Vulnerabilities > Schneider Electric
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-11 | CVE-2021-22801 | Unspecified vulnerability in Schneider-Electric Connexium Network Manager A CWE-269: Improper Privilege Management vulnerability exists that could cause an arbitrary command execution when the software is configured with specially crafted event actions. | 9.8 |
| 2022-02-11 | CVE-2021-22802 | Unspecified vulnerability in Schneider-Electric Interactive Graphical Scada System Data Collector A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in remote code execution due to missing length check on user supplied data, when a constructed message is received on the network. | 9.8 |
| 2022-02-11 | CVE-2021-22803 | Unspecified vulnerability in Schneider-Electric Interactive Graphical Scada System Data Collector A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could lead to remote code execution through a number of paths, when an attacker, writes arbitrary files to folders in context of the DC module, by sending constructed messages on the network. | 9.8 |
| 2022-02-11 | CVE-2021-22804 | Unspecified vulnerability in Schneider-Electric Interactive Graphical Scada System Data Collector A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists that could cause disclosure of arbitrary files being read in the context of the user running IGSS, due to missing validation of user supplied data in network messages. | 7.5 |
| 2022-02-11 | CVE-2021-22805 | Unspecified vulnerability in Schneider-Electric Interactive Graphical Scada System Data Collector A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause deletion of arbitrary files in the context of the user running IGSS due to lack of validation of network messages. | 9.1 |
| 2022-02-11 | CVE-2021-22806 | Unspecified vulnerability in Schneider-Electric products A CWE-669: Incorrect Resource Transfer Between Spheres vulnerability exists that could cause data exfiltration and unauthorized access when accessing a malicious website. | 7.5 |
| 2022-02-11 | CVE-2021-22823 | Unspecified vulnerability in Schneider-Electric Interactive Graphical Scada System Data Collector A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause deletion of arbitrary files in the context of the user running IGSS due to lack of validation of network messages. | 9.1 |
| 2022-02-11 | CVE-2021-22824 | Classic Buffer Overflow vulnerability in Schneider-Electric Interactive Graphical Scada System Data Collector A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in denial of service, due to missing length check on user-supplied data from a constructed message received on the network. | 7.5 |
| 2022-02-09 | CVE-2021-22817 | Incorrect Default Permissions vulnerability in Schneider-Electric products A CWE-276: Incorrect Default Permissions vulnerability exists that could cause unauthorized access to the base installation directory leading to local privilege escalation. | 7.8 |
| 2022-02-09 | CVE-2022-22807 | Unspecified vulnerability in Schneider-Electric products A CWE-1021 Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause unintended modifications of the product settings or user accounts when deceiving the user to use the web interface rendered within iframes. | 7.4 |