Vulnerabilities > Schneider Electric
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-30 | CVE-2022-32521 | Deserialization of Untrusted Data vulnerability in Schneider-Electric Data Center Expert A CWE 502: Deserialization of Untrusted Data vulnerability exists that could allow code to be remotely executed on the server when unsafely deserialized data is posted to the web server. | 9.8 |
| 2023-01-30 | CVE-2022-32522 | Classic Buffer Overflow vulnerability in Schneider-Electric Interactive Graphical Scada System A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted mathematically reduced data request messages. | 9.8 |
| 2023-01-30 | CVE-2022-32523 | Classic Buffer Overflow vulnerability in Schneider-Electric Interactive Graphical Scada System A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted online data request messages. | 9.8 |
| 2023-01-30 | CVE-2022-32524 | Classic Buffer Overflow vulnerability in Schneider-Electric Interactive Graphical Scada System A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted time reduced data messages. | 9.8 |
| 2023-01-30 | CVE-2022-32525 | Classic Buffer Overflow vulnerability in Schneider-Electric Interactive Graphical Scada System A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted alarm data messages. | 9.8 |
| 2023-01-30 | CVE-2022-32526 | Classic Buffer Overflow vulnerability in Schneider-Electric Interactive Graphical Scada System A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted setting value messages. | 9.8 |
| 2023-01-30 | CVE-2022-32527 | Classic Buffer Overflow vulnerability in Schneider-Electric Interactive Graphical Scada System A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted alarm cache data messages. | 9.8 |
| 2023-01-30 | CVE-2022-32528 | Missing Authentication for Critical Function vulnerability in Schneider-Electric Interactive Graphical Scada System A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause access to manipulate and read specific files in the IGSS project report directory, potentially leading to a denial-of-service condition when an attacker sends specific messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170) | 9.1 |
| 2023-01-30 | CVE-2022-32529 | Classic Buffer Overflow vulnerability in Schneider-Electric Interactive Graphical Scada System A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted log data request messages. | 9.8 |
| 2023-01-30 | CVE-2022-32747 | Authentication Bypass by Spoofing vulnerability in Schneider-Electric Ecostruxure Cybersecurity Admin Expert A CWE-290: Authentication Bypass by Spoofing vulnerability exists that could cause legitimate users to be locked out of devices or facilitate backdoor account creation by spoofing a device on the local network. | 7.1 |