Vulnerabilities > Schneider Electric
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-19 | CVE-2020-7554 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Schneider-Electric Interactive Graphical Scada System A CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition. | 6.8 |
| 2020-11-19 | CVE-2020-7553 | Out-of-bounds Write vulnerability in Schneider-Electric Interactive Graphical Scada System A CWE-787 Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition. | 6.8 |
| 2020-11-19 | CVE-2020-7552 | Out-of-bounds Write vulnerability in Schneider-Electric Interactive Graphical Scada System A CWE-787: Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247, that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition. | 6.8 |
| 2020-11-19 | CVE-2020-7551 | Out-of-bounds Write vulnerability in Schneider-Electric Interactive Graphical Scada System A CWE-787: Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247, that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition. | 6.8 |
| 2020-11-19 | CVE-2020-7550 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Schneider-Electric Interactive Graphical Scada System A CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 and prior that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition. | 6.8 |
| 2020-11-19 | CVE-2020-7544 | Improper Privilege Management vulnerability in Schneider-Electric Operator Terminal Expert Runtime 3.1 A CWE-269 Improper Privilege Management vulnerability exists in EcoStruxureª Operator Terminal Expert runtime (Vijeo XD) that could cause privilege escalation on the workstation when interacting directly with a driver installed by the runtime software of EcoStruxureª Operator Terminal Expert. | 7.2 |
| 2020-11-19 | CVE-2020-7538 | Improper Check for Unusual or Exceptional Conditions vulnerability in Schneider-Electric Ecostruxure Control Expert A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause a crash of the PLC simulator present in EcoStruxureª Control Expert software when receiving a specially crafted request over Modbus. | 5.0 |
| 2020-11-19 | CVE-2020-28213 | Download of Code Without Integrity Check vulnerability in Schneider-Electric Ecostruxure Control Expert A CWE-494: Download of Code Without Integrity Check vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause unauthorized command execution when sending specially crafted requests over Modbus. | 6.5 |
| 2020-11-19 | CVE-2020-28212 | Improper Restriction of Excessive Authentication Attempts vulnerability in Schneider-Electric Ecostruxure Control Expert A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause unauthorized command execution when a brute force attack is done over Modbus. | 7.5 |
| 2020-11-19 | CVE-2020-28211 | Incorrect Authorization vulnerability in Schneider-Electric Ecostruxure Control Expert A CWE-863: Incorrect Authorization vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause bypass of authentication when overwriting memory using a debugger. | 4.6 |