Vulnerabilities > Schneider Electric
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-11 | CVE-2021-22748 | Path Traversal vulnerability in Schneider-Electric C-Bus Toolkit 1.15.7/1.15.8/1.15.9 A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could allow a remote code execution when a file is saved. | 8.8 |
| 2022-02-11 | CVE-2021-22785 | Information Exposure vulnerability in Schneider-Electric products A CWE-200: Information Exposure vulnerability exists that could cause sensitive information of files located in the web root directory to leak when an attacker sends a HTTP request to the web server of the device. | 7.5 |
| 2022-02-11 | CVE-2021-22787 | Improper Input Validation vulnerability in Schneider-Electric products A CWE-20: Improper Input Validation vulnerability exists that could cause denial of service of the device when an attacker sends a specially crafted HTTP request to the web server of the device. | 7.5 |
| 2022-02-11 | CVE-2021-22788 | Out-of-bounds Write vulnerability in Schneider-Electric products A CWE-787: Out-of-bounds Write vulnerability exists that could cause denial of service when an attacker sends a specially crafted HTTP request to the web server of the device. | 7.5 |
| 2022-02-11 | CVE-2021-22796 | Improper Authentication vulnerability in Schneider-Electric C-Gate Server 2.11.7 A CWE-287: Improper Authentication vulnerability exists that could allow remote code execution when a malicious file is uploaded. | 7.8 |
| 2022-02-11 | CVE-2021-22798 | Insufficiently Protected Credentials vulnerability in Schneider-Electric Conext Combox Firmware A CWE-522: Insufficiently Protected Credentials vulnerability exists that could cause Sensitive data such as login credentials being exposed when a Network is sniffed. | 7.5 |
| 2022-02-11 | CVE-2021-22800 | Improper Input Validation vulnerability in Schneider-Electric Modicon M218 Firmware 4.3/5.0.0.7/5.1.0.6 A CWE-20: Improper Input Validation vulnerability exists that could cause a Denial of Service when a crafted packet is sent to the controller over network port 1105/TCP. | 7.5 |
| 2022-02-11 | CVE-2021-22801 | Improper Privilege Management vulnerability in Schneider-Electric Connexium Network Manager A CWE-269: Improper Privilege Management vulnerability exists that could cause an arbitrary command execution when the software is configured with specially crafted event actions. | 9.8 |
| 2022-02-11 | CVE-2021-22802 | Classic Buffer Overflow vulnerability in Schneider-Electric Interactive Graphical Scada System Data Collector A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in remote code execution due to missing length check on user supplied data, when a constructed message is received on the network. | 9.8 |
| 2022-02-11 | CVE-2021-22803 | Unrestricted Upload of File with Dangerous Type vulnerability in Schneider-Electric Interactive Graphical Scada System Data Collector A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could lead to remote code execution through a number of paths, when an attacker, writes arbitrary files to folders in context of the DC module, by sending constructed messages on the network. | 9.8 |