Vulnerabilities > Schneider Electric
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-07-21 | CVE-2021-22729 | Use of Hard-coded Password vulnerability in Schneider-Electric products A CWE-259: Use of Hard-coded Password vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could allow an attacker to gain unauthorized administrative privileges when accessing to the charging station web server. | 9.8 |
| 2021-07-21 | CVE-2021-22730 | Use of Hard-coded Credentials vulnerability in Schneider-Electric products A CWE-798: Use of Hard-coded Credentials vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could an attacker to gain unauthorized administrative privileges when accessing to the charging station web server. | 9.8 |
| 2021-07-21 | CVE-2021-22770 | Information Exposure vulnerability in Schneider-Electric Easergy T300 Firmware 1.5.2/2.7/2.7.1 A CWE-200: Information Exposure vulnerability exists in Easergy T300 with firmware V2.7.1 and older that exposes sensitive information to an actor not explicitly authorized to have access to that information. | 6.5 |
| 2021-07-21 | CVE-2021-22771 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Schneider-Electric Easergy T300 Firmware 1.5.2/2.7/2.7.1 A CWE-1236: Improper Neutralization of Formula Elements in a CSV File vulnerability exists in Easergy T300 with firmware V2.7.1 and older that would allow arbitrary command execution. | 7.3 |
| 2021-07-21 | CVE-2021-22772 | Missing Authentication for Critical Function vulnerability in Schneider-Electric T200E Firmware, T200I Firmware and T200P Firmware A CWE-306: Missing Authentication for Critical Function vulnerability exists in Easergy T200 ((Modbus) SC2-04MOD-07000100 and earlier), Easergy T200 ((IEC104) SC2-04IEC-07000100 and earlier), and Easergy T200 ((DNP3) SC2-04DNP-07000102 and earlier) that could cause unauthorized operation when authentication is bypassed. | 9.8 |
| 2021-07-21 | CVE-2021-22773 | Unverified Password Change vulnerability in Schneider-Electric products A CWE-620: Unverified Password Change vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could allow an attacker connected to the charging station web server to modify the password of a user. | 6.5 |
| 2021-07-21 | CVE-2021-22774 | Use of Password Hash With Insufficient Computational Effort vulnerability in Schneider-Electric products A CWE-759: Use of a One-Way Hash without a Salt vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could lead an attacker to get knowledge of charging station user account credentials using dictionary attacks techniques. | 7.5 |
| 2021-07-21 | CVE-2021-22777 | Deserialization of Untrusted Data vulnerability in Schneider-Electric Sosafe Configurable A CWE-502: Deserialization of Untrusted Data vulnerability exists that could cause code execution by opening a malicious project file. | 7.8 |
| 2021-07-21 | CVE-2021-22784 | Missing Authentication for Critical Function vulnerability in Schneider-Electric C-Bus Toolkit 1.15.7/1.15.8 A CWE-306: Missing Authentication for Critical Function vulnerability exists in C-Bus Toolkit v1.15.8 and prior that could allow an attacker to use a crafted webpage to obtain remote access to the system. | 5.7 |
| 2021-07-14 | CVE-2021-22778 | Insufficiently Protected Credentials vulnerability in Schneider-Electric products Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all versions, that could cause protected derived function blocks to be read or modified by unauthorized users when accessing a project file. | 7.1 |