Vulnerabilities > Schneider Electric
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-09 | CVE-2022-24315 | Out-of-bounds Read vulnerability in Schneider-Electric Interactive Graphical Scada System Data Server A CWE-125: Out-of-bounds Read vulnerability exists that could cause denial of service when an attacker repeatedly sends a specially crafted message. | 5.0 |
| 2022-02-09 | CVE-2022-24316 | Improper Initialization vulnerability in Schneider-Electric Interactive Graphical Scada System Data Server A CWE-665: Improper Initialization vulnerability exists that could cause information exposure when an attacker sends a specially crafted message. | 5.0 |
| 2022-02-09 | CVE-2022-24317 | Missing Authorization vulnerability in Schneider-Electric Interactive Graphical Scada System Data Server A CWE-862: Missing Authorization vulnerability exists that could cause information exposure when an attacker sends a specific message. | 5.0 |
| 2022-02-09 | CVE-2022-24318 | Inadequate Encryption Strength vulnerability in Schneider-Electric products A CWE-326: Inadequate Encryption Strength vulnerability exists that could cause non-encrypted communication with the server when outdated versions of the ViewX client are used. | 5.0 |
| 2022-02-09 | CVE-2022-24319 | Improper Certificate Validation vulnerability in Schneider-Electric products A CWE-295: Improper Certificate Validation vulnerability exists that could allow a Man-in-theMiddle attack when communications between the client and Geo SCADA web server are intercepted. | 4.3 |
| 2022-02-09 | CVE-2022-24320 | Improper Certificate Validation vulnerability in Schneider-Electric products A CWE-295: Improper Certificate Validation vulnerability exists that could allow a Man-in-theMiddle attack when communications between the client and Geo SCADA database server are intercepted. | 4.3 |
| 2022-02-09 | CVE-2022-24321 | Improper Check for Unusual or Exceptional Conditions vulnerability in Schneider-Electric products A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause Denial of Service against the Geo SCADA server when receiving a malformed HTTP request. | 5.0 |
| 2022-02-04 | CVE-2020-7534 | Cross-Site Request Forgery (CSRF) vulnerability in Schneider-Electric products A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists on the web server used, that could cause a leak of sensitive data or unauthorized actions on the web server during the time the user is logged in. | 8.8 |
| 2022-02-04 | CVE-2022-22722 | Use of Hard-coded Credentials vulnerability in Schneider-Electric Easergy P5 Firmware A CWE-798: Use of Hard-coded Credentials vulnerability exists that could result in information disclosure. | 5.4 |
| 2022-02-04 | CVE-2022-22723 | Classic Buffer Overflow vulnerability in Schneider-Electric Easergy P5 Firmware A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could lead to a buffer overflow causing program crashes and arbitrary code execution when specially crafted packets are sent to the device over the network. | 8.3 |