Filtered by vendor Schneider-electric
Subscriptions
Total
805 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-6865 | 1 Schneider-electric | 2 Easylogic T150, Saitel Dp | 2026-05-13 | N/A |
| CWE-22: Improper Limitation of a Pathname to a Restricted Directory (“Path Traversal”) vulnerability that could cause unauthorized access to sensitive files when user-supplied input is improperly handled during server-side file path processing. | ||||
| CVE-2026-6866 | 1 Schneider-electric | 1 Ecostruxure Panel Server | 2026-05-13 | N/A |
| CWE-1188 Initialization of a Resource with an Insecure Default vulnerability exists that could cause unauthorized disclosure of sensitive information when credentials revert to initial settings in rare circumstances, enabling unauthorized authentication using known credentials. | ||||
| CVE-2025-13845 | 1 Schneider-electric | 1 Ecostruxure Power Build - Rapsody | 2026-04-27 | 7.8 High |
| CWE-416: Use After Free vulnerability that could cause remote code execution when the end user imports the malicious project file (SSD file) into Rapsody. | ||||
| CVE-2026-2403 | 1 Schneider-electric | 1 Powerchute Serial Shutdown | 2026-04-22 | 4.3 Medium |
| CWE-1284 Improper Validation of Specified Quantity in Input vulnerability exists that could cause Event and Data Log truncation impacting log integrity when a Web Admin user alters the POST /logsettings request payload. | ||||
| CVE-2026-2402 | 1 Schneider-electric | 1 Powerchute Serial Shutdown | 2026-04-22 | 5.3 Medium |
| CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists that would allow an attacker to gain access to the user account by performing an arbitrary number of authentication attempts with different credentials on a sequence of requests to multiple endpoints. | ||||
| CVE-2026-2401 | 1 Schneider-electric | 1 Powerchute Serial Shutdown | 2026-04-22 | 5.0 Medium |
| CWE-532 Insertion of Sensitive Information into Log File vulnerability exists that could cause confidential information to be exposed when a Web Admin user executes a malicious file provided by an attacker. | ||||
| CVE-2026-2400 | 1 Schneider-electric | 1 Powerchute Serial Shutdown | 2026-04-22 | 4.3 Medium |
| CWE-93 Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability exists that could cause application user credentials to reset when a Web Admin user alters the POST /setPCBEDesc request payload. | ||||
| CVE-2026-2399 | 1 Schneider-electric | 1 Powerchute Serial Shutdown | 2026-04-22 | 6.1 Medium |
| CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause critical files overwritten with text data when a Web Admin user alters the POST /REST/upssleep request payload. | ||||
| CVE-2026-2404 | 1 Schneider-electric | 1 Powerchute Serial Shutdown | 2026-04-22 | 5.3 Medium |
| CWE-116 Improper Encoding or Escaping of Output vulnerability exists that could cause log injection and forged log when an attacker alters the POST /j_security check request payload. | ||||
| CVE-2026-2405 | 1 Schneider-electric | 1 Powerchute Serial Shutdown | 2026-04-22 | 6.5 Medium |
| CWE-400 Uncontrolled Resource Consumption vulnerability exists that could cause excessive troubleshooting zip file creation and denial of service when a Web Admin user floods the system with POST /helpabout requests. | ||||
| CVE-2026-1227 | 1 Schneider-electric | 2 Ecostruxure Building Operation Webstation, Ecostruxure Building Operation Workstation | 2026-04-17 | N/A |
| CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause unauthorized disclosure of local files, interaction within the EBO system, or denial of service conditions when a local user uploads a specially crafted TGML graphics file to the EBO server from Workstation. | ||||
| CVE-2026-1226 | 1 Schneider-electric | 2 Ecostruxure Building Operation Webstation, Ecostruxure Building Operation Workstation | 2026-04-17 | N/A |
| CWE‑94: Improper Control of Generation of Code vulnerability exists that could cause execution of untrusted or unintended code within the application when maliciously crafted design content is processed through a TGML graphics file. | ||||
| CVE-2026-4832 | 1 Schneider-electric | 25 Easergy P14x, Easergy P24x, Easergy P341 and 22 more | 2026-04-17 | N/A |
| CWE-798 Use of Hard-coded Credentials vulnerability exists that could cause unauthorized access to sensitive device information when an unauthenticated attacker is able to interrogate the SNMP port. | ||||
| CVE-2026-1286 | 1 Schneider-electric | 1 Foxboro Dcs | 2026-04-17 | N/A |
| CWE-502: Deserialization of untrusted data vulnerability exists that could lead to loss of confidentiality, integrity and potential remote code execution on workstation when an admin authenticated user opens a malicious project file. | ||||
| CVE-2026-2273 | 1 Schneider-electric | 1 Ecostruxure Automation Expert | 2026-04-17 | N/A |
| CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exist that could cause execution of untrusted commands on the engineering workstation which could result in a limited compromise of the workstation and a potential loss of Confidentiality, Integrity and Availability of the subsequent system when an authenticated user opens a malicious project file. | ||||
| CVE-2024-8530 | 1 Schneider-electric | 1 Data Center Expert | 2026-04-15 | 5.9 Medium |
| CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause exposure of private data when an already generated “logcaptures” archive is accessed directly by HTTPS. | ||||
| CVE-2025-8453 | 1 Schneider-electric | 2 Saitel Dp, Saitel Dr | 2026-04-15 | 6.7 Medium |
| CWE-269: Improper Privilege Management vulnerability exists that could cause privilege escalation and arbitrary code execution when a privileged engineer user with console access modifies a configuration file used by a root-level daemon to execute custom scripts. | ||||
| CVE-2025-9996 | 1 Schneider-electric | 1 Blmon | 2026-04-15 | N/A |
| CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause the execution of any shell command when executing a netstat command using BLMon Console in an SSH session. | ||||
| CVE-2024-8933 | 1 Schneider-electric | 3 Modicon M340, Modicon Mc80, Modicon Momentum Unity M1e Processor | 2026-04-15 | 7.5 High |
| CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability exists that could cause retrieval of password hash that could lead to denial of service and loss of confidentiality and integrity of controllers. To be successful, the attacker needs to inject themself inside the logical network while a valid user uploads or downloads a project file into the controller. | ||||
| CVE-2025-5296 | 1 Schneider-electric | 1 Software Update Utility | 2026-04-15 | 7.3 High |
| CWE-59: Improper Link Resolution Before File Access ('Link Following') vulnerability exists that could cause arbitrary data to be written to protected locations, potentially leading to escalation of privilege, arbitrary file corruption, exposure of application and system information or persistent denial of service when a low-privileged attacker tampers with the installation folder. | ||||