Vulnerabilities > Schneider Electric
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-04-18 | CVE-2018-7758 | Insufficient Session Expiration vulnerability in Schneider-Electric products A denial of service vulnerability exists in Schneider Electric's MiCOM Px4x (P540 range excluded) with legacy Ethernet board, MiCOM P540D Range with Legacy Ethernet Board, and MiCOM Px4x Rejuvenated could lose network communication in case of TCP/IP open requests on port 20000 (DNP3oE) if an older TCI/IP session is still open with identical IP address and port number. | 6.5 |
| 2018-04-18 | CVE-2018-7246 | Cleartext Transmission of Sensitive Information vulnerability in Schneider-Electric 66074 MGE Network Management Card Transverse A cleartext transmission of sensitive information vulnerability exists in Schneider Electric's 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. | 9.8 |
| 2018-04-18 | CVE-2018-7245 | Incorrect Authorization vulnerability in Schneider-Electric 66074 MGE Network Management Card Transverse An improper authorization vulnerability exists In Schneider Electric's 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. | 9.1 |
| 2018-04-18 | CVE-2018-7244 | Information Exposure vulnerability in Schneider-Electric 66074 MGE Network Management Card Transverse An information disclosure vulnerability exists In Schneider Electric's 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. | 5.3 |
| 2018-04-18 | CVE-2018-7243 | Unspecified vulnerability in Schneider-Electric 66074 MGE Network Management Card Transverse An authorization bypass vulnerability exists In Schneider Electric's 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. | 9.8 |
| 2018-04-18 | CVE-2018-7242 | Inadequate Encryption Strength vulnerability in Schneider-Electric products Vulnerable hash algorithms exists in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules. | 9.8 |
| 2018-04-18 | CVE-2018-7241 | Use of Hard-coded Credentials vulnerability in Schneider-Electric products Hard coded accounts exist in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules. | 9.8 |
| 2018-04-18 | CVE-2018-7240 | Out-of-bounds Write vulnerability in Schneider-Electric products A vulnerability exists in Schneider Electric's Modicon Quantum in all versions of the communication modules which could allow arbitrary code execution. | 8.8 |
| 2018-03-09 | CVE-2018-7239 | Untrusted Search Path vulnerability in Schneider-Electric products A DLL hijacking vulnerability exists in Schneider Electric's SoMove Software and associated DTM software components in all versions prior to 2.6.2 which could allow an attacker to execute arbitrary code. | 7.8 |
| 2018-03-09 | CVE-2018-7238 | Classic Buffer Overflow vulnerability in Schneider-Electric products A buffer overflow vulnerability exist in the web-based GUI of Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow an unauthenticated, remote attacker to execute arbitrary code. | 9.8 |