Vulnerabilities > Schneider Electric > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-03 | CVE-2021-30064 | Use of Hard-coded Credentials vulnerability in multiple products On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, an SSH login can succeed with hardcoded default credentials (if the device is in the uncommissioned state). | 9.8 |
| 2022-03-18 | CVE-2020-25176 | Path Traversal vulnerability in multiple products Some commands used by the Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x eXchange Layer (IXL) protocol perform various file operations in the file system. | 9.8 |
| 2022-03-09 | CVE-2022-0715 | Insufficient Verification of Data Authenticity vulnerability in Schneider-Electric products A CWE-287: Improper Authentication vulnerability exists that could cause an attacker to arbitrarily change the behavior of the UPS when a key is leaked and used to upload malicious firmware. | 9.1 |
| 2022-03-09 | CVE-2022-22805 | Unspecified vulnerability in Schneider-Electric products A CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability exists that could cause remote code execution when an improperly handled TLS packet is reassembled. | 9.8 |
| 2022-03-09 | CVE-2022-22806 | Unspecified vulnerability in Schneider-Electric products A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause an unauthenticated connection to the UPS when a malformed connection is sent. | 9.8 |
| 2022-02-11 | CVE-2021-22801 | Unspecified vulnerability in Schneider-Electric Connexium Network Manager A CWE-269: Improper Privilege Management vulnerability exists that could cause an arbitrary command execution when the software is configured with specially crafted event actions. | 9.8 |
| 2022-02-11 | CVE-2021-22802 | Unspecified vulnerability in Schneider-Electric Interactive Graphical Scada System Data Collector A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in remote code execution due to missing length check on user supplied data, when a constructed message is received on the network. | 9.8 |
| 2022-02-11 | CVE-2021-22803 | Unspecified vulnerability in Schneider-Electric Interactive Graphical Scada System Data Collector A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could lead to remote code execution through a number of paths, when an attacker, writes arbitrary files to folders in context of the DC module, by sending constructed messages on the network. | 9.8 |
| 2022-02-11 | CVE-2021-22805 | Unspecified vulnerability in Schneider-Electric Interactive Graphical Scada System Data Collector A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause deletion of arbitrary files in the context of the user running IGSS due to lack of validation of network messages. | 9.1 |
| 2022-02-11 | CVE-2021-22823 | Unspecified vulnerability in Schneider-Electric Interactive Graphical Scada System Data Collector A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause deletion of arbitrary files in the context of the user running IGSS due to lack of validation of network messages. | 9.1 |