Vulnerabilities > Schneider Electric > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-10-04 | CVE-2023-5399 | Path Traversal vulnerability in Schneider-Electric Spacelogic C-Bus Toolkit A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause tampering of files on the personal computer running C-Bus when using the File Command. | 9.8 |
2023-10-04 | CVE-2023-5391 | Deserialization of Untrusted Data vulnerability in Schneider-Electric products A CWE-502: Deserialization of untrusted data vulnerability exists that could allow an attacker to execute arbitrary code on the targeted system by sending a specifically crafted packet to the application. | 9.8 |
2023-10-04 | CVE-2023-5402 | Improper Privilege Management vulnerability in Schneider-Electric C-Bus Toolkit A CWE-269: Improper Privilege Management vulnerability exists that could cause a remote code execution when the transfer command is used over the network. | 9.8 |
2023-05-22 | CVE-2022-46680 | Cleartext Transmission of Sensitive Information vulnerability in Schneider-Electric products A CWE-319: Cleartext transmission of sensitive information vulnerability exists that could cause disclosure of sensitive information, denial of service, or modification of data if an attacker is able to intercept network traffic. | 9.8 |
2023-04-18 | CVE-2023-28004 | Improper Validation of Array Index vulnerability in Schneider-Electric Powerlogic Hdpm6000 Firmware A CWE-129: Improper validation of an array index vulnerability exists where a specially crafted Ethernet request could result in denial of service or remote code execution. | 9.8 |
2023-04-18 | CVE-2023-29412 | OS Command Injection vulnerability in Schneider-Electric products A CWE-78: Improper Handling of Case Sensitivity vulnerability exists that could cause remote code execution when manipulating internal methods through Java RMI interface. | 9.8 |
2023-04-18 | CVE-2023-29411 | Missing Authentication for Critical Function vulnerability in Schneider-Electric products A CWE-306: Missing Authentication for Critical Function vulnerability exists that could allow changes to administrative credentials, leading to potential remote code execution without requiring prior authentication on the Java RMI interface. | 9.8 |
2023-04-18 | CVE-2023-25550 | Code Injection vulnerability in Schneider-Electric Struxureware Data Center Expert A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that allows remote code execution via the “hostname” parameter when maliciously crafted hostname syntax is entered. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior) | 9.8 |
2023-04-18 | CVE-2023-25549 | Code Injection vulnerability in Schneider-Electric Struxureware Data Center Expert A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that allows for remote code execution when using a parameter of the DCE network settings endpoint. | 9.8 |
2023-02-01 | CVE-2022-42971 | Unrestricted Upload of File with Dangerous Type vulnerability in Schneider-Electric products A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could cause remote code execution when the attacker uploads a malicious JSP file. | 9.8 |