Vulnerabilities > Schneider Electric

DATE CVE VULNERABILITY TITLE RISK
2022-04-14 CVE-2022-26507 Out-of-bounds Write vulnerability in multiple products
** UNSUPPORTED WHEN ASSIGNED ** A heap-based buffer overflow exists in XML Decompression DecodeTreeBlock in AT&T Labs Xmill 0.7.
network
low complexity
att schneider-electric CWE-787
7.5
2022-04-13 CVE-2019-6834 Deserialization of Untrusted Data vulnerability in Schneider-Electric Software Update 2.1.1/2.3.0
A CWE-502: Deserialization of Untrusted Data vulnerability exists which could allow an attacker to execute arbitrary code on the targeted system with SYSTEM privileges when placing a malicious user to be authenticated for this vulnerability to be successfully exploited.
network
schneider-electric CWE-502
critical
9.3
2022-04-13 CVE-2021-22794 Path Traversal vulnerability in Schneider-Electric Struxureware Data Center Expert
A CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause remote code execution.
network
low complexity
schneider-electric CWE-22
7.5
2022-04-13 CVE-2021-22795 OS Command Injection vulnerability in Schneider-Electric Struxureware Data Center Expert
A CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause remote code execution when performed over the network.
network
low complexity
schneider-electric CWE-78
7.5
2022-04-13 CVE-2021-22797 Path Traversal vulnerability in Schneider-Electric products
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal) vulnerability exists that could cause malicious script to be deployed in an unauthorized location and may result in code execution on the engineering workstation when a malicious project file is loaded in the engineering software.
network
schneider-electric CWE-22
critical
9.3
2022-04-13 CVE-2022-0221 XXE vulnerability in Schneider-Electric Scadapack Workbench 6.6.8A
A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could result in information disclosure when opening a malicious solution file provided by an attacker with SCADAPack Workbench.
4.3
2022-04-03 CVE-2021-30066 Improper Verification of Cryptographic Signature vulnerability in multiple products
On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, an arbitrary firmware image can be loaded because firmware signature verification (for a USB stick) can be bypassed.
local
low complexity
belden schneider-electric CWE-347
7.2
2022-04-03 CVE-2021-30061 On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, physically proximate attackers can execute code via a crafted file on a USB stick.
local
low complexity
belden schneider-electric
7.2
2022-04-03 CVE-2021-30062 On Schneider Electric ConneXium Tofino OPCLSM TCSEFM0000 before 03.23 and Belden Tofino Xenon Security Appliance, crafted OPC packets can bypass the OPC enforcer.
network
low complexity
belden schneider-electric
5.0
2022-04-03 CVE-2021-30063 On Schneider Electric ConneXium Tofino OPCLSM TCSEFM0000 before 03.23 and Belden Tofino Xenon Security Appliance, crafted OPC packets can cause an OPC enforcer denial of service.
network
low complexity
belden schneider-electric
5.0