Latest Schneider-electric Vulnerabilities

CVE-2023-7032
A CWE-502: Deserialization of untrusted data vulnerability exists that could allow an attacker logged in with a user level account to gain higher privileges by providing a harmful serialized object. ...
Schneider-electric Easergy Studio<=9.3.5
CVE-2023-6407
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause arbitrary file deletion upon service restart when accessed by a local an...
Schneider-electric Easy Ups Online Monitoring Software<2.6-ga-01-23248
Microsoft Windows 10 1507
Microsoft Windows 10 1507
Microsoft Windows 11 21h2
Microsoft Windows 11 21h2
Microsoft Windows Server 2016
and 2 more
CVE-2023-5630
A CWE-494: Download of Code Without Integrity Check vulnerability exists that could allow a privileged user to install an untrusted firmware.
Schneider-electric Eb450 Firmware
Schneider-electric Eb450
Schneider-electric Eb45e Firmware
Schneider-electric Eb45e
Schneider-electric Eh450 Firmware
Schneider-electric Eh450
and 26 more
CVE-2023-5629
A CWE-601:URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability exists that could cause disclosure of information through phishing attempts over HTTP.
Schneider-electric Eb450 Firmware
Schneider-electric Eb450
Schneider-electric Eb45e Firmware
Schneider-electric Eb45e
Schneider-electric Eh450 Firmware
Schneider-electric Eh450
and 26 more
CVE-2023-6032
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause a file system enumeration and file download when an attacker navigates t...
Schneider-electric Galaxy Vl Firmware=12.21
Schneider-electric Galaxy Vl
Schneider-electric Galaxy Vs Firmware=6.82
Schneider-electric Galaxy Vs
CVE-2023-5987
A CWE-79 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) vulnerability that could cause a vulnerability leading to a cross site scripting condition where attackers ...
Schneider-electric Ecostruxure Power Monitoring Expert=2020
Schneider-electric Ecostruxure Power Monitoring Expert=2020-cumulative_update_1
Schneider-electric Ecostruxure Power Monitoring Expert=2020-cumulative_update_2
Schneider-electric Ecostruxure Power Monitoring Expert=2021
Schneider-electric Ecostruxure Power Monitoring Expert=2021-cumulative_update_1
CVE-2023-5986
A CWE-601 URL Redirection to Untrusted Site vulnerability exists that could cause an openredirect vulnerability leading to a cross site scripting attack. By providing a URL-encoded input attackers ca...
Schneider-electric Ecostruxure Power Monitoring Expert=2020
Schneider-electric Ecostruxure Power Monitoring Expert=2020-cumulative_update_1
Schneider-electric Ecostruxure Power Monitoring Expert=2020-cumulative_update_2
Schneider-electric Ecostruxure Power Monitoring Expert=2021
Schneider-electric Ecostruxure Power Monitoring Expert=2021-cumulative_update_1
CVE-2023-5985
A CWE-79 Improper Neutralization of Input During Web Page Generation vulnerability exists that could cause compromise of a user’s browser when an attacker with admin privileges has modified system ...
Schneider-electric Ion8650 Firmware
Schneider-electric Ion8650
Schneider-electric Ion8800 Firmware
Schneider-electric Ion8800
CVE-2023-5984
A CWE-494 Download of Code Without Integrity Check vulnerability exists that could allow modified firmware to be uploaded when an authorized admin user begins a firmware update procedure which could ...
Schneider-electric Ion8650 Firmware
Schneider-electric Ion8650
Schneider-electric Ion8800 Firmware
Schneider-electric Ion8800
CVE-2023-5391
A CWE-502: Deserialization of untrusted data vulnerability exists that could allow an attacker to execute arbitrary code on the targeted system by sending a specifically crafted packet to the appli...
Schneider-electric Ecostruxure Power Monitoring Expert
Schneider-electric Ecostruxure Power Operation With Advanced Reports
Schneider-electric Ecostruxure Power Scada Operation With Advanced Reports
CVE-2023-5399
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause tampering of files on the personal computer running C-Bus when using...
