Vulnerabilities > Schneider Electric

DATE CVE VULNERABILITY TITLE RISK
2023-01-30 CVE-2022-32515 Unspecified vulnerability in Schneider-Electric Conext Combox Firmware
A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could cause brute force attacks to take over the admin account when the product does not implement a rate limit mechanism on the admin authentication form.
network
low complexity
schneider-electric
critical
9.8
2023-01-30 CVE-2022-32516 Unspecified vulnerability in Schneider-Electric Conext Combox Firmware
A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists that could cause system’s configurations override and cause a reboot loop when the product suffers from POST-Based Cross-Site Request Forgery (CSRF).
network
low complexity
schneider-electric
6.5
2023-01-30 CVE-2022-32517 Unspecified vulnerability in Schneider-Electric Conext Combox Firmware
A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause an adversary to trick the interface user/admin into interacting with the application in an unintended way when the product does not implement restrictions on the ability to render within frames on external addresses.
network
low complexity
schneider-electric
6.5
2023-01-30 CVE-2022-32518 Unspecified vulnerability in Schneider-Electric Data Center Expert
A CWE-522: Insufficiently Protected Credentials vulnerability exists that could result in unwanted access to a DCE instance when performed over a network by a malicious third-party.
network
low complexity
schneider-electric
critical
9.8
2023-01-30 CVE-2022-32519 Insufficiently Protected Credentials vulnerability in Schneider-Electric Data Center Expert
A CWE-257: Storing Passwords in a Recoverable Format vulnerability exists that could result in unwanted access to a DCE instance when performed over a network by a malicious third-party.
network
low complexity
schneider-electric CWE-522
critical
9.8
2023-01-30 CVE-2022-32520 Unspecified vulnerability in Schneider-Electric Data Center Expert
A CWE-522: Insufficiently Protected Credentials vulnerability exists that could result in unwanted access to a DCE instance when performed over a network by a malicious third-party.
network
low complexity
schneider-electric
critical
9.8
2023-01-30 CVE-2022-32521 Unspecified vulnerability in Schneider-Electric Data Center Expert
A CWE 502: Deserialization of Untrusted Data vulnerability exists that could allow code to be remotely executed on the server when unsafely deserialized data is posted to the web server.
network
low complexity
schneider-electric
8.8
2023-01-30 CVE-2022-32522 Unspecified vulnerability in Schneider-Electric Interactive Graphical Scada System
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted mathematically reduced data request messages.
network
low complexity
schneider-electric
critical
9.8
2023-01-30 CVE-2022-32523 Unspecified vulnerability in Schneider-Electric Interactive Graphical Scada System
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted online data request messages.
network
low complexity
schneider-electric
critical
9.8
2023-01-30 CVE-2022-32524 Unspecified vulnerability in Schneider-Electric Interactive Graphical Scada System
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted time reduced data messages.
network
low complexity
schneider-electric
critical
9.8