Filtered by vendor Schneider-electric
Subscribe
Total
675 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-7841 | 1 Schneider-electric | 1 U.motion Builder | 2019-05-23 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL Injection (CWE-89) vulnerability exists in U.motion Builder software version 1.3.4 which could cause unwanted code execution when an improper set of characters is entered. | |||||
| CVE-2018-7765 | 1 Schneider-electric | 1 U.motion Builder | 2019-05-14 | 6.8 MEDIUM | 8.8 HIGH |
| The vulnerability exists within processing of track_import_export.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the object_id input parameter. | |||||
| CVE-2017-9963 | 1 Schneider-electric | 1 Powerscada Anywhere | 2019-04-23 | 5.8 MEDIUM | 8.1 HIGH |
| A cross-site request forgery vulnerability exists on the Secure Gateway component of Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 for multiple state-changing requests. This type of attack requires some level of social engineering in order to get a legitimate user to click on or access a malicious link/site containing the CSRF attack. | |||||
| CVE-2014-9198 | 1 Schneider-electric | 5 Etg3000 Factorycast Hmi Gateway Firmware, Tsxetg3000, Tsxetg3010 and 2 more | 2019-04-15 | 10.0 HIGH | N/A |
| The FTP server on the Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware through 1.60 IR 04 has hardcoded credentials, which makes it easier for remote attackers to obtain access via an FTP session. | |||||
| CVE-2018-7800 | 1 Schneider-electric | 2 Evlink Parking, Evlink Parking Firmware | 2019-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| A Hard-coded Credentials vulnerability exists in EVLink Parking, v3.2.0-12_v1 and earlier, which could enable an attacker to gain access to the device. | |||||
| CVE-2018-7802 | 1 Schneider-electric | 2 Evlink Parking, Evlink Parking Firmware | 2019-02-28 | 6.5 MEDIUM | 8.8 HIGH |
| A SQL Injection vulnerability exists in EVLink Parking, v3.2.0-12_v1 and earlier, which could give access to the web interface with full privileges. | |||||
| CVE-2018-7797 | 1 Schneider-electric | 3 Ecostruxure Energy Expert, Ecostruxure Power Monitoring Expert, Ecostruxure Power Scada Operation | 2019-02-11 | 5.8 MEDIUM | 6.1 MEDIUM |
| A URL redirection vulnerability exists in Power Monitoring Expert, Energy Expert (formerly Power Manager) - EcoStruxure Power Monitoring Expert (PME) v8.2 (all editions), EcoStruxure Energy Expert 1.3 (formerly Power Manager), EcoStruxure Power SCADA Operation (PSO) 8.2 Advanced Reports and Dashboards Module, EcoStruxure Power Monitoring Expert (PME) v9.0, EcoStruxure Energy Expert v2.0, and EcoStruxure Power SCADA Operation (PSO) 9.0 Advanced Reports and Dashboards Module which could cause a phishing attack when redirected to a malicious site. | |||||
| CVE-2018-7815 | 1 Schneider-electric | 1 Guicon | 2019-02-08 | 6.8 MEDIUM | 7.8 HIGH |
| A Type Confusion (CWE-843) vulnerability exists in Eurotherm by Schneider Electric GUIcon V2.0 (Gold Build 683.0) on c3core.dll which could cause remote code to be executed when parsing a GD1 file | |||||
| CVE-2018-7813 | 1 Schneider-electric | 1 Guicon | 2019-02-07 | 6.8 MEDIUM | 7.8 HIGH |
| A Type Confusion (CWE-843) vulnerability exists in Eurotherm by Schneider Electric GUIcon V2.0 (Gold Build 683.0) on pcwin.dll which could cause remote code to be executed when parsing a GD1 file | |||||
| CVE-2018-7836 | 1 Schneider-electric | 1 Iiot Monitor | 2019-02-06 | 7.5 HIGH | 9.8 CRITICAL |
| An unrestricted Upload of File with Dangerous Type vulnerability exists on numerous methods of the IIoT Monitor 3.1.38 software that could allow upload and execution of malicious files. | |||||
