Filtered by vendor Schneider-electric
Subscriptions
Total
795 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-7969 | 1 Schneider-electric | 3 Citect Anywhere, Powerscada Anywhere, Powerscada Expert | 2025-04-20 | N/A |
| A cross-site request forgery vulnerability exists on the Secure Gateway component of Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 for multiple state-changing requests. This type of attack requires some level of social engineering in order to get a legitimate user to click on or access a malicious link/site containing the CSRF attack. | ||||
| CVE-2017-9960 | 1 Schneider-electric | 1 U.motion Builder | 2025-04-20 | N/A |
| An information disclosure vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the system response to error provides more information than should be available to an unauthenticated user. | ||||
| CVE-2016-8367 | 1 Schneider-electric | 16 Magelis Gto Advanced Optimum Panel, Magelis Gto Advanced Optimum Panel Firmware, Magelis Gtu Universal Panel and 13 more | 2025-04-20 | 5.3 Medium |
| An issue was discovered in Schneider Electric Magelis HMI Magelis GTO Advanced Optimum Panels, all versions, Magelis GTU Universal Panel, all versions, Magelis STO5xx and STU Small panels, all versions, Magelis XBT GH Advanced Hand-held Panels, all versions, Magelis XBT GK Advanced Touchscreen Panels with Keyboard, all versions, Magelis XBT GT Advanced Touchscreen Panels, all versions, and Magelis XBT GTW Advanced Open Touchscreen Panels (Windows XPe). An attacker can open multiple connections to a targeted web server and keep connections open preventing new connections from being made, rendering the web server unavailable during an attack. | ||||
| CVE-2017-14024 | 1 Schneider-electric | 2 Wonderware Indusoft Web Studio, Wonderware Intouch | 2025-04-20 | N/A |
| A Stack-based Buffer Overflow issue was discovered in Schneider Electric InduSoft Web Studio v8.0 SP2 Patch 1 and prior versions, and InTouch Machine Edition v8.0 SP2 Patch 1 and prior versions. The stack-based buffer overflow vulnerability has been identified, which may allow remote code execution with high privileges. | ||||
| CVE-2016-8354 | 1 Schneider-electric | 1 Unity Pro | 2025-04-20 | N/A |
| An issue was discovered in Schneider Electric Unity PRO prior to V11.1. Unity projects can be compiled as x86 instructions and loaded onto the PLC Simulator delivered with Unity PRO. These x86 instructions are subsequently executed directly by the simulator. A specially crafted patched Unity project file can make the simulator execute malicious code by redirecting the control flow of these instructions. | ||||
| CVE-2017-5155 | 1 Schneider-electric | 1 Wonderware Historian | 2025-04-20 | N/A |
| An issue was discovered in Schneider Electric Wonderware Historian 2014 R2 SP1 P01 and earlier. Wonderware Historian creates logins with default passwords, which can allow a malicious entity to compromise Historian databases. In some installation scenarios, resources beyond those created by Wonderware Historian may be compromised as well. | ||||
| CVE-2017-9961 | 1 Schneider-electric | 1 Pro-face Gp Pro Ex | 2025-04-20 | N/A |
| A vulnerability exists in Schneider Electric's Pro-Face GP Pro EX version 4.07.000 that allows an attacker to execute arbitrary code. Malicious code installation requires an access to the computer. By placing a specific DLL/OCX file, an attacker is able to force the process to load arbitrary DLL and execute arbitrary code in the context of the process. | ||||
| CVE-2017-7574 | 1 Schneider-electric | 3 Modicon Tm221ce16r, Modicon Tm221ce16r Firmware, Somachine | 2025-04-20 | 9.8 Critical |
| Schneider Electric SoMachine Basic 1.4 SP1 and Schneider Electric Modicon TM221CE16R 1.3.3.3 devices have a hardcoded-key vulnerability. The Project Protection feature is used to prevent unauthorized users from opening an XML protected project file, by prompting the user for a password. This XML file is AES-CBC encrypted; however, the key used for encryption (SoMachineBasicSoMachineBasicSoMa) cannot be changed. After decrypting the XML file with this key, the user password can be found in the decrypted data. After reading the user password, the project can be opened and modified with the Schneider product. | ||||
