Vulnerabilities > Schneider Electric
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-11 | CVE-2021-22755 | Out-of-bounds Write vulnerability in Schneider-Electric Interactive Graphical Scada System A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in disclosure of information or remote code execution due to lack of sanity checks on user-supplied data, when a malicious CGF file is imported to IGSS Definition. | 7.8 |
| 2021-06-11 | CVE-2021-22756 | Out-of-bounds Read vulnerability in Schneider-Electric Interactive Graphical Scada System A CWE-125: Out-of-bounds read vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in disclosure of information or remote code execution due to lack of user-supplied data validation, when a malicious CGF file is imported to IGSS Definition. | 7.8 |
| 2021-06-11 | CVE-2021-22757 | Out-of-bounds Read vulnerability in Schneider-Electric Interactive Graphical Scada System A CWE-125: Out-of-bounds read vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in disclosure of information or remote code execution due to lack of sanity checks on user-supplied input data, when a malicious CGF file is imported to IGSS Definition. | 7.8 |
| 2021-06-11 | CVE-2021-22758 | Access of Uninitialized Pointer vulnerability in Schneider-Electric Interactive Graphical Scada System A CWE-824: Access of uninitialized pointer vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to lack validation of user-supplied input data, when a malicious CGF file is imported to IGSS Definition. | 7.8 |
| 2021-06-11 | CVE-2021-22759 | Use After Free vulnerability in Schneider-Electric Interactive Graphical Scada System A CWE-416: Use after free vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to use of unchecked input data, when a malicious CGF file is imported to IGSS Definition. | 7.8 |
| 2021-06-11 | CVE-2021-22760 | Release of Invalid Pointer or Reference vulnerability in Schneider-Electric Interactive Graphical Scada System A CWE-763: Release of invalid pointer or reference vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to missing checks of user-supplied input data, when a malicious CGF file is imported to IGSS Definition. | 7.8 |
| 2021-06-11 | CVE-2021-22761 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Schneider-Electric Interactive Graphical Scada System A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in disclosure of information or remote code e+F15xecution due to missing length check on user supplied data, when a malicious CGF file is imported to IGSS Definition. | 7.8 |
| 2021-06-11 | CVE-2021-22762 | Path Traversal vulnerability in Schneider-Electric Interactive Graphical Scada System A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in remote code execution, when a malicious CGF or WSP file is being parsed by IGSS Definition. | 7.8 |
| 2021-06-11 | CVE-2021-22763 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Schneider-Electric products A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists in PowerLogic PM55xx, PowerLogic PM8ECC, PowerLogic EGX100 and PowerLogic EGX300 (see security notification for version infromation) that could allow an attacker administrator level access to a device. | 9.8 |
| 2021-06-11 | CVE-2021-22764 | Improper Authentication vulnerability in Schneider-Electric products A CWE-287: Improper Authentication vulnerability exists in PowerLogic PM55xx, PowerLogic PM8ECC, PowerLogic EGX100 and PowerLogic EGX300 (see security notification for version infromation) that could cause loss of connectivity to the device via Modbus TCP protocol when an attacker sends a specially crafted HTTP request. | 5.3 |