Schneider-electric Spacelogic C-bus Toolkit<1.16.4
CVE-2023-5402
A CWE-269: Improper Privilege Management vulnerability exists that could cause a remote code execution when the transfer command is used over the network.
Schneider-electric C-bus Toolkit<=1.16.3
CVE-2023-4516
A CWE-306: Missing Authentication for Critical Function vulnerability exists in the IGSS Update Service that could allow a local attacker to change update source, potentially leading to remote code e...
Schneider-electric Interactive Graphical Scada System<=16.0.0.23211
CVE-2023-3953
A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause memory corruption when an authenticated user opens a tampered log file from GP...
Schneider-electric Pro-face Gp-pro Ex<4.09.500
CVE-2023-29414
A CWE-120: Buffer Copy without Checking Size of Input (Classic Buffer Overflow) vulnerability exists that could cause user privilege escalation if a local user sends specific string input to a local ...
Schneider-electric Accutech Manager<=2.7
CVE-2023-37199
A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause remote code execution when an admin user on DCE tampers with backups which are then manually ...
Schneider-electric Struxureware Data Center Expert<=7.9.3
CVE-2023-37197
A CWE-89: Improper Neutralization of Special Elements vulnerability used in an SQL Command ('SQL Injection') vulnerability exists that could allow a user already authenticated on DCE to access unau...
Schneider-electric Struxureware Data Center Expert<=7.9.3
CVE-2023-37198
A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause remote code execution when an admin user on DCE uploads or tampers with install packages....
Schneider-electric Struxureware Data Center Expert<=7.9.3
CVE-2023-37196
A CWE-89: Improper Neutralization of Special Elements vulnerability used in an SQL Command ('SQL Injection') vulnerability exists that could allow a user already authenticated on DCE to access unauth...
Schneider-electric Struxureware Data Center Expert<=7.9.3
CVE-2023-2569
A CWE-787: Out-of-Bounds Write vulnerability exists that could cause local denial-of-service, elevation of privilege, and potentially kernel execution when a malicious actor with local user access cr...
Schneider-electric Ecostruxure Foxboro Dcs Control Core Services
CVE-2023-2570
A CWE-129: Improper Validation of Array Index vulnerability exists that could cause local denial-of-service, and potentially kernel execution when a malicious actor with local user access crafts a ...
Schneider-electric Ecostruxure Foxboro Dcs Control Core Services
CVE-2023-3001
A CWE-502: Deserialization of Untrusted Data vulnerability exists in the Dashboard module that could cause an interpretation of malicious payload data, potentially leading to remote code execution wh...
Schneider-electric Igss Dashboard<16.0.0.23131
CVE-2023-1049
Schneider-electric Ecostruxure Operator Terminal Expert<3.3
Schneider-electric Ecostruxure Operator Terminal Expert=3.3
Schneider-electric Ecostruxure Operator Terminal Expert=3.3-sp1
Schneider-electric Pro-face Blue<3.3
Schneider-electric Pro-face Blue=3.3
Schneider-electric Pro-face Blue=3.3-sp1
CVE-2022-46680
A CWE-319: Cleartext transmission of sensitive information vulnerability exists that could cause disclosure of sensitive information, denial of service, or modification of data if an attacker is able...
Schneider-electric Powerlogic Ion9000 Firmware<4.0.0
Schneider-electric Powerlogic Ion9000
Schneider-electric Powerlogic Ion7400 Firmware<4.0.0
Schneider-electric Powerlogic Ion7400
Schneider-electric Powerlogic Pm8000 Firmware<4.0.0
Schneider-electric Powerlogic Pm8000
and 4 more
CVE-2023-2161
A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause unauthorized read access to the file system when a malicious configuration file is loaded on to ...
Schneider-electric Opc Factory Server<3.63
Schneider-electric Opc Factory Server=3.63
CVE-2023-25620
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause denial of service of the controller when a malicious project file is loaded onto the controller...
