Filtered by vendor Schneider-electric
Subscribe
Total
746 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-29413 | 2 Microsoft, Schneider-electric | 7 Windows 10, Windows 11, Windows Server 2016 and 4 more | 2023-04-28 | N/A | 7.5 HIGH |
| A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause Denial-of-Service when accessed by an unauthenticated user on the Schneider UPS Monitor service. | |||||
| CVE-2023-28004 | 1 Schneider-electric | 2 Powerlogic Hdpm6000, Powerlogic Hdpm6000 Firmware | 2023-04-28 | N/A | 9.8 CRITICAL |
| A CWE-129: Improper validation of an array index vulnerability exists where a specially crafted Ethernet request could result in denial of service or remote code execution. | |||||
| CVE-2023-29410 | 1 Schneider-electric | 6 Conext Gateway, Conext Gateway Firmware, Insightfacility and 3 more | 2023-04-28 | N/A | 8.8 HIGH |
| A CWE-20: Improper Input Validation vulnerability exists that could allow an authenticated attacker to gain the same privilege as the application on the server when a malicious payload is provided over HTTP for the server to execute. | |||||
| CVE-2023-25547 | 1 Schneider-electric | 1 Struxureware Data Center Expert | 2023-04-27 | N/A | 8.8 HIGH |
| A CWE-863: Incorrect Authorization vulnerability exists that could allow remote code execution on upload and install packages when a hacker is using a low privileged user account. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior) | |||||
| CVE-2022-43378 | 1 Schneider-electric | 10 Netbotz 355, Netbotz 355 Firmware, Netbotz 450 and 7 more | 2023-04-27 | N/A | 6.5 MEDIUM |
| A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause the user to be tricked into performing unintended actions when external address frames are not properly restricted. Affected Products: NetBotz 4 - 355/450/455/550/570 (V4.7.0 and prior) | |||||
| CVE-2022-34755 | 1 Schneider-electric | 1 Easergy Builder Installer | 2023-04-27 | N/A | 6.7 MEDIUM |
| A CWE-427 - Uncontrolled Search Path Element vulnerability exists that could allow an attacker with a local privileged account to place a specially crafted file on the target machine, which may give the attacker the ability to execute arbitrary code during the installation process initiated by a valid user. Affected Products: Easergy Builder Installer (1.7.23 and prior) | |||||
| CVE-2023-25548 | 1 Schneider-electric | 1 Struxureware Data Center Expert | 2023-04-27 | N/A | 6.5 MEDIUM |
| A CWE-863: Incorrect Authorization vulnerability exists that could allow access to device credentials on specific DCE endpoints not being properly secured when a hacker is using a low privileged user. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior) | |||||
| CVE-2023-25549 | 1 Schneider-electric | 1 Struxureware Data Center Expert | 2023-04-27 | N/A | 9.8 CRITICAL |
| A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that allows for remote code execution when using a parameter of the DCE network settings endpoint. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior) | |||||
| CVE-2023-25550 | 1 Schneider-electric | 1 Struxureware Data Center Expert | 2023-04-27 | N/A | 9.8 CRITICAL |
| A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that allows remote code execution via the “hostname” parameter when maliciously crafted hostname syntax is entered. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior) | |||||
| CVE-2023-25552 | 1 Schneider-electric | 1 Struxureware Data Center Expert | 2023-04-27 | N/A | 8.1 HIGH |
| A CWE-862: Missing Authorization vulnerability exists that could allow viewing of unauthorized content, changes or deleting of content, or performing unauthorized functions when tampering the Device File Transfer settings on DCE endpoints. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior) | |||||
| CVE-2023-25551 | 1 Schneider-electric | 1 Struxureware Data Center Expert | 2023-04-27 | N/A | 6.1 MEDIUM |
| A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists on a DCE file upload endpoint when tampering with parameters over HTTP. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior) | |||||
| CVE-2023-25553 | 1 Schneider-electric | 1 Struxureware Data Center Expert | 2023-04-27 | N/A | 6.1 MEDIUM |
| A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists on a DCE endpoint through the logging capabilities of the webserver. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior) | |||||
| CVE-2023-25554 | 1 Schneider-electric | 1 Struxureware Data Center Expert | 2023-04-27 | N/A | 7.8 HIGH |
| A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that allows a local privilege escalation on the appliance when a maliciously crafted Operating System command is entered on the device. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior) | |||||
| CVE-2023-25555 | 1 Schneider-electric | 1 Struxureware Data Center Expert | 2023-04-27 | N/A | 8.1 HIGH |
| A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could allow a user that knows the credentials to execute unprivileged shell commands on the appliance over SSH. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior) | |||||
| CVE-2022-43376 | 1 Schneider-electric | 10 Netbotz 355, Netbotz 355 Firmware, Netbotz 450 and 7 more | 2023-04-25 | N/A | 6.1 MEDIUM |
| A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause code and session manipulation when malicious code is inserted into the browser. Affected Products: NetBotz 4 - 355/450/455/550/570 (V4.7.0 and prior) | |||||
| CVE-2022-43377 | 1 Schneider-electric | 10 Netbotz 355, Netbotz 355 Firmware, Netbotz 450 and 7 more | 2023-04-25 | N/A | 7.5 HIGH |
| A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could cause account takeover when a brute force attack is performed on the account. Affected Products: NetBotz 4 - 355/450/455/550/570 (V4.7.0 and prior) | |||||
| CVE-2023-0595 | 1 Schneider-electric | 4 Clearscada, Ecostruxure Geo Scada Expert 2019, Ecostruxure Geo Scada Expert 2020 and 1 more | 2023-04-18 | N/A | 5.3 MEDIUM |
| A CWE-117: Improper Output Neutralization for Logs vulnerability exists that could cause the misinterpretation of log files when malicious packets are sent to the Geo SCADA server's database web port (default 443). Affected products: EcoStruxure Geo SCADA Expert 2019, EcoStruxure Geo SCADA Expert 2020, EcoStruxure Geo SCADA Expert 2021(All Versions prior to October 2022), ClearSCADA (All Versions) | |||||
| CVE-2022-32521 | 1 Schneider-electric | 1 Data Center Expert | 2023-04-03 | N/A | 8.8 HIGH |
| A CWE 502: Deserialization of Untrusted Data vulnerability exists that could allow code to be remotely executed on the server when unsafely deserialized data is posted to the web server. Affected Products: Data Center Expert (Versions prior to V7.9.0) | |||||
| CVE-2022-32748 | 1 Schneider-electric | 1 Ecostruxure Cybersecurity Admin Expert | 2023-04-03 | N/A | 8.3 HIGH |
| A CWE-295: Improper Certificate Validation vulnerability exists that could cause the CAE software to give wrong data to end users when using CAE to configure devices. Additionally, credentials could leak which would enable an attacker the ability to log into the configuration tool and compromise other devices in the network. Affected Products: EcoStruxure™ Cybersecurity Admin Expert (CAE) (Versions prior to 2.2) | |||||
| CVE-2022-32747 | 1 Schneider-electric | 1 Ecostruxure Cybersecurity Admin Expert | 2023-04-03 | N/A | 8.1 HIGH |
| A CWE-290: Authentication Bypass by Spoofing vulnerability exists that could cause legitimate users to be locked out of devices or facilitate backdoor account creation by spoofing a device on the local network. Affected Products: EcoStruxure™ Cybersecurity Admin Expert (CAE) (Versions prior to 2.2) | |||||