Vulnerabilities > Schneider Electric
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-30 | CVE-2022-22732 | Exposure of Resource to Wrong Sphere vulnerability in Schneider-Electric Ecostruxure Power Commission A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that could cause all remote domains to access the resources (data) supplied by the server when an attacker sends a fetch request from third-party site or malicious site. | 7.5 |
| 2023-01-30 | CVE-2022-32512 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Schneider-Electric Canbrass A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause remote code execution when a command which exploits this vulnerability is utilized. | 7.8 |
| 2023-01-30 | CVE-2022-32513 | Weak Password Requirements vulnerability in Schneider-Electric products A CWE-521: Weak Password Requirements vulnerability exists that could allow an attacker to gain control of the device when the attacker brute forces the password. | 9.8 |
| 2023-01-30 | CVE-2022-32514 | Improper Authentication vulnerability in Schneider-Electric products A CWE-287: Improper Authentication vulnerability exists that could allow an attacker to gain control of the device when logging into a web page. | 9.8 |
| 2023-01-30 | CVE-2022-32515 | Improper Restriction of Excessive Authentication Attempts vulnerability in Schneider-Electric Conext Combox Firmware A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could cause brute force attacks to take over the admin account when the product does not implement a rate limit mechanism on the admin authentication form. | 9.8 |
| 2023-01-30 | CVE-2022-32516 | Cross-Site Request Forgery (CSRF) vulnerability in Schneider-Electric Conext Combox Firmware A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists that could cause system’s configurations override and cause a reboot loop when the product suffers from POST-Based Cross-Site Request Forgery (CSRF). | 6.5 |
| 2023-01-30 | CVE-2022-32517 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Schneider-Electric Conext Combox Firmware A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause an adversary to trick the interface user/admin into interacting with the application in an unintended way when the product does not implement restrictions on the ability to render within frames on external addresses. | 6.5 |
| 2023-01-30 | CVE-2022-32518 | Insufficiently Protected Credentials vulnerability in Schneider-Electric Data Center Expert A CWE-522: Insufficiently Protected Credentials vulnerability exists that could result in unwanted access to a DCE instance when performed over a network by a malicious third-party. | 9.8 |
| 2023-01-30 | CVE-2022-32519 | Insufficiently Protected Credentials vulnerability in Schneider-Electric Data Center Expert A CWE-257: Storing Passwords in a Recoverable Format vulnerability exists that could result in unwanted access to a DCE instance when performed over a network by a malicious third-party. | 9.8 |
| 2023-01-30 | CVE-2022-32520 | Insufficiently Protected Credentials vulnerability in Schneider-Electric Data Center Expert A CWE-522: Insufficiently Protected Credentials vulnerability exists that could result in unwanted access to a DCE instance when performed over a network by a malicious third-party. | 9.8 |