Vulnerabilities > Schneider Electric > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-05-22 | CVE-2018-7829 | Improper Neutralization of Special Elements in Data Query Logic vulnerability in Schneider-Electric products An Improper Neutralization of Special Elements in Query vulnerability exists in the 1st Gen. | 8.8 |
| 2019-05-22 | CVE-2018-7828 | Cross-Site Request Forgery (CSRF) vulnerability in Schneider-Electric products A Cross-Site Request Forgery (CSRF) vulnerability exists in the 1st Gen. | 8.8 |
| 2019-05-22 | CVE-2018-7826 | Command Injection vulnerability in Schneider-Electric products A Command Injection vulnerability exists in the web-based GUI of the 1st Gen Pelco Sarix Enhanced Camera that could allow a remote attacker to execute arbitrary commands. | 8.8 |
| 2019-05-22 | CVE-2018-7825 | Command Injection vulnerability in Schneider-Electric products A Command Injection vulnerability exists in the web-based GUI of the 1st Gen PelcoSarix Enhanced Camera that could allow a remote attacker to execute arbitrary commands. | 8.8 |
| 2019-05-22 | CVE-2018-7821 | Allocation of Resources Without Limits or Throttling vulnerability in Schneider-Electric Modicon M221 Firmware and Somachine Basic An Environment (CWE-2) vulnerability exists in SoMachine Basic, all versions, and Modicon M221(all references, all versions prior to firmware V1.10.0.0) which could cause cycle time impact when flooding the M221 ethernet interface while the Ethernet/IP adapter is activated. | 7.5 |
| 2019-04-17 | CVE-2019-10953 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - Programmable Logic Controllers, multiple versions. | 7.5 |
| 2019-03-25 | CVE-2015-1014 | Uncontrolled Search Path Element vulnerability in Schneider-Electric OPC Factory Server 3.5 A successful exploit of these vulnerabilities requires the local user to load a crafted DLL file in the system directory on servers running Schneider Electric OFS v3.5 with version v7.40 of SCADA Expert Vijeo Citect/CitectSCADA, OFS v3.5 with version v7.30 of Vijeo Citect/CitectSCADA, and OFS v3.5 with version v7.20 of Vijeo Citect/CitectSCADA.. | 7.3 |
| 2019-02-06 | CVE-2018-7817 | Use After Free vulnerability in Schneider-Electric Zelio Soft 2 4.6/5.0/5.1 A Use After Free (CWE-416) vulnerability exists in Zelio Soft 2 v5.1 and prior versions which could cause remote code execution when opening a specially crafted Zelio Soft project file. | 7.8 |
| 2019-02-06 | CVE-2018-7815 | Incorrect Type Conversion or Cast vulnerability in Schneider-Electric Guicon 2.0 A Type Confusion (CWE-843) vulnerability exists in Eurotherm by Schneider Electric GUIcon V2.0 (Gold Build 683.0) on c3core.dll which could cause remote code to be executed when parsing a GD1 file | 7.8 |
| 2019-02-06 | CVE-2018-7814 | Out-of-bounds Write vulnerability in Schneider-Electric Guicon 2.0 A Stack-based Buffer Overflow (CWE-121) vulnerability exists in Eurotherm by Schneider Electric GUIcon V2.0 (Gold Build 683.0) which could cause remote code to be executed when parsing a GD1 file | 7.8 |