Vulnerabilities > Schneider Electric
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-08-29 | CVE-2018-7792 | Missing Authorization vulnerability in Schneider-Electric Modicon M221 Firmware 1.1.1.5 A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). | 7.5 |
| 2018-08-29 | CVE-2018-7791 | Improper Authentication vulnerability in Schneider-Electric Modicon M221 Firmware 1.1.1.5 A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). | 9.8 |
| 2018-08-29 | CVE-2018-7790 | Authentication Bypass by Capture-replay vulnerability in Schneider-Electric Modicon M221 Firmware 1.1.1.5 An Information Management Error vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). | 9.8 |
| 2018-08-29 | CVE-2018-7795 | Cross-site Scripting vulnerability in Schneider-Electric Powerlogic Pm5560 Firmware 1.0 A Cross Protocol Injection vulnerability exists in Schneider Electric's PowerLogic (PM5560 prior to FW version 2.5.4) product. | 6.1 |
| 2018-08-29 | CVE-2018-7789 | Improper Check for Unusual or Exceptional Conditions vulnerability in Schneider-Electric Modicon M221 Firmware 1.1.1.5 An Improper Check for Unusual or Exceptional Conditions vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). | 7.5 |
| 2018-07-10 | CVE-2018-3693 | Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis. | 5.6 |
| 2018-07-03 | CVE-2018-7787 | Improper Input Validation vulnerability in Schneider-Electric U.Motion Builder 1.2.1 In Schneider Electric U.motion Builder software versions prior to v1.3.4, this vulnerability is due to improper validation of input of context parameter in HTTP GET request. | 5.3 |
| 2018-07-03 | CVE-2018-7786 | Cross-site Scripting vulnerability in Schneider-Electric U.Motion Builder 1.2.1 In Schneider Electric U.motion Builder software versions prior to v1.3.4, a cross site scripting (XSS) vulnerability exists which could allow injection of malicious scripts. | 6.1 |
| 2018-07-03 | CVE-2018-7785 | Command Injection vulnerability in Schneider-Electric U.Motion Builder 1.2.1 In Schneider Electric U.motion Builder software versions prior to v1.3.4, a remote command injection allows authentication bypass. | 9.8 |
| 2018-07-03 | CVE-2018-7784 | Improper Input Validation vulnerability in Schneider-Electric U.Motion In Schneider Electric U.motion Builder software versions prior to v1.3.4, this exploit occurs when the submitted data of an input string is evaluated as a command by the application. | 9.8 |