| CVE-2026-6332 |
high |
7.5 |
7.5 |
|
|
schneider-electric |
20d ago |
CWE-312: Cleartext Storage of Sensitive Information vulnerability exists that could cause the disclosure of a sensitive information which could result in revealing protected source code and loss of … |
| CVE-2021-22788 |
high |
7.5 |
7.5 |
|
|
schneider-electric |
4y ago |
A CWE-787: Out-of-bounds Write vulnerability exists that could cause denial of service when an attacker sends a specially crafted HTTP request to the web server of the device. Affected Product: Modic… |
| CVE-2021-22787 |
high |
7.5 |
7.5 |
|
|
schneider-electric |
4y ago |
A CWE-20: Improper Input Validation vulnerability exists that could cause denial of service of the device when an attacker sends a specially crafted HTTP request to the web server of the device. Affe… |
| CVE-2021-22785 |
high |
7.5 |
7.5 |
|
|
schneider-electric |
4y ago |
A CWE-200: Information Exposure vulnerability exists that could cause sensitive information of files located in the web root directory to leak when an attacker sends a HTTP request to the web server … |
| CVE-2020-7534 |
high |
8.8 |
8.8 |
|
|
schneider-electric |
4y ago |
A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists on the web server used, that could cause a leak of sensitive data or unauthorized actions on the web server during the time the user … |
| CVE-2021-22792 |
high |
7.5 |
7.5 |
|
|
schneider-electric |
5y ago |
A CWE-476: NULL Pointer Dereference vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted proj… |
| CVE-2021-22766 |
high |
7.5 |
7.5 |
|
|
schneider-electric |
5y ago |
A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service via a specially crafte… |
| CVE-2021-22713 |
high |
7.5 |
7.5 |
|
|
schneider-electric |
5y ago |
A CWE-119:Improper restriction of operations within the bounds of a memory buffer vulnerability exists in PowerLogic ION8650, ION8800, ION7650, ION7700/73xx, and ION83xx/84xx/85xx/8600 (see security … |
| CVE-2021-22703 |
high |
7.5 |
7.5 |
|
|
schneider-electric |
5y ago |
A CWE-319: Cleartext transmission of sensitive information vulnerability exists in PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affec… |
| CVE-2021-22702 |
high |
7.5 |
7.5 |
|
|
schneider-electric |
5y ago |
A CWE-319: Cleartext transmission of sensitive information vulnerability exists in PowerLogic ION7400, ION7650, ION7700/73xx, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notifica… |
| CVE-2020-7566 |
high |
7.3 |
7.3 |
|
|
schneider-electric |
6y ago |
A CWE-334: Small Space of Random Values vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to break the encryption keys when the attacker has captured t… |
| CVE-2020-7565 |
high |
7.3 |
7.3 |
|
|
schneider-electric |
6y ago |
A CWE-326: Inadequate Encryption Strength vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to break the encryption key when the attacker has captured … |
| CVE-2020-28209 |
high |
7.0 |
7.0 |
|
|
schneider-electric |
6y ago |
A CWE-428 Windows Unquoted Search Path vulnerability exists in EcoStruxure Building Operation Enterprise Server installer V1.9 - V3.1 and Enterprise Central installer V2.0 - V3.1 that could cause any… |
| CVE-2020-7564 |
high |
8.8 |
8.8 |
|
|
schneider-electric |
6y ago |
A CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their C… |
| CVE-2020-7563 |
high |
8.8 |
8.8 |
|
|
schneider-electric |
6y ago |
A CWE-787: Out-of-bounds Write vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details)… |
| CVE-2020-7562 |
high |
8.1 |
8.1 |
|
|
schneider-electric |
6y ago |
A CWE-125: Out-of-Bounds Read vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details) … |
| CVE-2020-7488 |
high |
7.5 |
7.5 |
|
|
schneider-electric |
6y ago |
A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists which could leak sensitive information transmitted between the software and the Modicon M218, M241, M251, and M258 cont… |
| CVE-2020-7477 |
high |
7.5 |
7.5 |
|
|
schneider-electric |
6y ago |
