Vulnerabilities > Schneider Electric
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-31 | CVE-2023-22611 | Unspecified vulnerability in Schneider-Electric products A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could cause information disclosure when specific messages are sent to the server over the database server TCP port. | 7.5 |
| 2023-01-31 | CVE-2022-45789 | Authentication Bypass by Capture-replay vulnerability in Schneider-Electric products A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause execution of unauthorized Modbus functions on the controller when hijacking an authenticated Modbus session. | 9.8 |
| 2023-01-30 | CVE-2022-0223 | Path Traversal vulnerability in Schneider-Electric Ecostruxure Power Commission A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could allow an attacker to create or overwrite critical files that are used to execute code, such as programs or libraries and cause unauthenticated code execution. | 9.8 |
| 2023-01-30 | CVE-2022-22731 | Path Traversal vulnerability in Schneider-Electric Ecostruxure Power Commission A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in a function that could allow an attacker to create or overwrite critical files that are used to execute code, such as programs or libraries and cause path traversal attacks. | 9.8 |
| 2023-01-30 | CVE-2022-22732 | Exposure of Resource to Wrong Sphere vulnerability in Schneider-Electric Ecostruxure Power Commission A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that could cause all remote domains to access the resources (data) supplied by the server when an attacker sends a fetch request from third-party site or malicious site. | 7.5 |
| 2023-01-30 | CVE-2022-32512 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Schneider-Electric Canbrass A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause remote code execution when a command which exploits this vulnerability is utilized. | 7.8 |
| 2023-01-30 | CVE-2022-32513 | Weak Password Requirements vulnerability in Schneider-Electric products A CWE-521: Weak Password Requirements vulnerability exists that could allow an attacker to gain control of the device when the attacker brute forces the password. | 9.8 |
| 2023-01-30 | CVE-2022-32514 | Improper Authentication vulnerability in Schneider-Electric products A CWE-287: Improper Authentication vulnerability exists that could allow an attacker to gain control of the device when logging into a web page. | 9.8 |
| 2023-01-30 | CVE-2022-32515 | Improper Restriction of Excessive Authentication Attempts vulnerability in Schneider-Electric Conext Combox Firmware A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could cause brute force attacks to take over the admin account when the product does not implement a rate limit mechanism on the admin authentication form. | 9.8 |
| 2023-01-30 | CVE-2022-32516 | Cross-Site Request Forgery (CSRF) vulnerability in Schneider-Electric Conext Combox Firmware A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists that could cause system’s configurations override and cause a reboot loop when the product suffers from POST-Based Cross-Site Request Forgery (CSRF). | 6.5 |