Vulnerabilities > Schneider Electric
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-04 | CVE-2022-41666 | Improper Verification of Cryptographic Signature vulnerability in Schneider-Electric products A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists that allows adversaries with local user privileges to load a malicious DLL which could lead to execution of malicious code. | 7.8 |
| 2022-06-24 | CVE-2022-32530 | Exposure of Resource to Wrong Sphere vulnerability in Schneider-Electric GEO Scada Mobile 2020 A CWE-668 Exposure of Resource to Wrong Sphere vulnerability exists that could cause users to be misled, hiding alarms, showing the wrong server connection option or the wrong control request when a mobile device has been compromised by a malicious application. | 6.8 |
| 2022-06-02 | CVE-2022-30232 | Improper Input Validation vulnerability in Schneider-Electric Powerlogic ION Setup Firmware A CWE-20: Improper Input Validation vulnerability exists that could cause potential remote code execution when an attacker is able to intercept and modify a request on the same network or has configuration access to an ION device on the network. | 6.5 |
| 2022-06-02 | CVE-2022-30233 | Improper Input Validation vulnerability in Schneider-Electric products A CWE-20: Improper Input Validation vulnerability exists that could allow the product to be maliciously manipulated when the user is tricked into performing certain actions on a webpage. | 4.3 |
| 2022-06-02 | CVE-2022-30234 | Use of Hard-coded Credentials vulnerability in Schneider-Electric products A CWE-798: Use of Hard-coded Credentials vulnerability exists that could allow arbitrary code to be executed when root level access is obtained. | 10.0 |
| 2022-06-02 | CVE-2022-30235 | Improper Restriction of Excessive Authentication Attempts vulnerability in Schneider-Electric products A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could allow unauthorized access when an attacker uses brute force. | 5.0 |
| 2022-06-02 | CVE-2022-30236 | Incorrect Resource Transfer Between Spheres vulnerability in Schneider-Electric products A CWE-669: Incorrect Resource Transfer Between Spheres vulnerability exists that could allow unauthorized access when an attacker uses cross-domain attacks. | 6.4 |
| 2022-06-02 | CVE-2022-30237 | Missing Encryption of Sensitive Data vulnerability in Schneider-Electric products A CWE-311: Missing Encryption of Sensitive Data vulnerability exists that could allow authentication credentials to be recovered when an attacker breaks the encoding. | 5.0 |
| 2022-06-02 | CVE-2022-30238 | Improper Authentication vulnerability in Schneider-Electric products A CWE-287: Improper Authentication vulnerability exists that could allow an attacker to take over the admin account when an attacker hijacks a session. | 7.5 |
| 2022-04-14 | CVE-2022-26507 | Out-of-bounds Write vulnerability in multiple products A heap-based buffer overflow exists in XML Decompression DecodeTreeBlock in AT&T Labs Xmill 0.7. | 9.8 |