Vulnerabilities > Schneider Electric
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-13 | CVE-2021-22717 | Unspecified vulnerability in Schneider-Electric C-Bus Toolkit 1.15.7 A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in C-Bus Toolkit (V1.15.7 and prior) that could allow a remote code execution when processing config files. | 8.8 |
| 2021-04-13 | CVE-2021-22716 | Unspecified vulnerability in Schneider-Electric C-Bus Toolkit 1.15.7 A CWE-732: Incorrect Permission Assignment for Critical Resource vulnerability exists that could allow remote code execution when an unprivileged user modifies a file. | 7.8 |
| 2021-03-11 | CVE-2021-22714 | Unspecified vulnerability in Schneider-Electric products A CWE-119:Improper restriction of operations within the bounds of a memory buffer vulnerability exists in PowerLogic ION7400, PM8000 and ION9000 (All versions prior to V3.0.0), which could cause the meter to reboot or allow for remote code execution. | 9.8 |
| 2021-03-11 | CVE-2021-22713 | Unspecified vulnerability in Schneider-Electric products A CWE-119:Improper restriction of operations within the bounds of a memory buffer vulnerability exists in PowerLogic ION8650, ION8800, ION7650, ION7700/73xx, and ION83xx/84xx/85xx/8600 (see security notifcation for affected versions), which could cause the meter to reboot. | 7.5 |
| 2021-03-11 | CVE-2021-22712 | Unspecified vulnerability in Schneider-Electric Interactive Graphical Scada System A CWE-119:Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Interactive Graphical SCADA System (IGSS) Definition (Def.exe) V15.0.0.21041 and prior, which could result in arbitrary read or write conditions when malicious CGF (Configuration Group File) file is imported to IGSS Definition due to an unchecked pointer address. | 7.8 |
| 2021-03-11 | CVE-2021-22711 | Unspecified vulnerability in Schneider-Electric Interactive Graphical Scada System A CWE-119:Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Interactive Graphical SCADA System (IGSS) Definition (Def.exe) V15.0.0.21041 and prior, which could result in arbitrary read or write conditions when malicious CGF (Configuration Group File) file is imported to IGSS Definition due to missing validation of input data. | 7.8 |
| 2021-03-11 | CVE-2021-22710 | Unspecified vulnerability in Schneider-Electric Interactive Graphical Scada System A CWE-119:Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Interactive Graphical SCADA System (IGSS) Definition (Def.exe) V15.0.0.21041 and prior, which could cause remote code execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition. | 7.8 |
| 2021-03-11 | CVE-2021-22709 | Unspecified vulnerability in Schneider-Electric Interactive Graphical Scada System A CWE-119:Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Interactive Graphical SCADA System (IGSS) Definition (Def.exe) V15.0.0.21041 and prior, which could result in loss of data or remote code execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition. | 7.8 |
| 2021-02-19 | CVE-2021-22703 | Unspecified vulnerability in Schneider-Electric products A CWE-319: Cleartext transmission of sensitive information vulnerability exists in PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected versions), that could cause disclosure of user credentials when a malicious actor intercepts HTTP network traffic between a user and the device. | 7.5 |
| 2021-02-19 | CVE-2021-22702 | Unspecified vulnerability in Schneider-Electric products A CWE-319: Cleartext transmission of sensitive information vulnerability exists in PowerLogic ION7400, ION7650, ION7700/73xx, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected versions), that could cause disclosure of user credentials when a malicious actor intercepts Telnet network traffic between a user and the device. | 7.5 |