Vulnerabilities > Schneider Electric > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-11 | CVE-2021-22761 | Unspecified vulnerability in Schneider-Electric Interactive Graphical Scada System A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in disclosure of information or remote code e+F15xecution due to missing length check on user supplied data, when a malicious CGF file is imported to IGSS Definition. | 7.8 |
| 2021-06-11 | CVE-2021-22762 | Path Traversal vulnerability in Schneider-Electric Interactive Graphical Scada System A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in remote code execution, when a malicious CGF or WSP file is being parsed by IGSS Definition. | 7.8 |
| 2021-06-11 | CVE-2021-22766 | Unspecified vulnerability in Schneider-Electric products A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service via a specially crafted HTTP packet | 7.5 |
| 2021-05-26 | CVE-2021-22699 | Unspecified vulnerability in Schneider-Electric Modicon M241 Firmware and Modicon M251 Firmware Improper Input Validation vulnerability exists in Modicon M241/M251 logic controllers firmware prior to V5.1.9.1 that could cause denial of service when specific crafted requests are sent to the controller over HTTP. | 7.5 |
| 2021-05-26 | CVE-2021-22705 | Unspecified vulnerability in Schneider-Electric Ecostruxure Machine Expert and Vijeo Designer Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause denial of service or unauthorized access to system information when interacting directly with a driver installed by Vijeo Designer or EcoStruxure Machine Expert | 7.8 |
| 2021-05-26 | CVE-2021-22732 | Unspecified vulnerability in Schneider-Electric Homelynk Firmware and Spacelynk Firmware Improper Privilege Management vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior which could cause a code execution issue when an attacker loads unauthorized code on the web server. | 7.8 |
| 2021-05-26 | CVE-2021-22733 | Unspecified vulnerability in Schneider-Electric Homelynk Firmware and Spacelynk Firmware Improper Privilege Management vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior which could cause shell access when unauthorized code is loaded into the system folder. | 7.8 |
| 2021-05-26 | CVE-2021-22734 | Unspecified vulnerability in Schneider-Electric Homelynk Firmware and Spacelynk Firmware Improper Verification of Cryptographic Signature vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior which could cause remote code execution when an attacker loads unauthorized code. | 7.2 |
| 2021-05-26 | CVE-2021-22735 | Unspecified vulnerability in Schneider-Electric Homelynk Firmware and Spacelynk Firmware Improper Verification of Cryptographic Signature vulnerability exists inhomeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior which could allow remote code execution when unauthorized code is copied to the device. | 7.2 |
| 2021-05-26 | CVE-2021-22736 | Unspecified vulnerability in Schneider-Electric Homelynk Firmware and Spacelynk Firmware Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior which could cause a denial of service when an unauthorized file is uploaded. | 7.5 |