Vulnerabilities > Schneider Electric > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-03 | CVE-2017-13997 | Missing Authentication for Critical Function vulnerability in Schneider-Electric Wonderware Indusoft web Studio and Wonderware Intouch A Missing Authentication for Critical Function issue was discovered in Schneider Electric InduSoft Web Studio v8.0 SP2 or prior, and InTouch Machine Edition v8.0 SP2 or prior. | 9.8 |
| 2017-09-26 | CVE-2017-9957 | Use of Hard-coded Credentials vulnerability in Schneider-Electric U.Motion Builder 1.2.1 A vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the web service contains a hidden system account with a hardcoded password. | 9.8 |
| 2017-09-26 | CVE-2017-7974 | Path Traversal vulnerability in Schneider-Electric U.Motion Builder 1.2.1 A path traversal information disclosure vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an unauthenticated user can execute arbitrary code and exfiltrate files. | 9.8 |
| 2017-09-26 | CVE-2017-7973 | SQL Injection vulnerability in Schneider-Electric U.Motion Builder 1.2.1 A SQL injection vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an unauthenticated user can use calls to various paths allowing performance of arbitrary SQL commands against the underlying database. | 9.8 |
| 2017-07-07 | CVE-2017-9629 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Schneider-Electric Wonderware Archestra Logger 2017.426.2307.1 A Stack-Based Buffer Overflow issue was discovered in Schneider Electric Wonderware ArchestrA Logger, versions 2017.426.2307.1 and prior. | 9.8 |
| 2017-06-30 | CVE-2017-6034 | Improper Authentication vulnerability in Schneider-Electric Modbus Firmware An Authentication Bypass by Capture-Replay issue was discovered in Schneider Electric Modicon Modbus Protocol. | 9.8 |
| 2017-06-30 | CVE-2017-6028 | Insufficiently Protected Credentials vulnerability in Schneider-Electric Modicon M241 Firmware and Modicon M251 Firmware An Insufficiently Protected Credentials issue was discovered in Schneider Electric Modicon PLCs Modicon M241, all firmware versions, and Modicon M251, all firmware versions. | 9.8 |
| 2017-06-30 | CVE-2017-6026 | Use of Insufficiently Random Values vulnerability in Schneider-Electric Modicon M241 Firmware and Modicon M251 Firmware A Use of Insufficiently Random Values issue was discovered in Schneider Electric Modicon PLCs Modicon M241, firmware versions prior to Version 4.0.5.11, and Modicon M251, firmware versions prior to Version 4.0.5.11. | 9.1 |
| 2017-04-11 | CVE-2017-7689 | Command Injection vulnerability in Schneider-Electric Homelynk Controller Lss100100 Firmware 1.3.0 A Command Injection vulnerability in Schneider Electric homeLYnk Controller exists in all versions before 1.5.0. | 9.8 |
| 2017-04-06 | CVE-2017-7575 | Information Exposure vulnerability in Schneider-Electric Modicon Tm221Ce16R Firmware 1.3.3.3 Schneider Electric Modicon TM221CE16R 1.3.3.3 devices allow remote attackers to discover the application-protection password via a \x00\x01\x00\x00\x00\x05\x01\x5a\x00\x03\x00 request to the Modbus port (502/tcp). | 9.8 |