Vulnerabilities > Schneider Electric > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-09-17 | CVE-2019-6832 | Improper Authentication vulnerability in Schneider-Electric Spacelynk Firmware and Wiser for KNX Firmware A CWE-287: Authentication vulnerability exists in spaceLYnk (all versions before 2.4.0) and Wiser for KNX (all versions before 2.4.0 - formerly known as homeLYnk), which could cause loss of control when an attacker bypasses the authentication. | 8.3 |
| 2019-09-17 | CVE-2019-6831 | Improper Check for Unusual or Exceptional Conditions vulnerability in Schneider-Electric Bmxnor0200H Firmware A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in BMXNOR0200H Ethernet / Serial RTU module (all firmware versions), which could cause disconnection of active connections when an unusually high number of IEC 60870- 5-104 packets are received by the module on port 2404/TCP. | 8.6 |
| 2019-09-17 | CVE-2019-6829 | Improper Handling of Exceptional Conditions vulnerability in Schneider-Electric Modicon M340 Firmware and Modicon M580 Firmware A CWE-248: Uncaught Exception vulnerability exists in Modicon M580 (firmware version prior to V2.90) and Modicon M340 (firmware version prior to V3.10), which could cause a possible denial of service when writing to specific memory addresses in the controller over Modbus. | 7.5 |
| 2019-09-17 | CVE-2019-6828 | Improper Handling of Exceptional Conditions vulnerability in Schneider-Electric products A CWE-248: Uncaught Exception vulnerability exists Modicon M580 (firmware version prior to V2.90), Modicon M340 (firmware version prior to V3.10), Modicon Premium (all versions), and Modicon Quantum (all versions), which could cause a possible denial of service when reading specific coils and registers in the controller over Modbus. | 7.5 |
| 2019-09-17 | CVE-2019-6826 | Untrusted Search Path vulnerability in Schneider-Electric Somachine Hvac 2.1.0/2.4.1 A CWE-426: Untrusted Search Path vulnerability exists in SoMachine HVAC v2.4.1 and earlier versions, which could cause arbitrary code execution on the system running SoMachine HVAC when a malicious DLL library is loaded by the product. | 7.8 |
| 2019-09-17 | CVE-2019-6813 | Improper Check for Unusual or Exceptional Conditions vulnerability in Schneider-Electric Bmxnor0200H Firmware and Modicon M340 Firmware A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in BMXNOR0200H Ethernet / Serial RTU module (all firmware versions) and Modicon M340 controller (all firmware versions), which could cause denial of service when truncated SNMP packets on port 161/UDP are received by the device. | 7.5 |
| 2019-09-17 | CVE-2019-6811 | Improper Check for Unusual or Exceptional Conditions vulnerability in Schneider-Electric products An Improper Check for Unusual or Exceptional Conditions (CWE-754) vulnerability exists in Modicon Quantum 140 NOE771x1 version 6.9 and earlier, which could cause denial of service when the module receives an IP fragmented packet with a length greater than 65535 bytes. | 7.5 |
| 2019-09-17 | CVE-2019-6810 | Unspecified vulnerability in Schneider-Electric Bmxnor0200H Firmware CWE-284: Improper Access Control vulnerability exists in BMXNOR0200H Ethernet / Serial RTU module (all firmware versions), which could cause the execution of commands by unauthorized users when using IEC 60870-5-104 protocol. | 8.8 |
| 2019-09-17 | CVE-2019-6809 | Improper Handling of Exceptional Conditions vulnerability in Schneider-Electric products A CWE-248: Uncaught Exception vulnerability exists in Modicon M580 (firmware versions prior to V2.90), Modicon M340 (firmware versions prior to V3.10), Modicon Premium (all versions), Modicon Quantum (all versions), which could cause a possible denial of service when reading invalid data from the controller. | 7.5 |
| 2019-07-15 | CVE-2019-6827 | Out-of-bounds Write vulnerability in Schneider-Electric Interactive Graphical Scada System A CWE-787: Out-of-bounds Write vulnerability exists in Interactive Graphical SCADA System (IGSS), Version 14 and prior, which could cause a software crash when data in the mdb database is manipulated. | 7.8 |