Vulnerabilities > Schneider Electric

DATE CVE VULNERABILITY TITLE RISK
2024-06-12 CVE-2024-0865 Unspecified vulnerability in Schneider-Electric Ecostruxure IT Gateway
CWE-798: Use of hard-coded credentials vulnerability exists that could cause local privilege escalation when logged in as a non-administrative user.
local
low complexity
schneider-electric
7.8
2024-06-12 CVE-2024-2747 Unspecified vulnerability in Schneider-Electric Easergy Studio
CWE-428: Unquoted search path or element vulnerability exists in Easergy Studio, which could cause privilege escalation when a valid user replaces a trusted file name on the system and reboots the machine.
local
low complexity
schneider-electric
7.8
2024-06-12 CVE-2024-5559 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Schneider-Electric Powerlogic P5 Firmware
CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists that could cause denial of service, device reboot, or an attacker gaining full control of the relay when a specially crafted reset token is entered into the front panel of the device.
low complexity
schneider-electric CWE-327
6.8
2024-06-12 CVE-2024-37036 Unspecified vulnerability in Schneider-Electric Sage RTU Firmware
CWE-787: Out-of-bounds Write vulnerability exists that could result in an authentication bypass when sending a malformed POST request and particular configuration parameters are set.
network
low complexity
schneider-electric
critical
9.8
2024-06-12 CVE-2024-37037 Unspecified vulnerability in Schneider-Electric Sage RTU Firmware
CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability exists that could allow an authenticated user with access to the device’s web interface to corrupt files and impact device functionality when sending a crafted HTTP request.
network
low complexity
schneider-electric
8.1
2024-06-12 CVE-2024-37038 Incorrect Default Permissions vulnerability in Schneider-Electric Sage RTU Firmware
CWE-276: Incorrect Default Permissions vulnerability exists that could allow an authenticated user with access to the device’s web interface to perform unauthorized file and firmware uploads when crafting custom web requests.
network
low complexity
schneider-electric CWE-276
8.8
2024-06-12 CVE-2024-37039 Unspecified vulnerability in Schneider-Electric Sage RTU Firmware
CWE-252: Unchecked Return Value vulnerability exists that could cause denial of service of the device when an attacker sends a specially crafted HTTP request.
network
low complexity
schneider-electric
7.5
2024-06-12 CVE-2024-37040 Unspecified vulnerability in Schneider-Electric Sage RTU Firmware
CWE-120: Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’) vulnerability exists that could allow a user with access to the device’s web interface to cause a fault on the device when sending a malformed HTTP request.
network
low complexity
schneider-electric
8.1
2024-06-12 CVE-2024-5557 Unspecified vulnerability in Schneider-Electric Spacelogic As-B Firmware and Spacelogic As-P Firmware
CWE-532: Insertion of Sensitive Information into Log File vulnerability exists that could cause exposure of SNMP credentials when an attacker has access to the controller logs.
low complexity
schneider-electric
4.5
2024-06-12 CVE-2024-5558 Unspecified vulnerability in Schneider-Electric Spacelogic As-B Firmware and Spacelogic As-P Firmware
CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability exists that could cause escalation of privileges when an attacker abuses a limited admin account.
local
high complexity
schneider-electric
6.4