Latest Schneider-electric Vulnerabilities

CVE-2024-6407
CWE-200: Information Exposure vulnerability exists that could cause disclosure of credentials when a specially crafted message is sent to the device.
Schneider-electric Whc-5918a Firmware
Schneider-electric Whc-5918a
CVE-2024-6528
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause a vulnerability leading to a cross-site scripting condition where att...
Schneider-electric Modicon M241 Firmware
Schneider-electric Modicon M241
Schneider-electric Modicon M251 Firmware
Schneider-electric Modicon M251
Schneider-electric Modicon M258 Firmware
Schneider-electric Modicon M258
and 4 more
CVE-2024-2602
CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could result in remote code execution when an authenticated user executes a saved proje...
Schneider-electric Foxrtu Station<9.3.0
CVE-2024-5681
CWE-20: Improper Input Validation vulnerability exists that could cause local denial-of-service, privilege escalation, and potentially kernel execution when a malicious actor with local user access cr...
Schneider-electric Ecostruxure Foxboro Dcs Control Core Services<=9.8
CVE-2024-5680
CWE-129: Improper Validation of Array Index vulnerability exists that could cause local denial-of-service when a malicious actor with local user access crafts a script/program using an IOCTL call in t...
Schneider-electric Ecostruxure Foxboro Dcs Control Core Services<=9.8
CVE-2024-5679
CWE-787: Out-of-Bounds Write vulnerability exists that could cause local denial-of-service, or kernel memory leak when a malicious actor with local user access crafts a script/program using an IOCTL c...
Schneider-electric Ecostruxure Foxboro Dcs Control Core Services<=9.8
CVE-2024-0865
CWE-798: Use of hard-coded credentials vulnerability exists that could cause local privilege escalation when logged in as a non-administrative user.
Schneider-electric Ecostruxure It Gateway<1.21.0
CVE-2024-37040
CWE-120: Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’) vulnerability exists that could allow a user with access to the device’s web interface to cause a fault on the device wh...
Schneider-electric Sage Rtu Firmware<c3414-500-s02k5_p9
Schneider-electric Sage 1410
Schneider-electric Sage 1430
Schneider-electric Sage 1450
Schneider-electric Sage 2400
Schneider-electric Sage 3030 Magnum
and 1 more
CVE-2024-37039
CWE-252: Unchecked Return Value vulnerability exists that could cause denial of service of the device when an attacker sends a specially crafted HTTP request.
Schneider-electric Sage Rtu Firmware<c3414-500-s02k5_p9
Schneider-electric Sage 1410
Schneider-electric Sage 1430
Schneider-electric Sage 1450
Schneider-electric Sage 2400
Schneider-electric Sage 3030 Magnum
and 1 more
CVE-2024-37038
CWE-276: Incorrect Default Permissions vulnerability exists that could allow an authenticated user with access to the device’s web interface to perform unauthorized file and firmware uploads when craf...
Schneider-electric Sage Rtu Firmware<c3414-500-s02k5_p9
Schneider-electric Sage 1410
Schneider-electric Sage 1430
Schneider-electric Sage 1450
Schneider-electric Sage 2400
Schneider-electric Sage 3030 Magnum
and 1 more
CVE-2024-37037
CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability exists that could allow an authenticated user with access to the device’s web interface to corrupt ...
Schneider-electric Sage Rtu Firmware<c3414-500-s02k5_p9
Schneider-electric Sage 1410
Schneider-electric Sage 1430
Schneider-electric Sage 1450
Schneider-electric Sage 2400
Schneider-electric Sage 3030 Magnum
and 1 more
CVE-2024-5560
CWE-125: Out-of-bounds Read vulnerability exists that could cause denial of service of the device’s web interface when an attacker sends a specially crafted HTTP request.
Schneider-electric Sage Rtu Firmware<c3414-500-s02k5_p9
Schneider-electric Sage 1410
Schneider-electric Sage 1430
Schneider-electric Sage 1450
Schneider-electric Sage 2400
Schneider-electric Sage 3030 Magnum
and 1 more
CVE-2024-5557
CWE-532: Insertion of Sensitive Information into Log File vulnerability exists that could cause exposure of SNMP credentials when an attacker has access to the controller logs.
