Vulnerabilities > Schneider Electric
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-28 | CVE-2021-22808 | Use After Free vulnerability in Schneider-Electric Guicon 2.0 A CWE-416: Use After Free vulnerability exists that could cause arbitrary code execution when a malicious *.gd1 configuration file is loaded into the GUIcon tool. | 7.8 |
| 2022-01-28 | CVE-2021-22809 | Out-of-bounds Read vulnerability in Schneider-Electric Guicon 2.0 A CWE-125:Out-of-Bounds Read vulnerability exists that could cause unintended data disclosure when a malicious *.gd1 configuration file is loaded into the GUIcon tool. | 5.5 |
| 2022-01-28 | CVE-2021-22810 | Cross-site Scripting vulnerability in Schneider-Electric products A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause arbritrary script execution when a privileged account clicks on a malicious URL specifically crafted for the NMC pointing to a delete policy file. | 6.1 |
| 2022-01-28 | CVE-2021-22811 | Cross-site Scripting vulnerability in Schneider-Electric products A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause script execution when the request of a privileged account accessing the vulnerable web page is intercepted. | 6.1 |
| 2022-01-28 | CVE-2021-22812 | Cross-site Scripting vulnerability in Schneider-Electric products A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause arbritrary script execution when a privileged account clicks on a malicious URL specifically crafted for the NMC. | 6.1 |
| 2022-01-28 | CVE-2021-22813 | Cross-site Scripting vulnerability in Schneider-Electric products A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause arbritrary script execution when a privileged account clicks on a malicious URL specifically crafted for the NMC pointing to an edit policy file. | 6.1 |
| 2022-01-28 | CVE-2021-22814 | Cross-site Scripting vulnerability in Schneider-Electric products A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists which could cause arbritrary script execution when a malicious file is read and displayed. | 6.1 |
| 2022-01-28 | CVE-2021-22815 | Information Exposure vulnerability in Schneider-Electric products A CWE-200: Information Exposure vulnerability exists which could cause the troubleshooting archive to be accessed. | 5.3 |
| 2022-01-28 | CVE-2021-22816 | Improper Check for Unusual or Exceptional Conditions vulnerability in Schneider-Electric products A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause a Denial of Service of the RTU when receiving a specially crafted request over Modbus, and the RTU is configured as a Modbus server. | 7.5 |
| 2022-01-28 | CVE-2021-22818 | Improper Restriction of Excessive Authentication Attempts vulnerability in Schneider-Electric products A CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists that could allow an attacker to gain unauthorized access to the charging station web interface by performing brute force attacks. | 7.5 |