Vulnerabilities > Schneider Electric
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-04-22 | CVE-2020-7487 | Insufficient Verification of Data Authenticity vulnerability in Schneider-Electric products A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists which could allow the attacker to execute malicious code on the Modicon M218, M241, M251, and M258 controllers. | 9.8 |
| 2020-04-22 | CVE-2019-6859 | Use of Hard-coded Credentials vulnerability in Schneider-Electric products A CWE-798: Use of Hardcoded Credentials vulnerability exists in Modicon Controllers (All versions of the following CPUs and Communication Module product references listed in the Security Notifications), which could cause the disclosure of FTP hardcoded credentials when using the Web server of the controller on an unsecure network. | 7.5 |
| 2020-04-16 | CVE-2020-7486 | Resource Exhaustion vulnerability in Schneider-Electric products **VERSION NOT SUPPORTED WHEN ASSIGNED** A vulnerability could cause TCM modules to reset when under high network load in TCM v10.4.x and in system v10.3.x. | 7.5 |
| 2020-04-16 | CVE-2020-7485 | Unspecified vulnerability in Schneider-Electric Tristation 1131 **VERSION NOT SUPPORTED WHEN ASSIGNED** A legacy support account in the TriStation software version v4.9.0 and earlier could cause improper access to the TriStation host machine. | 9.8 |
| 2020-04-16 | CVE-2020-7484 | Unspecified vulnerability in Schneider-Electric Tristation 1131 **VERSION NOT SUPPORTED WHEN ASSIGNED** A vulnerability with the former 'password' feature could allow a denial of service attack if the user is not following documented guidelines pertaining to dedicated TriStation connection and key-switch protection. | 7.5 |
| 2020-04-16 | CVE-2020-7483 | Cleartext Transmission of Sensitive Information vulnerability in Schneider-Electric Tristation 1131 **VERSION NOT SUPPORTED WHEN ASSIGNED** A vulnerability could cause certain data to be visible on the network when the 'password' feature is enabled. | 7.5 |
| 2020-03-23 | CVE-2020-7482 | Cross-site Scripting vulnerability in Schneider-Electric products A CWE-79:Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists Andover Continuum (All versions), which could cause a Reflective Cross-site Scripting (XSS attack) when using the products' web server. | 6.1 |
| 2020-03-23 | CVE-2020-7481 | Cross-site Scripting vulnerability in Schneider-Electric products A CWE-79:Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists Andover Continuum (All versions), which could enable a successful Cross-site Scripting (XSS attack) when using the products' web server. | 6.1 |
| 2020-03-23 | CVE-2020-7480 | Code Injection vulnerability in Schneider-Electric products A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists in Andover Continuum (All versions), which could cause files on the application server filesystem to be viewable when an attacker interferes with an application's processing of XML data. | 9.8 |
| 2020-03-23 | CVE-2020-7479 | Missing Authentication for Critical Function vulnerability in Schneider-Electric Interactive Graphical Scada System 14.0/14.0.0.19120 A CWE-306: Missing Authentication for Critical Function vulnerability exists in IGSS (Versions 14 and prior using the service: IGSSupdate), which could allow a local user to execute processes that otherwise require escalation privileges when sending local network commands to the IGSS Update Service. | 7.8 |