Vulnerabilities > Schneider Electric

DATE CVE VULNERABILITY TITLE RISK
2023-04-18 CVE-2023-29411 Missing Authentication for Critical Function vulnerability in Schneider-Electric products
A CWE-306: Missing Authentication for Critical Function vulnerability exists that could allow changes to administrative credentials, leading to potential remote code execution without requiring prior authentication on the Java RMI interface.
network
low complexity
schneider-electric CWE-306
critical
9.8
2023-04-18 CVE-2023-29412 OS Command Injection vulnerability in Schneider-Electric products
A CWE-78: Improper Handling of Case Sensitivity vulnerability exists that could cause remote code execution when manipulating internal methods through Java RMI interface.
network
low complexity
schneider-electric CWE-78
critical
9.8
2023-04-18 CVE-2023-29413 Missing Authentication for Critical Function vulnerability in Schneider-Electric products
A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause Denial-of-Service when accessed by an unauthenticated user on the Schneider UPS Monitor service.
network
low complexity
schneider-electric CWE-306
7.5
2023-04-18 CVE-2022-34755 Uncontrolled Search Path Element vulnerability in Schneider-Electric Easergy Builder Installer
A CWE-427 - Uncontrolled Search Path Element vulnerability exists that could allow an attacker with a local privileged account to place a specially crafted file on the target machine, which may give the attacker the ability to execute arbitrary code during the installation process initiated by a valid user.
local
high complexity
schneider-electric CWE-427
6.7
2023-04-18 CVE-2022-43376 Cross-site Scripting vulnerability in Schneider-Electric products
A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause code and session manipulation when malicious code is inserted into the browser. Affected Products: NetBotz 4 - 355/450/455/550/570 (V4.7.0 and prior)
network
low complexity
schneider-electric CWE-79
6.1
2023-04-18 CVE-2022-43377 Improper Restriction of Excessive Authentication Attempts vulnerability in Schneider-Electric products
A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could cause account takeover when a brute force attack is performed on the account. Affected Products: NetBotz 4 - 355/450/455/550/570 (V4.7.0 and prior)
network
low complexity
schneider-electric CWE-307
7.5
2023-04-18 CVE-2023-25556 Improper Authentication vulnerability in Schneider-Electric products
A CWE-287: Improper Authentication vulnerability exists that could allow a device to be compromised when a key of less than seven digits is entered and the attacker has access to the KNX installation.
low complexity
schneider-electric CWE-287
8.8
2023-04-18 CVE-2023-1548 Improper Privilege Management vulnerability in Schneider-Electric Ecostruxure Control Expert 15.1
A CWE-269: Improper Privilege Management vulnerability exists that could cause a local user to perform a denial of service through the console server service that is part of EcoStruxure Control Expert.
local
low complexity
schneider-electric CWE-269
5.5
2023-04-18 CVE-2023-27976 Exposure of Resource to Wrong Sphere vulnerability in Schneider-Electric Ecostruxure Control Expert 15.1
A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that could cause remote code execution when a valid user visits a malicious link provided through the web endpoints.
network
low complexity
schneider-electric CWE-668
8.8
2023-03-21 CVE-2023-27979 Insufficient Verification of Data Authenticity vulnerability in Schneider-Electric Custom Reports, Igss Dashboard and Igss Data Server
A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server that could allow the renaming of files in the IGSS project report directory, this could lead to denial of service when an attacker sends specific crafted messages to the Data Server TCP port.
network
low complexity
schneider-electric CWE-345
6.5