Vulnerabilities > Schneider Electric > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-12 | CVE-2024-37038 | Incorrect Default Permissions vulnerability in Schneider-Electric Sage RTU Firmware CWE-276: Incorrect Default Permissions vulnerability exists that could allow an authenticated user with access to the device’s web interface to perform unauthorized file and firmware uploads when crafting custom web requests. | 8.8 |
| 2024-06-12 | CVE-2024-37039 | Unspecified vulnerability in Schneider-Electric Sage RTU Firmware CWE-252: Unchecked Return Value vulnerability exists that could cause denial of service of the device when an attacker sends a specially crafted HTTP request. | 7.5 |
| 2024-06-12 | CVE-2024-37040 | Unspecified vulnerability in Schneider-Electric Sage RTU Firmware CWE-120: Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’) vulnerability exists that could allow a user with access to the device’s web interface to cause a fault on the device when sending a malformed HTTP request. | 8.1 |
| 2024-06-12 | CVE-2024-5560 | Unspecified vulnerability in Schneider-Electric Sage RTU Firmware CWE-125: Out-of-bounds Read vulnerability exists that could cause denial of service of the device’s web interface when an attacker sends a specially crafted HTTP request. | 7.5 |
| 2024-02-14 | CVE-2023-27975 | Unspecified vulnerability in Schneider-Electric products CWE-522: Insufficiently Protected Credentials vulnerability exists that could cause unauthorized access to the project file in EcoStruxure Control Expert when a local user tampers with the memory of the engineering workstation. | 7.1 |
| 2024-02-14 | CVE-2023-6409 | Unspecified vulnerability in Schneider-Electric products CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause unauthorized access to a project file protected with application password when opening the file with EcoStruxure Control Expert. | 7.7 |
| 2024-01-09 | CVE-2023-7032 | Unspecified vulnerability in Schneider-Electric Easergy Studio 9.3.5 A CWE-502: Deserialization of untrusted data vulnerability exists that could allow an attacker logged in with a user level account to gain higher privileges by providing a harmful serialized object. | 7.8 |
| 2023-12-14 | CVE-2023-6407 | Unspecified vulnerability in Schneider-Electric Easy UPS Online Monitoring Software 2.5Gs/2.5Gs0122320 A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause arbitrary file deletion upon service restart when accessed by a local and low-privileged attacker. | 7.1 |
| 2023-09-14 | CVE-2023-4516 | Unspecified vulnerability in Schneider-Electric Interactive Graphical Scada System A CWE-306: Missing Authentication for Critical Function vulnerability exists in the IGSS Update Service that could allow a local attacker to change update source, potentially leading to remote code execution when the attacker force an update containing malicious content. | 7.8 |
| 2023-07-12 | CVE-2023-29414 | Unspecified vulnerability in Schneider-Electric Accutech Manager 2.00.1/2.00.2/2.7 A CWE-120: Buffer Copy without Checking Size of Input (Classic Buffer Overflow) vulnerability exists that could cause user privilege escalation if a local user sends specific string input to a local function call. | 7.8 |