Filtered by vendor Schneider-electric Subscriptions
Total 764 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-37197 1 Schneider-electric 1 Struxureware Data Center Expert 2024-11-21 8.8 High
A CWE-89: Improper Neutralization of Special Elements vulnerability used in an SQL Command ('SQL Injection') vulnerability exists that could allow a user already authenticated on DCE to access unauthorized content, change, or delete content, or perform unauthorized actions when tampering with the mass configuration settings of endpoints on DCE.
CVE-2023-37196 1 Schneider-electric 1 Struxureware Data Center Expert 2024-11-21 8.8 High
A CWE-89: Improper Neutralization of Special Elements vulnerability used in an SQL Command ('SQL Injection') vulnerability exists that could allow a user already authenticated on DCE to access unauthorized content, change, or delete content, or perform unauthorized actions when tampering with the alert settings of endpoints on DCE.
CVE-2023-2570 1 Schneider-electric 1 Ecostruxure Foxboro Dcs Control Core Services 2024-11-21 7 High
A CWE-129: Improper Validation of Array Index vulnerability exists that could cause local denial-of-service, and potentially kernel execution when a malicious actor with local user access crafts a script/program using an unpredictable index to an IOCTL call in the Foxboro.sys driver.
CVE-2023-2569 1 Schneider-electric 1 Ecostruxure Foxboro Dcs Control Core Services 2024-11-21 7.8 High
A CWE-787: Out-of-Bounds Write vulnerability exists that could cause local denial-of-service, elevation of privilege, and potentially kernel execution when a malicious actor with local user access crafts a script/program using an IOCTL call in the Foxboro.sys driver.
CVE-2023-2161 1 Schneider-electric 1 Opc Factory Server 2024-11-21 5 Medium
A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause unauthorized read access to the file system when a malicious configuration file is loaded on to the software by a local user. 
CVE-2023-29414 1 Schneider-electric 1 Accutech Manager 2024-11-21 7.8 High
A CWE-120: Buffer Copy without Checking Size of Input (Classic Buffer Overflow) vulnerability exists that could cause user privilege escalation if a local user sends specific string input to a local function call.
CVE-2023-29413 2 Microsoft, Schneider-electric 7 Windows 10, Windows 11, Windows Server 2016 and 4 more 2024-11-21 7.5 High
A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause Denial-of-Service when accessed by an unauthenticated user on the Schneider UPS Monitor service.
CVE-2023-29412 2 Microsoft, Schneider-electric 7 Windows 10, Windows 11, Windows Server 2016 and 4 more 2024-11-21 9.8 Critical
CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause remote code execution when manipulating internal methods through Java RMI interface.
CVE-2023-29411 2 Microsoft, Schneider-electric 7 Windows 10, Windows 11, Windows Server 2016 and 4 more 2024-11-21 9.8 Critical
A CWE-306: Missing Authentication for Critical Function vulnerability exists that could allow changes to administrative credentials, leading to potential remote code execution without requiring prior authentication on the Java RMI interface.
CVE-2023-29410 1 Schneider-electric 6 Conext Gateway, Conext Gateway Firmware, Insightfacility and 3 more 2024-11-21 7.2 High
A CWE-20: Improper Input Validation vulnerability exists that could allow an authenticated attacker to gain the same privilege as the application on the server when a malicious payload is provided over HTTP for the server to execute.
CVE-2023-28004 1 Schneider-electric 2 Powerlogic Hdpm6000, Powerlogic Hdpm6000 Firmware 2024-11-21 9.8 Critical
A CWE-129: Improper validation of an array index vulnerability exists where a specially crafted Ethernet request could result in denial of service or remote code execution.
CVE-2023-28003 1 Schneider-electric 1 Ecostruxure Power Monitoring Expert 2024-11-21 6.7 Medium
A CWE-613: Insufficient Session Expiration vulnerability exists that could allow an attacker to maintain unauthorized access over a hijacked session in PME after the legitimate user has signed out of their account.
