Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Schneider-electric Subscribe
Total 675 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-22803 1 Schneider-electric 1 Interactive Graphical Scada System Data Collector 2022-02-18 7.5 HIGH 9.8 CRITICAL
A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could lead to remote code execution through a number of paths, when an attacker, writes arbitrary files to folders in context of the DC module, by sending constructed messages on the network. Affected Product: Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21243 and prior)
CVE-2021-22804 1 Schneider-electric 1 Interactive Graphical Scada System Data Collector 2022-02-18 5.0 MEDIUM 7.5 HIGH
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists that could cause disclosure of arbitrary files being read in the context of the user running IGSS, due to missing validation of user supplied data in network messages. Affected Product: Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21243 and prior)
CVE-2021-22800 1 Schneider-electric 2 Modicon M218, Modicon M218 Firmware 2022-02-18 5.0 MEDIUM 7.5 HIGH
A CWE-20: Improper Input Validation vulnerability exists that could cause a Denial of Service when a crafted packet is sent to the controller over network port 1105/TCP. Affected Product: Modicon M218 Logic Controller (V5.1.0.6 and prior)
CVE-2022-24318 1 Schneider-electric 3 Clearscada, Ecostruxure Geo Scada Expert 2019, Ecostruxure Geo Scada Expert 2020 2022-02-16 5.0 MEDIUM 7.5 HIGH
A CWE-326: Inadequate Encryption Strength vulnerability exists that could cause non-encrypted communication with the server when outdated versions of the ViewX client are used. Affected Product: ClearSCADA (All Versions), EcoStruxure Geo SCADA Expert 2019 (All Versions), EcoStruxure Geo SCADA Expert 2020 (All Versions)
CVE-2022-24317 1 Schneider-electric 1 Interactive Graphical Scada System Data Server 2022-02-16 5.0 MEDIUM 7.5 HIGH
A CWE-862: Missing Authorization vulnerability exists that could cause information exposure when an attacker sends a specific message. Affected Product: Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior)
CVE-2022-24313 1 Schneider-electric 1 Interactive Graphical Scada System Data Server 2022-02-16 7.5 HIGH 9.8 CRITICAL
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow potentially leading to remote code execution when an attacker sends a specially crafted message. Affected Product: Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior)
CVE-2022-24312 1 Schneider-electric 1 Interactive Graphical Scada System Data Server 2022-02-16 7.5 HIGH 9.8 CRITICAL
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists that could cause modification of an existing file by adding at end of file or create a new file in the context of the Data Server potentially leading to remote code execution when an attacker sends a specially crafted message. Affected Product: Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior)
CVE-2022-24311 1 Schneider-electric 1 Interactive Graphical Scada System Data Server 2022-02-16 7.5 HIGH 9.8 CRITICAL
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists that could cause modification of an existing file by inserting at beginning of file or create a new file in the context of the Data Server potentially leading to remote code execution when an attacker sends a specially crafted message. Affected Product: Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior)
CVE-2022-24310 1 Schneider-electric 1 Interactive Graphical Scada System Data Server 2022-02-16 7.5 HIGH 9.8 CRITICAL
A CWE-190: Integer Overflow or Wraparound vulnerability exists that could cause heap-based buffer overflow, leading to denial of service and potentially remote code execution when an attacker sends multiple specially crafted messages. Affected Product: Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior)
CVE-2022-24321 1 Schneider-electric 3 Clearscada, Ecostruxure Geo Scada Expert 2019, Ecostruxure Geo Scada Expert 2020 2022-02-16 5.0 MEDIUM 7.5 HIGH
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause Denial of Service against the Geo SCADA server when receiving a malformed HTTP request. Affected Product: ClearSCADA (All Versions), EcoStruxure Geo SCADA Expert 2019 (All Versions), EcoStruxure Geo SCADA Expert 2020 (All Versions)
CVE-2022-22812 1 Schneider-electric 6 Fellerlynk, Fellerlynk Firmware, Spacelynk and 3 more 2022-02-16 4.3 MEDIUM 6.1 MEDIUM
