Vulnerabilities > Schneider Electric
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-02-26 | CVE-2013-2824 | Unspecified vulnerability in Schneider-Electric products Schneider Electric StruxureWare SCADA Expert Vijeo Citect 7.40, Vijeo Citect 7.20 through 7.30SP1, CitectSCADA 7.20 through 7.30SP1, StruxureWare PowerSCADA Expert 7.30 through 7.30SR1, and PowerLogic SCADA 7.20 through 7.20SR1 do not properly handle exceptions, which allows remote attackers to cause a denial of service via a crafted packet. | 7.8 |
| 2014-01-31 | CVE-2013-6143 | Improper Input Validation vulnerability in Schneider-Electric Telvent Sage 3030 Firmware C3413500001D3P4/C3413500001F0Pb The Schneider Electric Telvent SAGE 3030 RTU with firmware C3413-500-001D3_P4 and C3413-500-001F0_PB allows remote attackers to cause a denial of service (temporary outage and CPU consumption) via malformed DNP3 traffic. | 5.0 |
| 2013-08-28 | CVE-2013-2782 | Cryptographic Issues vulnerability in Schneider-Electric Tburjr900 and Tburjr900 Firmware Schneider Electric Trio J-Series License Free Ethernet Radio with firmware 3.6.0 through 3.6.3 uses the same AES encryption key across different customers' installations, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation. | 9.3 |
| 2013-08-09 | CVE-2013-2796 | Permissions, Privileges, and Access Controls vulnerability in Schneider-Electric Citectscada, Powerlogic Scada and Vijeo Citect Schneider Electric Vijeo Citect 7.20 and earlier, CitectSCADA 7.20 and earlier, and PowerLogic SCADA 7.20 and earlier allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | 6.9 |
| 2013-04-19 | CVE-2013-3075 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Multiple buffer overflows in ActUWzd.dll 1.0.0.1 in Mitsubishi MX Component 3, as distributed in Citect CitectFacilities 7.10 and CitectScada 7.10r1, allow remote attackers to execute arbitrary code via a long string, as demonstrated by a long WzTitle property value to a certain ActiveX control. | 10.0 |
| 2013-04-18 | CVE-2013-0687 | Permissions, Privileges, and Access Controls vulnerability in Schneider-Electric Micom S1 Studio The installer routine in Schneider Electric MiCOM S1 Studio uses world-writable permissions for executable files, which allows local users to modify the service or the configuration files, and consequently gain privileges or trigger incorrect protective-relay operation, via a Trojan horse executable file. | 6.6 |
| 2013-04-04 | CVE-2013-2762 | Cross-Site Request Forgery (CSRF) vulnerability in Schneider-Electric Magelis XBT HMI The Schneider Electric Magelis XBT HMI controller has a default password for authentication of configuration uploads, which makes it easier for remote attackers to bypass intended access restrictions via crafted configuration data. | 10.0 |
| 2013-04-04 | CVE-2013-2761 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Schneider-Electric Modicon M340 Bmxnoe01Xx/Bmxp3420Xx The Schneider Electric M340 BMXNOE01xx and BMXP3420xx PLC modules allow remote authenticated users to cause a denial of service (module crash) via crafted FTP traffic, as demonstrated by the FileZilla FTP client. | 4.0 |
| 2013-04-04 | CVE-2013-0664 | Unspecified vulnerability in Schneider-Electric Modicon M340, Modicon Premium and Modicon Quantum PLC The FactoryCast service on the Schneider Electric Quantum 140NOE77111 and 140NWM10000, M340 BMXNOE0110x, and Premium TSXETY5103 PLC modules allows remote authenticated users to send Modbus messages, and consequently execute arbitrary code, by embedding these messages in SOAP HTTP POST requests. network schneider-electric | 8.5 |
| 2013-04-04 | CVE-2013-0663 | Cross-Site Request Forgery (CSRF) vulnerability in Schneider-Electric Modicon M340, Modicon Premium and Modicon Quantum PLC Cross-site request forgery (CSRF) vulnerability on the Schneider Electric Quantum 140NOE77111, 140NOE77101, and 140NWM10000; M340 BMXNOC0401, BMXNOE0100x, and BMXNOE011xx; and Premium TSXETY4103, TSXETY5103, and TSXWMY100 PLC modules allows remote attackers to hijack the authentication of arbitrary users for requests that execute commands, as demonstrated by modifying HTTP credentials. | 6.8 |