Vulnerabilities > Schneider Electric
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-09 | CVE-2022-24314 | Unspecified vulnerability in Schneider-Electric Interactive Graphical Scada System Data Server A CWE-125: Out-of-bounds Read vulnerability exists that could cause memory leaks potentially resulting in denial of service when an attacker repeatedly sends a specially crafted message. | 7.5 |
| 2022-02-09 | CVE-2022-24315 | Unspecified vulnerability in Schneider-Electric Interactive Graphical Scada System Data Server A CWE-125: Out-of-bounds Read vulnerability exists that could cause denial of service when an attacker repeatedly sends a specially crafted message. | 7.5 |
| 2022-02-09 | CVE-2022-24316 | Unspecified vulnerability in Schneider-Electric Interactive Graphical Scada System Data Server A CWE-665: Improper Initialization vulnerability exists that could cause information exposure when an attacker sends a specially crafted message. | 7.5 |
| 2022-02-09 | CVE-2022-24317 | Unspecified vulnerability in Schneider-Electric Interactive Graphical Scada System Data Server A CWE-862: Missing Authorization vulnerability exists that could cause information exposure when an attacker sends a specific message. | 7.5 |
| 2022-02-09 | CVE-2022-24318 | Inadequate Encryption Strength vulnerability in Schneider-Electric products A CWE-326: Inadequate Encryption Strength vulnerability exists that could cause non-encrypted communication with the server when outdated versions of the ViewX client are used. | 7.5 |
| 2022-02-09 | CVE-2022-24319 | Improper Certificate Validation vulnerability in Schneider-Electric products A CWE-295: Improper Certificate Validation vulnerability exists that could allow a Man-in-theMiddle attack when communications between the client and Geo SCADA web server are intercepted. | 5.9 |
| 2022-02-09 | CVE-2022-24320 | Improper Certificate Validation vulnerability in Schneider-Electric products A CWE-295: Improper Certificate Validation vulnerability exists that could allow a Man-in-theMiddle attack when communications between the client and Geo SCADA database server are intercepted. | 5.9 |
| 2022-02-09 | CVE-2022-24321 | Unspecified vulnerability in Schneider-Electric products A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause Denial of Service against the Geo SCADA server when receiving a malformed HTTP request. | 7.5 |
| 2022-02-04 | CVE-2020-7534 | Cross-Site Request Forgery (CSRF) vulnerability in Schneider-Electric products A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists on the web server used, that could cause a leak of sensitive data or unauthorized actions on the web server during the time the user is logged in. | 8.8 |
| 2022-02-04 | CVE-2022-22722 | Unspecified vulnerability in Schneider-Electric Easergy P5 Firmware A CWE-798: Use of Hard-coded Credentials vulnerability exists that could result in information disclosure. high complexity schneider-electric | 7.5 |