Vulnerabilities > Schneider Electric

DATE CVE VULNERABILITY TITLE RISK
2023-01-30 CVE-2022-32525 Unspecified vulnerability in Schneider-Electric Interactive Graphical Scada System
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted alarm data messages.
network
low complexity
schneider-electric
critical
9.8
2023-01-30 CVE-2022-32526 Classic Buffer Overflow vulnerability in Schneider-Electric Interactive Graphical Scada System
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted setting value messages.
network
low complexity
schneider-electric CWE-120
critical
9.8
2023-01-30 CVE-2022-32527 Unspecified vulnerability in Schneider-Electric Interactive Graphical Scada System
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted alarm cache data messages.
network
low complexity
schneider-electric
critical
9.8
2023-01-30 CVE-2022-32528 Unspecified vulnerability in Schneider-Electric Interactive Graphical Scada System
A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause access to manipulate and read specific files in the IGSS project report directory, potentially leading to a denial-of-service condition when an attacker sends specific messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170)
network
low complexity
schneider-electric
critical
9.1
2023-01-30 CVE-2022-32529 Unspecified vulnerability in Schneider-Electric Interactive Graphical Scada System
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted log data request messages.
network
low complexity
schneider-electric
critical
9.8
2023-01-30 CVE-2022-32747 Unspecified vulnerability in Schneider-Electric Ecostruxure Cybersecurity Admin Expert 2.2
A CWE-290: Authentication Bypass by Spoofing vulnerability exists that could cause legitimate users to be locked out of devices or facilitate backdoor account creation by spoofing a device on the local network.
low complexity
schneider-electric
8.1
2023-01-30 CVE-2022-32748 Unspecified vulnerability in Schneider-Electric Ecostruxure Cybersecurity Admin Expert 2.2
A CWE-295: Improper Certificate Validation vulnerability exists that could cause the CAE software to give wrong data to end users when using CAE to configure devices.
high complexity
schneider-electric
8.3
2023-01-30 CVE-2022-45788 Unspecified vulnerability in Schneider-Electric products
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause arbitrary code execution, denial of service and loss of confidentiality & integrity when a malicious project file is loaded onto the controller.
network
low complexity
schneider-electric
critical
9.8
2023-01-30 CVE-2022-2988 Unspecified vulnerability in Schneider-Electric Ecostruxure Machine Expert - Hvac and Somachine Hvac
A CWE-787: Out-of-bounds Write vulnerability exists that could cause sensitive information leakage when accessing a malicious web page from the commissioning software.
network
low complexity
schneider-electric
7.5
2022-11-22 CVE-2022-0222 Improper Privilege Management vulnerability in Schneider-Electric products
A CWE-269: Improper Privilege Management vulnerability exists that could cause a denial of service of the Ethernet communication of the controller when sending a specific request over SNMP.
network
low complexity
schneider-electric CWE-269
7.5