Filtered by vendor Schneider-electric
Subscriptions
Total
765 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-2763 | 1 Schneider-electric | 24 Modicon M340 Bmx Noc 0401, Modicon M340 Bmx Noc 0401 Firmware, Modicon M340 Bmx Noe 0100 and 21 more | 2025-04-11 | N/A |
| The Schneider Electric M340 PLC modules allow remote attackers to cause a denial of service (resource consumption) via unspecified vectors. NOTE: the vendor reportedly disputes this issue because it "could not be duplicated" and "an attacker could not remotely exploit this observed behavior to deny PLC control functions. | ||||
| CVE-2013-2762 | 1 Schneider-electric | 1 Magelis Xbt Hmi | 2025-04-11 | N/A |
| The Schneider Electric Magelis XBT HMI controller has a default password for authentication of configuration uploads, which makes it easier for remote attackers to bypass intended access restrictions via crafted configuration data. | ||||
| CVE-2012-1990 | 1 Schneider-electric | 2 Kerweb, Kerwin | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Schneider Electric Kerweb before 3.0.1 and Kerwin before 6.0.1 allow remote attackers to inject arbitrary web script or HTML via (1) the evtvariablename parameter in an evts.xml action to kw.dll, (2) unspecified search fields, or (3) unspecified content-display fields. | ||||
| CVE-2013-0655 | 1 Schneider-electric | 1 Software Update Utility | 2025-04-11 | N/A |
| The client in Schneider Electric Software Update (SESU) Utility 1.0.x and 1.1.x does not ensure that updates have a valid origin, which allows man-in-the-middle attackers to spoof updates, and consequently execute arbitrary code, by modifying the data stream on TCP port 80. | ||||
| CVE-2013-2796 | 1 Schneider-electric | 3 Citectscada, Powerlogic Scada, Vijeo Citect | 2025-04-11 | N/A |
| Schneider Electric Vijeo Citect 7.20 and earlier, CitectSCADA 7.20 and earlier, and PowerLogic SCADA 7.20 and earlier allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | ||||
| CVE-2011-4034 | 1 Schneider-electric | 3 Citecthistorian, Citectscada Reports, Vijeo Historian | 2025-04-11 | N/A |
| Buffer overflow in the Steema TeeChart ActiveX control, as used in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADAReports 4.10 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service via unspecified vectors. | ||||
| CVE-2011-4033 | 1 Schneider-electric | 3 Citecthistorian, Citectscada Reports, Vijeo Historian | 2025-04-11 | N/A |
| Buffer overflow in the Steema TeeChart ActiveX control, as used in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADAReports 4.10 and earlier, allows remote attackers to cause a denial of service via unspecified vectors. | ||||
| CVE-2013-2761 | 1 Schneider-electric | 1 Modicon M340 | 2025-04-11 | N/A |
| The Schneider Electric M340 BMXNOE01xx and BMXP3420xx PLC modules allow remote authenticated users to cause a denial of service (module crash) via crafted FTP traffic, as demonstrated by the FileZilla FTP client. | ||||
| CVE-2011-4859 | 1 Schneider-electric | 21 M340 Ethernet Module Bmxnoe0100, M340 Ethernet Module Bmxnoe0110, M340 Ethernet Module Bmxp342020 and 18 more | 2025-04-11 | N/A |
| The Schneider Electric Quantum Ethernet Module, as used in the Quantum 140NOE771* and 140CPU65* modules, the Premium TSXETY* and TSXP57* modules, the M340 BMXNOE01* and BMXP3420* modules, and the STB DIO STBNIC2212 and STBNIP2* modules, uses hardcoded passwords for the (1) AUTCSE, (2) AUT_CSE, (3) fdrusers, (4) ftpuser, (5) loader, (6) nic2212, (7) nimrohs2212, (8) nip2212, (9) noe77111_v500, (10) ntpupdate, (11) pcfactory, (12) sysdiag, (13) target, (14) test, (15) USER, and (16) webserver accounts, which makes it easier for remote attackers to obtain access via the (a) TELNET, (b) Windriver Debug, or (c) FTP port. | ||||
| CVE-2023-3001 | 1 Schneider-electric | 1 Igss Dashboard | 2025-03-05 | 7.8 High |
| A CWE-502: Deserialization of Untrusted Data vulnerability exists in the Dashboard module that could cause an interpretation of malicious payload data, potentially leading to remote code execution when an attacker gets the user to open a malicious file. | ||||
| CVE-2022-34755 | 1 Schneider-electric | 1 Easergy Builder Installer | 2025-03-03 | 6.3 Medium |
| A CWE-427 - Uncontrolled Search Path Element vulnerability exists that could allow an attacker with a local privileged account to place a specially crafted file on the target machine, which may give the attacker the ability to execute arbitrary code during the installation process initiated by a valid user. Affected Products: Easergy Builder Installer (1.7.23 and prior) | ||||
| CVE-2023-25548 | 1 Schneider-electric | 1 Struxureware Data Center Expert | 2025-03-03 | 8.8 High |
| A CWE-863: Incorrect Authorization vulnerability exists that could allow access to device credentials on specific DCE endpoints not being properly secured when a hacker is using a low privileged user. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior) | ||||
| CVE-2023-25552 | 1 Schneider-electric | 1 Struxureware Data Center Expert | 2025-03-03 | 8.1 High |
| A CWE-862: Missing Authorization vulnerability exists that could allow viewing of unauthorized content, changes or deleting of content, or performing unauthorized functions when tampering the Device File Transfer settings on DCE endpoints. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior) | ||||
| CVE-2023-25549 | 1 Schneider-electric | 1 Struxureware Data Center Expert | 2025-03-03 | 7.2 High |
| A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that allows for remote code execution when using a parameter of the DCE network settings endpoint. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior) | ||||
| CVE-2023-4516 | 1 Schneider-electric | 1 Interactive Graphical Scada System | 2025-02-27 | 7.8 High |
| A CWE-306: Missing Authentication for Critical Function vulnerability exists in the IGSS Update Service that could allow a local attacker to change update source, potentially leading to remote code execution when the attacker force an update containing malicious content. | ||||
| CVE-2023-5402 | 1 Schneider-electric | 1 C-bus Toolkit | 2025-02-27 | 9.8 Critical |
| A CWE-269: Improper Privilege Management vulnerability exists that could cause a remote code execution when the transfer command is used over the network. | ||||
| CVE-2023-5399 | 1 Schneider-electric | 1 Spacelogic C-bus Toolkit | 2025-02-27 | 9.8 Critical |
| A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause tampering of files on the personal computer running C-Bus when using the File Command. | ||||
| CVE-2023-5391 | 1 Schneider-electric | 3 Ecostruxure Power Monitoring Expert, Ecostruxure Power Operation With Advanced Reports, Ecostruxure Power Scada Operation With Advanced Reports | 2025-02-27 | 9.8 Critical |
| A CWE-502: Deserialization of untrusted data vulnerability exists that could allow an attacker to execute arbitrary code on the targeted system by sending a specifically crafted packet to the application. | ||||
| CVE-2023-25551 | 1 Schneider-electric | 1 Struxureware Data Center Expert | 2025-02-12 | 6.1 Medium |
| A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists on a DCE file upload endpoint when tampering with parameters over HTTP. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior) | ||||
| CVE-2023-25550 | 1 Schneider-electric | 1 Struxureware Data Center Expert | 2025-02-12 | 7.2 High |
| A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that allows remote code execution via the “hostname” parameter when maliciously crafted hostname syntax is entered. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior) | ||||