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Quantum Ethernet Network module 140NOE771x1 (Versions 7.0 and prior), Quantum processors with integrated Ethern… |
| CVE-2019-6857 |
high |
7.5 |
7.5 |
|
|
schneider-electric |
7y ago |
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) … |
| CVE-2019-6856 |
high |
7.5 |
7.5 |
|
|
schneider-electric |
7y ago |
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) … |
| CVE-2018-7794 |
high |
7.5 |
7.5 |
|
|
schneider-electric |
7y ago |
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) … |
| CVE-2019-6852 |
high |
7.5 |
7.5 |
|
|
schneider-electric |
7y ago |
A CWE-200: Information Exposure vulnerability exists in Modicon Controllers (M340 CPUs, M340 communication modules, Premium CPUs, Premium communication modules, Quantum CPUs, Quantum communication mo… |
| CVE-2019-6829 |
high |
7.5 |
7.5 |
|
|
schneider-electric |
7y ago |
A CWE-248: Uncaught Exception vulnerability exists in Modicon M580 (firmware version prior to V2.90) and Modicon M340 (firmware version prior to V3.10), which could cause a possible denial of service… |
| CVE-2019-6820 |
high |
8.2 |
8.2 |
|
|
schneider-electric |
7y ago |
A CWE-306: Missing Authentication for Critical Function vulnerability exists which could cause a modification of device IP configuration (IP address, network mask and gateway IP address) when a speci… |
| CVE-2019-6819 |
high |
7.5 |
7.5 |
|
|
schneider-electric |
7y ago |
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists which could cause a possible Denial of Service when specific Modbus frames are sent to the controller in the produ… |
| CVE-2018-7852 |
high |
7.5 |
7.5 |
|
|
schneider-electric |
7y ago |
A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service when an invalid private … |
| CVE-2018-7821 |
high |
7.5 |
7.5 |
|
|
schneider-electric |
7y ago |
An Environment (CWE-2) vulnerability exists in SoMachine Basic, all versions, and Modicon M221(all references, all versions prior to firmware V1.10.0.0) which could cause cycle time impact when flood… |
| CVE-2019-10953 |
high |
7.5 |
7.5 |
|
|
abbphoenixcontactschneider-electric |
7y ago |
ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - Programmable Logic Controllers, multiple versions. Researchers have found some controllers are susceptible to a denial-of-service attack due … |
| CVE-2018-7798 |
high |
8.2 |
8.2 |
|
|
schneider-electric |
8y ago |
A Insufficient Verification of Data Authenticity (CWE-345) vulnerability exists in the Modicon M221, all versions, which could cause a change of IPv4 configuration (IP address, mask and gateway) when… |
| CVE-2018-7792 |
high |
7.5 |
7.5 |
|
|
schneider-electric |
8y ago |
A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows una… |
| CVE-2018-7789 |
high |
7.5 |
7.5 |
|
|
schneider-electric |
8y ago |
An Improper Check for Unusual or Exceptional Conditions vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability … |
| CVE-2017-9961 |
high |
7.8 |
7.8 |
|
|
schneider-electric |
9y ago |
A vulnerability exists in Schneider Electric's Pro-Face GP Pro EX version 4.07.000 that allows an attacker to execute arbitrary code. Malicious code installation requires an access to the computer. B… |
| CVE-2017-9958 |
high |
7.8 |
7.8 |
|
|
schneider-electric |
9y ago |
An improper access control vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an improper handling of the system configuration can allow an attac… |
| CVE-2017-9956 |
high |
7.3 |
7.3 |
|
|
schneider-electric |
9y ago |
An authentication bypass vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the system contains a hard-coded valid session. An attacker can use t… |
| CVE-2017-7969 |
high |
8.8 |
8.8 |
|
|
schneider-electric |
9y ago |
A cross-site request forgery vulnerability exists on the Secure Gateway component of Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2… |
| CVE-2017-9631 |
high |
7.5 |
7.5 |
|
|
schneider-electric |
9y ago |
