Filtered by vendor Schneider-electric
Subscriptions
Total
781 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-7971 | 1 Schneider-electric | 3 Citect Anywhere, Powerscada Anywhere, Powerscada Expert | 2025-04-20 | N/A |
| A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the use of outdated cipher suites and improper verification of peer SSL Certificate. | ||||
| CVE-2017-9961 | 1 Schneider-electric | 1 Pro-face Gp Pro Ex | 2025-04-20 | N/A |
| A vulnerability exists in Schneider Electric's Pro-Face GP Pro EX version 4.07.000 that allows an attacker to execute arbitrary code. Malicious code installation requires an access to the computer. By placing a specific DLL/OCX file, an attacker is able to force the process to load arbitrary DLL and execute arbitrary code in the context of the process. | ||||
| CVE-2017-7970 | 1 Schneider-electric | 3 Citect Anywhere, Powerscada Anywhere, Powerscada Expert | 2025-04-20 | N/A |
| A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the ability to specify Arbitrary Server Target Nodes in connection requests to the Secure Gateway and Server components. | ||||
| CVE-2017-7575 | 1 Schneider-electric | 2 Modicon Tm221ce16r, Modicon Tm221ce16r Firmware | 2025-04-20 | N/A |
| Schneider Electric Modicon TM221CE16R 1.3.3.3 devices allow remote attackers to discover the application-protection password via a \x00\x01\x00\x00\x00\x05\x01\x5a\x00\x03\x00 request to the Modbus port (502/tcp). Subsequently the application may be arbitrarily downloaded, modified, and uploaded. | ||||
| CVE-2017-7969 | 1 Schneider-electric | 3 Citect Anywhere, Powerscada Anywhere, Powerscada Expert | 2025-04-20 | N/A |
| A cross-site request forgery vulnerability exists on the Secure Gateway component of Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 for multiple state-changing requests. This type of attack requires some level of social engineering in order to get a legitimate user to click on or access a malicious link/site containing the CSRF attack. | ||||
| CVE-2016-5818 | 1 Schneider-electric | 2 Powerlogic Pm8ecc, Powerlogic Pm8ecc Firmware | 2025-04-20 | N/A |
| An issue was discovered in Schneider Electric PowerLogic PM8ECC device 2.651 and older. Undocumented hard-coded credentials allow access to the device. | ||||
| CVE-2017-7968 | 1 Schneider-electric | 1 Wonderware Indusoft Web Studio | 2025-04-20 | N/A |
| An Incorrect Default Permissions issue was discovered in Schneider Electric Wonderware InduSoft Web Studio v8.0 Patch 3 and prior versions. Upon installation, Wonderware InduSoft Web Studio creates a new directory and two files, which are placed in the system's path and can be manipulated by non-administrators. This could allow an authenticated user to escalate his or her privileges. | ||||
| CVE-2017-6028 | 1 Schneider-electric | 4 Modicon M241, Modicon M241 Firmware, Modicon M251 and 1 more | 2025-04-20 | 9.8 Critical |
| An Insufficiently Protected Credentials issue was discovered in Schneider Electric Modicon PLCs Modicon M241, all firmware versions, and Modicon M251, all firmware versions. Log-in credentials are sent over the network with Base64 encoding leaving them susceptible to sniffing. Sniffed credentials could then be used to log into the web application. | ||||
| CVE-2017-6019 | 1 Schneider-electric | 2 Conext Combox 865-1058, Conext Combox 865-1058 Firmware | 2025-04-20 | N/A |
| An issue was discovered in Schneider Electric Conext ComBox, model 865-1058, all firmware versions prior to V3.03 BN 830. A series of rapid requests to the device may cause it to reboot. | ||||
| CVE-2017-9958 | 1 Schneider-electric | 1 U.motion Builder | 2025-04-20 | N/A |
| An improper access control vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an improper handling of the system configuration can allow an attacker to execute arbitrary code under the context of root. | ||||
| CVE-2017-7967 | 1 Schneider-electric | 1 Vampset | 2025-04-20 | N/A |
| All versions of VAMPSET software produced by Schneider Electric, prior to V2.2.189, are susceptible to a memory corruption vulnerability when a corrupted vf2 file is used. This vulnerability causes the software to halt or not start when trying to open the corrupted file. This vulnerability occurs when fill settings are intentionally malformed and is opened in a standalone state, without connection to a protection relay. This attack is not considered to be remotely exploitable. This vulnerability has no effect on the operation of the protection relay to which VAMPSET is connected. As Windows operating system remains operational and VAMPSET responds, it is able to be shut down through its normal closing protocol. | ||||
