Vulnerabilities > Schneider Electric
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-08-31 | CVE-2020-7527 | Incorrect Default Permissions vulnerability in Schneider-Electric Somove 1.7/2.8.1 Incorrect Default Permission vulnerability exists in SoMove (V2.8.1) and prior which could cause elevation of privilege and provide full access control to local system users to SoMove component and services when a SoMove installer script is launched. | 4.6 |
| 2020-08-31 | CVE-2020-7525 | Improper Restriction of Excessive Authentication Attempts vulnerability in Schneider-Electric Spacelynk Firmware and Wiser FOR KNX Firmware Improper Restriction of Excessive Authentication Attempts vulnerability exists in all hardware versions of spaceLYnk and Wiser for KNX (formerly homeLYnk) which could allow an attacker to guess a password when brute force is used. | 5.0 |
| 2020-08-31 | CVE-2020-7524 | Out-of-bounds Write vulnerability in Schneider-Electric Modicon M218 Firmware 4.3/5.0.0.7 Out-of-bounds Write vulnerability exists in Modicon M218 Logic Controller (V5.0.0.7 and prior) which could cause Denial of Service when sending specific crafted IPV4 packet to the controller: Sending a specific IPv4 protocol package to Schneider Electric Modicon M218 Logic Controller can cause IPv4 devices to go down. | 5.0 |
| 2020-08-31 | CVE-2020-7523 | Improper Privilege Management vulnerability in Schneider-Electric Modbus Driver Suite and Modbus Serial Driver Improper Privilege Management vulnerability exists in Schneider Electric Modbus Serial Driver (see security notification for versions) which could cause local privilege escalation when the Modbus Serial Driver service is invoked. | 4.4 |
| 2020-08-31 | CVE-2020-7522 | Path Traversal vulnerability in Schneider-Electric APC Easy UPS Online Software 2.0 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in SFAPV9601 - APC Easy UPS On-Line Software (V2.0 and earlier) when accessing a vulnerable method of `SoundUploadServlet` which may lead to uploading executable files to non-specified directories. | 7.5 |
| 2020-08-31 | CVE-2020-7521 | Path Traversal vulnerability in Schneider-Electric APC Easy UPS Online Software 2.0 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in SFAPV9601 - APC Easy UPS On-Line Software (V2.0 and earlier) when accessing a vulnerable method of `FileUploadServlet` which may lead to uploading executable files to non-specified directories. | 7.5 |
| 2020-07-23 | CVE-2020-7520 | Open Redirect vulnerability in Schneider-Electric Software Update Utility A CWE-601: URL Redirection to Untrusted Site ('Open Redirect') vulnerability exists in Schneider Electric Software Update (SESU), V2.4.0 and prior, which could cause execution of malicious code on the victim's machine. | 4.0 |
| 2020-07-23 | CVE-2020-7519 | Weak Password Requirements vulnerability in Schneider-Electric Easergy Builder 1.4.7.2 A CWE-521: Weak Password Requirements vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker to compromise a user account. | 5.0 |
| 2020-07-23 | CVE-2020-7518 | Improper Input Validation vulnerability in Schneider-Electric Easergy Builder 1.4.7.2 A CWE-20: Improper input validation vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker to modify project configuration files. | 5.0 |
| 2020-07-23 | CVE-2020-7517 | Cleartext Storage of Sensitive Information vulnerability in Schneider-Electric Easergy Builder 1.4.7.2 A CWE-312: Cleartext Storage of Sensitive Information vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker to read user credentials. | 2.1 |