Vulnerabilities > Schneider Electric
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-04 | CVE-2022-41670 | Path Traversal vulnerability in Schneider-Electric products A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load malicious DLL which could result in execution of malicious code. | 7.8 |
| 2022-11-04 | CVE-2022-41669 | Improper Verification of Cryptographic Signature vulnerability in Schneider-Electric products A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load a malicious DLL which could result in execution of malicious code. | 7.8 |
| 2022-11-04 | CVE-2022-41667 | Path Traversal vulnerability in Schneider-Electric products A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that allows adversaries with local user privileges to load a malicious DLL which could lead to execution of malicious code. | 7.8 |
| 2022-11-04 | CVE-2022-41668 | Incorrect Type Conversion or Cast vulnerability in Schneider-Electric products A CWE-704: Incorrect Project Conversion vulnerability exists that allows adversaries with local user privileges to load a project file from an adversary-controlled network share which could result in execution of malicious code. | 7.8 |
| 2022-11-04 | CVE-2022-41666 | Improper Verification of Cryptographic Signature vulnerability in Schneider-Electric products A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists that allows adversaries with local user privileges to load a malicious DLL which could lead to execution of malicious code. | 7.8 |
| 2022-09-13 | CVE-2022-37302 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Schneider-Electric Ecostruxure Control Expert 15.1 A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause a crash of the Control Expert software when an incorrect project file is opened. | 5.5 |
| 2022-09-12 | CVE-2022-37300 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Schneider-Electric products A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could cause unauthorized access in read and write mode to the controller when communicating over Modbus. | 9.8 |
| 2022-07-13 | CVE-2022-34753 | OS Command Injection vulnerability in Schneider-Electric Spacelogic C-Bus Home Controller Firmware A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause remote root exploit when the command is compromised. | 8.8 |
| 2022-07-13 | CVE-2022-34754 | Improper Privilege Management vulnerability in Schneider-Electric products A CWE-269: Improper Privilege Management vulnerability exists that could allow elevated functionality when guessing credentials. | 6.8 |
| 2022-07-13 | CVE-2022-34756 | Classic Buffer Overflow vulnerability in Schneider-Electric Easergy P5 Firmware 01.401.101/01.401.102 A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in remote code execution or the crash of HTTPs stack which is used for the device Web HMI. | 9.8 |