Vulnerabilities > Schneider Electric > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-28 | CVE-2021-22725 | Cross-Site Request Forgery (CSRF) vulnerability in Schneider-Electric products A CVE-352 Cross-Site Request Forgery (CSRF) vulnerability exists that could allow an attacker to impersonate the user or carry out actions on their behalf when crafted malicious parameters are submitted in POST requests sent to the charging station web server. | 8.8 |
| 2022-01-28 | CVE-2021-22807 | Out-of-bounds Write vulnerability in Schneider-Electric Guicon 2.0 A CWE-787: Out-of-bounds Write vulnerability exists that could cause arbitrary code execution when a malicious *.gd1 configuration file is loaded into the GUIcon tool. | 7.8 |
| 2022-01-28 | CVE-2021-22808 | Use After Free vulnerability in Schneider-Electric Guicon 2.0 A CWE-416: Use After Free vulnerability exists that could cause arbitrary code execution when a malicious *.gd1 configuration file is loaded into the GUIcon tool. | 7.8 |
| 2022-01-28 | CVE-2021-22816 | Improper Check for Unusual or Exceptional Conditions vulnerability in Schneider-Electric products A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause a Denial of Service of the RTU when receiving a specially crafted request over Modbus, and the RTU is configured as a Modbus server. | 7.5 |
| 2022-01-28 | CVE-2021-22818 | Improper Restriction of Excessive Authentication Attempts vulnerability in Schneider-Electric products A CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists that could allow an attacker to gain unauthorized access to the charging station web interface by performing brute force attacks. | 7.5 |
| 2022-01-28 | CVE-2021-22821 | Server-Side Request Forgery (SSRF) vulnerability in Schneider-Electric products A CWE-918 Server-Side Request Forgery (SSRF) vulnerability exists that could cause the station web server to forward requests to unintended network targets when crafted malicious parameters are submitted to the charging station web server. | 8.6 |
| 2022-01-28 | CVE-2021-22825 | Information Exposure vulnerability in Schneider-Electric products A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could allow an attacker to access the system with elevated privileges when a privileged account clicks on a malicious URL that compromises the security token. | 8.0 |
| 2022-01-28 | CVE-2021-22826 | Improper Input Validation vulnerability in Schneider-Electric Ecostruxure Power Monitoring Expert A CWE-20: Improper Input Validation vulnerability exists that could cause arbitrary code execution when the user visits a page containing the injected payload. | 8.8 |
| 2022-01-28 | CVE-2021-22827 | Improper Input Validation vulnerability in Schneider-Electric Ecostruxure Power Monitoring Expert A CWE-20: Improper Input Validation vulnerability exists that could cause arbitrary code execution when the user visits a page containing the injected payload. | 8.8 |
| 2021-09-02 | CVE-2021-22775 | Unspecified vulnerability in Schneider-Electric Gp-Pro EX A CWE-427: Uncontrolled Search Path Element vulnerability exists in GP-Pro EX,V4.09.250 and prior, that could cause local code execution with elevated privileges when installing the software. | 7.8 |