Schneider-electric Spacelogic As-b Firmware<6.0.1
Schneider-electric Spacelogic As-b
Schneider-electric Spacelogic As-p Firmware<6.0.1
Schneider-electric Spacelogic As-p
CVE-2024-5558
CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability exists that could cause escalation of privileges when an attacker abuses a limited admin account.
Schneider-electric Spacelogic As-b Firmware<6.0.1
Schneider-electric Spacelogic As-b
Schneider-electric Spacelogic As-p Firmware<6.0.1
Schneider-electric Spacelogic As-p
CVE-2023-7032
A CWE-502: Deserialization of untrusted data vulnerability exists that could allow an attacker logged in with a user level account to gain higher privileges by providing a harmful serialized object. ...
Schneider-electric Easergy Studio<=9.3.5
CVE-2023-6407
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause arbitrary file deletion upon service restart when accessed by a local an...
Schneider-electric Easy Ups Online Monitoring Software<2.6-ga-01-23248
Microsoft Windows 10 1507
Microsoft Windows 10 1507
Microsoft Windows 11 21h2
Microsoft Windows 11 21h2
Microsoft Windows Server 2016
and 2 more
CVE-2023-5630
A CWE-494: Download of Code Without Integrity Check vulnerability exists that could allow a privileged user to install an untrusted firmware.
Schneider-electric Eb450 Firmware
Schneider-electric Eb450
Schneider-electric Eb45e Firmware
Schneider-electric Eb45e
Schneider-electric Eh450 Firmware
Schneider-electric Eh450
and 26 more
CVE-2023-5629
A CWE-601:URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability exists that could cause disclosure of information through phishing attempts over HTTP.
Schneider-electric Eb450 Firmware
Schneider-electric Eb450
Schneider-electric Eb45e Firmware
Schneider-electric Eb45e
Schneider-electric Eh450 Firmware
Schneider-electric Eh450
and 26 more
CVE-2023-6032
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause a file system enumeration and file download when an attacker navigates t...
Schneider-electric Galaxy Vl Firmware=12.21
Schneider-electric Galaxy Vl
Schneider-electric Galaxy Vs Firmware=6.82
Schneider-electric Galaxy Vs
CVE-2023-5987
A CWE-79 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) vulnerability that could cause a vulnerability leading to a cross site scripting condition where attackers ...
Schneider-electric Ecostruxure Power Monitoring Expert=2020
Schneider-electric Ecostruxure Power Monitoring Expert=2020-cumulative_update_1
Schneider-electric Ecostruxure Power Monitoring Expert=2020-cumulative_update_2
Schneider-electric Ecostruxure Power Monitoring Expert=2021
Schneider-electric Ecostruxure Power Monitoring Expert=2021-cumulative_update_1
CVE-2023-5986
A CWE-601 URL Redirection to Untrusted Site vulnerability exists that could cause an openredirect vulnerability leading to a cross site scripting attack. By providing a URL-encoded input attackers ca...
Schneider-electric Ecostruxure Power Monitoring Expert=2020
Schneider-electric Ecostruxure Power Monitoring Expert=2020-cumulative_update_1
Schneider-electric Ecostruxure Power Monitoring Expert=2020-cumulative_update_2
Schneider-electric Ecostruxure Power Monitoring Expert=2021
Schneider-electric Ecostruxure Power Monitoring Expert=2021-cumulative_update_1
CVE-2023-5985
A CWE-79 Improper Neutralization of Input During Web Page Generation vulnerability exists that could cause compromise of a user’s browser when an attacker with admin privileges has modified system ...
Schneider-electric Ion8650 Firmware
Schneider-electric Ion8650
Schneider-electric Ion8800 Firmware
Schneider-electric Ion8800
CVE-2023-5984
A CWE-494 Download of Code Without Integrity Check vulnerability exists that could allow modified firmware to be uploaded when an authorized admin user begins a firmware update procedure which could ...
