Vulnerabilities > Schneider Electric
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-16 | CVE-2020-7528 | Unspecified vulnerability in Schneider-Electric Scadapack 7X Remote Connect 3.6.3.574 A CWE-502 Deserialization of Untrusted Data vulnerability exists in SCADAPack 7x Remote Connect (V3.6.3.574 and prior) which could allow arbitrary code execution when an attacker builds a custom .PRJ file containing a malicious serialized buffer. | 7.8 |
| 2020-08-31 | CVE-2020-7527 | Unspecified vulnerability in Schneider-Electric Somove Incorrect Default Permission vulnerability exists in SoMove (V2.8.1) and prior which could cause elevation of privilege and provide full access control to local system users to SoMove component and services when a SoMove installer script is launched. | 7.8 |
| 2020-08-31 | CVE-2020-7525 | Unspecified vulnerability in Schneider-Electric Spacelynk Firmware and Wiser for KNX Firmware Improper Restriction of Excessive Authentication Attempts vulnerability exists in all hardware versions of spaceLYnk and Wiser for KNX (formerly homeLYnk) which could allow an attacker to guess a password when brute force is used. | 7.5 |
| 2020-08-31 | CVE-2020-7524 | Unspecified vulnerability in Schneider-Electric Modicon M218 Firmware 4.3/5.0.0.7 Out-of-bounds Write vulnerability exists in Modicon M218 Logic Controller (V5.0.0.7 and prior) which could cause Denial of Service when sending specific crafted IPV4 packet to the controller: Sending a specific IPv4 protocol package to Schneider Electric Modicon M218 Logic Controller can cause IPv4 devices to go down. | 7.5 |
| 2020-08-31 | CVE-2020-7523 | Unspecified vulnerability in Schneider-Electric Modbus Driver Suite and Modbus Serial Driver Improper Privilege Management vulnerability exists in Schneider Electric Modbus Serial Driver (see security notification for versions) which could cause local privilege escalation when the Modbus Serial Driver service is invoked. | 7.8 |
| 2020-08-31 | CVE-2020-7522 | Unspecified vulnerability in Schneider-Electric APC Easy UPS Online Software 2.0 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in SFAPV9601 - APC Easy UPS On-Line Software (V2.0 and earlier) when accessing a vulnerable method of `SoundUploadServlet` which may lead to uploading executable files to non-specified directories. | 9.8 |
| 2020-08-31 | CVE-2020-7521 | Unspecified vulnerability in Schneider-Electric APC Easy UPS Online Software 2.0 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in SFAPV9601 - APC Easy UPS On-Line Software (V2.0 and earlier) when accessing a vulnerable method of `FileUploadServlet` which may lead to uploading executable files to non-specified directories. | 9.8 |
| 2020-07-23 | CVE-2020-7520 | Open Redirect vulnerability in Schneider-Electric Software Update Utility A CWE-601: URL Redirection to Untrusted Site ('Open Redirect') vulnerability exists in Schneider Electric Software Update (SESU), V2.4.0 and prior, which could cause execution of malicious code on the victim's machine. | 4.7 |
| 2020-07-23 | CVE-2020-7519 | Weak Password Requirements vulnerability in Schneider-Electric Easergy Builder 1.4.7.2 A CWE-521: Weak Password Requirements vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker to compromise a user account. | 7.5 |
| 2020-07-23 | CVE-2020-7518 | Improper Input Validation vulnerability in Schneider-Electric Easergy Builder 1.4.7.2 A CWE-20: Improper input validation vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker to modify project configuration files. | 7.5 |