibp1110-1er Firmware, Ibp219-1er and 37 more | 2024-09-16 | 5.3 Medium |
| A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow retrieving of specially crafted URLs without authentication that can reveal sensitive information to an attacker. | ||||
| CVE-2017-9961 | 1 Schneider-electric | 1 Pro-face Gp Pro Ex | 2024-09-16 | N/A |
| A vulnerability exists in Schneider Electric's Pro-Face GP Pro EX version 4.07.000 that allows an attacker to execute arbitrary code. Malicious code installation requires an access to the computer. By placing a specific DLL/OCX file, an attacker is able to force the process to load arbitrary DLL and execute arbitrary code in the context of the process. | ||||
| CVE-2011-3144 | 2 Aveva, Schneider-electric | 3 Clearscada, Scx 67, Scx 68 | 2024-09-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Control Microsystems ClearSCADA 2005, 2007, and 2009 before R2.3 and R1.4, as used in SCX before 67 R4.5 and 68 R3.9, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2017-7974 | 1 Schneider-electric | 1 U.motion Builder | 2024-09-16 | N/A |
| A path traversal information disclosure vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an unauthenticated user can execute arbitrary code and exfiltrate files. | ||||
| CVE-2018-7771 | 1 Schneider-electric | 1 U.motion Builder | 2024-09-16 | N/A |
| The vulnerability exists within processing of editscript.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. A directory traversal vulnerability allows a caller with standard user privileges to write arbitrary php files anywhere in the web service directory tree. | ||||
| CVE-2018-7781 | 1 Schneider-electric | 40 Ibp1110-1er, Ibp1110-1er Firmware, Ibp219-1er and 37 more | 2024-09-16 | N/A |
| In Schneider Electric Pelco Sarix Professional 1st generation cameras with firmware versions prior to 3.29.69, by sending a specially crafted request an authenticated user can view password in clear text and results in privilege escalation. | ||||
| CVE-2018-7790 | 1 Schneider-electric | 2 Modicon M221, Modicon M221 Firmware | 2024-09-16 | 9.8 Critical |
| An Information Management Error vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to replay authentication sequences. If an attacker exploits this vulnerability and connects to a Modicon M221, the attacker can upload the original program from the PLC. | ||||
| CVE-2018-7782 | 1 Schneider-electric | 40 Ibp1110-1er, Ibp1110-1er Firmware, Ibp219-1er and 37 more | 2024-09-16 | N/A |
| In Schneider Electric Pelco Sarix Professional 1st generation cameras with firmware versions prior to 3.29.69, authenticated users can view passwords in clear text. | ||||
| CVE-2018-7789 | 1 Schneider-electric | 2 Modicon M221, Modicon M221 Firmware | 2024-09-16 | 7.5 High |
| An Improper Check for Unusual or Exceptional Conditions vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to remotely reboot Modicon M221 using crafted programing protocol frames. | ||||
| CVE-2022-34765 | 1 Schneider-electric | 4 Opc Ua Module For M580, Opc Ua Module For M580 Firmware, X80 Advanced Rtu Module and 1 more | 2024-09-16 | 5.5 Medium |
| A CWE-73: External Control of File Name or Path vulnerability exists that could cause loading of unauthorized firmware images when user-controlled data is written to the file path. Affected Products: X80 advanced RTU Communication Module (BMENOR2200H) (V2.01 and later), OPC UA Modicon Communication Module (BMENUA0100) (V1.10 and prior) | ||||
| CVE-2018-7784 | 1 Schneider-electric | 1 U.motion | 2024-09-16 | N/A |
| In Schneider Electric U.motion Builder software versions prior to v1.3.4, this exploit occurs when the submitted data of an input string is evaluated as a command by the application. In this way, the attacker could execute code, read the stack, or cause a segmentation fault in the running application. | ||||
| CVE-2013-0664 | 1 Schneider-electric | 3 Modicon M340, Modicon Premium, Modicon Quantum Plc | 2024-09-16 | N/A |
| The FactoryCast service on the Schneider Electric Quantum 140NOE77111 and 140NWM10000, M340 BMXNOE0110x, and Premium TSXETY5103 PLC modules allows remote authenticated users to send Modbus messages, and consequently execute arbitrary code, by embedding these messages in SOAP HTTP POST requests. | ||||
| CVE-2018-7231 | 1 Schneider-electric | 40 Ibp1110-1er, Ibp1110-1er Firmware, Ibp219-1er and 37 more | 2024-09-16 | 9.8 Critical |
| A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow execution of commands due to lack of validation of the shell meta characters with the value of 'system.opkg.remove'. | ||||
| CVE-2018-7229 | 1 Schneider-electric | 40 Ibp1110-1er, Ibp1110-1er Firmware, Ibp219-1er and 37 more | 2024-09-16 | 9.8 Critical |
| A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow an unauthenticated, remote attacker to bypass authentication and gain administrator privileges because the use of hardcoded credentials. | ||||