Schneider-electric Ion8650 Firmware
Schneider-electric Ion8650
Schneider-electric Ion8800 Firmware
Schneider-electric Ion8800
CVE-2023-5391
A CWE-502: Deserialization of untrusted data vulnerability exists that could allow an attacker to execute arbitrary code on the targeted system by sending a specifically crafted packet to the appli...
Schneider-electric Ecostruxure Power Monitoring Expert
Schneider-electric Ecostruxure Power Operation With Advanced Reports
Schneider-electric Ecostruxure Power Scada Operation With Advanced Reports
CVE-2023-5399
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause tampering of files on the personal computer running C-Bus when using...
Schneider-electric Spacelogic C-bus Toolkit<1.16.4
CVE-2023-5402
A CWE-269: Improper Privilege Management vulnerability exists that could cause a remote code execution when the transfer command is used over the network.
Schneider-electric C-bus Toolkit<=1.16.3
CVE-2023-4516
A CWE-306: Missing Authentication for Critical Function vulnerability exists in the IGSS Update Service that could allow a local attacker to change update source, potentially leading to remote code e...
Schneider-electric Interactive Graphical Scada System<=16.0.0.23211
CVE-2023-3953
A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause memory corruption when an authenticated user opens a tampered log file from GP...
Schneider-electric Pro-face Gp-pro Ex<4.09.500
CVE-2023-29414
A CWE-120: Buffer Copy without Checking Size of Input (Classic Buffer Overflow) vulnerability exists that could cause user privilege escalation if a local user sends specific string input to a local ...
Schneider-electric Accutech Manager<=2.7
CVE-2023-37199
A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause remote code execution when an admin user on DCE tampers with backups which are then manually ...
Schneider-electric Struxureware Data Center Expert<=7.9.3
CVE-2023-37197
A CWE-89: Improper Neutralization of Special Elements vulnerability used in an SQL Command ('SQL Injection') vulnerability exists that could allow a user already authenticated on DCE to access unau...
Schneider-electric Struxureware Data Center Expert<=7.9.3
CVE-2023-37198
A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause remote code execution when an admin user on DCE uploads or tampers with install packages....
Schneider-electric Struxureware Data Center Expert<=7.9.3
CVE-2023-37196
A CWE-89: Improper Neutralization of Special Elements vulnerability used in an SQL Command ('SQL Injection') vulnerability exists that could allow a user already authenticated on DCE to access unauth...
Schneider-electric Struxureware Data Center Expert<=7.9.3
CVE-2023-2569
A CWE-787: Out-of-Bounds Write vulnerability exists that could cause local denial-of-service, elevation of privilege, and potentially kernel execution when a malicious actor with local user access cr...
Schneider-electric Ecostruxure Foxboro Dcs Control Core Services
CVE-2023-3001
A CWE-502: Deserialization of Untrusted Data vulnerability exists in the Dashboard module that could cause an interpretation of malicious payload data, potentially leading to remote code execution wh...
Schneider-electric Igss Dashboard<16.0.0.23131
CVE-2023-2570
A CWE-129: Improper Validation of Array Index vulnerability exists that could cause local denial-of-service, and potentially kernel execution when a malicious actor with local user access crafts a ...
Schneider-electric Ecostruxure Foxboro Dcs Control Core Services
CVE-2023-1049
Schneider-electric Ecostruxure Operator Terminal Expert<3.3
Schneider-electric Ecostruxure Operator Terminal Expert=3.3
Schneider-electric Ecostruxure Operator Terminal Expert=3.3-sp1
Schneider-electric Pro-face Blue<3.3
Schneider-electric Pro-face Blue=3.3
Schneider-electric Pro-face Blue=3.3-sp1
CVE-2022-46680
A CWE-319: Cleartext transmission of sensitive information vulnerability exists that could cause disclosure of sensitive information, denial of service, or modification of data if an attacker is able...
