Vulnerabilities > Schneider Electric
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-12 | CVE-2024-5560 | Out-of-bounds Read vulnerability in Schneider-Electric Sage RTU Firmware CWE-125: Out-of-bounds Read vulnerability exists that could cause denial of service of the device’s web interface when an attacker sends a specially crafted HTTP request. | 7.5 |
| 2024-06-12 | CVE-2024-5313 | Unspecified vulnerability in Schneider-Electric Evlink Home Firmware 2.0.3.8.2128/2.0.4.1.2131 CWE-668: Exposure of the Resource Wrong Sphere vulnerability exists that exposes a SSH interface over the product network interface. | 6.5 |
| 2024-06-12 | CVE-2024-5056 | Files or Directories Accessible to External Parties vulnerability in Schneider-Electric products CWE-552: Files or Directories Accessible to External Parties vulnerability exists which may prevent user to update the device firmware and prevent proper behavior of the webserver when specific files or directories are removed from the filesystem. | 6.5 |
| 2024-01-09 | CVE-2023-7032 | Deserialization of Untrusted Data vulnerability in Schneider-Electric Easergy Studio A CWE-502: Deserialization of untrusted data vulnerability exists that could allow an attacker logged in with a user level account to gain higher privileges by providing a harmful serialized object. | 7.8 |
| 2023-12-14 | CVE-2023-5629 | Open Redirect vulnerability in Schneider-Electric products A CWE-601:URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability exists that could cause disclosure of information through phishing attempts over HTTP. | 6.1 |
| 2023-12-14 | CVE-2023-5630 | Download of Code Without Integrity Check vulnerability in Schneider-Electric products A CWE-494: Download of Code Without Integrity Check vulnerability exists that could allow a privileged user to install an untrusted firmware. | 4.9 |
| 2023-12-14 | CVE-2023-6407 | Path Traversal vulnerability in Schneider-Electric Easy UPS Online Monitoring Software 2.5Gs/2.5Gs0122320 A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause arbitrary file deletion upon service restart when accessed by a local and low-privileged attacker. | 7.1 |
| 2023-11-15 | CVE-2023-5984 | Download of Code Without Integrity Check vulnerability in Schneider-Electric Ion8650 Firmware and Ion8800 Firmware A CWE-494 Download of Code Without Integrity Check vulnerability exists that could allow modified firmware to be uploaded when an authorized admin user begins a firmware update procedure which could result in full control over the device. | 4.9 |
| 2023-11-15 | CVE-2023-5985 | Cross-site Scripting vulnerability in Schneider-Electric Ion8650 Firmware and Ion8800 Firmware A CWE-79 Improper Neutralization of Input During Web Page Generation vulnerability exists that could cause compromise of a user’s browser when an attacker with admin privileges has modified system values. | 4.8 |
| 2023-11-15 | CVE-2023-5986 | Open Redirect vulnerability in Schneider-Electric Ecostruxure Power Monitoring Expert 2020/2021 A CWE-601 URL Redirection to Untrusted Site vulnerability exists that could cause an openredirect vulnerability leading to a cross site scripting attack. | 6.1 |