Vulnerabilities > Schneider Electric

DATE CVE VULNERABILITY TITLE RISK
2022-11-22 CVE-2022-0222 Improper Privilege Management vulnerability in Schneider-Electric products
A CWE-269: Improper Privilege Management vulnerability exists that could cause a denial of service of the Ethernet communication of the controller when sending a specific request over SNMP.
network
low complexity
schneider-electric CWE-269
7.5
2022-11-22 CVE-2022-37301 Integer Underflow (Wrap or Wraparound) vulnerability in Schneider-Electric products
A CWE-191: Integer Underflow (Wrap or Wraparound) vulnerability exists that could cause a denial of service of the controller due to memory access violations when using the Modbus TCP protocol.
network
low complexity
schneider-electric CWE-191
7.5
2022-11-04 CVE-2022-41671 SQL Injection vulnerability in Schneider-Electric products
A CWE-89: Improper Neutralization of Special Elements used in SQL Command (‘SQL Injection’) vulnerability exists that allows adversaries with local user privileges to craft a malicious SQL query and execute as part of project migration which could result in execution of malicious code.
local
low complexity
schneider-electric CWE-89
7.8
2022-11-04 CVE-2022-41670 Path Traversal vulnerability in Schneider-Electric products
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load malicious DLL which could result in execution of malicious code.
local
low complexity
schneider-electric CWE-22
7.8
2022-11-04 CVE-2022-41669 Improper Verification of Cryptographic Signature vulnerability in Schneider-Electric products
A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load a malicious DLL which could result in execution of malicious code.
local
low complexity
schneider-electric CWE-347
7.8
2022-11-04 CVE-2022-41667 Path Traversal vulnerability in Schneider-Electric products
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that allows adversaries with local user privileges to load a malicious DLL which could lead to execution of malicious code.
local
low complexity
schneider-electric CWE-22
7.8
2022-11-04 CVE-2022-41668 Incorrect Type Conversion or Cast vulnerability in Schneider-Electric products
A CWE-704: Incorrect Project Conversion vulnerability exists that allows adversaries with local user privileges to load a project file from an adversary-controlled network share which could result in execution of malicious code.
local
low complexity
schneider-electric CWE-704
7.8
2022-11-04 CVE-2022-41666 Improper Verification of Cryptographic Signature vulnerability in Schneider-Electric products
A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists that allows adversaries with local user privileges to load a malicious DLL which could lead to execution of malicious code.
local
low complexity
schneider-electric CWE-347
7.8
2022-06-24 CVE-2022-32530 Exposure of Resource to Wrong Sphere vulnerability in Schneider-Electric GEO Scada Mobile 2020
A CWE-668 Exposure of Resource to Wrong Sphere vulnerability exists that could cause users to be misled, hiding alarms, showing the wrong server connection option or the wrong control request when a mobile device has been compromised by a malicious application.
6.8
2022-06-02 CVE-2022-30232 Improper Input Validation vulnerability in Schneider-Electric Powerlogic ION Setup Firmware
A CWE-20: Improper Input Validation vulnerability exists that could cause potential remote code execution when an attacker is able to intercept and modify a request on the same network or has configuration access to an ION device on the network.
network
low complexity
schneider-electric CWE-20
6.5