Filtered by vendor Schneider-electric
Subscribe
Total
719 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-22755 | 1 Schneider-electric | 1 Interactive Graphical Scada System | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in disclosure of information or remote code execution due to lack of sanity checks on user-supplied data, when a malicious CGF file is imported to IGSS Definition. | |||||
| CVE-2021-22754 | 1 Schneider-electric | 1 Interactive Graphical Scada System | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to lack of proper validation of user-supplied data, when a malicious CGF file is imported to IGSS Definition. | |||||
| CVE-2021-22753 | 1 Schneider-electric | 1 Interactive Graphical Scada System | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| A CWE-125: Out-of-bounds read vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to missing length checks, when a malicious WSP file is being parsed by IGSS Definition. | |||||
| CVE-2021-22752 | 1 Schneider-electric | 1 Interactive Graphical Scada System | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to missing size checks, when a malicious WSP (Workspace) file is being parsed by IGSS Definition. | |||||
| CVE-2021-22751 | 1 Schneider-electric | 1 Interactive Graphical Scada System | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in disclosure of information or execution of arbitrary code due to lack of input validation, when a malicious CGF (Configuration Group File) file is imported to IGSS Definition. | |||||
| CVE-2021-22750 | 1 Schneider-electric | 1 Interactive Graphical Scada System | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21041 and prior that could result in loss of data or remote code execution due to missing length checks, when a malicious CGF file is imported to IGSS Definition. | |||||
| CVE-2021-22749 | 1 Schneider-electric | 2 Modicon X80 Bmxnor0200h Rtu, Modicon X80 Bmxnor0200h Rtu Firmware | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Modicon X80 BMXNOR0200H RTU SV1.70 IR22 and prior that could cause information leak concerning the current RTU configuration including communication parameters dedicated to telemetry, when a specially crafted HTTP request is sent to the web server of the module. | |||||
| CVE-2021-22748 | 1 Schneider-electric | 1 C-bus Toolkit | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could allow a remote code execution when a file is saved. Affected Product: C-Bus Toolkit (V1.15.9 and prior), C-Gate Server (V2.11.7 and prior) | |||||
| CVE-2021-22747 | 1 Schneider-electric | 4 Tcm 4351b, Tcm 4351b Firmware, Triconex Model 3009 Mp and 1 more | 2024-11-21 | 2.1 LOW | 3.9 LOW |
| Improper Check for Unusual or Exceptional Conditions vulnerability exists in Triconex Model 3009 MP installed on Tricon V11.3.x systems that could cause module reset when TCM receives malformed TriStation packets while the write-protect keyswitch is in the program position. This CVE ID is unique from CVE-2021-22742, CVE-2021-22744, CVE-2021-22745, and CVE-2021-22746. | |||||
| CVE-2021-22746 | 1 Schneider-electric | 4 Tcm 4351b, Tcm 4351b Firmware, Triconex Model 3009 Mp and 1 more | 2024-11-21 | 2.1 LOW | 3.9 LOW |
| Improper Check for Unusual or Exceptional Conditions vulnerability exists in Triconex Model 3009 MP installed on Tricon V11.3.x systems that could cause module reset when TCM receives malformed TriStation packets while the write-protect keyswitch is in the program position. This CVE ID is unique from CVE-2021-22742, CVE-2021-22744, CVE-2021-22745, and CVE-2021-22747. | |||||
| CVE-2021-22745 | 1 Schneider-electric | 4 Tcm 4351b, Tcm 4351b Firmware, Triconex Model 3009 Mp and 1 more | 2024-11-21 | 2.1 LOW | 3.9 LOW |
| Improper Check for Unusual or Exceptional Conditions vulnerability exists in Triconex Model 3009 MP installed on Tricon V11.3.x systems that could cause module reset when TCM receives malformed TriStation packets while the write-protect keyswitch is in the program position. This CVE ID is unique from CVE-2021-22742, CVE-2021-22744, CVE-2021-22746, and CVE-2021-22747. | |||||
| CVE-2021-22744 | 1 Schneider-electric | 4 Tcm 4351b, Tcm 4351b Firmware, Triconex Model 3009 Mp and 1 more | 2024-11-21 | 2.1 LOW | 3.9 LOW |
| Improper Check for Unusual or Exceptional Conditions vulnerability exists in Triconex Model 3009 MP installed on Tricon V11.3.x systems that could cause module reset when TCM receives malformed TriStation packets while the write-protect keyswitch is in the program position. This CVE ID is unique from CVE-2021-22742, CVE-2021-22745, CVE-2021-22746, and CVE-2021-22747. | |||||
| CVE-2021-22743 | 1 Schneider-electric | 4 Tcm 4351b, Tcm 4351b Firmware, Triconex Model 3009 Mp and 1 more | 2024-11-21 | 2.1 LOW | 3.9 LOW |
| Improper Check for Unusual or Exceptional Conditions vulnerability exists in Triconex TCM 4351B installed on Tricon V11.3.x systems that could cause module reset when TCM receives malformed TriStation packets while the write-protect keyswitch is in the program position. | |||||
| CVE-2021-22742 | 1 Schneider-electric | 4 Tcm 4351b, Tcm 4351b Firmware, Triconex Model 3009 Mp and 1 more | 2024-11-21 | 2.1 LOW | 3.9 LOW |
| Improper Check for Unusual or Exceptional Conditions vulnerability exists in Triconex Model 3009 MP installed on Tricon V11.3.x systems that could cause module reset when TCM receives malformed TriStation packets while the write-protect keyswitch is in the program position. | |||||
| CVE-2021-22741 | 1 Schneider-electric | 3 Clearscada, Ecostruxure Geo Scada Expert 2019, Ecostruxure Geo Scada Expert 2020 | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
| Use of Password Hash with Insufficient Computational Effort vulnerability exists in ClearSCADA (all versions), EcoStruxure Geo SCADA Expert 2019 (all versions), and EcoStruxure Geo SCADA Expert 2020 (V83.7742.1 and prior), which could cause the revealing of account credentials when server database files are available. Exposure of these files to an attacker can make the system vulnerable to password decryption attacks. Note that “.sde” configuration export files do not contain user account password hashes. | |||||
| CVE-2021-22740 | 1 Schneider-electric | 4 Homelynk, Homelynk Firmware, Spacelynk and 1 more | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Information Exposure vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior which could cause information to be exposed when an unauthorized file is uploaded. | |||||
| CVE-2021-22739 | 1 Schneider-electric | 4 Homelynk, Homelynk Firmware, Spacelynk and 1 more | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| Information Exposure vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior which could cause a device to be compromised when it is first configured. | |||||
| CVE-2021-22738 | 1 Schneider-electric | 4 Homelynk, Homelynk Firmware, Spacelynk and 1 more | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| Use of a Broken or Risky Cryptographic Algorithm vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior that could cause unauthorized access when credentials are discovered after a brute force attack. | |||||
| CVE-2021-22737 | 1 Schneider-electric | 4 Homelynk, Homelynk Firmware, Spacelynk and 1 more | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| Insufficiently Protected Credentials vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior that could cause unauthorized access of when credentials are discovered after a brute force attack. | |||||
| CVE-2021-22736 | 1 Schneider-electric | 4 Homelynk, Homelynk Firmware, Spacelynk and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior which could cause a denial of service when an unauthorized file is uploaded. | |||||