Vulnerabilities > Schneider Electric
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-03-09 | CVE-2018-7229 | Use of Hard-coded Credentials vulnerability in Schneider-Electric products A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow an unauthenticated, remote attacker to bypass authentication and gain administrator privileges because the use of hardcoded credentials. | 9.8 |
2018-03-09 | CVE-2018-7228 | Improper Authentication vulnerability in Schneider-Electric products A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow an unauthenticated, remote attacker to bypass authentication and get the administrator privileges. | 9.8 |
2018-03-09 | CVE-2018-7227 | Improper Authentication vulnerability in Schneider-Electric products A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow retrieving of specially crafted URLs without authentication that can reveal sensitive information to an attacker. | 5.3 |
2018-02-12 | CVE-2017-9970 | Unrestricted Upload of File with Dangerous Type vulnerability in Schneider-Electric Struxureon Gateway 1.1.3 A remote code execution vulnerability exists in Schneider Electric's StruxureOn Gateway versions 1.1.3 and prior. | 7.2 |
2018-02-12 | CVE-2017-9969 | Insufficiently Protected Credentials vulnerability in Schneider-Electric Igss Mobile 3.01 An information disclosure vulnerability exists in Schneider Electric's IGSS Mobile application version 3.01 and prior. | 6.7 |
2018-02-12 | CVE-2017-9968 | Improper Certificate Validation vulnerability in Schneider-Electric Igss Mobile 3.01 A security misconfiguration vulnerability exists in Schneider Electric's IGSS Mobile application versions 3.01 and prior in which a lack of certificate pinning during the TLS/SSL connection establishing process can result in a man-in-the-middle attack. | 5.9 |
2018-02-12 | CVE-2017-9967 | Unspecified vulnerability in Schneider-Electric Interactive Graphical Scada System 10.0/12.0/9.0 A security misconfiguration vulnerability exists in Schneider Electric's IGSS SCADA Software versions 12 and prior. | 7.8 |
2018-02-12 | CVE-2017-9963 | Cross-Site Request Forgery (CSRF) vulnerability in Schneider-Electric Powerscada Anywhere 1.0 A cross-site request forgery vulnerability exists on the Secure Gateway component of Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 for multiple state-changing requests. | 8.1 |
2018-01-18 | CVE-2018-2678 | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). | 4.3 |
2018-01-18 | CVE-2018-2677 | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT). | 4.3 |