Vulnerabilities > Schneider Electric > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-01-10 | CVE-2014-9190 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Schneider-Electric Wonderware Intouch Access Anywhere Server 10.6/11.0 Stack-based buffer overflow in Schneider Electric Wonderware InTouch Access Anywhere Server 10.6 and 11.0 allows remote attackers to execute arbitrary code via a request for a filename that does not exist. | 10.0 |
| 2014-12-27 | CVE-2014-8511 | Buffer Errors vulnerability in Schneider-Electric Proclima 6.0.1 Buffer overflow in an ActiveX control in Atx45.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8512. | 10.0 |
| 2014-12-27 | CVE-2014-9188 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Schneider Electric Proclima Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8513 and CVE-2014-8514. | 9.0 |
| 2014-10-03 | CVE-2014-0754 | Path Traversal vulnerability in Schneider-Electric products Directory traversal vulnerability in SchneiderWEB on Schneider Electric Modicon PLC Ethernet modules 140CPU65x Exec before 5.5, 140NOC78x Exec before 1.62, 140NOE77x Exec before 6.2, BMXNOC0401 before 2.05, BMXNOE0100 before 2.9, BMXNOE0110x Exec before 6.0, TSXETC101 Exec before 2.04, TSXETY4103x Exec before 5.7, TSXETY5103x Exec before 5.9, TSXP57x ETYPort Exec before 5.7, and TSXP57x Ethernet Copro Exec before 5.5 allows remote attackers to visit arbitrary resources via a crafted HTTP request. | 10.0 |
| 2014-04-01 | CVE-2013-0662 | Out-of-bounds Write vulnerability in Schneider-Electric products Multiple stack-based buffer overflows in ModbusDrv.exe in Schneider Electric Modbus Serial Driver 1.10 through 3.2 allow remote attackers to execute arbitrary code via a large buffer-size value in a Modbus Application Header. | 9.3 |
| 2013-08-28 | CVE-2013-2782 | Cryptographic Issues vulnerability in Schneider-Electric Tburjr900 and Tburjr900 Firmware Schneider Electric Trio J-Series License Free Ethernet Radio with firmware 3.6.0 through 3.6.3 uses the same AES encryption key across different customers' installations, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation. | 9.3 |
| 2013-04-19 | CVE-2013-3075 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Multiple buffer overflows in ActUWzd.dll 1.0.0.1 in Mitsubishi MX Component 3, as distributed in Citect CitectFacilities 7.10 and CitectScada 7.10r1, allow remote attackers to execute arbitrary code via a long string, as demonstrated by a long WzTitle property value to a certain ActiveX control. | 10.0 |
| 2013-04-04 | CVE-2013-2762 | Cross-Site Request Forgery (CSRF) vulnerability in Schneider-Electric Magelis XBT HMI The Schneider Electric Magelis XBT HMI controller has a default password for authentication of configuration uploads, which makes it easier for remote attackers to bypass intended access restrictions via crafted configuration data. | 10.0 |
| 2013-02-15 | CVE-2013-0658 | Buffer Errors vulnerability in Schneider-Electric Accutech Manager 2.00.1 Heap-based buffer overflow in RFManagerService.exe in Schneider Electric Accutech Manager 2.00.1 and earlier allows remote attackers to execute arbitrary code via a crafted HTTP request. | 10.0 |
| 2013-01-21 | CVE-2013-0655 | Improper Input Validation vulnerability in Schneider-Electric Software Update Utility 1.0/1.0.13/1.1 The client in Schneider Electric Software Update (SESU) Utility 1.0.x and 1.1.x does not ensure that updates have a valid origin, which allows man-in-the-middle attackers to spoof updates, and consequently execute arbitrary code, by modifying the data stream on TCP port 80. | 9.3 |