Latest Schneider-electric Vulnerabilities

A CWE-502: Deserialization of untrusted data vulnerability exists that could allow an attacker logged in with a user level account to gain higher privileges by providing a harmful serialized object. ...
Schneider-electric Easergy Studio<=9.3.5
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause arbitrary file deletion upon service restart when accessed by a local an...
Schneider-electric Easy Ups Online Monitoring Software<2.6-ga-01-23248
Microsoft Windows 10
Microsoft Windows 10
Microsoft Windows 11 21h2
Microsoft Windows 11 21h2
Microsoft Windows Server 2016
and 2 more
A CWE-494: Download of Code Without Integrity Check vulnerability exists that could allow a privileged user to install an untrusted firmware.
Schneider-electric Eb450 Firmware
Schneider-electric Eb450
Schneider-electric Eb45e Firmware
Schneider-electric Eb45e
Schneider-electric Eh450 Firmware
Schneider-electric Eh450
and 26 more
A CWE-601:URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability exists that could cause disclosure of information through phishing attempts over HTTP.
Schneider-electric Eb450 Firmware
Schneider-electric Eb450
Schneider-electric Eb45e Firmware
Schneider-electric Eb45e
Schneider-electric Eh450 Firmware
Schneider-electric Eh450
and 26 more
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause a file system enumeration and file download when an attacker navigates t...
Schneider-electric Galaxy Vl Firmware=12.21
Schneider-electric Galaxy Vl
Schneider-electric Galaxy Vs Firmware=6.82
Schneider-electric Galaxy Vs
A CWE-79 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) vulnerability that could cause a vulnerability leading to a cross site scripting condition where attackers ...
Schneider-electric Ecostruxure Power Monitoring Expert=2020
Schneider-electric Ecostruxure Power Monitoring Expert=2020-cumulative_update_1
Schneider-electric Ecostruxure Power Monitoring Expert=2020-cumulative_update_2
Schneider-electric Ecostruxure Power Monitoring Expert=2021
Schneider-electric Ecostruxure Power Monitoring Expert=2021-cumulative_update_1
A CWE-601 URL Redirection to Untrusted Site vulnerability exists that could cause an openredirect vulnerability leading to a cross site scripting attack. By providing a URL-encoded input attackers ca...
Schneider-electric Ecostruxure Power Monitoring Expert=2020
Schneider-electric Ecostruxure Power Monitoring Expert=2020-cumulative_update_1
Schneider-electric Ecostruxure Power Monitoring Expert=2020-cumulative_update_2
Schneider-electric Ecostruxure Power Monitoring Expert=2021
Schneider-electric Ecostruxure Power Monitoring Expert=2021-cumulative_update_1
A CWE-79 Improper Neutralization of Input During Web Page Generation vulnerability exists that could cause compromise of a user’s browser when an attacker with admin privileges has modified system ...
Schneider-electric Ion8650 Firmware
Schneider-electric Ion8650
Schneider-electric Ion8800 Firmware
Schneider-electric Ion8800
A CWE-494 Download of Code Without Integrity Check vulnerability exists that could allow modified firmware to be uploaded when an authorized admin user begins a firmware update procedure which could ...
Schneider-electric Ion8650 Firmware
Schneider-electric Ion8650
Schneider-electric Ion8800 Firmware
Schneider-electric Ion8800
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause tampering of files on the personal computer running C-Bus when using...
Schneider-electric Spacelogic C-bus Toolkit<1.16.4
A CWE-502: Deserialization of untrusted data vulnerability exists that could allow an attacker to execute arbitrary code on the targeted system by sending a specifically crafted packet to the appli...
Schneider-electric Ecostruxure Power Monitoring Expert
Schneider-electric Ecostruxure Power Operation With Advanced Reports
Schneider-electric Ecostruxure Power Scada Operation With Advanced Reports
A CWE-269: Improper Privilege Management vulnerability exists that could cause a remote code execution when the transfer command is used over the network.
Schneider-electric C-bus Toolkit<=1.16.3
A CWE-306: Missing Authentication for Critical Function vulnerability exists in the IGSS Update Service that could allow a local attacker to change update source, potentially leading to remote code e...
Schneider-electric Interactive Graphical Scada System<=16.0.0.23211
A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause memory corruption when an authenticated user opens a tampered log file from GP...
Schneider-electric Pro-face Gp-pro Ex<4.09.500
A CWE-120: Buffer Copy without Checking Size of Input (Classic Buffer Overflow) vulnerability exists that could cause user privilege escalation if a local user sends specific string input to a local ...
Schneider-electric Accutech Manager<=2.7
A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause remote code execution when an admin user on DCE tampers with backups which are then manually ...
Schneider-electric Struxureware Data Center Expert<=7.9.3
A CWE-89: Improper Neutralization of Special Elements vulnerability used in an SQL Command ('SQL Injection') vulnerability exists that could allow a user already authenticated on DCE to access unauth...
