Vulnerabilities > Schneider Electric
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-03 | CVE-2021-30065 | On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, crafted ModBus packets can bypass the ModBus enforcer. | 5.0 |
| 2022-03-18 | CVE-2020-25176 | Path Traversal vulnerability in multiple products Some commands used by the Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x eXchange Layer (IXL) protocol perform various file operations in the file system. | 9.3 |
| 2022-03-18 | CVE-2020-25178 | Cleartext Transmission of Sensitive Information vulnerability in multiple products ISaGRAF Workbench communicates with Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x using TCP/IP. | 9.3 |
| 2022-03-18 | CVE-2020-25180 | Use of Hard-coded Credentials vulnerability in multiple products Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x includes the functionality of setting a password that is required to execute privileged commands. | 4.3 |
| 2022-03-18 | CVE-2020-25182 | Uncontrolled Search Path Element vulnerability in multiple products Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x searches for and loads DLLs as dynamic libraries. | 4.6 |
| 2022-03-18 | CVE-2020-25184 | Insufficiently Protected Credentials vulnerability in multiple products Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x stores the password in plaintext in a file that is in the same directory as the executable file. | 5.5 |
| 2022-03-09 | CVE-2021-22783 | Unspecified vulnerability in Schneider-Electric Ritto Wiser Door A CWE-200: Information Exposure vulnerability exists which could allow a session hijack when the door panel is communicating with the door. low complexity schneider-electric | 4.8 |
| 2022-03-09 | CVE-2022-24322 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Schneider-Electric Ecostruxure Control Expert 14.0/14.1/15.0 A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause a disruption of communication between the Modicon controller and the engineering software when an attacker is able to intercept and manipulate specific Modbus response data. | 4.3 |
| 2022-03-09 | CVE-2022-24323 | Improper Check for Unusual or Exceptional Conditions vulnerability in Schneider-Electric products A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause a disruption of communication between the Modicon controller and the engineering software, when an attacker is able to intercept and manipulate specific Modbus response data. | 4.3 |
| 2022-03-09 | CVE-2022-0715 | Insufficient Verification of Data Authenticity vulnerability in Schneider-Electric products A CWE-287: Improper Authentication vulnerability exists that could cause an attacker to arbitrarily change the behavior of the UPS when a key is leaked and used to upload malicious firmware. | 9.1 |