Vulnerabilities > Schneider Electric
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-11 | CVE-2020-7539 | Unspecified vulnerability in Schneider-Electric products A CWE-754 Improper Check for Unusual or Exceptional Conditions vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause a denial of service vulnerability when a specially crafted packet is sent to the controller over HTTP. | 7.5 |
| 2020-12-11 | CVE-2020-7537 | Unspecified vulnerability in Schneider-Electric products A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see security notifications for affected versions), that could cause denial of service when a specially crafted Read Physical Memory request over Modbus is sent to the controller. | 7.5 |
| 2020-12-11 | CVE-2020-7536 | Unspecified vulnerability in Schneider-Electric products A CWE-754:Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M340 CPUs (BMXP34* versions prior to V3.30) Modicon M340 Communication Ethernet modules (BMXNOE0100 (H) versions prior to V3.4 BMXNOE0110 (H) versions prior to V6.6 BMXNOR0200H all versions), that could cause the device to be unreachable when modifying network parameters over SNMP. | 7.5 |
| 2020-12-11 | CVE-2020-7535 | Unspecified vulnerability in Schneider-Electric products A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal' Vulnerability Type) vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause disclosure of information when sending a specially crafted request to the controller over HTTP. | 7.5 |
| 2020-12-11 | CVE-2020-28220 | Unspecified vulnerability in Schneider-Electric Modicon M258 Firmware, Somachine and Somachine Motion A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Modicon M258 Firmware (All versions prior to V5.0.4.11) and SoMachine/SoMachine Motion software (All versions), that could cause a buffer overflow when the length of a file transferred to the webserver is not verified. low complexity schneider-electric | 6.8 |
| 2020-12-11 | CVE-2020-28219 | Unspecified vulnerability in Schneider-Electric products A CWE-522: Insufficiently Protected Credentials vulnerability exists in EcoStruxure Geo SCADA Expert 2019 (Original release and Monthly Updates to September 2020, from 81.7268.1 to 81.7578.1) and EcoStruxure Geo SCADA Expert 2020 (Original release and Monthly Updates to September 2020, from 83.7551.1 to 83.7578.1), that could cause exposure of credentials to server-side users when web users are logged in to Virtual ViewX. | 7.8 |
| 2020-12-11 | CVE-2020-28218 | Unspecified vulnerability in Schneider-Electric Easergy T300 Firmware 1.5.2/2.7 A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists in Easergy T300 (firmware 2.7 and older), that would allow an attacker to trick a user into initiating an unintended action. | 6.5 |
| 2020-12-11 | CVE-2020-28217 | Unspecified vulnerability in Schneider-Electric Easergy T300 Firmware 1.5.2/2.7 A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Easergy T300 (firmware 2.7 and older), that would allow an attacker to read network traffic over HTTP protocol. | 7.5 |
| 2020-12-11 | CVE-2020-28216 | Unspecified vulnerability in Schneider-Electric Easergy T300 Firmware 1.5.2/2.7 A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Easergy T300 (firmware 2.7 and older), that would allow an attacker to read network traffic over HTTP protocol. | 7.5 |
| 2020-12-11 | CVE-2020-28215 | Unspecified vulnerability in Schneider-Electric Easergy T300 Firmware 1.5.2/2.7 A CWE-862: Missing Authorization vulnerability exists in Easergy T300 (firmware 2.7 and older), that could cause a wide range of problems, including information exposures, denial of service, and arbitrary code execution when access control checks are not applied consistently. | 9.8 |