Vulnerabilities > Schneider Electric
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-08-31 | CVE-2020-7524 | Out-of-bounds Write vulnerability in Schneider-Electric Modicon M218 Firmware 4.3/5.0.0.7 Out-of-bounds Write vulnerability exists in Modicon M218 Logic Controller (V5.0.0.7 and prior) which could cause Denial of Service when sending specific crafted IPV4 packet to the controller: Sending a specific IPv4 protocol package to Schneider Electric Modicon M218 Logic Controller can cause IPv4 devices to go down. | 7.5 |
| 2020-08-31 | CVE-2020-7523 | Improper Privilege Management vulnerability in Schneider-Electric Modbus Driver Suite and Modbus Serial Driver Improper Privilege Management vulnerability exists in Schneider Electric Modbus Serial Driver (see security notification for versions) which could cause local privilege escalation when the Modbus Serial Driver service is invoked. | 7.8 |
| 2020-08-31 | CVE-2020-7522 | Path Traversal vulnerability in Schneider-Electric APC Easy UPS Online Software 2.0 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in SFAPV9601 - APC Easy UPS On-Line Software (V2.0 and earlier) when accessing a vulnerable method of `SoundUploadServlet` which may lead to uploading executable files to non-specified directories. | 9.8 |
| 2020-08-31 | CVE-2020-7521 | Path Traversal vulnerability in Schneider-Electric APC Easy UPS Online Software 2.0 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in SFAPV9601 - APC Easy UPS On-Line Software (V2.0 and earlier) when accessing a vulnerable method of `FileUploadServlet` which may lead to uploading executable files to non-specified directories. | 9.8 |
| 2020-07-23 | CVE-2020-7520 | Open Redirect vulnerability in Schneider-Electric Software Update Utility A CWE-601: URL Redirection to Untrusted Site ('Open Redirect') vulnerability exists in Schneider Electric Software Update (SESU), V2.4.0 and prior, which could cause execution of malicious code on the victim's machine. | 4.7 |
| 2020-07-23 | CVE-2020-7519 | Weak Password Requirements vulnerability in Schneider-Electric Easergy Builder 1.4.7.2 A CWE-521: Weak Password Requirements vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker to compromise a user account. | 7.5 |
| 2020-07-23 | CVE-2020-7518 | Improper Input Validation vulnerability in Schneider-Electric Easergy Builder 1.4.7.2 A CWE-20: Improper input validation vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker to modify project configuration files. | 7.5 |
| 2020-07-23 | CVE-2020-7517 | Cleartext Storage of Sensitive Information vulnerability in Schneider-Electric Easergy Builder 1.4.7.2 A CWE-312: Cleartext Storage of Sensitive Information vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker to read user credentials. | 5.5 |
| 2020-07-23 | CVE-2020-7516 | Cleartext Storage of Sensitive Information vulnerability in Schneider-Electric Easergy Builder 1.4.7.2 A CWE-316: Cleartext Storage of Sensitive Information in Memory vulnerability exists in Easergy Builder V1.4.7.2 and prior which could allow an attacker access to login credentials. | 7.8 |
| 2020-07-23 | CVE-2020-7515 | Use of Hard-coded Credentials vulnerability in Schneider-Electric Easergy Builder 1.4.7.2 A CWE-321: Use of hard-coded cryptographic key stored in cleartext vulnerability exists in Easergy Builder V1.4.7.2 and prior which could allow an attacker to decrypt a password. | 7.8 |