Vulnerabilities > Schneider Electric

DATE CVE VULNERABILITY TITLE RISK
2022-06-24 CVE-2022-32530 Exposure of Resource to Wrong Sphere vulnerability in Schneider-Electric GEO Scada Mobile 2020
A CWE-668 Exposure of Resource to Wrong Sphere vulnerability exists that could cause users to be misled, hiding alarms, showing the wrong server connection option or the wrong control request when a mobile device has been compromised by a malicious application.
6.8
2022-06-02 CVE-2022-30232 Improper Input Validation vulnerability in Schneider-Electric Powerlogic ION Setup Firmware
A CWE-20: Improper Input Validation vulnerability exists that could cause potential remote code execution when an attacker is able to intercept and modify a request on the same network or has configuration access to an ION device on the network.
network
low complexity
schneider-electric CWE-20
6.5
2022-06-02 CVE-2022-30233 Improper Input Validation vulnerability in Schneider-Electric products
A CWE-20: Improper Input Validation vulnerability exists that could allow the product to be maliciously manipulated when the user is tricked into performing certain actions on a webpage.
4.3
2022-06-02 CVE-2022-30234 Use of Hard-coded Credentials vulnerability in Schneider-Electric products
A CWE-798: Use of Hard-coded Credentials vulnerability exists that could allow arbitrary code to be executed when root level access is obtained.
network
low complexity
schneider-electric CWE-798
critical
10.0
2022-06-02 CVE-2022-30235 Improper Restriction of Excessive Authentication Attempts vulnerability in Schneider-Electric products
A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could allow unauthorized access when an attacker uses brute force.
network
low complexity
schneider-electric CWE-307
5.0
2022-06-02 CVE-2022-30236 Incorrect Resource Transfer Between Spheres vulnerability in Schneider-Electric products
A CWE-669: Incorrect Resource Transfer Between Spheres vulnerability exists that could allow unauthorized access when an attacker uses cross-domain attacks.
network
low complexity
schneider-electric CWE-669
6.4
2022-06-02 CVE-2022-30237 Missing Encryption of Sensitive Data vulnerability in Schneider-Electric products
A CWE-311: Missing Encryption of Sensitive Data vulnerability exists that could allow authentication credentials to be recovered when an attacker breaks the encoding.
network
low complexity
schneider-electric CWE-311
5.0
2022-06-02 CVE-2022-30238 Improper Authentication vulnerability in Schneider-Electric products
A CWE-287: Improper Authentication vulnerability exists that could allow an attacker to take over the admin account when an attacker hijacks a session.
network
low complexity
schneider-electric CWE-287
7.5
2022-04-14 CVE-2022-26507 Out-of-bounds Write vulnerability in multiple products
** UNSUPPORTED WHEN ASSIGNED ** A heap-based buffer overflow exists in XML Decompression DecodeTreeBlock in AT&T Labs Xmill 0.7.
network
low complexity
att schneider-electric CWE-787
7.5
2022-04-13 CVE-2019-6834 Deserialization of Untrusted Data vulnerability in Schneider-Electric Software Update 2.1.1/2.3.0
A CWE-502: Deserialization of Untrusted Data vulnerability exists which could allow an attacker to execute arbitrary code on the targeted system with SYSTEM privileges when placing a malicious user to be authenticated for this vulnerability to be successfully exploited.
network
schneider-electric CWE-502
critical
9.3