Schneider-electric Modicon M580 Firmware<4.10
Schneider-electric Modicon M580
Schneider-electric Modicon M340 Firmware<3.51
Schneider-electric Modicon M340
Schneider-electric Modicon Momentum Unity M1e Processor Firmware
Schneider-electric Modicon Momentum Unity M1e Processor
and 10 more
CVE-2023-25619
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause denial of service of the controller when communicating over the Modbus TCP protocol.
Schneider-electric Modicon M580 Firmware<4.10
Schneider-electric Modicon M580
Schneider-electric Modicon M340 Firmware<3.51
Schneider-electric Modicon M340
Schneider-electric Modicon Momentum Unity M1e Processor Firmware
Schneider-electric Modicon Momentum Unity M1e Processor
and 8 more
CVE-2023-29410
A CWE-20: Improper Input Validation vulnerability exists that could allow an authenticated attacker to gain the same privilege as the application on the server when a malicious payload is provided ov...
Schneider-electric Insighthome Firmware<1.16
Schneider-electric Insighthome Firmware=1.16
Schneider-electric Insighthome Firmware=1.16-build_004
Schneider-electric Insighthome
Schneider-electric Insightfacility Firmware<1.16
Schneider-electric Insightfacility Firmware=1.16
and 6 more
CVE-2023-28004
A CWE-129: Improper validation of an array index vulnerability exists where a specially crafted Ethernet request could result in denial of service or remote code execution.
Schneider-electric Powerlogic Hdpm6000 Firmware<=0.58.6
Schneider-electric Powerlogic Hdpm6000
CVE-2023-29413
A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause Denial-of-Service when accessed by an unauthenticated user on the Schneider UPS Monitor service.
Schneider-electric Apc Easy Ups Online Monitoring Software<=2.5-ga-01-22320
Microsoft Windows 10
Microsoft Windows 11
Microsoft Windows Server 2016
Microsoft Windows Server 2019
Microsoft Windows Server 2022
and 1 more
CVE-2023-29411
A CWE-306: Missing Authentication for Critical Function vulnerability exists that could allow changes to administrative credentials, leading to potential remote code execution without requiring prior...
Schneider-electric Apc Easy Ups Online Monitoring Software<=2.5-ga-01-22320
Microsoft Windows 10
Microsoft Windows 11
Microsoft Windows Server 2016
Microsoft Windows Server 2019
Microsoft Windows Server 2022
and 1 more
CVE-2023-28003
A CWE-613: Insufficient Session Expiration vulnerability exists that could allow an attacker to maintain unauthorized access over a hijacked session in PME after the legitimate user has signed out ...
Schneider-electric Ecostruxure Power Monitoring Expert<=2022
CVE-2023-29412
A CWE-78: Improper Handling of Case Sensitivity vulnerability exists that could cause remote code execution when manipulating internal methods through Java RMI interface.
Schneider-electric Apc Easy Ups Online Monitoring Software<=2.5-ga-01-22320
Microsoft Windows 10
Microsoft Windows 11
Microsoft Windows Server 2016
Microsoft Windows Server 2019
Microsoft Windows Server 2022
and 1 more
CVE-2023-25551
A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists on a DCE file upload endpoint when tampering with parameters over HTTP. ...
Schneider-electric Struxureware Data Center Expert<=7.9.2
CVE-2023-25553
A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists on a DCE endpoint through the logging capabilities of the webserver. ...
Schneider-electric Struxureware Data Center Expert<=7.9.2
CVE-2023-25549
A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that allows for remote code execution when using a parameter of the DCE network settings endpoint. ...
Schneider-electric Struxureware Data Center Expert<=7.9.2
CVE-2023-25555
A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could allow a user that knows the credentials to execute u...
Schneider-electric Struxureware Data Center Expert<=7.9.2
CVE-2023-25547
A CWE-863: Incorrect Authorization vulnerability exists that could allow remote code execution on upload and install packages when a hacker is using a low privileged user account. Affected products: ...