| CVE-2017-7574 | 1 Schneider-electric | 3 Modicon Tm221ce16r, Modicon Tm221ce16r Firmware, Somachine | 2025-04-20 | 9.8 Critical |
| Schneider Electric SoMachine Basic 1.4 SP1 and Schneider Electric Modicon TM221CE16R 1.3.3.3 devices have a hardcoded-key vulnerability. The Project Protection feature is used to prevent unauthorized users from opening an XML protected project file, by prompting the user for a password. This XML file is AES-CBC encrypted; however, the key used for encryption (SoMachineBasicSoMachineBasicSoMa) cannot be changed. After decrypting the XML file with this key, the user password can be found in the decrypted data. After reading the user password, the project can be opened and modified with the Schneider product. | ||||
| CVE-2016-5815 | 1 Schneider-electric | 6 Ion5000, Ion7300, Ion7500 and 3 more | 2025-04-20 | N/A |
| An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. No authentication is configured by default. An unauthorized user can access the device management portal and make configuration changes. | ||||
| CVE-2017-9957 | 1 Schneider-electric | 1 U.motion Builder | 2025-04-20 | N/A |
| A vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the web service contains a hidden system account with a hardcoded password. An attacker can use this information to log into the system with high-privilege credentials. | ||||
| CVE-2017-7966 | 1 Schneider-electric | 1 Somachine | 2025-04-20 | N/A |
| A DLL Hijacking vulnerability in the programming software in Schneider Electric's SoMachine HVAC v2.1.0 allows a remote attacker to execute arbitrary code on the targeted system. The vulnerability exists due to the improper loading of a DLL. | ||||
| CVE-2017-9956 | 1 Schneider-electric | 1 U.motion Builder | 2025-04-20 | N/A |
| An authentication bypass vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the system contains a hard-coded valid session. An attacker can use that session ID as part of the HTTP cookie of a web request, resulting in authentication bypass | ||||
| CVE-2017-9960 | 1 Schneider-electric | 1 U.motion Builder | 2025-04-20 | N/A |
| An information disclosure vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the system response to error provides more information than should be available to an unauthenticated user. | ||||
| CVE-2016-8367 | 1 Schneider-electric | 16 Magelis Gto Advanced Optimum Panel, Magelis Gto Advanced Optimum Panel Firmware, Magelis Gtu Universal Panel and 13 more | 2025-04-20 | 5.3 Medium |
| An issue was discovered in Schneider Electric Magelis HMI Magelis GTO Advanced Optimum Panels, all versions, Magelis GTU Universal Panel, all versions, Magelis STO5xx and STU Small panels, all versions, Magelis XBT GH Advanced Hand-held Panels, all versions, Magelis XBT GK Advanced Touchscreen Panels with Keyboard, all versions, Magelis XBT GT Advanced Touchscreen Panels, all versions, and Magelis XBT GTW Advanced Open Touchscreen Panels (Windows XPe). An attacker can open multiple connections to a targeted web server and keep connections open preventing new connections from being made, rendering the web server unavailable during an attack. | ||||
| CVE-2017-7689 | 1 Schneider-electric | 2 Homelynk Controller Lss100100, Homelynk Controller Lss100100 Firmware | 2025-04-20 | 9.8 Critical |
| A Command Injection vulnerability in Schneider Electric homeLYnk Controller exists in all versions before 1.5.0. | ||||
| CVE-2016-8374 | 1 Schneider-electric | 16 Magelis Gto Advanced Optimum Panel, Magelis Gto Advanced Optimum Panel Firmware, Magelis Gtu Universal Panel and 13 more | 2025-04-20 | 7.5 High |
| An issue was discovered in Schneider Electric Magelis HMI Magelis GTO Advanced Optimum Panels, all versions, Magelis GTU Universal Panel, all versions, Magelis STO5xx and STU Small panels, all versions, Magelis XBT GH Advanced Hand-held Panels, all versions, Magelis XBT GK Advanced Touchscreen Panels with Keyboard, all versions, Magelis XBT GT Advanced Touchscreen Panels, all versions, and Magelis XBT GTW Advanced Open Touchscreen Panels (Windows XPe). An attacker may be able to disrupt a targeted web server, resulting in a denial of service because of UNCONTROLLED RESOURCE CONSUMPTION. | ||||