Vulnerabilities > Schneider Electric
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-19 | CVE-2020-7568 | Information Exposure vulnerability in Schneider-Electric Modicon M221 Firmware A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Modicon M221 (all references, all versions) that could allow non sensitive information disclosure when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller. | 3.3 |
| 2020-11-19 | CVE-2020-7567 | Missing Encryption of Sensitive Data vulnerability in Schneider-Electric Modicon M221 Firmware A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to find the password hash when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller and broke the encryption keys. | 2.9 |
| 2020-11-19 | CVE-2020-7566 | Small Space of Random Values vulnerability in Schneider-Electric Modicon M221 Firmware A CWE-334: Small Space of Random Values vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to break the encryption keys when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller. | 4.3 |
| 2020-11-19 | CVE-2020-7565 | Inadequate Encryption Strength vulnerability in Schneider-Electric Modicon M221 Firmware A CWE-326: Inadequate Encryption Strength vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to break the encryption key when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller. | 4.3 |
| 2020-11-19 | CVE-2020-7561 | Improper Access Control vulnerability in Schneider-Electric Easergy T300 Firmware 1.5.2/2.7 A CWE-306: Missing Authentication for Critical Function vulnerability exists in Easergy T300 (with firmware 2.7 and older) that could cause a wide range of problems, including information exposure, denial of service, and command execution when access to a resource from an attacker is not restricted or incorrectly restricted. | 9.8 |
| 2020-11-19 | CVE-2020-7559 | Classic Buffer Overflow vulnerability in Schneider-Electric Ecostruxure Control Expert A CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause a crash of the PLC simulator present in EcoStruxureª Control Expert software when receiving a specially crafted request over Modbus. | 5.0 |
| 2020-11-19 | CVE-2020-7558 | Out-of-bounds Write vulnerability in Schneider-Electric Interactive Graphical Scada System A CWE-787 Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition. | 6.8 |
| 2020-11-19 | CVE-2020-7557 | Out-of-bounds Read vulnerability in Schneider-Electric Interactive Graphical Scada System A CWE-125 Out-of-bounds Read vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition. | 6.8 |
| 2020-11-19 | CVE-2020-7556 | Out-of-bounds Write vulnerability in Schneider-Electric Interactive Graphical Scada System A CWE-787 Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition. | 6.8 |
| 2020-11-19 | CVE-2020-7555 | Out-of-bounds Write vulnerability in Schneider-Electric Interactive Graphical Scada System A CWE-787 Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition. | 6.8 |