Vulnerabilities > Schneider Electric
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-12-27 | CVE-2014-8514 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Schneider Electric Proclima Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8513 and CVE-2014-9188. | 7.5 |
| 2014-12-27 | CVE-2014-8513 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Schneider Electric Proclima Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8514 and CVE-2014-9188. | 7.5 |
| 2014-12-27 | CVE-2014-8512 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Schneider Electric Proclima Buffer overflow in an ActiveX control in Atx45.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8511. | 7.5 |
| 2014-12-27 | CVE-2014-8511 | Buffer Errors vulnerability in Schneider-Electric Proclima 6.0.1 Buffer overflow in an ActiveX control in Atx45.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8512. | 10.0 |
| 2014-10-03 | CVE-2014-0754 | Path Traversal vulnerability in Schneider-Electric products Directory traversal vulnerability in SchneiderWEB on Schneider Electric Modicon PLC Ethernet modules 140CPU65x Exec before 5.5, 140NOC78x Exec before 1.62, 140NOE77x Exec before 6.2, BMXNOC0401 before 2.05, BMXNOE0100 before 2.9, BMXNOE0110x Exec before 6.0, TSXETC101 Exec before 2.04, TSXETY4103x Exec before 5.7, TSXETY5103x Exec before 5.9, TSXP57x ETYPort Exec before 5.7, and TSXP57x Ethernet Copro Exec before 5.5 allows remote attackers to visit arbitrary resources via a crafted HTTP request. | 10.0 |
| 2014-09-18 | CVE-2014-5413 | Cryptographic Issues vulnerability in multiple products Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 uses the MD5 algorithm for an X.509 certificate, which makes it easier for remote attackers to spoof servers via a cryptographic attack against this algorithm. | 5.0 |
| 2014-09-18 | CVE-2014-5412 | Permissions, Privileges, and Access Controls vulnerability in multiple products Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allows remote attackers to read database records by leveraging access to the guest account. | 5.0 |
| 2014-09-18 | CVE-2014-5411 | Cross-Site Scripting vulnerability in multiple products Multiple cross-site scripting (XSS) vulnerabilities in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |
| 2014-09-15 | CVE-2014-5407 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Schneider-Electric Vampset Multiple stack-based buffer overflows in Schneider Electric VAMPSET 2.2.136 and earlier allow local users to cause a denial of service (application halt) via a malformed (1) setting file or (2) disturbance recording file. | 4.4 |
| 2014-04-04 | CVE-2014-0789 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Schneider-Electric products Multiple buffer overflows in the OPC Automation 2.0 Server Object ActiveX control in Schneider Electric OPC Factory Server (OFS) TLXCDSUOFS33 3.5 and earlier, TLXCDSTOFS33 3.5 and earlier, TLXCDLUOFS33 3.5 and earlier, TLXCDLTOFS33 3.5 and earlier, and TLXCDLFOFS33 3.5 and earlier allow remote attackers to cause a denial of service via long arguments to unspecified functions. | 7.8 |