Vulnerabilities > Schneider Electric
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-04-04 | CVE-2013-2761 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Schneider-Electric Modicon M340 Bmxnoe01Xx/Bmxp3420Xx The Schneider Electric M340 BMXNOE01xx and BMXP3420xx PLC modules allow remote authenticated users to cause a denial of service (module crash) via crafted FTP traffic, as demonstrated by the FileZilla FTP client. | 4.0 |
| 2013-04-04 | CVE-2013-0664 | Unspecified vulnerability in Schneider-Electric Modicon M340, Modicon Premium and Modicon Quantum PLC The FactoryCast service on the Schneider Electric Quantum 140NOE77111 and 140NWM10000, M340 BMXNOE0110x, and Premium TSXETY5103 PLC modules allows remote authenticated users to send Modbus messages, and consequently execute arbitrary code, by embedding these messages in SOAP HTTP POST requests. network schneider-electric | 8.5 |
| 2013-04-04 | CVE-2013-0663 | Cross-Site Request Forgery (CSRF) vulnerability in Schneider-Electric Modicon M340, Modicon Premium and Modicon Quantum PLC Cross-site request forgery (CSRF) vulnerability on the Schneider Electric Quantum 140NOE77111, 140NOE77101, and 140NWM10000; M340 BMXNOC0401, BMXNOE0100x, and BMXNOE011xx; and Premium TSXETY4103, TSXETY5103, and TSXWMY100 PLC modules allows remote attackers to hijack the authentication of arbitrary users for requests that execute commands, as demonstrated by modifying HTTP credentials. | 6.8 |
| 2013-02-15 | CVE-2013-0658 | Buffer Errors vulnerability in Schneider-Electric Accutech Manager 2.00.1 Heap-based buffer overflow in RFManagerService.exe in Schneider Electric Accutech Manager 2.00.1 and earlier allows remote attackers to execute arbitrary code via a crafted HTTP request. | 10.0 |
| 2013-01-21 | CVE-2013-0657 | Buffer Errors vulnerability in Schneider-Electric Interactive Graphical Scada System 10.0/9.0 Stack-based buffer overflow in Schneider Electric Interactive Graphical SCADA System (IGSS) 10 and earlier allows remote attackers to execute arbitrary code by sending TCP port-12397 data that does not comply with a protocol. | 10.0 |
| 2013-01-21 | CVE-2013-0655 | Improper Input Validation vulnerability in Schneider-Electric Software Update Utility 1.0/1.0.13/1.1 The client in Schneider Electric Software Update (SESU) Utility 1.0.x and 1.1.x does not ensure that updates have a valid origin, which allows man-in-the-middle attackers to spoof updates, and consequently execute arbitrary code, by modifying the data stream on TCP port 80. | 9.3 |
| 2012-05-22 | CVE-2012-1990 | Cross-Site Scripting vulnerability in Schneider-Electric Kerweb and Kerwin Multiple cross-site scripting (XSS) vulnerabilities in Schneider Electric Kerweb before 3.0.1 and Kerwin before 6.0.1 allow remote attackers to inject arbitrary web script or HTML via (1) the evtvariablename parameter in an evts.xml action to kw.dll, (2) unspecified search fields, or (3) unspecified content-display fields. | 4.3 |
| 2012-01-28 | CVE-2012-0931 | Improper Authentication vulnerability in Schneider-Electric Modicon Quantum PLC Schneider Electric Modicon Quantum PLC does not perform authentication between the Unity software and PLC, which allows remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors. | 7.5 |
| 2012-01-28 | CVE-2012-0930 | Cross-Site Scripting vulnerability in Schneider-Electric Modicon Quantum PLC Cross-site scripting (XSS) vulnerability in Schneider Electric Modicon Quantum PLC allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2012-01-28 | CVE-2012-0929 | Buffer Errors vulnerability in Schneider-Electric Modicon Quantum PLC Multiple buffer overflows in Schneider Electric Modicon Quantum PLC allow remote attackers to cause a denial of service via malformed requests to the (1) FTP server or (2) HTTP server. | 7.8 |