A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause a web session compromise when an attacker injects and then executes arbitrary malicious JavaScript code inside the target browser. Affected Product: spaceLYnk (V2.6.2 and prior), Wiser for KNX (formerly homeLYnk) (V2.6.2 and prior), fellerLYnk (V2.6.2 and prior)
CVE-2022-22810 1 Schneider-electric 6 Fellerlynk, Fellerlynk Firmware, Spacelynk and 3 more 2022-02-16 5.0 MEDIUM 9.8 CRITICAL
A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could allow an attacker to manipulate the admin after numerous attempts at guessing credentials. Affected Product: spaceLYnk (V2.6.2 and prior), Wiser for KNX (formerly homeLYnk) (V2.6.2 and prior), fellerLYnk (V2.6.2 and prior)
CVE-2021-22817 1 Schneider-electric 73 Hmibmiea5dd1001, Hmibmiea5dd1001 Firmware, Hmibmiea5dd100a and 70 more 2022-02-16 4.6 MEDIUM 7.8 HIGH
A CWE-276: Incorrect Default Permissions vulnerability exists that could cause unauthorized access to the base installation directory leading to local privilege escalation. Affected Product: Harmony/Magelis iPC Series (All Versions), Vijeo Designer (All Versions prior to V6.2 SP11 Multiple HotFix 4), Vijeo Designer Basic (All Versions prior to V1.2.1)
CVE-2022-24316 1 Schneider-electric 1 Interactive Graphical Scada System Data Server 2022-02-15 5.0 MEDIUM 7.5 HIGH
A CWE-665: Improper Initialization vulnerability exists that could cause information exposure when an attacker sends a specially crafted message. Affected Product: Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior)
CVE-2022-24315 1 Schneider-electric 1 Interactive Graphical Scada System Data Server 2022-02-15 5.0 MEDIUM 7.5 HIGH
A CWE-125: Out-of-bounds Read vulnerability exists that could cause denial of service when an attacker repeatedly sends a specially crafted message. Affected Product: Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior)
CVE-2022-24314 1 Schneider-electric 1 Interactive Graphical Scada System Data Server 2022-02-15 5.0 MEDIUM 7.5 HIGH
A CWE-125: Out-of-bounds Read vulnerability exists that could cause memory leaks potentially resulting in denial of service when an attacker repeatedly sends a specially crafted message. Affected Product: Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior)
CVE-2014-0754 1 Schneider-electric 86 171ccc96020, 171ccc96020 Firmware, 171ccc96020c and 83 more 2022-02-10 10.0 HIGH N/A
Directory traversal vulnerability in SchneiderWEB on Schneider Electric Modicon PLC Ethernet modules 140CPU65x Exec before 5.5, 140NOC78x Exec before 1.62, 140NOE77x Exec before 6.2, BMXNOC0401 before 2.05, BMXNOE0100 before 2.9, BMXNOE0110x Exec before 6.0, TSXETC101 Exec before 2.04, TSXETY4103x Exec before 5.7, TSXETY5103x Exec before 5.9, TSXP57x ETYPort Exec before 5.7, and TSXP57x Ethernet Copro Exec before 5.5 allows remote attackers to visit arbitrary resources via a crafted HTTP request.
CVE-2017-7574 1 Schneider-electric 3 Modicon Tm221ce16r, Modicon Tm221ce16r Firmware, Somachine 2022-02-09 7.5 HIGH 9.8 CRITICAL
Schneider Electric SoMachine Basic 1.4 SP1 and Schneider Electric Modicon TM221CE16R 1.3.3.3 devices have a hardcoded-key vulnerability. The Project Protection feature is used to prevent unauthorized users from opening an XML protected project file, by prompting the user for a password. This XML file is AES-CBC encrypted; however, the key used for encryption (SoMachineBasicSoMachineBasicSoMa) cannot be changed. After decrypting the XML file with this key, the user password can be found in the decrypted data. After reading the user password, the project can be opened and modified with the Schneider product.
CVE-2022-22804 1 Schneider-electric 1 Ecostruxure Power Monitoring Expert 2022-02-09 3.5 LOW 5.4 MEDIUM
A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could allow an authenticated attacker to view data, change settings, or impact availability of the software when the user visits a page containing the injected payload. Affected Product: EcoStruxure Power Monitoring Expert (Versions 2020 and prior)
CVE-2022-22726 1 Schneider-electric 1 Ecostruxure Power Monitoring Expert 2022-02-09 4.0 MEDIUM 6.5 MEDIUM
A CWE-20: Improper Input Validation vulnerability exists that could allow arbitrary files on the server to be read by authenticated users through a limited operating system service account. Affected Product: EcoStruxure Power Monitoring Expert (Versions 2020 and prior)