Schneider-electric Struxureware Data Center Expert<=7.9.3
A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause remote code execution when an admin user on DCE uploads or tampers with install packages....
Schneider-electric Struxureware Data Center Expert<=7.9.3
A CWE-89: Improper Neutralization of Special Elements vulnerability used in an SQL Command ('SQL Injection') vulnerability exists that could allow a user already authenticated on DCE to access unau...
Schneider-electric Struxureware Data Center Expert<=7.9.3
A CWE-129: Improper Validation of Array Index vulnerability exists that could cause local denial-of-service, and potentially kernel execution when a malicious actor with local user access crafts a ...
Schneider-electric Ecostruxure Foxboro Dcs Control Core Services
A CWE-502: Deserialization of Untrusted Data vulnerability exists in the Dashboard module that could cause an interpretation of malicious payload data, potentially leading to remote code execution wh...
Schneider-electric Igss Dashboard<16.0.0.23131
A CWE-787: Out-of-Bounds Write vulnerability exists that could cause local denial-of-service, elevation of privilege, and potentially kernel execution when a malicious actor with local user access cr...
Schneider-electric Ecostruxure Foxboro Dcs Control Core Services
Schneider-electric Ecostruxure Operator Terminal Expert<3.3
Schneider-electric Ecostruxure Operator Terminal Expert=3.3
Schneider-electric Ecostruxure Operator Terminal Expert=3.3-sp1
Schneider-electric Pro-face Blue<3.3
Schneider-electric Pro-face Blue=3.3
Schneider-electric Pro-face Blue=3.3-sp1
A CWE-319: Cleartext transmission of sensitive information vulnerability exists that could cause disclosure of sensitive information, denial of service, or modification of data if an attacker is able...
Schneider-electric Powerlogic Ion9000 Firmware<4.0.0
Schneider-electric Powerlogic Ion9000
Schneider-electric Powerlogic Ion7400 Firmware<4.0.0
Schneider-electric Powerlogic Ion7400
Schneider-electric Powerlogic Pm8000 Firmware<4.0.0
Schneider-electric Powerlogic Pm8000
and 4 more
A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause unauthorized read access to the file system when a malicious configuration file is loaded on to ...
Schneider-electric Opc Factory Server<3.63
Schneider-electric Opc Factory Server=3.63
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause denial of service of the controller when a malicious project file is loaded onto the controller...
Schneider-electric Modicon M580 Firmware<4.10
Schneider-electric Modicon M580
Schneider-electric Modicon M340 Firmware<3.51
Schneider-electric Modicon M340
Schneider-electric Modicon Momentum Unity M1e Processor Firmware
Schneider-electric Modicon Momentum Unity M1e Processor
and 10 more
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause denial of service of the controller when communicating over the Modbus TCP protocol.
Schneider-electric Modicon M580 Firmware<4.10
Schneider-electric Modicon M580
Schneider-electric Modicon M340 Firmware<3.51
Schneider-electric Modicon M340
Schneider-electric Modicon Momentum Unity M1e Processor Firmware
Schneider-electric Modicon Momentum Unity M1e Processor
and 8 more
A CWE-20: Improper Input Validation vulnerability exists that could allow an authenticated attacker to gain the same privilege as the application on the server when a malicious payload is provided ov...
Schneider-electric Insighthome Firmware<1.16
Schneider-electric Insighthome Firmware=1.16
Schneider-electric Insighthome Firmware=1.16-build_004
Schneider-electric Insighthome
Schneider-electric Insightfacility Firmware<1.16
Schneider-electric Insightfacility Firmware=1.16
and 6 more
A CWE-129: Improper validation of an array index vulnerability exists where a specially crafted Ethernet request could result in denial of service or remote code execution.
Schneider-electric Powerlogic Hdpm6000 Firmware<=0.58.6
Schneider-electric Powerlogic Hdpm6000
A CWE-306: Missing Authentication for Critical Function vulnerability exists that could allow changes to administrative credentials, leading to potential remote code execution without requiring prior...
Schneider-electric Apc Easy Ups Online Monitoring Software<=2.5-ga-01-22320
Microsoft Windows 10
Microsoft Windows 11
Microsoft Windows Server 2016
Microsoft Windows Server 2019
Microsoft Windows Server 2022
and 1 more
A CWE-78: Improper Handling of Case Sensitivity vulnerability exists that could cause remote code execution when manipulating internal methods through Java RMI interface.
Schneider-electric Apc Easy Ups Online Monitoring Software<=2.5-ga-01-22320
Microsoft Windows 10
Microsoft Windows 11
Microsoft Windows Server 2016
Microsoft Windows Server 2019
Microsoft Windows Server 2022
and 1 more
A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause Denial-of-Service when accessed by an unauthenticated user on the Schneider UPS Monitor service.
