Vulnerabilities > Schneider Electric > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-01 | CVE-2022-42970 | Missing Authentication for Critical Function vulnerability in Schneider-Electric products A CWE-306: Missing Authentication for Critical Function The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. | 9.8 |
| 2023-02-01 | CVE-2022-2329 | Integer Overflow or Wraparound vulnerability in Schneider-Electric Interactive Graphical Scada System A CWE-190: Integer Overflow or Wraparound vulnerability exists that could cause heap-based buffer overflow, leading to denial of service and potentially remote code execution when an attacker sends multiple specially crafted messages. | 9.8 |
| 2023-02-01 | CVE-2022-24324 | Classic Buffer Overflow vulnerability in Schneider-Electric Interactive Graphical Scada System A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow potentially leading to remote code execution when an attacker sends a specially crafted message. | 9.8 |
| 2023-01-31 | CVE-2022-45789 | Authentication Bypass by Capture-replay vulnerability in Schneider-Electric products A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause execution of unauthorized Modbus functions on the controller when hijacking an authenticated Modbus session. | 9.8 |
| 2023-01-30 | CVE-2022-32529 | Classic Buffer Overflow vulnerability in Schneider-Electric Interactive Graphical Scada System A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted log data request messages. | 9.8 |
| 2023-01-30 | CVE-2022-32528 | Missing Authentication for Critical Function vulnerability in Schneider-Electric Interactive Graphical Scada System A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause access to manipulate and read specific files in the IGSS project report directory, potentially leading to a denial-of-service condition when an attacker sends specific messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170) | 9.1 |
| 2023-01-30 | CVE-2022-32527 | Classic Buffer Overflow vulnerability in Schneider-Electric Interactive Graphical Scada System A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted alarm cache data messages. | 9.8 |
| 2023-01-30 | CVE-2022-32526 | Classic Buffer Overflow vulnerability in Schneider-Electric Interactive Graphical Scada System A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted setting value messages. | 9.8 |
| 2023-01-30 | CVE-2022-32525 | Classic Buffer Overflow vulnerability in Schneider-Electric Interactive Graphical Scada System A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted alarm data messages. | 9.8 |
| 2023-01-30 | CVE-2022-32524 | Classic Buffer Overflow vulnerability in Schneider-Electric Interactive Graphical Scada System A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted time reduced data messages. | 9.8 |