Vulnerabilities > Schneider Electric
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-02-13 | CVE-2016-8352 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Schneider-Electric Connexium Firmware An issue was discovered in Schneider Electric ConneXium firewalls TCSEFEC23F3F20 all versions, TCSEFEC23F3F21 all versions, TCSEFEC23FCF20 all versions, TCSEFEC23FCF21 all versions, and TCSEFEC2CF3F20 all versions. | 7.5 |
| 2017-02-13 | CVE-2016-5818 | Use of Hard-coded Credentials vulnerability in Schneider-Electric Powerlogic Pm8Ecc Firmware 2.651 An issue was discovered in Schneider Electric PowerLogic PM8ECC device 2.651 and older. | 7.5 |
| 2017-02-13 | CVE-2016-5815 | Improper Access Control vulnerability in Schneider-Electric products An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. | 7.5 |
| 2017-02-13 | CVE-2016-5809 | Cross-Site Request Forgery (CSRF) vulnerability in Schneider-Electric products An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. | 6.8 |
| 2016-07-15 | CVE-2016-4529 | Unspecified vulnerability in Schneider-Electric Somachine Hvac Firmware 2.0.2 An unspecified ActiveX control in Schneider Electric SoMachine HVAC Programming Software for M171/M172 Controllers before 2.1.0 allows remote attackers to execute arbitrary code via unknown vectors, related to the INTERFACESAFE_FOR_UNTRUSTED_CALLER (aka safe for scripting) flag. | 7.5 |
| 2016-07-15 | CVE-2016-4520 | Unspecified vulnerability in Schneider-Electric Pelco Digital Sentry Video Management System Firmware Schneider Electric Pelco Digital Sentry Video Management System with firmware before 7.14 has hardcoded credentials, which allows remote attackers to obtain access, and consequently execute arbitrary code, via unspecified vectors. | 10.0 |
| 2016-06-26 | CVE-2016-4513 | Cross-site Scripting vulnerability in Schneider-Electric Powerlogic Pm8Ecc Firmware Cross-site scripting (XSS) vulnerability in the Schneider Electric PowerLogic PM8ECC module before 2.651 for PowerMeter 800 devices allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2016-04-06 | CVE-2016-2292 | Out-of-bounds Write vulnerability in Schneider-Electric products Stack-based buffer overflow in Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before 4.05.000, PFXEXEDLS before 4.05.000, and PFXEXGRPLS before 4.05.000 allows remote attackers to execute arbitrary code via unspecified vectors. | 4.3 |
| 2016-04-06 | CVE-2016-2291 | Out-of-bounds Read vulnerability in Schneider-Electric products Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before 4.05.000, PFXEXEDLS before 4.05.000, and PFXEXGRPLS before 4.05.000 allow remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors. | 4.3 |
| 2016-04-06 | CVE-2016-2290 | Out-of-bounds Write vulnerability in Schneider-Electric products Heap-based buffer overflow in Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before 4.05.000, PFXEXEDLS before 4.05.000, and PFXEXGRPLS before 4.05.000 allows remote attackers to execute arbitrary code via unspecified vectors. | 6.8 |