Vulnerabilities > Schneider Electric

DATE CVE VULNERABILITY TITLE RISK
2024-01-09 CVE-2023-7032 Deserialization of Untrusted Data vulnerability in Schneider-Electric Easergy Studio
A CWE-502: Deserialization of untrusted data vulnerability exists that could allow an attacker logged in with a user level account to gain higher privileges by providing a harmful serialized object.
local
low complexity
schneider-electric CWE-502
7.8
2023-12-14 CVE-2023-5629 Open Redirect vulnerability in Schneider-Electric products
A CWE-601:URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability exists that could cause disclosure of information through phishing attempts over HTTP.
network
low complexity
schneider-electric CWE-601
6.1
2023-12-14 CVE-2023-5630 Download of Code Without Integrity Check vulnerability in Schneider-Electric products
A CWE-494: Download of Code Without Integrity Check vulnerability exists that could allow a privileged user to install an untrusted firmware.
network
low complexity
schneider-electric CWE-494
4.9
2023-12-14 CVE-2023-6407 Path Traversal vulnerability in Schneider-Electric Easy UPS Online Monitoring Software 2.5Gs/2.5Gs0122320
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause arbitrary file deletion upon service restart when accessed by a local and low-privileged attacker.
local
low complexity
schneider-electric CWE-22
7.1
2023-11-15 CVE-2023-5984 Download of Code Without Integrity Check vulnerability in Schneider-Electric Ion8650 Firmware and Ion8800 Firmware
A CWE-494 Download of Code Without Integrity Check vulnerability exists that could allow modified firmware to be uploaded when an authorized admin user begins a firmware update procedure which could result in full control over the device.
network
low complexity
schneider-electric CWE-494
4.9
2023-11-15 CVE-2023-5985 Cross-site Scripting vulnerability in Schneider-Electric Ion8650 Firmware and Ion8800 Firmware
A CWE-79 Improper Neutralization of Input During Web Page Generation vulnerability exists that could cause compromise of a user’s browser when an attacker with admin privileges has modified system values.
network
low complexity
schneider-electric CWE-79
4.8
2023-11-15 CVE-2023-5986 Open Redirect vulnerability in Schneider-Electric Ecostruxure Power Monitoring Expert 2020/2021
A CWE-601 URL Redirection to Untrusted Site vulnerability exists that could cause an openredirect vulnerability leading to a cross site scripting attack.
network
low complexity
schneider-electric CWE-601
6.1
2023-11-15 CVE-2023-5987 Cross-site Scripting vulnerability in Schneider-Electric Ecostruxure Power Monitoring Expert 2020/2021
A CWE-79 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) vulnerability that could cause a vulnerability leading to a cross site scripting condition where attackers can have a victim’s browser run arbitrary JavaScript when they visit a page containing the injected payload.
network
low complexity
schneider-electric CWE-79
6.1
2023-11-15 CVE-2023-6032 Path Traversal vulnerability in Schneider-Electric Galaxy VL Firmware and Galaxy VS Firmware
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause a file system enumeration and file download when an attacker navigates to the Network Management Card via HTTPS.
network
low complexity
schneider-electric CWE-22
5.3
2023-10-04 CVE-2023-5391 Deserialization of Untrusted Data vulnerability in Schneider-Electric products
A CWE-502: Deserialization of untrusted data vulnerability exists that could allow an attacker to execute arbitrary code on the targeted system by sending a specifically crafted packet to the application.
network
low complexity
schneider-electric CWE-502
critical
9.8