Schneider-electric Apc Easy Ups Online Monitoring Software<=2.5-ga-01-22320
Microsoft Windows 10
Microsoft Windows 11
Microsoft Windows Server 2016
Microsoft Windows Server 2019
Microsoft Windows Server 2022
and 1 more
A CWE-613: Insufficient Session Expiration vulnerability exists that could allow an attacker to maintain unauthorized access over a hijacked session in PME after the legitimate user has signed out ...
Schneider-electric Ecostruxure Power Monitoring Expert<=2022
A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could allow a user that knows the credentials to execute u...
Schneider-electric Struxureware Data Center Expert<=7.9.2
A CWE-863: Incorrect Authorization vulnerability exists that could allow remote code execution on upload and install packages when a hacker is using a low privileged user account. Affected products: ...
Schneider-electric Struxureware Data Center Expert<=7.9.2
A CWE-863: Incorrect Authorization vulnerability exists that could allow access to device credentials on specific DCE endpoints not being properly secured when a hacker is using a low privileged user...
Schneider-electric Struxureware Data Center Expert<=7.9.2
A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that allows remote code execution via the “hostname” parameter when maliciously crafted hostname synta...
Schneider-electric Struxureware Data Center Expert<=7.9.2
A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists on a DCE endpoint through the logging capabilities of the webserver. ...
Schneider-electric Struxureware Data Center Expert<=7.9.2
A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that allows for remote code execution when using a parameter of the DCE network settings endpoint. ...
Schneider-electric Struxureware Data Center Expert<=7.9.2
A CWE-862: Missing Authorization vulnerability exists that could allow viewing of unauthorized content, changes or deleting of content, or performing unauthorized functions when tampering the Devic...
Schneider-electric Struxureware Data Center Expert<=7.9.2
A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that allows a local privilege escalation on the appliance when a maliciou...
Schneider-electric Struxureware Data Center Expert<=7.9.2
A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists on a DCE file upload endpoint when tampering with parameters over HTTP. ...
Schneider-electric Struxureware Data Center Expert<=7.9.2
A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause the user to be tricked into performing unintended actions when external address frames are...
Schneider-electric Netbotz 355 Firmware>=4.0.0<=4.7.0
Schneider-electric Netbotz 355
Schneider-electric Netbotz 450 Firmware>=4.0.0<=4.7.0
Schneider-electric Netbotz 450
Schneider-electric Netbotz 455 Firmware>=4.0.0<=4.7.0
Schneider-electric Netbotz 455
and 4 more
A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could cause account takeover when a brute force attack is performed on the account. Affected Pro...
Schneider-electric Netbotz 355 Firmware>=4.0.0<=4.7.0
Schneider-electric Netbotz 355
Schneider-electric Netbotz 450 Firmware>=4.0.0<=4.7.0
Schneider-electric Netbotz 450
Schneider-electric Netbotz 455 Firmware>=4.0.0<=4.7.0
Schneider-electric Netbotz 455
and 4 more
A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause code and session manipulation when malicious code is inserted in...
Schneider-electric Netbotz 355 Firmware>=4.0.0<=4.7.0
Schneider-electric Netbotz 355
Schneider-electric Netbotz 450 Firmware>=4.0.0<=4.7.0
Schneider-electric Netbotz 450
Schneider-electric Netbotz 455 Firmware>=4.0.0<=4.7.0
Schneider-electric Netbotz 455
and 4 more
A CWE-427 - Uncontrolled Search Path Element vulnerability exists that could allow an attacker with a local privileged account to place a specially crafted file on the target machine, which may give ...
Schneider-electric Easergy Builder Installer<=1.7.23
A CWE-287: Improper Authentication vulnerability exists that could allow a device to be compromised when a key of less than seven digits is entered and the attacker has access to the KNX installation...
Schneider-electric Merten Instabus Tastermodul 1fach System M Firmware=1.0
Schneider-electric Merten Instabus Tastermodul 1fach System M
Schneider-electric Merten Instabus Tastermodul 2fach System M Firmware=1.0
Schneider-electric Merten Instabus Tastermodul 2fach System M
Schneider-electric Merten Tasterschnittstelle 4fach Plus Firmware=1.0
Schneider-electric Merten Tasterschnittstelle 4fach Plus Firmware=1.2
and 10 more
A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that could cause remote code execution when a valid user visits a malicious link provided through the web endpoints. Affected Prod...
Schneider-electric Ecostruxure Control Expert>=15.1
A CWE-269: Improper Privilege Management vulnerability exists that could cause a local user to perform a denial of service through the console server service that is part of EcoStruxure Control Exper...
Schneider-electric Ecostruxure Control Expert>=15.1
A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Data Server TCP interface that could allow deletion of reports from the IGSS project report directory, this would le...
Schneider-electric Custom Reports<=16.0.0.23040
Schneider-electric Igss Dashboard<=16.0.0.23040
Schneider-electric Igss Data Server<=16.0.0.23040

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203