Vulnerabilities > Schneider Electric
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-14 | CVE-2023-2569 | Out-of-bounds Write vulnerability in Schneider-Electric Ecostruxure Foxboro DCS Control Core Services A CWE-787: Out-of-Bounds Write vulnerability exists that could cause local denial-of-service, elevation of privilege, and potentially kernel execution when a malicious actor with local user access crafts a script/program using an IOCTL call in the Foxboro.sys driver. | 7.8 |
| 2023-06-14 | CVE-2023-2570 | Improper Validation of Array Index vulnerability in Schneider-Electric Ecostruxure Foxboro DCS Control Core Services A CWE-129: Improper Validation of Array Index vulnerability exists that could cause local denial-of-service, and potentially kernel execution when a malicious actor with local user access crafts a script/program using an unpredictable index to an IOCTL call in the Foxboro.sys driver. | 7.8 |
| 2023-06-14 | CVE-2023-3001 | Deserialization of Untrusted Data vulnerability in Schneider-Electric Igss Dashboard A CWE-502: Deserialization of Untrusted Data vulnerability exists in the Dashboard module that could cause an interpretation of malicious payload data, potentially leading to remote code execution when an attacker gets the user to open a malicious file. | 7.8 |
| 2023-05-22 | CVE-2022-46680 | Cleartext Transmission of Sensitive Information vulnerability in Schneider-Electric products A CWE-319: Cleartext transmission of sensitive information vulnerability exists that could cause disclosure of sensitive information, denial of service, or modification of data if an attacker is able to intercept network traffic. | 9.8 |
| 2023-05-16 | CVE-2023-2161 | XXE vulnerability in Schneider-Electric OPC Factory Server A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause unauthorized read access to the file system when a malicious configuration file is loaded on to the software by a local user. | 5.5 |
| 2023-04-19 | CVE-2023-25620 | Improper Check for Unusual or Exceptional Conditions vulnerability in Schneider-Electric products A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause denial of service of the controller when a malicious project file is loaded onto the controller by an authenticated user. | 6.5 |
| 2023-04-19 | CVE-2023-25619 | Improper Check for Unusual or Exceptional Conditions vulnerability in Schneider-Electric products A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause denial of service of the controller when communicating over the Modbus TCP protocol. | 7.5 |
| 2023-04-18 | CVE-2023-28004 | Improper Validation of Array Index vulnerability in Schneider-Electric Powerlogic Hdpm6000 Firmware A CWE-129: Improper validation of an array index vulnerability exists where a specially crafted Ethernet request could result in denial of service or remote code execution. | 9.8 |
| 2023-04-18 | CVE-2023-29410 | Improper Input Validation vulnerability in Schneider-Electric products A CWE-20: Improper Input Validation vulnerability exists that could allow an authenticated attacker to gain the same privilege as the application on the server when a malicious payload is provided over HTTP for the server to execute. | 8.8 |
| 2023-04-18 | CVE-2023-28003 | Insufficient Session Expiration vulnerability in Schneider-Electric Ecostruxure Power Monitoring Expert A CWE-613: Insufficient Session Expiration vulnerability exists that could allow an attacker to maintain unauthorized access over a hijacked session in PME after the legitimate user has signed out of their account. | 8.8 |