Vulnerabilities > Schneider Electric

DATE CVE VULNERABILITY TITLE RISK
2023-05-16 CVE-2023-2161 XXE vulnerability in Schneider-Electric OPC Factory Server
A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause unauthorized read access to the file system when a malicious configuration file is loaded on to the software by a local user. 
local
low complexity
schneider-electric CWE-611
5.5
2023-04-19 CVE-2023-25620 Improper Check for Unusual or Exceptional Conditions vulnerability in Schneider-Electric products
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause denial of service of the controller when a malicious project file is loaded onto the controller by an authenticated user.
network
low complexity
schneider-electric CWE-754
6.5
2023-04-19 CVE-2023-25619 Improper Check for Unusual or Exceptional Conditions vulnerability in Schneider-Electric products
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause denial of service of the controller when communicating over the Modbus TCP protocol.
network
low complexity
schneider-electric CWE-754
7.5
2023-04-18 CVE-2023-28004 Improper Validation of Array Index vulnerability in Schneider-Electric Powerlogic Hdpm6000 Firmware
A CWE-129: Improper validation of an array index vulnerability exists where a specially crafted Ethernet request could result in denial of service or remote code execution.
network
low complexity
schneider-electric CWE-129
critical
9.8
2023-04-18 CVE-2023-29410 Improper Input Validation vulnerability in Schneider-Electric products
A CWE-20: Improper Input Validation vulnerability exists that could allow an authenticated attacker to gain the same privilege as the application on the server when a malicious payload is provided over HTTP for the server to execute.
network
low complexity
schneider-electric CWE-20
8.8
2023-04-18 CVE-2023-28003 Insufficient Session Expiration vulnerability in Schneider-Electric Ecostruxure Power Monitoring Expert
A CWE-613: Insufficient Session Expiration vulnerability exists that could allow an attacker to maintain unauthorized access over a hijacked session in PME after the legitimate user has signed out of their account.
network
low complexity
schneider-electric CWE-613
8.8
2023-04-18 CVE-2022-43378 Improper Restriction of Rendered UI Layers or Frames vulnerability in Schneider-Electric products
A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause the user to be tricked into performing unintended actions when external address frames are not properly restricted. Affected Products: NetBotz 4 - 355/450/455/550/570 (V4.7.0 and prior)
network
low complexity
schneider-electric CWE-1021
6.5
2023-04-18 CVE-2023-25547 Incorrect Authorization vulnerability in Schneider-Electric Struxureware Data Center Expert
A CWE-863: Incorrect Authorization vulnerability exists that could allow remote code execution on upload and install packages when a hacker is using a low privileged user account.
network
low complexity
schneider-electric CWE-863
8.8
2023-04-18 CVE-2023-25548 Incorrect Authorization vulnerability in Schneider-Electric Struxureware Data Center Expert
A CWE-863: Incorrect Authorization vulnerability exists that could allow access to device credentials on specific DCE endpoints not being properly secured when a hacker is using a low privileged user.
network
low complexity
schneider-electric CWE-863
6.5
2023-04-18 CVE-2023-25549 Code Injection vulnerability in Schneider-Electric Struxureware Data Center Expert
A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that allows for remote code execution when using a parameter of the DCE network settings endpoint.
network
low complexity
schneider-electric CWE-94
critical
9.8