| CVE-2017-9957 | 1 Schneider-electric | 1 U.motion Builder | 2025-04-20 | N/A |
| A vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the web service contains a hidden system account with a hardcoded password. An attacker can use this information to log into the system with high-privilege credentials. | ||||
| CVE-2016-5815 | 1 Schneider-electric | 6 Ion5000, Ion7300, Ion7500 and 3 more | 2025-04-20 | N/A |
| An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. No authentication is configured by default. An unauthorized user can access the device management portal and make configuration changes. | ||||
| CVE-2017-9956 | 1 Schneider-electric | 1 U.motion Builder | 2025-04-20 | N/A |
| An authentication bypass vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the system contains a hard-coded valid session. An attacker can use that session ID as part of the HTTP cookie of a web request, resulting in authentication bypass | ||||
| CVE-2017-6019 | 1 Schneider-electric | 2 Conext Combox 865-1058, Conext Combox 865-1058 Firmware | 2025-04-20 | N/A |
| An issue was discovered in Schneider Electric Conext ComBox, model 865-1058, all firmware versions prior to V3.03 BN 830. A series of rapid requests to the device may cause it to reboot. | ||||
| CVE-2017-7974 | 1 Schneider-electric | 1 U.motion Builder | 2025-04-20 | N/A |
| A path traversal information disclosure vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an unauthenticated user can execute arbitrary code and exfiltrate files. | ||||
| CVE-2017-8371 | 1 Schneider-electric | 1 Struxureware Data Center Expert | 2025-04-20 | N/A |
| Schneider Electric StruxureWare Data Center Expert before 7.4.0 uses cleartext RAM storage for passwords, which might allow remote attackers to obtain sensitive information via unspecified vectors. | ||||
| CVE-2017-6030 | 1 Schneider-electric | 6 Modicon M221, Modicon M221 Firmware, Modicon M241 and 3 more | 2025-04-20 | 6.5 Medium |
| A Predictable Value Range from Previous Values issue was discovered in Schneider Electric Modicon PLCs Modicon M221, firmware versions prior to Version 1.5.0.0, Modicon M241, firmware versions prior to Version 4.0.5.11, and Modicon M251, firmware versions prior to Version 4.0.5.11. The affected products generate insufficiently random TCP initial sequence numbers that may allow an attacker to predict the numbers from previous values. This may allow an attacker to spoof or disrupt TCP connections. | ||||
| CVE-2017-9959 | 1 Schneider-electric | 1 U.motion Builder | 2025-04-20 | N/A |
| A vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the system accepts reboot in session from unauthenticated users, supporting a denial of service condition. | ||||
| CVE-2016-5818 | 1 Schneider-electric | 2 Powerlogic Pm8ecc, Powerlogic Pm8ecc Firmware | 2025-04-20 | N/A |
| An issue was discovered in Schneider Electric PowerLogic PM8ECC device 2.651 and older. Undocumented hard-coded credentials allow access to the device. | ||||
| CVE-2017-7966 | 1 Schneider-electric | 1 Somachine | 2025-04-20 | N/A |
| A DLL Hijacking vulnerability in the programming software in Schneider Electric's SoMachine HVAC v2.1.0 allows a remote attacker to execute arbitrary code on the targeted system. The vulnerability exists due to the improper loading of a DLL. | ||||
| CVE-2016-8352 | 1 Schneider-electric | 6 Connexium Firmware, Tcsefec23f3f20, Tcsefec23f3f21 and 3 more | 2025-04-20 | N/A |
| An issue was discovered in Schneider Electric ConneXium firewalls TCSEFEC23F3F20 all versions, TCSEFEC23F3F21 all versions, TCSEFEC23FCF20 all versions, TCSEFEC23FCF21 all versions, and TCSEFEC2CF3F20 all versions. A stack-based buffer overflow can be triggered during the SNMP login authentication process that may allow an attacker to remotely execute code. | ||||
| CVE-2017-7972 | 1 Schneider-electric | 3 Citect Anywhere, Powerscada Anywhere, Powerscada Expert | 2025-04-20 | N/A |
| A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the ability to escape out of remote PowerSCADA Anywhere applications and launch other processes. | ||||