Vulnerabilities > Schneider Electric > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-16 | CVE-2020-7530 | Unspecified vulnerability in Schneider-Electric Scadapack 7X Remote Connect 3.6.3.574 A CWE-285 Improper Authorization vulnerability exists in SCADAPack 7x Remote Connect (V3.6.3.574 and prior) which allows improper access to executable code folders. | 8.8 |
| 2020-09-16 | CVE-2020-7528 | Unspecified vulnerability in Schneider-Electric Scadapack 7X Remote Connect 3.6.3.574 A CWE-502 Deserialization of Untrusted Data vulnerability exists in SCADAPack 7x Remote Connect (V3.6.3.574 and prior) which could allow arbitrary code execution when an attacker builds a custom .PRJ file containing a malicious serialized buffer. | 7.8 |
| 2020-08-31 | CVE-2020-7527 | Unspecified vulnerability in Schneider-Electric Somove Incorrect Default Permission vulnerability exists in SoMove (V2.8.1) and prior which could cause elevation of privilege and provide full access control to local system users to SoMove component and services when a SoMove installer script is launched. | 7.8 |
| 2020-08-31 | CVE-2020-7525 | Unspecified vulnerability in Schneider-Electric Spacelynk Firmware and Wiser for KNX Firmware Improper Restriction of Excessive Authentication Attempts vulnerability exists in all hardware versions of spaceLYnk and Wiser for KNX (formerly homeLYnk) which could allow an attacker to guess a password when brute force is used. | 7.5 |
| 2020-08-31 | CVE-2020-7524 | Unspecified vulnerability in Schneider-Electric Modicon M218 Firmware 4.3/5.0.0.7 Out-of-bounds Write vulnerability exists in Modicon M218 Logic Controller (V5.0.0.7 and prior) which could cause Denial of Service when sending specific crafted IPV4 packet to the controller: Sending a specific IPv4 protocol package to Schneider Electric Modicon M218 Logic Controller can cause IPv4 devices to go down. | 7.5 |
| 2020-08-31 | CVE-2020-7523 | Unspecified vulnerability in Schneider-Electric Modbus Driver Suite and Modbus Serial Driver Improper Privilege Management vulnerability exists in Schneider Electric Modbus Serial Driver (see security notification for versions) which could cause local privilege escalation when the Modbus Serial Driver service is invoked. | 7.8 |
| 2020-07-23 | CVE-2020-7519 | Weak Password Requirements vulnerability in Schneider-Electric Easergy Builder 1.4.7.2 A CWE-521: Weak Password Requirements vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker to compromise a user account. | 7.5 |
| 2020-07-23 | CVE-2020-7518 | Improper Input Validation vulnerability in Schneider-Electric Easergy Builder 1.4.7.2 A CWE-20: Improper input validation vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker to modify project configuration files. | 7.5 |
| 2020-07-23 | CVE-2020-7516 | Unspecified vulnerability in Schneider-Electric Easergy Builder 1.4.7.2 A CWE-316: Cleartext Storage of Sensitive Information in Memory vulnerability exists in Easergy Builder V1.4.7.2 and prior which could allow an attacker access to login credentials. | 7.8 |
| 2020-07-23 | CVE-2020-7515 | Unspecified vulnerability in Schneider-Electric Easergy Builder 1.4.7.2 A CWE-321: Use of hard-coded cryptographic key stored in cleartext vulnerability exists in Easergy Builder V1.4.7.2 and prior which could allow an attacker to decrypt a password. | 7.8 |