ReportizFlow
Filtered by vendor Schneider-electric
Subscriptions
Total
807 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-9997 | 1 Schneider-electric | 1 Blmon | 2026-04-15 | N/A |
| CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause command injection in BLMon that is executed in the operating system console when in a SSH session. | ||||
| CVE-2025-5296 | 1 Schneider-electric | 1 Software Update Utility | 2026-04-15 | 7.3 High |
| CWE-59: Improper Link Resolution Before File Access ('Link Following') vulnerability exists that could cause arbitrary data to be written to protected locations, potentially leading to escalation of privilege, arbitrary file corruption, exposure of application and system information or persistent denial of service when a low-privileged attacker tampers with the installation folder. | ||||
| CVE-2025-13905 | 1 Schneider-electric | 2 Ecostruxure Process Expert, Ecostruxure Process Expert For Aveva System Platform | 2026-04-15 | N/A |
| CWE-276: Incorrect Default Permissions vulnerability exists that could cause privilege escalation through the reverse shell when one or more executable service binaries are modified in the installation folder by a local user with normal privilege upon service restart. | ||||
| CVE-2025-9996 | 1 Schneider-electric | 1 Blmon | 2026-04-15 | N/A |
| CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause the execution of any shell command when executing a netstat command using BLMon Console in an SSH session. | ||||
| CVE-2024-10498 | 1 Schneider-electric | 1 Powerlogic Hdpm6000 | 2026-04-15 | 6.5 Medium |
| CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could allow an unauthorized attacker to modify configuration values outside of the normal range when the attacker sends specific Modbus write packets to the device which could result in invalid data or loss of web interface functionality. | ||||
| CVE-2025-54926 | 1 Schneider-electric | 2 Ecostruxure Power Monitoring Expert, Ecostruxure Power Operation With Advanced Reports | 2026-04-15 | 7.2 High |
| CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause remote code execution when an authenticated attacker with admin privileges uploads a malicious file over HTTP which then gets executed. | ||||
| CVE-2024-8935 | 1 Schneider-electric | 3 Modicon M340 Bmxp341000, Modicon Mc80 Bmkc8020301, Modicon Momentum Unity M1e Processor | 2026-04-15 | 7.5 High |
| CWE-290: Authentication Bypass by Spoofing vulnerability exists that could cause a denial of service and loss of confidentiality and integrity of controllers when conducting a Man-In-The-Middle attack between the controller and the engineering workstation while a valid user is establishing a communication session. This vulnerability is inherent to Diffie Hellman algorithm which does not protect against Man-In-The-Middle attacks. | ||||
| CVE-2024-6918 | 1 Schneider-electric | 1 Accutech Manager | 2026-04-15 | 7.5 High |
| CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability exists that could cause a crash of the Accutech Manager when receiving a specially crafted request over port 2536/TCP. | ||||
| CVE-2025-11565 | 1 Schneider-electric | 1 Powerchute Serial Shutdown | 2026-04-15 | N/A |
| CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause elevated system access when a Web Admin user on the local network tampers with the POST /REST/UpdateJRE request payload. | ||||
| CVE-2025-7746 | 1 Schneider-electric | 1 Altivar | 2026-04-15 | N/A |
| CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause an unvalidated data injected by a malicious user potentially leading to modify or read data in a victim’s browser. | ||||
| CVE-2025-54927 | 1 Schneider-electric | 2 Ecostruxure Power Monitoring Expert, Ecostruxure Power Operation With Advanced Reports | 2026-04-15 | 4.9 Medium |
| CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause unauthorized access to sensitive files when an authenticated attackers uses a crafted path input that is processed by the system. | ||||
| CVE-2025-8449 | 1 Schneider-electric | 3 Ecostruxure Building Operation Enterprise Server, Ecostruxure Enterprise Server, Ecostruxure Workstation | 2026-04-15 | N/A |
| CWE-400: Uncontrolled Resource Consumption vulnerability exists that could cause a denial of service when an authenticated user sends a specially crafted request to a specific endpoint from within the BMS network. | ||||
| CVE-2024-8938 | 1 Schneider-electric | 3 Modicon M340, Modicon Mc80, Modicon Momentum Unity M1e Processor | 2026-04-15 | 8.1 High |
| CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause a potential arbitrary code execution after a successful Man-In-The-Middle attack followed by sending a crafted Modbus function call to tamper with memory area involved in memory size computation. | ||||
| CVE-2024-8531 | 1 Schneider-electric | 1 Data Center Expert | 2026-04-15 | 7.2 High |
| CWE-347: Improper Verification of Cryptographic Signature vulnerability exists that could compromise the Data Center Expert software when an upgrade bundle is manipulated to include arbitrary bash scripts that are executed as root. | ||||
| CVE-2025-54923 | 1 Schneider-electric | 2 Ecostruxure Power Monitoring Expert, Ecostruxure Power Operation With Advanced Reports | 2026-04-15 | N/A |
| CWE-502: Deserialization of Untrusted Data vulnerability exists that could cause remote code execution and compromise of system integrity when authenticated users send crafted data to a network-exposed service that performs unsafe deserialization. | ||||
| CVE-2025-11739 | 1 Schneider-electric | 2 Ecostruxure Power Monitoring Expert, Ecostruxure Power Operation With Advanced Reporting And Dashboards | 2026-03-11 | N/A |
| CWE‑502: Deserialization of Untrusted Data vulnerability exists that could cause arbitrary code execution with administrative privileges when a locally authenticated attacker sends a crafted data stream, triggering unsafe deserialization. | ||||
| CVE-2025-13957 | 1 Schneider-electric | 1 Struxureware Data Center Expert | 2026-03-11 | N/A |
| CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause information disclosure and remote code execution when SOCKS Proxy is enabled, and administrator credentials and PostgreSQL database credentials are known. SOCKS Proxy is disabled by default. | ||||
| CVE-2025-13902 | 1 Schneider-electric | 2 Modicon Controllers M241/m251, Modicon Controllers M258/lmc058 | 2026-03-11 | N/A |
| CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause condition where authenticated attackers can have a victim’s browser run arbitrary JavaScript when the victim hovers over a maliciously crafted element on a web server containing the injected payload. | ||||
| CVE-2025-13901 | 1 Schneider-electric | 2 Modicon M241/m251, Modicon M262 | 2026-03-11 | N/A |
| CWE-404 Improper Resource Shutdown or Release vulnerability exists that could cause partial Denial of Service on Machine Expert protocol when an unauthenticated attacker sends malicious payload to occupy active communication channels. | ||||
| CVE-2025-13844 | 1 Schneider-electric | 1 Ecostruxure Power Build - Rapsody | 2026-03-03 | 5.3 Medium |
| CWE-415: Double Free vulnerability exists that could cause heap memory corruption when the end user imports a malicious project file (SSD file) shared by the attacker into Rapsody. | ||||