| CVE-2018-7837 | 1 Schneider-electric | 1 Iiot Monior | 2019-02-01 | 5.0 MEDIUM | 7.5 HIGH |
| An Improper Restriction of XML External Entity Reference ('XXE') vulnerability exists on numerous methods of the IIoT Monitor 3.1.38 software that could allow the software to resolve documents outside of the intended sphere of control, causing the software to embed incorrect documents into its output and expose restricted information. | |||||
| CVE-2018-7835 | 1 Schneider-electric | 1 Iiot Monior | 2019-02-01 | 7.8 HIGH | 7.5 HIGH |
| An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in IIoT Monitor 3.1.38 which could allow access to files available to SYSTEM user. | |||||
| CVE-2018-7796 | 1 Schneider-electric | 1 Powersuite 2 | 2019-01-11 | 6.8 MEDIUM | 6.3 MEDIUM |
| A Buffer Error vulnerability exists in PowerSuite 2, all released versions (VW3A8104 & Patches), which could cause an overflow in the memcpy function, leading to corruption of data and program instability. | |||||
| CVE-2011-3143 | 2 Aveva, Schneider-electric | 3 Clearscada, Scx 67, Scx 68 | 2018-12-31 | 10.0 HIGH | N/A |
| Use-after-free vulnerability in Control Microsystems ClearSCADA 2005, 2007, and 2009 before R2.3 and R1.4, as used in SCX before 67 R4.5 and 68 R3.9, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified long strings that trigger heap memory corruption. | |||||
| CVE-2014-5413 | 2 Aveva, Schneider-electric | 2 Clearscada, Scada Expert Clearscada | 2018-12-31 | 5.0 MEDIUM | N/A |
| Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 uses the MD5 algorithm for an X.509 certificate, which makes it easier for remote attackers to spoof servers via a cryptographic attack against this algorithm. | |||||
| CVE-2014-5412 | 2 Aveva, Schneider-electric | 2 Clearscada, Scada Expert Clearscada | 2018-12-31 | 5.0 MEDIUM | N/A |
| Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allows remote attackers to read database records by leveraging access to the guest account. | |||||
| CVE-2014-5411 | 2 Aveva, Schneider-electric | 2 Clearscada, Scada Expert Clearscada | 2018-12-31 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2011-3144 | 2 Aveva, Schneider-electric | 3 Clearscada, Scx 67, Scx 68 | 2018-12-31 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Control Microsystems ClearSCADA 2005, 2007, and 2009 before R2.3 and R1.4, as used in SCX before 67 R4.5 and 68 R3.9, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2018-7806 | 1 Schneider-electric | 1 Struxureware Data Center Operation | 2018-12-28 | 6.5 MEDIUM | 8.8 HIGH |
| Data Center Operation allows for the upload of a zip file from its user interface to the server. A carefully crafted, malicious file could be mistakenly uploaded by an authenticated user via this feature which could contain path traversal file names. As such, it could allow for the arbitrary upload of files contained with the zip onto the server file system outside of the intended directory. This is leveraging the more commonly known ZipSlip vulnerability within Java code. | |||||
| CVE-2018-7807 | 1 Schneider-electric | 1 Struxureware Data Center Expert | 2018-12-28 | 6.5 MEDIUM | 8.8 HIGH |
| Data Center Expert, versions 7.5.0 and earlier, allows for the upload of a zip file from its user interface to the server. A carefully crafted, malicious file could be mistakenly uploaded by an authenticated user via this feature which could contain path traversal file names. As such, it could allow for the arbitrary upload of files contained with the zip onto the server file system outside of the intended directory. This is leveraging the more commonly known ZipSlip vulnerability within Java code. | |||||