Vulnerabilities > Schneider Electric
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-30 | CVE-2022-32517 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Schneider-Electric Conext Combox Firmware A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause an adversary to trick the interface user/admin into interacting with the application in an unintended way when the product does not implement restrictions on the ability to render within frames on external addresses. | 6.5 |
| 2023-01-30 | CVE-2022-32518 | Insufficiently Protected Credentials vulnerability in Schneider-Electric Data Center Expert A CWE-522: Insufficiently Protected Credentials vulnerability exists that could result in unwanted access to a DCE instance when performed over a network by a malicious third-party. | 9.8 |
| 2023-01-30 | CVE-2022-32519 | Insufficiently Protected Credentials vulnerability in Schneider-Electric Data Center Expert A CWE-257: Storing Passwords in a Recoverable Format vulnerability exists that could result in unwanted access to a DCE instance when performed over a network by a malicious third-party. | 9.8 |
| 2023-01-30 | CVE-2022-32520 | Insufficiently Protected Credentials vulnerability in Schneider-Electric Data Center Expert A CWE-522: Insufficiently Protected Credentials vulnerability exists that could result in unwanted access to a DCE instance when performed over a network by a malicious third-party. | 9.8 |
| 2023-01-30 | CVE-2022-32521 | Deserialization of Untrusted Data vulnerability in Schneider-Electric Data Center Expert A CWE 502: Deserialization of Untrusted Data vulnerability exists that could allow code to be remotely executed on the server when unsafely deserialized data is posted to the web server. | 8.8 |
| 2023-01-30 | CVE-2022-32522 | Classic Buffer Overflow vulnerability in Schneider-Electric Interactive Graphical Scada System A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted mathematically reduced data request messages. | 9.8 |
| 2023-01-30 | CVE-2022-32523 | Classic Buffer Overflow vulnerability in Schneider-Electric Interactive Graphical Scada System A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted online data request messages. | 9.8 |
| 2023-01-30 | CVE-2022-32524 | Classic Buffer Overflow vulnerability in Schneider-Electric Interactive Graphical Scada System A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted time reduced data messages. | 9.8 |
| 2023-01-30 | CVE-2022-32525 | Classic Buffer Overflow vulnerability in Schneider-Electric Interactive Graphical Scada System A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted alarm data messages. | 9.8 |
| 2023-01-30 | CVE-2022-32526 | Classic Buffer Overflow vulnerability in Schneider-Electric Interactive Graphical Scada System A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted setting value messages. | 9.8 |