Vulnerabilities > Schneider Electric
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-06-07 | CVE-2017-7966 | Uncontrolled Search Path Element vulnerability in Schneider-Electric Somachine 2.1.0 A DLL Hijacking vulnerability in the programming software in Schneider Electric's SoMachine HVAC v2.1.0 allows a remote attacker to execute arbitrary code on the targeted system. | 8.8 |
| 2017-06-07 | CVE-2017-7965 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Schneider-Electric Somachine Hvac 2.1.0 A buffer overflow vulnerability exists in Programming Software executable AlTracePrint.exe, in Schneider Electric's SoMachine HVAC v2.1.0 for Modicon M171/M172 Controller. | 7.3 |
| 2017-05-19 | CVE-2017-7968 | Incorrect Default Permissions vulnerability in Schneider-Electric Wonderware Indusoft web Studio 6.1/7.1/8.0 An Incorrect Default Permissions issue was discovered in Schneider Electric Wonderware InduSoft Web Studio v8.0 Patch 3 and prior versions. | 7.8 |
| 2017-05-19 | CVE-2017-7907 | XXE vulnerability in Schneider-Electric Wonderware Historian Client 2014R2 An Improper XML Parser Configuration issue was discovered in Schneider Electric Wonderware Historian Client 2014 R2 SP1 and prior. | 6.6 |
| 2017-05-09 | CVE-2017-7967 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Schneider-Electric Vampset 2.2.145 All versions of VAMPSET software produced by Schneider Electric, prior to V2.2.189, are susceptible to a memory corruption vulnerability when a corrupted vf2 file is used. | 5.5 |
| 2017-04-30 | CVE-2017-8371 | Insufficiently Protected Credentials vulnerability in Schneider-Electric Struxureware Data Center Expert 7.3.1 Schneider Electric StruxureWare Data Center Expert before 7.4.0 uses cleartext RAM storage for passwords, which might allow remote attackers to obtain sensitive information via unspecified vectors. | 6.8 |
| 2017-04-11 | CVE-2017-7689 | Command Injection vulnerability in Schneider-Electric Homelynk Controller Lss100100 Firmware 1.3.0 A Command Injection vulnerability in Schneider Electric homeLYnk Controller exists in all versions before 1.5.0. | 9.8 |
| 2017-04-07 | CVE-2017-6033 | Uncontrolled Search Path Element vulnerability in Schneider-Electric Interactive Graphical Scada System 10.0/12.0/9.0 A DLL Hijacking issue was discovered in Schneider Electric Interactive Graphical SCADA System (IGSS) Software, Version 12 and previous versions. | 7.8 |
| 2017-04-07 | CVE-2017-6019 | Resource Exhaustion vulnerability in Schneider-Electric Conext Combox 865-1058 Firmware 3.03 An issue was discovered in Schneider Electric Conext ComBox, model 865-1058, all firmware versions prior to V3.03 BN 830. | 7.5 |
| 2017-04-06 | CVE-2017-7575 | Information Exposure vulnerability in Schneider-Electric Modicon Tm221Ce16R Firmware 1.3.3.3 Schneider Electric Modicon TM221CE16R 1.3.3.3 devices allow remote attackers to discover the application-protection password via a \x00\x01\x00\x00\x00\x05\x01\x5a\x00\x03\x00 request to the Modbus port (502/tcp). | 9.8 |