Vulnerabilities > Schneider Electric
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-22 | CVE-2022-0222 | Improper Privilege Management vulnerability in Schneider-Electric products A CWE-269: Improper Privilege Management vulnerability exists that could cause a denial of service of the Ethernet communication of the controller when sending a specific request over SNMP. | 7.5 |
| 2022-11-22 | CVE-2022-37301 | Unspecified vulnerability in Schneider-Electric products A CWE-191: Integer Underflow (Wrap or Wraparound) vulnerability exists that could cause a denial of service of the controller due to memory access violations when using the Modbus TCP protocol. | 7.5 |
| 2022-11-04 | CVE-2022-41671 | Unspecified vulnerability in Schneider-Electric products A CWE-89: Improper Neutralization of Special Elements used in SQL Command (‘SQL Injection’) vulnerability exists that allows adversaries with local user privileges to craft a malicious SQL query and execute as part of project migration which could result in execution of malicious code. | 7.8 |
| 2022-11-04 | CVE-2022-41670 | Unspecified vulnerability in Schneider-Electric products A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load malicious DLL which could result in execution of malicious code. | 7.8 |
| 2022-11-04 | CVE-2022-41669 | Unspecified vulnerability in Schneider-Electric products A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load a malicious DLL which could result in execution of malicious code. | 7.8 |
| 2022-11-04 | CVE-2022-41667 | Unspecified vulnerability in Schneider-Electric products A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that allows adversaries with local user privileges to load a malicious DLL which could lead to execution of malicious code. | 7.8 |
| 2022-11-04 | CVE-2022-41668 | Unspecified vulnerability in Schneider-Electric products A CWE-704: Incorrect Project Conversion vulnerability exists that allows adversaries with local user privileges to load a project file from an adversary-controlled network share which could result in execution of malicious code. | 7.8 |
| 2022-11-04 | CVE-2022-41666 | Unspecified vulnerability in Schneider-Electric products A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists that allows adversaries with local user privileges to load a malicious DLL which could lead to execution of malicious code. | 7.8 |
| 2022-09-13 | CVE-2022-37302 | Unspecified vulnerability in Schneider-Electric Ecostruxure Control Expert 15.1 A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause a crash of the Control Expert software when an incorrect project file is opened. | 5.5 |
| 2022-09-12 | CVE-2022-37300 | Unspecified vulnerability in Schneider-Electric products A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could cause unauthorized access in read and write mode to the controller when communicating over Modbus. | 9.8 |