Schneider-electric Powerlogic Ion9000 Firmware<4.0.0
Schneider-electric Powerlogic Ion9000
Schneider-electric Powerlogic Ion7400 Firmware<4.0.0
Schneider-electric Powerlogic Ion7400
Schneider-electric Powerlogic Pm8000 Firmware<4.0.0
Schneider-electric Powerlogic Pm8000
and 4 more
CVE-2023-2161
A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause unauthorized read access to the file system when a malicious configuration file is loaded on to ...
Schneider-electric Opc Factory Server<3.63
Schneider-electric Opc Factory Server=3.63
CVE-2023-25620
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause denial of service of the controller when a malicious project file is loaded onto the controller...
Schneider-electric Modicon M580 Firmware<4.10
Schneider-electric Modicon M580
Schneider-electric Modicon M340 Firmware<3.51
Schneider-electric Modicon M340
Schneider-electric Modicon Momentum Unity M1e Processor Firmware
Schneider-electric Modicon Momentum Unity M1e Processor
and 10 more
CVE-2023-25619
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause denial of service of the controller when communicating over the Modbus TCP protocol.
Schneider-electric Modicon M580 Firmware<4.10
Schneider-electric Modicon M580
Schneider-electric Modicon M340 Firmware<3.51
Schneider-electric Modicon M340
Schneider-electric Modicon Momentum Unity M1e Processor Firmware
Schneider-electric Modicon Momentum Unity M1e Processor
and 8 more
CVE-2023-29410
A CWE-20: Improper Input Validation vulnerability exists that could allow an authenticated attacker to gain the same privilege as the application on the server when a malicious payload is provided ov...
Schneider-electric Insighthome Firmware<1.16
Schneider-electric Insighthome Firmware=1.16
Schneider-electric Insighthome Firmware=1.16-build_004
Schneider-electric Insighthome
Schneider-electric Insightfacility Firmware<1.16
Schneider-electric Insightfacility Firmware=1.16
and 6 more
CVE-2023-28004
A CWE-129: Improper validation of an array index vulnerability exists where a specially crafted Ethernet request could result in denial of service or remote code execution.
Schneider-electric Powerlogic Hdpm6000 Firmware<=0.58.6
Schneider-electric Powerlogic Hdpm6000
CVE-2023-29413
A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause Denial-of-Service when accessed by an unauthenticated user on the Schneider UPS Monitor service.
Schneider-electric Apc Easy Ups Online Monitoring Software<=2.5-ga-01-22320
Microsoft Windows 10
Microsoft Windows 11
Microsoft Windows Server 2016
Microsoft Windows Server 2019
Microsoft Windows Server 2022
and 1 more
CVE-2023-28003
A CWE-613: Insufficient Session Expiration vulnerability exists that could allow an attacker to maintain unauthorized access over a hijacked session in PME after the legitimate user has signed out ...
Schneider-electric Ecostruxure Power Monitoring Expert<=2022
CVE-2023-29411
A CWE-306: Missing Authentication for Critical Function vulnerability exists that could allow changes to administrative credentials, leading to potential remote code execution without requiring prior...
Schneider-electric Apc Easy Ups Online Monitoring Software<=2.5-ga-01-22320
Microsoft Windows 10
Microsoft Windows 11
Microsoft Windows Server 2016
Microsoft Windows Server 2019
Microsoft Windows Server 2022
and 1 more
CVE-2023-25551
A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists on a DCE file upload endpoint when tampering with parameters over HTTP. ...
Schneider-electric Struxureware Data Center Expert<=7.9.2
CVE-2023-25553
A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists on a DCE endpoint through the logging capabilities of the webserver. ...
Schneider-electric Struxureware Data Center Expert<=7.9.2
CVE-2023-25549
A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that allows for remote code execution when using a parameter of the DCE network settings endpoint. ...
Schneider-electric Struxureware Data Center Expert<=7.9.2
CVE-2023-25548
A CWE-863: Incorrect Authorization vulnerability exists that could allow access to device credentials on specific DCE endpoints not being properly secured when a hacker is using a low privileged user...
Schneider-electric Struxureware Data Center Expert<=7.9.2

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203