Filtered by vendor Schneider-electric Subscriptions
Total 765 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-25551 1 Schneider-electric 1 Struxureware Data Center Expert 2025-02-12 6.1 Medium
A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists on a DCE file upload endpoint when tampering with parameters over HTTP. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)
CVE-2023-25550 1 Schneider-electric 1 Struxureware Data Center Expert 2025-02-12 7.2 High
A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that allows remote code execution via the “hostname” parameter when maliciously crafted hostname syntax is entered. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)
CVE-2023-25554 1 Schneider-electric 1 Struxureware Data Center Expert 2025-02-12 7.8 High
A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that allows a local privilege escalation on the appliance when a maliciously crafted Operating System command is entered on the device. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)
CVE-2023-25547 1 Schneider-electric 1 Struxureware Data Center Expert 2025-02-12 8.8 High
A CWE-863: Incorrect Authorization vulnerability exists that could allow remote code execution on upload and install packages when a hacker is using a low privileged user account. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)
CVE-2018-7841 1 Schneider-electric 1 U.motion Builder 2025-02-07 9.8 Critical
A SQL Injection (CWE-89) vulnerability exists in U.motion Builder software version 1.3.4 which could cause unwanted code execution when an improper set of characters is entered.
CVE-2023-25555 1 Schneider-electric 1 Struxureware Data Center Expert 2025-02-05 5.6 Medium
A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could allow a user that knows the credentials to execute unprivileged shell commands on the appliance over SSH. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)
CVE-2023-25553 1 Schneider-electric 1 Struxureware Data Center Expert 2025-02-05 6.1 Medium
A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists on a DCE endpoint through the logging capabilities of the webserver. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)
CVE-2023-28003 1 Schneider-electric 1 Ecostruxure Power Monitoring Expert 2025-02-05 6.7 Medium
A CWE-613: Insufficient Session Expiration vulnerability exists that could allow an attacker to maintain unauthorized access over a hijacked session in PME after the legitimate user has signed out of their account.
CVE-2023-29411 2 Microsoft, Schneider-electric 7 Windows 10, Windows 11, Windows Server 2016 and 4 more 2025-02-05 9.8 Critical
A CWE-306: Missing Authentication for Critical Function vulnerability exists that could allow changes to administrative credentials, leading to potential remote code execution without requiring prior authentication on the Java RMI interface.
CVE-2023-25556 1 Schneider-electric 14 Merten Instabus Tastermodul 1fach System M, Merten Instabus Tastermodul 1fach System M Firmware, Merten Instabus Tastermodul 2fach System M and 11 more 2025-02-05 8.3 High
A CWE-287: Improper Authentication vulnerability exists that could allow a device to be compromised when a key of less than seven digits is entered and the attacker has access to the KNX installation.
CVE-2023-1548 1 Schneider-electric 1 Ecostruxure Control Expert 2025-02-05 5.5 Medium
A CWE-269: Improper Privilege Management vulnerability exists that could cause a local user to perform a denial of service through the console server service that is part of EcoStruxure Control Expert. Affected Products: EcoStruxure Control Expert (V15.1 and above)
CVE-2023-27976 1 Schneider-electric 1 Ecostruxure Control Expert 2025-02-05 8.8 High
A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that could cause remote code execution when a valid user visits a malicious link provided through the web endpoints. Affected Products: EcoStruxure Control Expert (V15.1 and above)
CVE-2023-29412 2 Microsoft, Schneider-electric 7 Windows 10, Windows 11, Windows Server 2016 and 4 more 2025-02-05 9.8 Critical
CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause remote code execution when manipulating internal methods through Java RMI interface.
CVE-2023-29413 2 Microsoft, Schneider-electric 7 Windows 10, Windows 11, Windows Server 2016 and 4 more 2025-02-05 7.5 High
A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause Denial-of-Service when accessed by an unauthenticated user on the Schneider UPS Monitor service.
CVE-2023-29410 1 Schneider-electric 6 Conext Gateway, Conext Gateway Firmware, Insightfacility and 3 more 2025-02-05 7.2 High
A CWE-20: Improper Input Validation vulnerability exists that could allow an authenticated attacker to gain the same privilege as the application on the server when a malicious payload is provided over HTTP for the server to execute.
CVE-2022-43377 1 Schneider-electric 10 Netbotz 355, Netbotz 355 Firmware, Netbotz 450 and 7 more 2025-02-05 7.5 High
A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could cause account takeover when a brute force attack is performed on the account. Affected Products: NetBotz 4 - 355/450/455/550/570 (V4.7.0 and prior)
CVE-2022-32513 1 Schneider-electric 12 5500ac2, 5500ac2 Firmware, 5500nac and 9 more 2025-02-05 9.8 Critical
A CWE-521: Weak Password Requirements vulnerability exists that could allow an attacker to gain control of the device when the attacker brute forces the password. Affected Products: C-Bus Network Automation Controller - LSS5500NAC (Versions prior to V1.10.0), Wiser for C-Bus Automation Controller - LSS5500SHAC (Versions prior to V1.10.0), Clipsal C-Bus Network Automation Controller - 5500NAC (Versions prior to V1.10.0), Clipsal Wiser for C-Bus Automation Controller - 5500SHAC (Versions prior to V1.10.0), SpaceLogic C-Bus Network Automation Controller - 5500NAC2 (Versions prior to V1.10.0), SpaceLogic C-Bus Application Controller - 5500AC2 (Versions prior to V1.10.0)
CVE-2022-32514 1 Schneider-electric 12 5500ac2, 5500ac2 Firmware, 5500nac and 9 more 2025-02-05 9.8 Critical
A CWE-287: Improper Authentication vulnerability exists that could allow an attacker to gain control of the device when logging into a web page. Affected Products: C-Bus Network Automation Controller - LSS5500NAC (Versions prior to V1.10.0), Wiser for C-Bus Automation Controller - LSS5500SHAC (Versions prior to V1.10.0), Clipsal C-Bus Network Automation Controller - 5500NAC (Versions prior to V1.10.0), Clipsal Wiser for C-Bus Automation Controller - 5500SHAC (Versions prior to V1.10.0), SpaceLogic C-Bus Network Automation Controller - 5500NAC2 (Versions prior to V1.10.0), SpaceLogic C-Bus Application Controller - 5500AC2 (Versions prior to V1.10.0)
CVE-2022-32522 1 Schneider-electric 1 Interactive Graphical Scada System 2025-02-05 9.8 Critical
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted mathematically reduced data request messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170)
CVE-2022-32523 1 Schneider-electric 1 Interactive Graphical Scada System 2025-02-05 9.8 Critical
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted online data request messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170)