Vulnerabilities > Schneider Electric
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-01-30 | CVE-2022-32525 | Unspecified vulnerability in Schneider-Electric Interactive Graphical Scada System A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted alarm data messages. | 9.8 |
2023-01-30 | CVE-2022-32526 | Classic Buffer Overflow vulnerability in Schneider-Electric Interactive Graphical Scada System A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted setting value messages. | 9.8 |
2023-01-30 | CVE-2022-32527 | Unspecified vulnerability in Schneider-Electric Interactive Graphical Scada System A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted alarm cache data messages. | 9.8 |
2023-01-30 | CVE-2022-32528 | Unspecified vulnerability in Schneider-Electric Interactive Graphical Scada System A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause access to manipulate and read specific files in the IGSS project report directory, potentially leading to a denial-of-service condition when an attacker sends specific messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170) | 9.1 |
2023-01-30 | CVE-2022-32529 | Unspecified vulnerability in Schneider-Electric Interactive Graphical Scada System A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted log data request messages. | 9.8 |
2023-01-30 | CVE-2022-32747 | Unspecified vulnerability in Schneider-Electric Ecostruxure Cybersecurity Admin Expert 2.2 A CWE-290: Authentication Bypass by Spoofing vulnerability exists that could cause legitimate users to be locked out of devices or facilitate backdoor account creation by spoofing a device on the local network. low complexity schneider-electric | 8.1 |
2023-01-30 | CVE-2022-32748 | Unspecified vulnerability in Schneider-Electric Ecostruxure Cybersecurity Admin Expert 2.2 A CWE-295: Improper Certificate Validation vulnerability exists that could cause the CAE software to give wrong data to end users when using CAE to configure devices. high complexity schneider-electric | 8.3 |
2023-01-30 | CVE-2022-45788 | Unspecified vulnerability in Schneider-Electric products A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause arbitrary code execution, denial of service and loss of confidentiality & integrity when a malicious project file is loaded onto the controller. | 9.8 |
2023-01-30 | CVE-2022-2988 | Unspecified vulnerability in Schneider-Electric Ecostruxure Machine Expert - Hvac and Somachine Hvac A CWE-787: Out-of-bounds Write vulnerability exists that could cause sensitive information leakage when accessing a malicious web page from the commissioning software. | 7.5 |
2022-11-22 | CVE-2022-0222 | Improper Privilege Management vulnerability in Schneider-Electric products A CWE-269: Improper Privilege Management vulnerability exists that could cause a denial of service of the Ethernet communication of the controller when sending a specific request over SNMP. | 7.5 |