Vulnerabilities > Schneider Electric
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-03-29 | CVE-2015-0998 | Information Exposure vulnerability in multiple products Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 transmit cleartext credentials, which allows remote attackers to obtain sensitive information by sniffing the network. | 3.3 |
| 2015-03-29 | CVE-2015-0997 | Information Exposure vulnerability in multiple products Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 provide an HMI user interface that lists all valid usernames, which makes it easier for remote attackers to obtain access via a brute-force password-guessing attack. | 5.0 |
| 2015-03-29 | CVE-2015-0996 | Information Exposure vulnerability in multiple products Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 rely on a hardcoded cleartext password to control read access to Project files and Project Configuration files, which makes it easier for local users to obtain sensitive information by discovering this password. | 2.1 |
| 2015-03-14 | CVE-2015-0982 | Classic Buffer Overflow vulnerability in Schneider-Electric Pelco Ds-Nv Buffer overflow in an unspecified DLL in Schneider Electric Pelco DS-NVs before 7.8.90 allows remote attackers to execute arbitrary code via unspecified vectors. | 7.5 |
| 2015-03-14 | CVE-2014-9206 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Schneider-Electric Device Type Manager 3.1.6 Stack-based buffer overflow in Device Type Manager (DTM) 3.1.6 and earlier for Schneider Electric Invensys SRD Control Valve Positioner devices 960 and 991 allows local users to gain privileges via a malformed DLL file. | 6.9 |
| 2015-02-01 | CVE-2014-9200 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Schneider-Electric products Stack-based buffer overflow in an unspecified DLL file in a DTM development kit in Schneider Electric Unity Pro, SoMachine, SoMove, SoMove Lite, Modbus Communication Library 2.2.6 and earlier, CANopen Communication Library 1.0.2 and earlier, EtherNet/IP Communication Library 1.0.0 and earlier, EM X80 Gateway DTM (MB TCP/SL), Advantys DTM for OTB, Advantys DTM for STB, KINOS DTM, SOLO DTM, and Xantrex DTMs allows remote attackers to execute arbitrary code via unspecified vectors. | 7.5 |
| 2015-01-27 | CVE-2014-9198 | Credentials Management vulnerability in Schneider-Electric products The FTP server on the Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware through 1.60 IR 04 has hardcoded credentials, which makes it easier for remote attackers to obtain access via an FTP session. | 10.0 |
| 2015-01-27 | CVE-2014-9197 | Improper Access Control vulnerability in Schneider-Electric products The Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware before 1.60 IR 04 stores rde.jar under the web root with insufficient access control, which allows remote attackers to obtain sensitive setup and configuration information via a direct request. | 7.8 |
| 2015-01-10 | CVE-2014-9190 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Schneider-Electric Wonderware Intouch Access Anywhere Server 10.6/11.0 Stack-based buffer overflow in Schneider Electric Wonderware InTouch Access Anywhere Server 10.6 and 11.0 allows remote attackers to execute arbitrary code via a request for a filename that does not exist. | 10.0 |
| 2014-12-27 | CVE-2014-9188 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Schneider Electric Proclima Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8513 and CVE-2014-8514. | 9.0 |