Vulnerabilities > Schneider Electric > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-05-22 | CVE-2018-7847 | Improper Authentication vulnerability in Schneider-Electric products A CWE-284: Improper Access Control vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service or potential code execution by overwriting configuration settings of the controller over Modbus. | 9.8 |
| 2019-05-22 | CVE-2018-7846 | Exposure of Resource to Wrong Sphere vulnerability in Schneider-Electric products A CWE-501: Trust Boundary Violation vulnerability on connection to the Controller exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum and Modicon Premium which could cause unauthorized access by conducting a brute force attack on Modbus protocol to the controller. | 9.8 |
| 2019-05-22 | CVE-2018-7842 | Authentication Bypass by Spoofing vulnerability in Schneider-Electric products A CWE-290: Authentication Bypass by Spoofing vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause an elevation of privilege by conducting a brute force attack on Modbus parameters sent to the controller. | 9.8 |
| 2019-05-22 | CVE-2018-7841 | SQL Injection vulnerability in Schneider-Electric U.Motion Builder 1.3.4 A SQL Injection (CWE-89) vulnerability exists in U.motion Builder software version 1.3.4 which could cause unwanted code execution when an improper set of characters is entered. | 9.8 |
| 2018-12-24 | CVE-2018-7836 | Unrestricted Upload of File with Dangerous Type vulnerability in Schneider-Electric Iiot Monitor 3.1.38 An unrestricted Upload of File with Dangerous Type vulnerability exists on numerous methods of the IIoT Monitor 3.1.38 software that could allow upload and execution of malicious files. | 9.8 |
| 2018-12-24 | CVE-2018-7800 | Use of Hard-coded Credentials vulnerability in Schneider-Electric Evlink Parking Firmware 3.1.133/3.2.012 A Hard-coded Credentials vulnerability exists in EVLink Parking, v3.2.0-12_v1 and earlier, which could enable an attacker to gain access to the device. | 9.8 |
| 2018-11-30 | CVE-2018-7811 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Schneider-Electric products An Unverified Password Change vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 which could allow an unauthenticated remote user to access the change password function of the web server | 9.8 |
| 2018-11-30 | CVE-2018-7809 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Schneider-Electric products An Unverified Password Change vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 which could allow an unauthenticated remote user to access the password delete function of the web server. | 9.8 |
| 2018-08-29 | CVE-2018-7791 | Improper Authentication vulnerability in Schneider-Electric Modicon M221 Firmware 1.1.1.5 A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). | 9.8 |
| 2018-08-29 | CVE-2018-7790 | Authentication Bypass by Capture-replay vulnerability in Schneider-Electric Modicon M221 Firmware 1.1.1.5 An Information Management Error vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). | 9.8 |