Vulnerabilities > Schneider Electric

DATE CVE VULNERABILITY TITLE RISK
2018-03-09 CVE-2018-7229 Use of Hard-coded Credentials vulnerability in Schneider-Electric products
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow an unauthenticated, remote attacker to bypass authentication and gain administrator privileges because the use of hardcoded credentials.
network
low complexity
schneider-electric CWE-798
critical
9.8
2018-03-09 CVE-2018-7228 Improper Authentication vulnerability in Schneider-Electric products
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow an unauthenticated, remote attacker to bypass authentication and get the administrator privileges.
network
low complexity
schneider-electric CWE-287
critical
9.8
2018-03-09 CVE-2018-7227 Improper Authentication vulnerability in Schneider-Electric products
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow retrieving of specially crafted URLs without authentication that can reveal sensitive information to an attacker.
network
low complexity
schneider-electric CWE-287
5.3
2018-02-12 CVE-2017-9970 Unrestricted Upload of File with Dangerous Type vulnerability in Schneider-Electric Struxureon Gateway 1.1.3
A remote code execution vulnerability exists in Schneider Electric's StruxureOn Gateway versions 1.1.3 and prior.
network
low complexity
schneider-electric CWE-434
7.2
2018-02-12 CVE-2017-9969 Insufficiently Protected Credentials vulnerability in Schneider-Electric Igss Mobile 3.01
An information disclosure vulnerability exists in Schneider Electric's IGSS Mobile application version 3.01 and prior.
local
low complexity
schneider-electric CWE-522
6.7
2018-02-12 CVE-2017-9968 Improper Certificate Validation vulnerability in Schneider-Electric Igss Mobile 3.01
A security misconfiguration vulnerability exists in Schneider Electric's IGSS Mobile application versions 3.01 and prior in which a lack of certificate pinning during the TLS/SSL connection establishing process can result in a man-in-the-middle attack.
network
high complexity
schneider-electric CWE-295
5.9
2018-02-12 CVE-2017-9967 Unspecified vulnerability in Schneider-Electric Interactive Graphical Scada System 10.0/12.0/9.0
A security misconfiguration vulnerability exists in Schneider Electric's IGSS SCADA Software versions 12 and prior.
local
low complexity
schneider-electric
7.8
2018-02-12 CVE-2017-9963 Cross-Site Request Forgery (CSRF) vulnerability in Schneider-Electric Powerscada Anywhere 1.0
A cross-site request forgery vulnerability exists on the Secure Gateway component of Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 for multiple state-changing requests.
network
low complexity
schneider-electric CWE-352
8.1
2018-01-18 CVE-2018-2678 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). 4.3
2018-01-18 CVE-2018-2677 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT). 4.3