Vulnerabilities > Schneider Electric
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-12 | CVE-2024-5560 | Unspecified vulnerability in Schneider-Electric Sage RTU Firmware CWE-125: Out-of-bounds Read vulnerability exists that could cause denial of service of the device’s web interface when an attacker sends a specially crafted HTTP request. | 7.5 |
| 2024-06-12 | CVE-2024-5313 | Unspecified vulnerability in Schneider-Electric Evlink Home Firmware 2.0.3.8.2128/2.0.4.1.2131 CWE-668: Exposure of the Resource Wrong Sphere vulnerability exists that exposes a SSH interface over the product network interface. | 6.5 |
| 2024-06-12 | CVE-2024-5056 | Unspecified vulnerability in Schneider-Electric products CWE-552: Files or Directories Accessible to External Parties vulnerability exists which may prevent user to update the device firmware and prevent proper behavior of the webserver when specific files or directories are removed from the filesystem. | 6.5 |
| 2024-02-14 | CVE-2023-27975 | Unspecified vulnerability in Schneider-Electric products CWE-522: Insufficiently Protected Credentials vulnerability exists that could cause unauthorized access to the project file in EcoStruxure Control Expert when a local user tampers with the memory of the engineering workstation. | 7.1 |
| 2024-02-14 | CVE-2023-6409 | Unspecified vulnerability in Schneider-Electric products CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause unauthorized access to a project file protected with application password when opening the file with EcoStruxure Control Expert. | 7.7 |
| 2024-01-09 | CVE-2023-7032 | Unspecified vulnerability in Schneider-Electric Easergy Studio 9.3.5 A CWE-502: Deserialization of untrusted data vulnerability exists that could allow an attacker logged in with a user level account to gain higher privileges by providing a harmful serialized object. | 7.8 |
| 2023-12-14 | CVE-2023-5629 | Unspecified vulnerability in Schneider-Electric products A CWE-601:URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability exists that could cause disclosure of information through phishing attempts over HTTP. | 6.1 |
| 2023-12-14 | CVE-2023-5630 | Unspecified vulnerability in Schneider-Electric products A CWE-494: Download of Code Without Integrity Check vulnerability exists that could allow a privileged user to install an untrusted firmware. | 4.9 |
| 2023-12-14 | CVE-2023-6407 | Unspecified vulnerability in Schneider-Electric Easy UPS Online Monitoring Software 2.5Gs/2.5Gs0122320 A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause arbitrary file deletion upon service restart when accessed by a local and low-privileged attacker. | 7.1 |
| 2023-11-15 | CVE-2023-5984 | Unspecified vulnerability in Schneider-Electric Ion8650 Firmware and Ion8800 Firmware A CWE-494 Download of Code Without Integrity Check vulnerability exists that could allow modified firmware to be uploaded when an authorized admin user begins a firmware update procedure which could result in full control over the device. | 4.9 |