CVE-2023-27984 1 Schneider-electric 3 Custom Reports, Igss Dashboard, Igss Data Server 2024-11-21 7.8 High
A CWE-20: Improper Input Validation vulnerability exists in Custom Reports that could cause a macro to be executed, potentially leading to remote code execution when a user opens a malicious report file planted by an attacker. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040 and prior), IGSS Dashboard(DashBoard.exe)(V16.0.0.23040 and prior), Custom Reports(RMS16.dll)(V16.0.0.23040 and prior).
CVE-2023-27983 1 Schneider-electric 3 Custom Reports, Igss Dashboard, Igss Data Server 2024-11-21 6.5 Medium
A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Data Server TCP interface that could allow deletion of reports from the IGSS project report directory, this would lead to loss of data when an attacker abuses this functionality. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040 and prior), IGSS Dashboard(DashBoard.exe)(V16.0.0.23040 and prior), Custom Reports(RMS16.dll)(V16.0.0.23040 and prior).
CVE-2023-27982 1 Schneider-electric 3 Custom Reports, Igss Dashboard, Igss Data Server 2024-11-21 8.8 High
A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server that could cause manipulation of dashboard files in the IGSS project report directory, when an attacker sends specific crafted messages to the Data Server TCP port, this could lead to remote code execution when a victim eventually opens a malicious dashboard file. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040 and prior), IGSS Dashboard(DashBoard.exe)(V16.0.0.23040 and prior), Custom Reports(RMS16.dll)(V16.0.0.23040 and prior).
CVE-2023-27981 1 Schneider-electric 3 Custom Reports, Igss Dashboard, Igss Data Server 2024-11-21 7.8 High
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists in Custom Reports that could cause a remote code execution when a victim tries to open a malicious report. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040 and prior), IGSS Dashboard(DashBoard.exe)(V16.0.0.23040 and prior), Custom Reports(RMS16.dll)(V16.0.0.23040 and prior).
CVE-2023-27980 1 Schneider-electric 3 Custom Reports, Igss Dashboard, Igss Data Server 2024-11-21 8.8 High
A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Data Server TCP interface that could allow the creation of a malicious report file in the IGSS project report directory, this could lead to remote code execution when a victim eventually opens the report. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040 and prior), IGSS Dashboard(DashBoard.exe)(V16.0.0.23040 and prior), Custom Reports(RMS16.dll)(V16.0.0.23040 and prior)
CVE-2023-27979 1 Schneider-electric 3 Custom Reports, Igss Dashboard, Igss Data Server 2024-11-21 6.5 Medium
A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server that could allow the renaming of files in the IGSS project report directory, this could lead to denial of service when an attacker sends specific crafted messages to the Data Server TCP port. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040 and prior), IGSS Dashboard(DashBoard.exe)(V16.0.0.23040 and prior), Custom Reports(RMS16.dll)(V16.0.0.23040 and prior).
CVE-2023-27978 1 Schneider-electric 3 Custom Reports, Igss Dashboard, Igss Data Server 2024-11-21 7.8 High
A CWE-502: Deserialization of Untrusted Data vulnerability exists in the Dashboard module that could cause an interpretation of malicious payload data, potentially leading to remote code execution when an attacker gets the user to open a malicious file. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040 and prior), IGSS Dashboard(DashBoard.exe)(V16.0.0.23040 and prior), Custom Reports(RMS16.dll)(V16.0.0.23040 and prior).
CVE-2023-27977 1 Schneider-electric 3 Custom Reports, Igss Dashboard, Igss Data Server 2024-11-21 6.5 Medium
A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server that could cause access to delete files in the IGSS project report directory, this could lead to loss of data when an attacker sends specific crafted messages to the Data Server TCP port. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040 and prior), IGSS Dashboard(DashBoard.exe)(V16.0.0.23040 and prior), Custom Reports(RMS16.dll)(V16.0.0.23040 and prior).