Vulnerabilities > Schneider Electric
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-03-02 | CVE-2016-2278 | Improper Access Control vulnerability in Schneider-Electric products Schneider Electric Struxureware Building Operations Automation Server AS 1.7 and earlier and AS-P 1.7 and earlier allows remote authenticated administrators to execute arbitrary OS commands by defeating an msh (aka Minimal Shell) protection mechanism. | 7.2 |
| 2012-01-28 | CVE-2012-0931 | Improper Authentication vulnerability in Schneider-Electric Modicon Quantum PLC Schneider Electric Modicon Quantum PLC does not perform authentication between the Unity software and PLC, which allows remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors. | 9.8 |
| 2012-01-28 | CVE-2012-0930 | Cross-site Scripting vulnerability in Schneider-Electric Modicon Quantum PLC Cross-site scripting (XSS) vulnerability in Schneider Electric Modicon Quantum PLC allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.1 |
| 2012-01-28 | CVE-2012-0929 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Schneider-Electric Modicon Quantum PLC Multiple buffer overflows in Schneider Electric Modicon Quantum PLC allow remote attackers to cause a denial of service via malformed requests to the (1) FTP server or (2) HTTP server. | 7.5 |