Vulnerabilities > Schneider Electric
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-24 | CVE-2018-7801 | Code Injection vulnerability in Schneider-Electric Evlink Parking Firmware 3.1.133/3.2.012 A Code Injection vulnerability exists in EVLink Parking, v3.2.0-12_v1 and earlier, which could enable access with maximum privileges when a remote code execution is performed. | 8.8 |
| 2018-12-24 | CVE-2018-7800 | Use of Hard-coded Credentials vulnerability in Schneider-Electric Evlink Parking Firmware 3.1.133/3.2.012 A Hard-coded Credentials vulnerability exists in EVLink Parking, v3.2.0-12_v1 and earlier, which could enable an attacker to gain access to the device. | 9.8 |
| 2018-12-24 | CVE-2018-7796 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Schneider-Electric Powersuite 2 A Buffer Error vulnerability exists in PowerSuite 2, all released versions (VW3A8104 & Patches), which could cause an overflow in the memcpy function, leading to corruption of data and program instability. | 6.3 |
| 2018-12-24 | CVE-2018-7793 | Unspecified vulnerability in Schneider-Electric products A Credential Management vulnerability exists in FoxView HMI SCADA (All Foxboro DCS, Foxboro Evo, and IA Series versions prior to Foxboro DCS Control Core Services 9.4 (CCS 9.4) and FoxView 10.5.) which could cause unauthorized disclosure, modification, or disruption in service when the password is modified without permission. | 8.7 |
| 2018-12-17 | CVE-2018-7833 | Improper Check for Unusual or Exceptional Conditions vulnerability in Schneider-Electric products An Improper Check for Unusual or Exceptional Conditions vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where an unauthenticated user can send a specially crafted XML data via a POST request to cause the web server to become unavailable | 7.5 |
| 2018-12-17 | CVE-2018-7812 | Information Exposure vulnerability in Schneider-Electric products An Information Exposure through Discrepancy vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where the web server sends different responses in a way that exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not. | 7.5 |
| 2018-12-17 | CVE-2018-7804 | Open Redirect vulnerability in Schneider-Electric products A URL Redirection to Untrusted Site vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where a user clicking on a specially crafted link can be redirected to a URL of the attacker's choosing. | 6.1 |
| 2018-12-17 | CVE-2018-7797 | Open Redirect vulnerability in Schneider-Electric products A URL redirection vulnerability exists in Power Monitoring Expert, Energy Expert (formerly Power Manager) - EcoStruxure Power Monitoring Expert (PME) v8.2 (all editions), EcoStruxure Energy Expert 1.3 (formerly Power Manager), EcoStruxure Power SCADA Operation (PSO) 8.2 Advanced Reports and Dashboards Module, EcoStruxure Power Monitoring Expert (PME) v9.0, EcoStruxure Energy Expert v2.0, and EcoStruxure Power SCADA Operation (PSO) 9.0 Advanced Reports and Dashboards Module which could cause a phishing attack when redirected to a malicious site. | 6.1 |
| 2018-11-30 | CVE-2018-7831 | Cross-site Scripting vulnerability in Schneider-Electric products An Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 allowing an attacker to send a specially crafted URL to a currently authenticated web server user to execute a password change on the web server. | 8.8 |
| 2018-11-30 | CVE-2018-7830 | HTTP Response Splitting vulnerability in Schneider-Electric products Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where a denial of service can occur for ~1 minute by sending a specially crafted HTTP request. | 7.5 |