Vulnerabilities > Schneider Electric
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-24 | CVE-2023-0595 | Improper Output Neutralization for Logs vulnerability in Schneider-Electric products A CWE-117: Improper Output Neutralization for Logs vulnerability exists that could cause the misinterpretation of log files when malicious packets are sent to the Geo SCADA server's database web port (default 443). | 5.3 |
| 2023-02-01 | CVE-2021-22786 | Information Exposure vulnerability in Schneider-Electric products A CWE-200: Information Exposure vulnerability exists that could cause the exposure of sensitive information stored on the memory of the controller when communicating over the Modbus TCP protocol. | 7.5 |
| 2023-02-01 | CVE-2022-24324 | Classic Buffer Overflow vulnerability in Schneider-Electric Interactive Graphical Scada System A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow potentially leading to remote code execution when an attacker sends a specially crafted message. | 9.8 |
| 2023-02-01 | CVE-2022-2329 | Integer Overflow or Wraparound vulnerability in Schneider-Electric Interactive Graphical Scada System A CWE-190: Integer Overflow or Wraparound vulnerability exists that could cause heap-based buffer overflow, leading to denial of service and potentially remote code execution when an attacker sends multiple specially crafted messages. | 9.8 |
| 2023-02-01 | CVE-2022-42970 | Missing Authentication for Critical Function vulnerability in Schneider-Electric products A CWE-306: Missing Authentication for Critical Function The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. | 9.8 |
| 2023-02-01 | CVE-2022-42971 | Unrestricted Upload of File with Dangerous Type vulnerability in Schneider-Electric products A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could cause remote code execution when the attacker uploads a malicious JSP file. | 9.8 |
| 2023-02-01 | CVE-2022-42972 | Incorrect Permission Assignment for Critical Resource vulnerability in Schneider-Electric products A CWE-732: Incorrect Permission Assignment for Critical Resource vulnerability exists that could cause local privilege escalation when a local attacker modifies the webroot directory. | 7.8 |
| 2023-02-01 | CVE-2022-42973 | Use of Hard-coded Credentials vulnerability in Schneider-Electric products A CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause local privilege escalation when local attacker connects to the database. | 7.8 |
| 2023-02-01 | CVE-2022-4062 | Improper Authorization vulnerability in Schneider-Electric Ecostruxure Power Commission 2.22/2.25 A CWE-285: Improper Authorization vulnerability exists that could cause unauthorized access to certain software functions when an attacker gets access to localhost interface of the EcoStruxure Power Commission application. | 7.8 |
| 2023-01-31 | CVE-2023-22610 | Incorrect Authorization vulnerability in Schneider-Electric products A CWE-863: Incorrect Authorization vulnerability exists that could cause Denial of Service against the Geo SCADA server when specific messages are sent to the server over the database server TCP port. | 7.5 |