Schneider-electric Struxureware Data Center Expert<=7.9.2
CVE-2023-25552
A CWE-862: Missing Authorization vulnerability exists that could allow viewing of unauthorized content, changes or deleting of content, or performing unauthorized functions when tampering the Devic...
Schneider-electric Struxureware Data Center Expert<=7.9.2
CVE-2023-25554
A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that allows a local privilege escalation on the appliance when a maliciou...
Schneider-electric Struxureware Data Center Expert<=7.9.2
CVE-2023-25548
A CWE-863: Incorrect Authorization vulnerability exists that could allow access to device credentials on specific DCE endpoints not being properly secured when a hacker is using a low privileged user...
Schneider-electric Struxureware Data Center Expert<=7.9.2
CVE-2023-25550
A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that allows remote code execution via the “hostname” parameter when maliciously crafted hostname synta...
Schneider-electric Struxureware Data Center Expert<=7.9.2
CVE-2022-43378
A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause the user to be tricked into performing unintended actions when external address frames are...
Schneider-electric Netbotz 355 Firmware>=4.0.0<=4.7.0
Schneider-electric Netbotz 355
Schneider-electric Netbotz 450 Firmware>=4.0.0<=4.7.0
Schneider-electric Netbotz 450
Schneider-electric Netbotz 455 Firmware>=4.0.0<=4.7.0
Schneider-electric Netbotz 455
and 4 more
CVE-2022-34755
A CWE-427 - Uncontrolled Search Path Element vulnerability exists that could allow an attacker with a local privileged account to place a specially crafted file on the target machine, which may give ...
Schneider-electric Easergy Builder Installer<=1.7.23
CVE-2022-43377
A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could cause account takeover when a brute force attack is performed on the account. Affected Pro...
Schneider-electric Netbotz 355 Firmware>=4.0.0<=4.7.0
Schneider-electric Netbotz 355
Schneider-electric Netbotz 450 Firmware>=4.0.0<=4.7.0
Schneider-electric Netbotz 450
Schneider-electric Netbotz 455 Firmware>=4.0.0<=4.7.0
Schneider-electric Netbotz 455
and 4 more
CVE-2022-43376
A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause code and session manipulation when malicious code is inserted in...
Schneider-electric Netbotz 355 Firmware>=4.0.0<=4.7.0
Schneider-electric Netbotz 355
Schneider-electric Netbotz 450 Firmware>=4.0.0<=4.7.0
Schneider-electric Netbotz 450
Schneider-electric Netbotz 455 Firmware>=4.0.0<=4.7.0
Schneider-electric Netbotz 455
and 4 more
CVE-2023-25556
A CWE-287: Improper Authentication vulnerability exists that could allow a device to be compromised when a key of less than seven digits is entered and the attacker has access to the KNX installation...
Schneider-electric Merten Instabus Tastermodul 1fach System M Firmware=1.0
Schneider-electric Merten Instabus Tastermodul 1fach System M
Schneider-electric Merten Instabus Tastermodul 2fach System M Firmware=1.0
Schneider-electric Merten Instabus Tastermodul 2fach System M
Schneider-electric Merten Tasterschnittstelle 4fach Plus Firmware=1.0
Schneider-electric Merten Tasterschnittstelle 4fach Plus Firmware=1.2
and 10 more
CVE-2023-27976
A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that could cause remote code execution when a valid user visits a malicious link provided through the web endpoints. Affected Prod...
Schneider-electric Ecostruxure Control Expert>=15.1
CVE-2023-1548
A CWE-269: Improper Privilege Management vulnerability exists that could cause a local user to perform a denial of service through the console server service that is part of EcoStruxure Control Exper...
Schneider-electric Ecostruxure Control Expert>=15.1
CVE-2023-27983
A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Data Server TCP interface that could allow deletion of reports from the IGSS project report directory, this would le...
Schneider-electric Custom Reports<=16.0.0.23040
Schneider-electric Igss Dashboard<=16.0.0.23040
Schneider-electric Igss Data Server<=16.0.0.23040

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203