Vulnerabilities > Schneider Electric
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-14 | CVE-2022-26507 | Out-of-bounds Write vulnerability in multiple products ** UNSUPPORTED WHEN ASSIGNED ** A heap-based buffer overflow exists in XML Decompression DecodeTreeBlock in AT&T Labs Xmill 0.7. | 7.5 |
| 2022-04-13 | CVE-2019-6834 | Deserialization of Untrusted Data vulnerability in Schneider-Electric Software Update 2.1.1/2.3.0 A CWE-502: Deserialization of Untrusted Data vulnerability exists which could allow an attacker to execute arbitrary code on the targeted system with SYSTEM privileges when placing a malicious user to be authenticated for this vulnerability to be successfully exploited. | 9.3 |
| 2022-04-13 | CVE-2021-22794 | Path Traversal vulnerability in Schneider-Electric Struxureware Data Center Expert A CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause remote code execution. | 7.5 |
| 2022-04-13 | CVE-2021-22795 | OS Command Injection vulnerability in Schneider-Electric Struxureware Data Center Expert A CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause remote code execution when performed over the network. | 7.5 |
| 2022-04-13 | CVE-2021-22797 | Path Traversal vulnerability in Schneider-Electric products A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal) vulnerability exists that could cause malicious script to be deployed in an unauthorized location and may result in code execution on the engineering workstation when a malicious project file is loaded in the engineering software. | 9.3 |
| 2022-04-13 | CVE-2022-0221 | XXE vulnerability in Schneider-Electric Scadapack Workbench 6.6.8A A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could result in information disclosure when opening a malicious solution file provided by an attacker with SCADAPack Workbench. | 4.3 |
| 2022-04-03 | CVE-2021-30066 | Improper Verification of Cryptographic Signature vulnerability in multiple products On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, an arbitrary firmware image can be loaded because firmware signature verification (for a USB stick) can be bypassed. | 7.2 |
| 2022-04-03 | CVE-2021-30061 | On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, physically proximate attackers can execute code via a crafted file on a USB stick. | 7.2 |
| 2022-04-03 | CVE-2021-30062 | On Schneider Electric ConneXium Tofino OPCLSM TCSEFM0000 before 03.23 and Belden Tofino Xenon Security Appliance, crafted OPC packets can bypass the OPC enforcer. | 5.0 |
| 2022-04-03 | CVE-2021-30063 | On Schneider Electric ConneXium Tofino OPCLSM TCSEFM0000 before 03.23 and Belden Tofino Xenon Security Appliance, crafted OPC packets can cause an OPC enforcer denial of service. | 5.0 |