Vulnerabilities > Schneider Electric
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-19 | CVE-2020-7569 | Unspecified vulnerability in Schneider-Electric Webreports 1.9/3.1 A CWE-434 Unrestricted Upload of File with Dangerous Type vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause an authenticated remote user being able to upload arbitrary files due to incorrect verification of user supplied files and achieve remote code execution. | 8.8 |
| 2020-11-19 | CVE-2020-7568 | Unspecified vulnerability in Schneider-Electric Modicon M221 Firmware A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Modicon M221 (all references, all versions) that could allow non sensitive information disclosure when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller. low complexity schneider-electric | 4.3 |
| 2020-11-19 | CVE-2020-7567 | Unspecified vulnerability in Schneider-Electric Modicon M221 Firmware A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to find the password hash when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller and broke the encryption keys. low complexity schneider-electric | 5.7 |
| 2020-11-19 | CVE-2020-7566 | Unspecified vulnerability in Schneider-Electric Modicon M221 Firmware A CWE-334: Small Space of Random Values vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to break the encryption keys when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller. low complexity schneider-electric | 7.3 |
| 2020-11-19 | CVE-2020-7565 | Unspecified vulnerability in Schneider-Electric Modicon M221 Firmware A CWE-326: Inadequate Encryption Strength vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to break the encryption key when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller. low complexity schneider-electric | 7.3 |
| 2020-11-19 | CVE-2020-7561 | Unspecified vulnerability in Schneider-Electric Easergy T300 Firmware 1.5.2/2.7 A CWE-306: Missing Authentication for Critical Function vulnerability exists in Easergy T300 (with firmware 2.7 and older) that could cause a wide range of problems, including information exposure, denial of service, and command execution when access to a resource from an attacker is not restricted or incorrectly restricted. | 9.8 |
| 2020-11-19 | CVE-2020-7559 | Unspecified vulnerability in Schneider-Electric Ecostruxure Control Expert A CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause a crash of the PLC simulator present in EcoStruxureª Control Expert software when receiving a specially crafted request over Modbus. | 7.5 |
| 2020-11-19 | CVE-2020-7558 | Unspecified vulnerability in Schneider-Electric Interactive Graphical Scada System A CWE-787 Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition. | 7.8 |
| 2020-11-19 | CVE-2020-7557 | Unspecified vulnerability in Schneider-Electric Interactive Graphical Scada System A CWE-125 Out-of-bounds Read vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition. | 7.8 |
| 2020-11-19 | CVE-2020-7556 | Unspecified vulnerability in Schneider-Electric Interactive Graphical Scada System A CWE-787 Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition. | 7.8 |