| CVE-2022-0715 |
critical |
9.1 |
9.1 |
|
|
schneider-electric |
4y ago |
A CWE-287: Improper Authentication vulnerability exists that could cause an attacker to arbitrarily change the behavior of the UPS when a key is leaked and used to upload malicious firmware. Affected… |
| CVE-2021-22779 |
critical |
9.1 |
9.1 |
|
|
schneider-electric |
5y ago |
Authentication Bypass by Spoofing vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Control Expert V15.0 SP1, EcoS… |
| CVE-2021-22768 |
critical |
9.8 |
9.8 |
|
|
schneider-electric |
5y ago |
A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service or remote code executi… |
| CVE-2021-22767 |
critical |
9.8 |
9.8 |
|
|
schneider-electric |
5y ago |
A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service or remote code executi… |
| CVE-2021-22765 |
critical |
9.8 |
9.8 |
|
|
schneider-electric |
5y ago |
A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service or remote code executi… |
| CVE-2021-22763 |
critical |
9.8 |
9.8 |
|
|
schneider-electric |
5y ago |
A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists in PowerLogic PM55xx, PowerLogic PM8ECC, PowerLogic EGX100 and PowerLogic EGX300 (see security notification for… |
| CVE-2020-7489 |
critical |
9.8 |
9.8 |
|
|
schneider-electric |
6y ago |
A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability exists on EcoStruxure Machine Expert – Basic or SoMachine Basic programming … |
| CVE-2018-7791 |
critical |
9.8 |
9.8 |
|
|
schneider-electric |
8y ago |
A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows una… |
| CVE-2018-7790 |
critical |
9.8 |
9.8 |
|
|
schneider-electric |
8y ago |
An Information Management Error vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized user… |
| CVE-2017-14024 |
critical |
9.8 |
9.8 |
|
|
schneider-electric |
9y ago |
A Stack-based Buffer Overflow issue was discovered in Schneider Electric InduSoft Web Studio v8.0 SP2 Patch 1 and prior versions, and InTouch Machine Edition v8.0 SP2 Patch 1 and prior versions. The … |
| CVE-2017-13997 |
critical |
9.8 |
9.8 |
|
|
schneider-electric |
9y ago |
A Missing Authentication for Critical Function issue was discovered in Schneider Electric InduSoft Web Studio v8.0 SP2 or prior, and InTouch Machine Edition v8.0 SP2 or prior. InduSoft Web Studio pro… |
| CVE-2017-9957 |
critical |
9.8 |
9.8 |
|
|
schneider-electric |
9y ago |
A vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the web service contains a hidden system account with a hardcoded password. An attacker can … |
| CVE-2017-7974 |
critical |
9.8 |
9.8 |
|
|
schneider-electric |
9y ago |
A path traversal information disclosure vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an unauthenticated user can execute arbitrary code and… |
| CVE-2017-7973 |
critical |
9.8 |
9.8 |
|
|
schneider-electric |
9y ago |
A SQL injection vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an unauthenticated user can use calls to various paths allowing performance of… |
| CVE-2017-9629 |
critical |
9.8 |
9.8 |
|
|
schneider-electric |
9y ago |
A Stack-Based Buffer Overflow issue was discovered in Schneider Electric Wonderware ArchestrA Logger, versions 2017.426.2307.1 and prior. The stack-based buffer overflow vulnerability has been identi… |
| CVE-2017-6034 |
critical |
9.8 |
9.8 |
|
|
schneider-electric |
9y ago |
An Authentication Bypass by Capture-Replay issue was discovered in Schneider Electric Modicon Modbus Protocol. Sensitive information is transmitted in cleartext in the Modicon Modbus protocol, which … |
| CVE-2017-7575 |
critical |
9.8 |
9.8 |
|
|
schneider-electric |
9y ago |
Schneider Electric Modicon TM221CE16R 1.3.3.3 devices allow remote attackers to discover the application-protection password via a \x00\x01\x00\x00\x00\x05\x01\x5a\x00\x03\x00 request to the Modbus p… |
| CVE-2017-7574 |
critical |
9.8 |
9.8 |
|
|
schneider-electric |
9y ago |
Schneider Electric SoMachine Basic 1.4 SP1 and Schneider Electric Modicon TM221CE16R 1.3.3.3 devices have a hardcoded-key vulnerability. The Project Protection feature is used to prevent unauthorized… |
| CVE-2017-5178 |
critical |
9.8 |
9.8 |
|
|
schneider-electric |
9y ago |
An issue was discovered in Schneider Electric Tableau Server/Desktop Versions 7.0 to 10.1.3 in Wonderware Intelligence Versions 2014R3 and prior. These versions contain a system account that is insta… |
