Vulnerabilities > Schneider Electric
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-03-21 | CVE-2015-6462 | Cross-site Scripting vulnerability in Schneider-Electric products Reflected Cross-Site Scripting (nonpersistent) allows an attacker to craft a specific URL, which contains Java script that will be executed on the Schneider Electric Modicon BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, or BMXP342030H PLC client browser. | 5.4 |
| 2019-03-21 | CVE-2015-6461 | Improper Input Validation vulnerability in Schneider-Electric products Remote file inclusion allows an attacker to craft a specific URL referencing the Schneider Electric Modicon BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, or BMXP342030H PLC web server, which, when launched, will result in the browser redirecting to a remote file via a Java script loaded with the web page. | 5.4 |
| 2019-02-06 | CVE-2018-7839 | Cryptographic Issues vulnerability in Schneider-Electric Iiot Monitor 3.1.38 A Cryptographic Issue (CWE-310) vulnerability exists in IIoT Monitor 3.1.38 which could allow information disclosure. | 2.1 |
| 2019-02-06 | CVE-2018-7817 | Use After Free vulnerability in Schneider-Electric Zelio Soft 2 4.6/5.0/5.1 A Use After Free (CWE-416) vulnerability exists in Zelio Soft 2 v5.1 and prior versions which could cause remote code execution when opening a specially crafted Zelio Soft project file. | 6.8 |
| 2019-02-06 | CVE-2018-7815 | Incorrect Type Conversion or Cast vulnerability in Schneider-Electric Guicon 2.0 A Type Confusion (CWE-843) vulnerability exists in Eurotherm by Schneider Electric GUIcon V2.0 (Gold Build 683.0) on c3core.dll which could cause remote code to be executed when parsing a GD1 file | 6.8 |
| 2019-02-06 | CVE-2018-7814 | Out-of-bounds Write vulnerability in Schneider-Electric Guicon 2.0 A Stack-based Buffer Overflow (CWE-121) vulnerability exists in Eurotherm by Schneider Electric GUIcon V2.0 (Gold Build 683.0) which could cause remote code to be executed when parsing a GD1 file | 6.8 |
| 2019-02-06 | CVE-2018-7813 | Incorrect Type Conversion or Cast vulnerability in Schneider-Electric Guicon 2.0 A Type Confusion (CWE-843) vulnerability exists in Eurotherm by Schneider Electric GUIcon V2.0 (Gold Build 683.0) on pcwin.dll which could cause remote code to be executed when parsing a GD1 file | 6.8 |
| 2018-12-24 | CVE-2018-7837 | XXE vulnerability in Schneider-Electric Iiot Monior 3.1.38 An Improper Restriction of XML External Entity Reference ('XXE') vulnerability exists on numerous methods of the IIoT Monitor 3.1.38 software that could allow the software to resolve documents outside of the intended sphere of control, causing the software to embed incorrect documents into its output and expose restricted information. | 5.0 |
| 2018-12-24 | CVE-2018-7836 | Unrestricted Upload of File with Dangerous Type vulnerability in Schneider-Electric Iiot Monitor 3.1.38 An unrestricted Upload of File with Dangerous Type vulnerability exists on numerous methods of the IIoT Monitor 3.1.38 software that could allow upload and execution of malicious files. | 7.5 |
| 2018-12-24 | CVE-2018-7835 | Path Traversal vulnerability in Schneider-Electric Iiot Monior 3.1.38 An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in IIoT Monitor 3.1.38 which could allow access to files available to SYSTEM user. | 7.8 |