Vulnerabilities > Schneider Electric > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-09 | CVE-2022-24317 | Unspecified vulnerability in Schneider-Electric Interactive Graphical Scada System Data Server A CWE-862: Missing Authorization vulnerability exists that could cause information exposure when an attacker sends a specific message. | 7.5 |
| 2022-02-09 | CVE-2022-24318 | Inadequate Encryption Strength vulnerability in Schneider-Electric products A CWE-326: Inadequate Encryption Strength vulnerability exists that could cause non-encrypted communication with the server when outdated versions of the ViewX client are used. | 7.5 |
| 2022-02-09 | CVE-2022-24321 | Unspecified vulnerability in Schneider-Electric products A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause Denial of Service against the Geo SCADA server when receiving a malformed HTTP request. | 7.5 |
| 2022-02-04 | CVE-2020-7534 | Cross-Site Request Forgery (CSRF) vulnerability in Schneider-Electric products A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists on the web server used, that could cause a leak of sensitive data or unauthorized actions on the web server during the time the user is logged in. | 8.8 |
| 2022-02-04 | CVE-2022-22722 | Unspecified vulnerability in Schneider-Electric Easergy P5 Firmware A CWE-798: Use of Hard-coded Credentials vulnerability exists that could result in information disclosure. high complexity schneider-electric | 7.5 |
| 2022-02-04 | CVE-2022-22723 | Unspecified vulnerability in Schneider-Electric Easergy P5 Firmware A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could lead to a buffer overflow causing program crashes and arbitrary code execution when specially crafted packets are sent to the device over the network. low complexity schneider-electric | 8.8 |
| 2022-02-04 | CVE-2022-22724 | Unspecified vulnerability in Schneider-Electric products A CWE-400: Uncontrolled Resource Consumption vulnerability exists that could cause a denial of service on ports 80 (HTTP) and 502 (Modbus), when sending a large number of TCP RST or FIN packets to any open TCP port of the PLC. | 7.5 |
| 2022-02-04 | CVE-2022-22725 | Unspecified vulnerability in Schneider-Electric Easergy P3 Firmware A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could lead to a buffer overflow causing program crashes and arbitrary code execution when specially crafted packets are sent to the device over the network. low complexity schneider-electric | 8.8 |
| 2022-02-04 | CVE-2022-22727 | Unspecified vulnerability in Schneider-Electric Ecostruxure Power Monitoring Expert A CWE-20: Improper Input Validation vulnerability exists that could allow an unauthenticated attacker to view data, change settings, impact availability of the software, or potentially impact a user?s local machine when the user clicks a specially crafted link. | 8.8 |
| 2022-01-28 | CVE-2021-22724 | Cross-Site Request Forgery (CSRF) vulnerability in Schneider-Electric products A CVE-352 Cross-Site Request Forgery (CSRF) vulnerability exists that could allow an attacker to impersonate the user or carry out actions on their behalf when crafted malicious parameters are submitted in POST requests sent to the charging station web server. | 8.8 |