Vulnerabilities > Schneider Electric
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-08-29 | CVE-2018-7791 | Improper Authentication vulnerability in Schneider-Electric Modicon M221 Firmware 1.1.1.5 A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). | 7.5 |
| 2018-08-29 | CVE-2018-7790 | Authentication Bypass by Capture-replay vulnerability in Schneider-Electric Modicon M221 Firmware 1.1.1.5 An Information Management Error vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). | 7.5 |
| 2018-08-29 | CVE-2018-7795 | Cross-site Scripting vulnerability in Schneider-Electric Powerlogic Pm5560 Firmware A Cross Protocol Injection vulnerability exists in Schneider Electric's PowerLogic (PM5560 prior to FW version 2.5.4) product. | 4.3 |
| 2018-08-29 | CVE-2018-7789 | Improper Check for Unusual or Exceptional Conditions vulnerability in Schneider-Electric Modicon M221 Firmware 1.1.1.5 An Improper Check for Unusual or Exceptional Conditions vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). | 7.8 |
| 2018-07-10 | CVE-2018-3693 | Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis. | 4.7 |
| 2018-07-03 | CVE-2018-7787 | Improper Input Validation vulnerability in Schneider-Electric U.Motion Builder 1.2.1 In Schneider Electric U.motion Builder software versions prior to v1.3.4, this vulnerability is due to improper validation of input of context parameter in HTTP GET request. | 5.0 |
| 2018-07-03 | CVE-2018-7786 | Cross-site Scripting vulnerability in Schneider-Electric U.Motion Builder 1.2.1 In Schneider Electric U.motion Builder software versions prior to v1.3.4, a cross site scripting (XSS) vulnerability exists which could allow injection of malicious scripts. | 4.3 |
| 2018-07-03 | CVE-2018-7785 | Command Injection vulnerability in Schneider-Electric U.Motion Builder 1.2.1 In Schneider Electric U.motion Builder software versions prior to v1.3.4, a remote command injection allows authentication bypass. | 7.5 |
| 2018-07-03 | CVE-2018-7784 | Improper Input Validation vulnerability in Schneider-Electric U.Motion In Schneider Electric U.motion Builder software versions prior to v1.3.4, this exploit occurs when the submitted data of an input string is evaluated as a command by the application. | 7.5 |
| 2018-07-03 | CVE-2018-7783 | XXE vulnerability in Schneider-Electric Somachine Basic Schneider Electric SoMachine Basic prior to v1.6 SP1 suffers from an XML External Entity (XXE) vulnerability using the DTD parameter entities technique resulting in disclosure and retrieval of arbitrary data on the affected node via out-of-band (OOB) attack. | 5.0 |