Vulnerabilities > Schneider Electric > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-30 | CVE-2022-32528 | Unspecified vulnerability in Schneider-Electric Interactive Graphical Scada System A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause access to manipulate and read specific files in the IGSS project report directory, potentially leading to a denial-of-service condition when an attacker sends specific messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170) | 9.1 |
| 2023-01-30 | CVE-2022-32529 | Unspecified vulnerability in Schneider-Electric Interactive Graphical Scada System A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted log data request messages. | 9.8 |
| 2023-01-30 | CVE-2022-45788 | Unspecified vulnerability in Schneider-Electric products A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause arbitrary code execution, denial of service and loss of confidentiality & integrity when a malicious project file is loaded onto the controller. | 9.8 |
| 2022-09-12 | CVE-2022-37300 | Unspecified vulnerability in Schneider-Electric products A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could cause unauthorized access in read and write mode to the controller when communicating over Modbus. | 9.8 |
| 2022-07-13 | CVE-2022-34756 | Unspecified vulnerability in Schneider-Electric Easergy P5 Firmware 01.401.101/01.401.102 A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in remote code execution or the crash of HTTPs stack which is used for the device Web HMI. | 9.8 |
| 2022-06-02 | CVE-2022-30234 | Unspecified vulnerability in Schneider-Electric products A CWE-798: Use of Hard-coded Credentials vulnerability exists that could allow arbitrary code to be executed when root level access is obtained. | 9.8 |
| 2022-06-02 | CVE-2022-30235 | Unspecified vulnerability in Schneider-Electric products A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could allow unauthorized access when an attacker uses brute force. | 9.8 |
| 2022-04-14 | CVE-2022-26507 | Out-of-bounds Write vulnerability in multiple products A heap-based buffer overflow exists in XML Decompression DecodeTreeBlock in AT&T Labs Xmill 0.7. | 9.8 |
| 2022-04-13 | CVE-2021-22794 | Unspecified vulnerability in Schneider-Electric Struxureware Data Center Expert A CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause remote code execution. | 9.8 |
| 2022-04-13 | CVE-2021-22795 | Unspecified vulnerability in Schneider-Electric Struxureware Data Center Expert A CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause remote code execution when performed over the network. | 9.8 |