A Null Pointer Dereference issue was discovered in Schneider Electric Wonderware ArchestrA Logger, versions 2017.426.2307.1 and prior. The null pointer dereference vulnerability could allow an attack… |
| CVE-2017-9627 |
high |
8.6 |
8.6 |
|
|
schneider-electric |
9y ago |
An Uncontrolled Resource Consumption issue was discovered in Schneider Electric Wonderware ArchestrA Logger, versions 2017.426.2307.1 and prior. The uncontrolled resource consumption vulnerability co… |
| CVE-2017-7966 |
high |
8.8 |
8.8 |
|
|
schneider-electric |
9y ago |
A DLL Hijacking vulnerability in the programming software in Schneider Electric's SoMachine HVAC v2.1.0 allows a remote attacker to execute arbitrary code on the targeted system. The vulnerability ex… |
| CVE-2017-7965 |
high |
7.3 |
7.3 |
|
|
schneider-electric |
9y ago |
A buffer overflow vulnerability exists in Programming Software executable AlTracePrint.exe, in Schneider Electric's SoMachine HVAC v2.1.0 for Modicon M171/M172 Controller. |
| CVE-2017-7968 |
high |
7.8 |
7.8 |
|
|
schneider-electric |
9y ago |
An Incorrect Default Permissions issue was discovered in Schneider Electric Wonderware InduSoft Web Studio v8.0 Patch 3 and prior versions. Upon installation, Wonderware InduSoft Web Studio creates a… |
| CVE-2017-6033 |
high |
7.8 |
7.8 |
|
|
schneider-electric |
9y ago |
A DLL Hijacking issue was discovered in Schneider Electric Interactive Graphical SCADA System (IGSS) Software, Version 12 and previous versions. The software will execute a malicious file if it is na… |
| CVE-2017-5155 |
high |
7.3 |
7.3 |
|
|
schneider-electric |
9y ago |
An issue was discovered in Schneider Electric Wonderware Historian 2014 R2 SP1 P01 and earlier. Wonderware Historian creates logins with default passwords, which can allow a malicious entity to compr… |
| CVE-2016-8354 |
high |
7.0 |
7.0 |
|
|
schneider-electric |
9y ago |
An issue was discovered in Schneider Electric Unity PRO prior to V11.1. Unity projects can be compiled as x86 instructions and loaded onto the PLC Simulator delivered with Unity PRO. These x86 instru… |
| CVE-2016-2290 |
high |
8.8 |
8.8 |
|
|
schneider-electric |
10y ago |
Heap-based buffer overflow in Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before 4.05.000, PFXEXEDLS before 4.05.000, and PFXEXGRPLS before 4.05.000 allows remote attackers to execute arbitrar… |
| CVE-2015-0999 |
low |
— |
2.1 |
|
|
avevaschneider-electric |
11y ago |
Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 store cleartext OPC User credentials in a configuration file, which allow… |
| CVE-2015-0998 |
low |
— |
3.3 |
|
|
avevaschneider-electric |
11y ago |
Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 transmit cleartext credentials, which allows remote attackers to obtain s… |
| CVE-2015-0996 |
low |
— |
2.1 |
|
|
avevaschneider-electric |
11y ago |
Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 rely on a hardcoded cleartext password to control read access to Project … |
| CVE-2015-0982 |
high |
— |
7.5 |
|
|
schneider-electric |
11y ago |
Buffer overflow in an unspecified DLL in Schneider Electric Pelco DS-NVs before 7.8.90 allows remote attackers to execute arbitrary code via unspecified vectors. |
| CVE-2014-9200 |
high |
— |
7.5 |
|
|
schneider-electric |
12y ago |
Stack-based buffer overflow in an unspecified DLL file in a DTM development kit in Schneider Electric Unity Pro, SoMachine, SoMove, SoMove Lite, Modbus Communication Library 2.2.6 and earlier, CANope… |
| CVE-2013-2824 |
high |
— |
7.8 |
|
|
schneider-electric |
12y ago |
Schneider Electric StruxureWare SCADA Expert Vijeo Citect 7.40, Vijeo Citect 7.20 through 7.30SP1, CitectSCADA 7.20 through 7.30SP1, StruxureWare PowerSCADA Expert 7.30 through 7.30SR1, and PowerLogi… |
| CVE-2011-3330 |
high |
— |
7.2 |
|
|
schneider-electric |
15y ago |
Buffer overflow in the UnitelWay Windows Device Driver, as used in Schneider Electric Unity Pro 6 and earlier, OPC Factory Server 3.34, Vijeo Citect 7.20 and earlier, Telemecanique Driver Pack 2.6 an… |
