Vulnerabilities > Schneider Electric > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-04-18 | CVE-2018-7241 | Use of Hard-coded Credentials vulnerability in Schneider-Electric products Hard coded accounts exist in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules. | 9.8 |
| 2018-02-12 | CVE-2017-9970 | Unrestricted Upload of File with Dangerous Type vulnerability in Schneider-Electric Struxureon Gateway 1.1.3 A remote code execution vulnerability exists in Schneider Electric's StruxureOn Gateway versions 1.1.3 and prior. | 9.0 |
| 2017-11-13 | CVE-2017-14024 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Schneider-Electric Wonderware Indusoft web Studio and Wonderware Intouch A Stack-based Buffer Overflow issue was discovered in Schneider Electric InduSoft Web Studio v8.0 SP2 Patch 1 and prior versions, and InTouch Machine Edition v8.0 SP2 Patch 1 and prior versions. | 10.0 |
| 2017-10-03 | CVE-2017-13997 | Missing Authentication for Critical Function vulnerability in Schneider-Electric Wonderware Indusoft web Studio and Wonderware Intouch A Missing Authentication for Critical Function issue was discovered in Schneider Electric InduSoft Web Studio v8.0 SP2 or prior, and InTouch Machine Edition v8.0 SP2 or prior. | 10.0 |
| 2017-07-07 | CVE-2017-9629 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Schneider-Electric Wonderware Archestra Logger 2017.426.2307.1 A Stack-Based Buffer Overflow issue was discovered in Schneider Electric Wonderware ArchestrA Logger, versions 2017.426.2307.1 and prior. | 9.8 |
| 2017-04-11 | CVE-2017-7689 | Command Injection vulnerability in Schneider-Electric Homelynk Controller Lss100100 Firmware 1.3.0 A Command Injection vulnerability in Schneider Electric homeLYnk Controller exists in all versions before 1.5.0. | 10.0 |
| 2017-03-08 | CVE-2017-5178 | Insecure Default Initialization of Resource vulnerability in Schneider-Electric products An issue was discovered in Schneider Electric Tableau Server/Desktop Versions 7.0 to 10.1.3 in Wonderware Intelligence Versions 2014R3 and prior. | 10.0 |
| 2016-07-15 | CVE-2016-4520 | Unspecified vulnerability in Schneider-Electric Pelco Digital Sentry Video Management System Firmware Schneider Electric Pelco Digital Sentry Video Management System with firmware before 7.14 has hardcoded credentials, which allows remote attackers to obtain access, and consequently execute arbitrary code, via unspecified vectors. | 10.0 |
| 2016-03-02 | CVE-2016-2278 | Improper Access Control vulnerability in Schneider-Electric products Schneider Electric Struxureware Building Operations Automation Server AS 1.7 and earlier and AS-P 1.7 and earlier allows remote authenticated administrators to execute arbitrary OS commands by defeating an msh (aka Minimal Shell) protection mechanism. | 9.0 |
| 2015-01-27 | CVE-2014-9198 | Credentials Management vulnerability in Schneider-Electric products The FTP server on the Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware through 1.60 IR 04 has hardcoded credentials, which makes it easier for remote attackers to obtain access via an FTP session. | 10.0 |