Vulnerabilities > Schneider Electric
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-07-13 | CVE-2022-34757 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Schneider-Electric Easergy P5 Firmware 01.401.101/01.401.102 A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists where weak cipher suites can be used for the SSH connection between Easergy Pro software and the device, which may allow an attacker to observe protected communication details. | 5.3 |
| 2022-07-13 | CVE-2022-34758 | Improper Input Validation vulnerability in Schneider-Electric Easergy P5 Firmware 01.401.101/01.401.102 A CWE-20: Improper Input Validation vulnerability exists that could cause the device watchdog function to be disabled if the attacker had access to privileged user credentials. | 4.9 |
| 2022-07-13 | CVE-2022-34759 | Out-of-bounds Write vulnerability in Schneider-Electric products A CWE-787: Out-of-bounds Write vulnerability exists that could cause a denial of service of the webserver due to improper parsing of the HTTP Headers. | 7.5 |
| 2022-07-13 | CVE-2022-34760 | Infinite Loop vulnerability in Schneider-Electric products A CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability exists that could cause a denial of service of the webserver due to improper handling of the cookies. | 7.5 |
| 2022-07-13 | CVE-2022-34761 | NULL Pointer Dereference vulnerability in Schneider-Electric products A CWE-476: NULL Pointer Dereference vulnerability exists that could cause a denial of service of the webserver when parsing JSON content type. | 7.5 |
| 2022-07-13 | CVE-2022-34762 | Path Traversal vulnerability in Schneider-Electric products A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause unauthorized firmware image loading when unsigned images are added to the firmware image path. | 7.5 |
| 2022-07-13 | CVE-2022-34763 | Insufficient Verification of Data Authenticity vulnerability in Schneider-Electric products A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists that could cause loading of unauthorized firmware images due to improper verification of the firmware signature. | 7.5 |
| 2022-07-13 | CVE-2022-34764 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Schneider-Electric products A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause denial of service when parsing the URL. | 7.5 |
| 2022-07-13 | CVE-2022-34765 | Exposure of Resource to Wrong Sphere vulnerability in Schneider-Electric products A CWE-73: External Control of File Name or Path vulnerability exists that could cause loading of unauthorized firmware images when user-controlled data is written to the file path. | 5.3 |
| 2022-06-24 | CVE-2022-32530 | Exposure of Resource to Wrong Sphere vulnerability in Schneider-Electric GEO Scada Mobile 2020 A CWE-668 Exposure of Resource to Wrong Sphere vulnerability exists that could cause users to be misled, hiding alarms, showing the wrong server connection option or the wrong control request when a mobile device has been compromised by a malicious application. | 7.8 |