Filtered by vendor Schneider-electric
Subscriptions
Total
764 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-37036 | 1 Schneider-electric | 7 Sage 1410, Sage 1430, Sage 1450 and 4 more | 2024-11-21 | 9.8 Critical |
CWE-787: Out-of-bounds Write vulnerability exists that could result in an authentication bypass when sending a malformed POST request and particular configuration parameters are set. | ||||
CVE-2024-2747 | 1 Schneider-electric | 1 Easergy Studio | 2024-11-21 | 7.8 High |
CWE-428: Unquoted search path or element vulnerability exists in Easergy Studio, which could cause privilege escalation when a valid user replaces a trusted file name on the system and reboots the machine. | ||||
CVE-2024-2602 | 1 Schneider-electric | 1 Foxrtu Station | 2024-11-21 | 7.3 High |
CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could result in remote code execution when an authenticated user executes a saved project file that has been tampered by a malicious actor. | ||||
CVE-2024-0865 | 1 Schneider-electric | 1 Ecostruxure It Gateway | 2024-11-21 | 7.8 High |
CWE-798: Use of hard-coded credentials vulnerability exists that could cause local privilege escalation when logged in as a non-administrative user. | ||||
CVE-2023-7032 | 1 Schneider-electric | 1 Easergy Studio | 2024-11-21 | 7.8 High |
A CWE-502: Deserialization of untrusted data vulnerability exists that could allow an attacker logged in with a user level account to gain higher privileges by providing a harmful serialized object. | ||||
CVE-2023-6407 | 2 Microsoft, Schneider-electric | 6 Windows 10 1507, Windows 11 21h2, Windows Server 2016 and 3 more | 2024-11-21 | 5.3 Medium |
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause arbitrary file deletion upon service restart when accessed by a local and low-privileged attacker. | ||||
CVE-2023-6032 | 1 Schneider-electric | 4 Galaxy Vl, Galaxy Vl Firmware, Galaxy Vs and 1 more | 2024-11-21 | 5.3 Medium |
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause a file system enumeration and file download when an attacker navigates to the Network Management Card via HTTPS. | ||||
CVE-2023-5987 | 1 Schneider-electric | 1 Ecostruxure Power Monitoring Expert | 2024-11-21 | 6.1 Medium |
A CWE-79 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) vulnerability that could cause a vulnerability leading to a cross site scripting condition where attackers can have a victim’s browser run arbitrary JavaScript when they visit a page containing the injected payload. | ||||
CVE-2023-5985 | 1 Schneider-electric | 4 Ion8650, Ion8650 Firmware, Ion8800 and 1 more | 2024-11-21 | 4.8 Medium |
A CWE-79 Improper Neutralization of Input During Web Page Generation vulnerability exists that could cause compromise of a user’s browser when an attacker with admin privileges has modified system values. | ||||
CVE-2023-5984 | 1 Schneider-electric | 4 Ion8650, Ion8650 Firmware, Ion8800 and 1 more | 2024-11-21 | 7.2 High |
A CWE-494 Download of Code Without Integrity Check vulnerability exists that could allow modified firmware to be uploaded when an authorized admin user begins a firmware update procedure which could result in full control over the device. | ||||
CVE-2023-5630 | 1 Schneider-electric | 32 Eb450, Eb450 Firmware, Eb45e and 29 more | 2024-11-21 | 6.5 Medium |
A CWE-494: Download of Code Without Integrity Check vulnerability exists that could allow a privileged user to install an untrusted firmware. | ||||
CVE-2023-5629 | 1 Schneider-electric | 32 Eb450, Eb450 Firmware, Eb45e and 29 more | 2024-11-21 | 8.2 High |
A CWE-601:URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability exists that could cause disclosure of information through phishing attempts over HTTP. | ||||
CVE-2023-5402 | 1 Schneider-electric | 1 C-bus Toolkit | 2024-11-21 | 9.8 Critical |
A CWE-269: Improper Privilege Management vulnerability exists that could cause a remote code execution when the transfer command is used over the network. | ||||
CVE-2023-5399 | 1 Schneider-electric | 1 Spacelogic C-bus Toolkit | 2024-11-21 | 9.8 Critical |
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause tampering of files on the personal computer running C-Bus when using the File Command. | ||||
CVE-2023-5391 | 1 Schneider-electric | 3 Ecostruxure Power Monitoring Expert, Ecostruxure Power Operation With Advanced Reports, Ecostruxure Power Scada Operation With Advanced Reports | 2024-11-21 | 9.8 Critical |
A CWE-502: Deserialization of untrusted data vulnerability exists that could allow an attacker to execute arbitrary code on the targeted system by sending a specifically crafted packet to the application. | ||||
CVE-2023-4516 | 1 Schneider-electric | 1 Interactive Graphical Scada System | 2024-11-21 | 7.8 High |
A CWE-306: Missing Authentication for Critical Function vulnerability exists in the IGSS Update Service that could allow a local attacker to change update source, potentially leading to remote code execution when the attacker force an update containing malicious content. | ||||
CVE-2023-3953 | 1 Schneider-electric | 1 Pro-face Gp-pro Ex | 2024-11-21 | 5.3 Medium |
A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause memory corruption when an authenticated user opens a tampered log file from GP-Pro EX. | ||||
CVE-2023-3001 | 1 Schneider-electric | 1 Igss Dashboard | 2024-11-21 | 7.8 High |
A CWE-502: Deserialization of Untrusted Data vulnerability exists in the Dashboard module that could cause an interpretation of malicious payload data, potentially leading to remote code execution when an attacker gets the user to open a malicious file. | ||||
CVE-2023-37199 | 1 Schneider-electric | 1 Struxureware Data Center Expert | 2024-11-21 | 6.8 Medium |
A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause remote code execution when an admin user on DCE tampers with backups which are then manually restored. | ||||
CVE-2023-37198 | 1 Schneider-electric | 1 Struxureware Data Center Expert | 2024-11-21 | 6.8 Medium |
A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause remote code execution when an admin user on DCE uploads or tampers with install packages. |