Vulnerabilities > Schneider Electric
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-11 | CVE-2021-22762 | Path Traversal vulnerability in Schneider-Electric Interactive Graphical Scada System A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in remote code execution, when a malicious CGF or WSP file is being parsed by IGSS Definition. | 7.8 |
| 2021-06-11 | CVE-2021-22763 | Unspecified vulnerability in Schneider-Electric products A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists in PowerLogic PM55xx, PowerLogic PM8ECC, PowerLogic EGX100 and PowerLogic EGX300 (see security notification for version infromation) that could allow an attacker administrator level access to a device. | 9.8 |
| 2021-06-11 | CVE-2021-22764 | Unspecified vulnerability in Schneider-Electric products A CWE-287: Improper Authentication vulnerability exists in PowerLogic PM55xx, PowerLogic PM8ECC, PowerLogic EGX100 and PowerLogic EGX300 (see security notification for version infromation) that could cause loss of connectivity to the device via Modbus TCP protocol when an attacker sends a specially crafted HTTP request. | 5.3 |
| 2021-06-11 | CVE-2021-22765 | Improper Input Validation vulnerability in Schneider-Electric products A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service or remote code execution via a specially crafted HTTP packet | 9.8 |
| 2021-06-11 | CVE-2021-22766 | Unspecified vulnerability in Schneider-Electric products A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service via a specially crafted HTTP packet | 7.5 |
| 2021-06-11 | CVE-2021-22767 | Unspecified vulnerability in Schneider-Electric products A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service or remote code execution via a specially crafted HTTP packet.This CVE ID is unique from CVE-2021-2276 | 9.8 |
| 2021-06-11 | CVE-2021-22768 | Unspecified vulnerability in Schneider-Electric products A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service or remote code execution via a specially crafted HTTP packet.This CVE ID is unique from CVE-2021-22767 | 9.8 |
| 2021-06-11 | CVE-2021-22769 | Unspecified vulnerability in Schneider-Electric Easergy T300 Firmware 1.5.2/2.7/2.7.1 A CWE-552: Files or Directories Accessible to External Parties vulnerability exists in Easergy T300 with firmware V2.7.1 and older that could expose files or directory content when access from an attacker is not restricted or incorrectly restricted. | 4.3 |
| 2021-05-26 | CVE-2021-22699 | Unspecified vulnerability in Schneider-Electric Modicon M241 Firmware and Modicon M251 Firmware Improper Input Validation vulnerability exists in Modicon M241/M251 logic controllers firmware prior to V5.1.9.1 that could cause denial of service when specific crafted requests are sent to the controller over HTTP. | 7.5 |
| 2021-05-26 | CVE-2021-22705 | Unspecified vulnerability in Schneider-Electric Ecostruxure Machine Expert and Vijeo Designer Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause denial of service or unauthorized access to system information when interacting directly with a driver installed by Vijeo Designer or EcoStruxure Machine Expert | 7.8 |