Vulnerabilities > Schneider Electric
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-30 | CVE-2022-32527 | Classic Buffer Overflow vulnerability in Schneider-Electric Interactive Graphical Scada System A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted alarm cache data messages. | 9.8 |
| 2023-01-30 | CVE-2022-32528 | Missing Authentication for Critical Function vulnerability in Schneider-Electric Interactive Graphical Scada System A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause access to manipulate and read specific files in the IGSS project report directory, potentially leading to a denial-of-service condition when an attacker sends specific messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170) | 9.1 |
| 2023-01-30 | CVE-2022-32529 | Classic Buffer Overflow vulnerability in Schneider-Electric Interactive Graphical Scada System A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted log data request messages. | 9.8 |
| 2023-01-30 | CVE-2022-32747 | Authentication Bypass by Spoofing vulnerability in Schneider-Electric Ecostruxure Cybersecurity Admin Expert 2.2 A CWE-290: Authentication Bypass by Spoofing vulnerability exists that could cause legitimate users to be locked out of devices or facilitate backdoor account creation by spoofing a device on the local network. | 8.1 |
| 2023-01-30 | CVE-2022-32748 | Improper Certificate Validation vulnerability in Schneider-Electric Ecostruxure Cybersecurity Admin Expert 2.2 A CWE-295: Improper Certificate Validation vulnerability exists that could cause the CAE software to give wrong data to end users when using CAE to configure devices. | 8.3 |
| 2023-01-30 | CVE-2022-45788 | Improper Check for Unusual or Exceptional Conditions vulnerability in Schneider-Electric products A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause arbitrary code execution, denial of service and loss of confidentiality & integrity when a malicious project file is loaded onto the controller. | 9.8 |
| 2023-01-30 | CVE-2022-2988 | Out-of-bounds Write vulnerability in Schneider-Electric Ecostruxure Machine Expert - Hvac and Somachine Hvac A CWE-787: Out-of-bounds Write vulnerability exists that could cause sensitive information leakage when accessing a malicious web page from the commissioning software. | 7.5 |
| 2022-11-22 | CVE-2022-0222 | Improper Privilege Management vulnerability in Schneider-Electric products A CWE-269: Improper Privilege Management vulnerability exists that could cause a denial of service of the Ethernet communication of the controller when sending a specific request over SNMP. | 7.5 |
| 2022-11-22 | CVE-2022-37301 | Integer Underflow (Wrap or Wraparound) vulnerability in Schneider-Electric products A CWE-191: Integer Underflow (Wrap or Wraparound) vulnerability exists that could cause a denial of service of the controller due to memory access violations when using the Modbus TCP protocol. | 7.5 |
| 2022-11-04 | CVE-2022-41671 | SQL Injection vulnerability in Schneider-Electric products A CWE-89: Improper Neutralization of Special Elements used in SQL Command (‘SQL Injection’) vulnerability exists that allows adversaries with local user privileges to craft a malicious SQL query and execute as part of project migration which could result in execution of malicious code. | 7.8 |