| CVE-2016-5818 |
critical |
9.8 |
9.8 |
|
|
schneider-electric |
9y ago |
An issue was discovered in Schneider Electric PowerLogic PM8ECC device 2.651 and older. Undocumented hard-coded credentials allow access to the device. |
| CVE-2015-7921 |
critical |
9.1 |
9.1 |
|
|
schneider-electric |
10y ago |
The FTP server in Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before 4.05.000, PFXEXEDLS before 4.05.000, and PFXEXGRPLS before 4.05.000 has hardcoded credentials, which makes it easier for re… |
| CVE-2015-0999 |
low |
— |
2.1 |
|
|
avevaschneider-electric |
11y ago |
Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 store cleartext OPC User credentials in a configuration file, which allow… |
| CVE-2015-0998 |
low |
— |
3.3 |
|
|
avevaschneider-electric |
11y ago |
Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 transmit cleartext credentials, which allows remote attackers to obtain s… |
| CVE-2015-0996 |
low |
— |
2.1 |
|
|
avevaschneider-electric |
11y ago |
Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 rely on a hardcoded cleartext password to control read access to Project … |
| CVE-2014-9190 |
critical |
— |
10.0 |
|
|
schneider-electric |
12y ago |
Stack-based buffer overflow in Schneider Electric Wonderware InTouch Access Anywhere Server 10.6 and 11.0 allows remote attackers to execute arbitrary code via a request for a filename that does not … |
| CVE-2014-8511 |
critical |
— |
10.0 |
|
|
schneider-electric |
12y ago |
Buffer overflow in an ActiveX control in Atx45.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability tha… |
| CVE-2013-0662 |
critical |
— |
10.0 |
EXP |
|
schneider-electricschneider_electric |
12y ago |
Multiple stack-based buffer overflows in ModbusDrv.exe in Schneider Electric Modbus Serial Driver 1.10 through 3.2 allow remote attackers to execute arbitrary code via a large buffer-size value in a … |
| CVE-2013-3075 |
critical |
— |
10.0 |
EXP |
|
mitsubishi-automationschneider-electric |
13y ago |
Multiple buffer overflows in ActUWzd.dll 1.0.0.1 in Mitsubishi MX Component 3, as distributed in Citect CitectFacilities 7.10 and CitectScada 7.10r1, allow remote attackers to execute arbitrary code … |
| CVE-2013-0658 |
critical |
— |
10.0 |
EXP |
|
schneider-electric |
14y ago |
Heap-based buffer overflow in RFManagerService.exe in Schneider Electric Accutech Manager 2.00.1 and earlier allows remote attackers to execute arbitrary code via a crafted HTTP request. |
| CVE-2013-0657 |
critical |
— |
10.0 |
EXP |
|
schneider-electric |
14y ago |
Stack-based buffer overflow in Schneider Electric Interactive Graphical SCADA System (IGSS) 10 and earlier allows remote attackers to execute arbitrary code by sending TCP port-12397 data that does n… |
| CVE-2013-0655 |
critical |
— |
9.3 |
|
|
schneider-electric |
14y ago |
The client in Schneider Electric Software Update (SESU) Utility 1.0.x and 1.1.x does not ensure that updates have a valid origin, which allows man-in-the-middle attackers to spoof updates, and conseq… |
| CVE-2011-4861 |
critical |
— |
10.0 |
|
|
schneider-electric |
15y ago |
The modbus_125_handler function in the Schneider Electric Quantum Ethernet Module on the NOE 771 device (aka the Quantum 140NOE771* module) allows remote attackers to install arbitrary firmware updat… |
| CVE-2011-4860 |
critical |
— |
10.0 |
|
|
schneider-electric |
15y ago |
The ComputePassword function in the Schneider Electric Quantum Ethernet Module on the NOE 771 device (aka the Quantum 140NOE771* module) generates the password for the fwupgrade account by performing… |
| CVE-2011-4859 |
critical |
— |
10.0 |
|
|
schneider-electric |
15y ago |
The Schneider Electric Quantum Ethernet Module, as used in the Quantum 140NOE771* and 140CPU65* modules, the Premium TSXETY* and TSXP57* modules, the M340 BMXNOE01* and BMXP3420* modules, and the STB… |
| CVE-2011-4034 |
critical |
— |
10.0 |
EXP |
|
schneider-electric |
15y ago |
Buffer overflow in the Steema TeeChart ActiveX control, as used in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADAReports 4.10 and earlier, allo… |
| CVE-2011-3143 |
critical |
— |
10.0 |
|
|
avevaschneider-electric |
15y ago |
Use-after-free vulnerability in Control Microsystems ClearSCADA 2005, 2007, and 2009 before R2.3 and R1.4, as used in SCX before 67 R4.5 and 68 R3.9, allows remote attackers to cause a denial of serv… |
