Filtered by vendor Schneider-electric
Subscribe
Total
675 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-7554 | 1 Schneider-electric | 1 Interactive Graphical Scada System | 2021-02-01 | 6.8 MEDIUM | 7.8 HIGH |
| A CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition. | |||||
| CVE-2020-7556 | 1 Schneider-electric | 1 Interactive Graphical Scada System | 2021-02-01 | 6.8 MEDIUM | 7.8 HIGH |
| A CWE-787 Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition. | |||||
| CVE-2020-7557 | 1 Schneider-electric | 1 Interactive Graphical Scada System | 2021-02-01 | 6.8 MEDIUM | 7.8 HIGH |
| A CWE-125 Out-of-bounds Read vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition. | |||||
| CVE-2020-7558 | 1 Schneider-electric | 1 Interactive Graphical Scada System | 2021-02-01 | 6.8 MEDIUM | 7.8 HIGH |
| A CWE-787 Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition. | |||||
| CVE-2020-7555 | 1 Schneider-electric | 1 Interactive Graphical Scada System | 2021-01-29 | 6.8 MEDIUM | 7.8 HIGH |
| A CWE-787 Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition. | |||||
| CVE-2020-28219 | 1 Schneider-electric | 2 Ecostruxure Geo Scada Expert 2019, Ecostruxure Geo Scada Expert 2020 | 2020-12-16 | 2.1 LOW | 7.8 HIGH |
| A CWE-522: Insufficiently Protected Credentials vulnerability exists in EcoStruxure Geo SCADA Expert 2019 (Original release and Monthly Updates to September 2020, from 81.7268.1 to 81.7578.1) and EcoStruxure Geo SCADA Expert 2020 (Original release and Monthly Updates to September 2020, from 83.7551.1 to 83.7578.1), that could cause exposure of credentials to server-side users when web users are logged in to Virtual ViewX. | |||||
| CVE-2020-7541 | 1 Schneider-electric | 40 140cpu65150, 140cpu65150 Firmware, 140noc77101 and 37 more | 2020-12-14 | 5.0 MEDIUM | 5.3 MEDIUM |
| A CWE-425: Direct Request ('Forced Browsing') vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause disclosure of sensitive data when sending a specially crafted request to the controller over HTTP. | |||||
| CVE-2020-7540 | 1 Schneider-electric | 46 140cpu65150, 140cpu65150 Firmware, 140cpu65160 and 43 more | 2020-12-14 | 7.5 HIGH | 9.8 CRITICAL |
| A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause unauthenticated command execution in the controller when sending special HTTP requests. | |||||
| CVE-2020-7539 | 1 Schneider-electric | 40 140cpu65150, 140cpu65150 Firmware, 140noc77101 and 37 more | 2020-12-14 | 5.0 MEDIUM | 7.5 HIGH |
| A CWE-754 Improper Check for Unusual or Exceptional Conditions vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause a denial of service vulnerability when a specially crafted packet is sent to the controller over HTTP. | |||||
| CVE-2020-7536 | 1 Schneider-electric | 20 Bmxnoe0100, Bmxnoe0100 Firmware, Bmxnoe0110 and 17 more | 2020-12-14 | 7.8 HIGH | 7.5 HIGH |
| A CWE-754:Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M340 CPUs (BMXP34* versions prior to V3.30) Modicon M340 Communication Ethernet modules (BMXNOE0100 (H) versions prior to V3.4 BMXNOE0110 (H) versions prior to V6.6 BMXNOR0200H all versions), that could cause the device to be unreachable when modifying network parameters over SNMP. | |||||
| CVE-2020-7535 | 1 Schneider-electric | 42 140cpu65150, 140cpu65150 Firmware, 140cpu65160 and 39 more | 2020-12-14 | 5.0 MEDIUM | 7.5 HIGH |
| A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal' Vulnerability Type) vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause disclosure of information when sending a specially crafted request to the controller over HTTP. | |||||
| CVE-2020-7549 | 1 Schneider-electric | 38 140cpu65150, 140cpu65150 Firmware, 140noc78000 and 35 more | 2020-12-14 | 5.0 MEDIUM | 5.3 MEDIUM |
| A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause denial of HTTP and FTP services when a series of specially crafted requests is sent to the controller over HTTP. | |||||
| CVE-2020-28218 | 1 Schneider-electric | 2 Easergy T300, Easergy T300 Firmware | 2020-12-14 | 4.3 MEDIUM | 6.5 MEDIUM |
| A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists in Easergy T300 (firmware 2.7 and older), that would allow an attacker to trick a user into initiating an unintended action. | |||||
| CVE-2020-28217 | 1 Schneider-electric | 2 Easergy T300, Easergy T300 Firmware | 2020-12-14 | 5.0 MEDIUM | 7.5 HIGH |
| A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Easergy T300 (firmware 2.7 and older), that would allow an attacker to read network traffic over HTTP protocol. | |||||
| CVE-2020-28215 | 1 Schneider-electric | 2 Easergy T300, Easergy T300 Firmware | 2020-12-14 | 7.5 HIGH | 9.8 CRITICAL |
| A CWE-862: Missing Authorization vulnerability exists in Easergy T300 (firmware 2.7 and older), that could cause a wide range of problems, including information exposures, denial of service, and arbitrary code execution when access control checks are not applied consistently. | |||||
| CVE-2020-28216 | 1 Schneider-electric | 2 Easergy T300, Easergy T300 Firmware | 2020-12-14 | 5.0 MEDIUM | 7.5 HIGH |
| A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Easergy T300 (firmware 2.7 and older), that would allow an attacker to read network traffic over HTTP protocol. | |||||
| CVE-2020-7548 | 1 Schneider-electric | 14 Acti9 Powertag Link, Acti9 Powertag Link Firmware, Acti9 Powertag Link Hd and 11 more | 2020-12-08 | 7.5 HIGH | 9.8 CRITICAL |
| A CWE-330 - Use of Insufficiently Random Values vulnerability exists in Smartlink, PowerTag, and Wiser Series Gateways (see security notification for version information) that could allow unauthorized users to login. | |||||
| CVE-2020-7546 | 1 Schneider-electric | 5 Ecostruxure Energy Expert, Ecostruxure Power Monitoring Expert, Power Manager and 2 more | 2020-12-04 | 3.5 LOW | 5.4 MEDIUM |
| A CWE-79: Improper Neutralization of Input During Web Page Generation vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) that could allow an attacker to perform actions on behalf of the authorized user when accessing an affected webpage. | |||||
| CVE-2020-7562 | 1 Schneider-electric | 40 Modicon M340 Bmx Noc 0401, Modicon M340 Bmx Noc 0401 Firmware, Modicon M340 Bmx Noe 0100 and 37 more | 2020-12-02 | 5.8 MEDIUM | 8.1 HIGH |
| A CWE-125: Out-of-Bounds Read vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details) which could cause a segmentation fault or a buffer overflow when uploading a specially crafted file on the controller over FTP. | |||||
| CVE-2020-7563 | 1 Schneider-electric | 40 Modicon M340 Bmx Noc 0401, Modicon M340 Bmx Noc 0401 Firmware, Modicon M340 Bmx Noe 0100 and 37 more | 2020-12-02 | 6.5 MEDIUM | 8.8 HIGH |
| A CWE-787: Out-of-bounds Write vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details) which could cause corruption of data, a crash, or code execution when uploading a specially crafted file on the controller over FTP. | |||||