Vulnerabilities > Schneider Electric
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-11 | CVE-2021-22765 | Improper Input Validation vulnerability in Schneider-Electric products A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service or remote code execution via a specially crafted HTTP packet | 9.8 |
| 2021-06-11 | CVE-2021-22766 | Improper Input Validation vulnerability in Schneider-Electric products A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service via a specially crafted HTTP packet | 7.5 |
| 2021-06-11 | CVE-2021-22767 | Improper Input Validation vulnerability in Schneider-Electric products A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service or remote code execution via a specially crafted HTTP packet.This CVE ID is unique from CVE-2021-2276 | 9.8 |
| 2021-06-11 | CVE-2021-22768 | Improper Input Validation vulnerability in Schneider-Electric products A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service or remote code execution via a specially crafted HTTP packet.This CVE ID is unique from CVE-2021-22767 | 9.8 |
| 2021-06-11 | CVE-2021-22769 | Files or Directories Accessible to External Parties vulnerability in Schneider-Electric Easergy T300 Firmware 1.5.2/2.7/2.7.1 A CWE-552: Files or Directories Accessible to External Parties vulnerability exists in Easergy T300 with firmware V2.7.1 and older that could expose files or directory content when access from an attacker is not restricted or incorrectly restricted. | 4.3 |
| 2021-05-26 | CVE-2021-22699 | Improper Input Validation vulnerability in Schneider-Electric Modicon M241 Firmware and Modicon M251 Firmware Improper Input Validation vulnerability exists in Modicon M241/M251 logic controllers firmware prior to V5.1.9.1 that could cause denial of service when specific crafted requests are sent to the controller over HTTP. | 7.5 |
| 2021-05-26 | CVE-2021-22705 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Schneider-Electric Ecostruxure Machine Expert and Vijeo Designer Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause denial of service or unauthorized access to system information when interacting directly with a driver installed by Vijeo Designer or EcoStruxure Machine Expert | 7.8 |
| 2021-05-26 | CVE-2021-22731 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Schneider-Electric products Weak Password Recovery Mechanism for Forgotten Password vulnerability exists on Modicon Managed Switch MCSESM* and MCSESP* V8.21 and prior which could cause an unauthorized password change through HTTP / HTTPS when basic user information is known by a remote attacker. | 9.8 |
| 2021-05-26 | CVE-2021-22732 | Improper Privilege Management vulnerability in Schneider-Electric Homelynk Firmware and Spacelynk Firmware Improper Privilege Management vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior which could cause a code execution issue when an attacker loads unauthorized code on the web server. | 7.8 |
| 2021-05-26 | CVE-2021-22733 | Improper Privilege Management vulnerability in Schneider-Electric Homelynk Firmware and Spacelynk Firmware Improper Privilege Management vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior which could cause shell access when unauthorized code is loaded into the system folder. | 7.8 |