Vulnerabilities > Schneider Electric > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-07-15 | CVE-2019-6824 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Schneider-Electric Proclima 6.0.1/6.1 A CWE-119: Buffer Errors vulnerability exists in ProClima (all versions prior to version 8.0.0) which allows an unauthenticated, remote attacker to execute arbitrary code on the targeted system in all versions of ProClima prior to version 8.0.0. | 9.8 |
| 2019-07-15 | CVE-2019-6823 | Code Injection vulnerability in Schneider-Electric Proclima 6.0.1/6.1 A CWE-94: Code Injection vulnerability exists in ProClima (all versions prior to version 8.0.0) which could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system in all versions of ProClima prior to version 8.0.0. | 9.8 |
| 2019-05-22 | CVE-2018-7829 | Improper Neutralization of Special Elements in Data Query Logic vulnerability in Schneider-Electric products An Improper Neutralization of Special Elements in Query vulnerability exists in the 1st Gen. | 9.0 |
| 2018-12-24 | CVE-2018-7800 | Use of Hard-coded Credentials vulnerability in Schneider-Electric Evlink Parking Firmware A Hard-coded Credentials vulnerability exists in EVLink Parking, v3.2.0-12_v1 and earlier, which could enable an attacker to gain access to the device. | 10.0 |
| 2018-11-02 | CVE-2018-7799 | Uncontrolled Search Path Element vulnerability in Schneider-Electric Software Update Utility 1.0/1.0.13/1.1 A DLL hijacking vulnerability exists in Schneider Electric Software Update (SESU), all versions prior to V2.2.0, which could allow an attacker to execute arbitrary code on the targeted system when placing a specific DLL file. | 9.3 |
| 2018-05-04 | CVE-2018-8872 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Schneider-Electric Triconex Tricon MP 3008 Firmware In Schneider Electric Triconex Tricon MP model 3008 firmware versions 10.0-10.4, system calls read directly from memory addresses within the control program area without any verification. | 9.3 |
| 2018-04-18 | CVE-2018-7761 | Improper Input Validation vulnerability in Schneider-Electric products A vulnerability exists in the HTTP request parser in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200 which could allow arbitrary code execution. | 9.8 |
| 2018-04-18 | CVE-2018-7760 | Improper Authentication vulnerability in Schneider-Electric products An authorization bypass vulnerability exists in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200. | 9.8 |
| 2018-04-18 | CVE-2018-7243 | Unspecified vulnerability in Schneider-Electric 66074 MGE Network Management Card Transverse An authorization bypass vulnerability exists In Schneider Electric's 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. | 10.0 |
| 2018-04-18 | CVE-2018-7242 | Inadequate Encryption Strength vulnerability in Schneider-Electric products Vulnerable hash algorithms exists in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules. | 9.8 |