Vulnerabilities > Schneider Electric > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-09 | CVE-2022-24316 | Unspecified vulnerability in Schneider-Electric Interactive Graphical Scada System Data Server A CWE-665: Improper Initialization vulnerability exists that could cause information exposure when an attacker sends a specially crafted message. | 7.5 |
| 2022-02-09 | CVE-2022-24317 | Unspecified vulnerability in Schneider-Electric Interactive Graphical Scada System Data Server A CWE-862: Missing Authorization vulnerability exists that could cause information exposure when an attacker sends a specific message. | 7.5 |
| 2022-02-09 | CVE-2022-24318 | Inadequate Encryption Strength vulnerability in Schneider-Electric products A CWE-326: Inadequate Encryption Strength vulnerability exists that could cause non-encrypted communication with the server when outdated versions of the ViewX client are used. | 7.5 |
| 2022-02-09 | CVE-2022-24321 | Unspecified vulnerability in Schneider-Electric products A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause Denial of Service against the Geo SCADA server when receiving a malformed HTTP request. | 7.5 |
| 2022-02-04 | CVE-2020-7534 | Cross-Site Request Forgery (CSRF) vulnerability in Schneider-Electric products A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists on the web server used, that could cause a leak of sensitive data or unauthorized actions on the web server during the time the user is logged in. | 8.8 |
| 2022-02-04 | CVE-2022-22722 | Unspecified vulnerability in Schneider-Electric Easergy P5 Firmware A CWE-798: Use of Hard-coded Credentials vulnerability exists that could result in information disclosure. high complexity schneider-electric | 7.5 |
| 2022-02-04 | CVE-2022-22723 | Unspecified vulnerability in Schneider-Electric Easergy P5 Firmware A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could lead to a buffer overflow causing program crashes and arbitrary code execution when specially crafted packets are sent to the device over the network. low complexity schneider-electric | 8.8 |
| 2022-02-04 | CVE-2022-22724 | Unspecified vulnerability in Schneider-Electric products A CWE-400: Uncontrolled Resource Consumption vulnerability exists that could cause a denial of service on ports 80 (HTTP) and 502 (Modbus), when sending a large number of TCP RST or FIN packets to any open TCP port of the PLC. | 7.5 |
| 2022-02-04 | CVE-2022-22725 | Unspecified vulnerability in Schneider-Electric Easergy P3 Firmware A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could lead to a buffer overflow causing program crashes and arbitrary code execution when specially crafted packets are sent to the device over the network. low complexity schneider-electric | 8.8 |
| 2022-02-04 | CVE-2022-22727 | Unspecified vulnerability in Schneider-Electric Ecostruxure Power Monitoring Expert A CWE-20: Improper Input Validation vulnerability exists that could allow an unauthenticated attacker to view data, change settings, impact availability of the software, or potentially impact a user?s local machine when the user clicks a specially crafted link. | 8.8 |