Vulnerabilities > Schneider Electric
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-26 | CVE-2017-7970 | Unspecified vulnerability in Schneider-Electric Citect Anywhere and Powerscada Anywhere A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the ability to specify Arbitrary Server Target Nodes in connection requests to the Secure Gateway and Server components. low complexity schneider-electric | 6.5 |
| 2017-09-26 | CVE-2017-7969 | Cross-Site Request Forgery (CSRF) vulnerability in Schneider-Electric Citect Anywhere and Powerscada Anywhere A cross-site request forgery vulnerability exists on the Secure Gateway component of Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 for multiple state-changing requests. | 8.8 |
| 2017-07-07 | CVE-2017-9631 | NULL Pointer Dereference vulnerability in Schneider-Electric Wonderware Archestra Logger 2017.426.2307.1 A Null Pointer Dereference issue was discovered in Schneider Electric Wonderware ArchestrA Logger, versions 2017.426.2307.1 and prior. | 7.5 |
| 2017-07-07 | CVE-2017-9629 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Schneider-Electric Wonderware Archestra Logger 2017.426.2307.1 A Stack-Based Buffer Overflow issue was discovered in Schneider Electric Wonderware ArchestrA Logger, versions 2017.426.2307.1 and prior. | 9.8 |
| 2017-07-07 | CVE-2017-9627 | Resource Exhaustion vulnerability in Schneider-Electric Wonderware Archestra Logger 2017.426.2307.1 An Uncontrolled Resource Consumption issue was discovered in Schneider Electric Wonderware ArchestrA Logger, versions 2017.426.2307.1 and prior. | 8.6 |
| 2017-06-30 | CVE-2017-6034 | Improper Authentication vulnerability in Schneider-Electric Modbus Firmware An Authentication Bypass by Capture-Replay issue was discovered in Schneider Electric Modicon Modbus Protocol. | 9.8 |
| 2017-06-30 | CVE-2017-6032 | Improperly Implemented Security Check for Standard vulnerability in Schneider-Electric Modbus Firmware A Violation of Secure Design Principles issue was discovered in Schneider Electric Modicon Modbus Protocol. | 5.3 |
| 2017-06-30 | CVE-2017-6030 | Insufficient Entropy vulnerability in Schneider-Electric products A Predictable Value Range from Previous Values issue was discovered in Schneider Electric Modicon PLCs Modicon M221, firmware versions prior to Version 1.5.0.0, Modicon M241, firmware versions prior to Version 4.0.5.11, and Modicon M251, firmware versions prior to Version 4.0.5.11. | 6.5 |
| 2017-06-30 | CVE-2017-6028 | Insufficiently Protected Credentials vulnerability in Schneider-Electric Modicon M241 Firmware and Modicon M251 Firmware An Insufficiently Protected Credentials issue was discovered in Schneider Electric Modicon PLCs Modicon M241, all firmware versions, and Modicon M251, all firmware versions. | 9.8 |
| 2017-06-30 | CVE-2017-6026 | Use of Insufficiently Random Values vulnerability in Schneider-Electric Modicon M241 Firmware and Modicon M251 Firmware A Use of Insufficiently Random Values issue was discovered in Schneider Electric Modicon PLCs Modicon M241, firmware versions prior to Version 4.0.5.11, and Modicon M251, firmware versions prior to Version 4.0.5.11. | 9.1 |