Vulnerabilities > Schneider Electric > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-02-06 | CVE-2018-7813 | Incorrect Type Conversion or Cast vulnerability in Schneider-Electric Guicon 2.0 A Type Confusion (CWE-843) vulnerability exists in Eurotherm by Schneider Electric GUIcon V2.0 (Gold Build 683.0) on pcwin.dll which could cause remote code to be executed when parsing a GD1 file | 7.8 |
| 2018-12-24 | CVE-2018-7837 | XXE vulnerability in Schneider-Electric Iiot Monior 3.1.38 An Improper Restriction of XML External Entity Reference ('XXE') vulnerability exists on numerous methods of the IIoT Monitor 3.1.38 software that could allow the software to resolve documents outside of the intended sphere of control, causing the software to embed incorrect documents into its output and expose restricted information. | 7.5 |
| 2018-12-24 | CVE-2018-7835 | Path Traversal vulnerability in Schneider-Electric Iiot Monior 3.1.38 An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in IIoT Monitor 3.1.38 which could allow access to files available to SYSTEM user. | 7.5 |
| 2018-12-24 | CVE-2018-7832 | Improper Input Validation vulnerability in Schneider-Electric Pro-Face Gp-Pro EX 4.00.000/4.07.300/4.08 An Improper Input Validation vulnerability exists in Pro-Face GP-Pro EX v4.08 and previous versions which could cause the execution arbitrary executable when GP-Pro EX is launched. | 8.8 |
| 2018-12-24 | CVE-2018-7802 | SQL Injection vulnerability in Schneider-Electric Evlink Parking Firmware 3.1.133/3.2.012 A SQL Injection vulnerability exists in EVLink Parking, v3.2.0-12_v1 and earlier, which could give access to the web interface with full privileges. | 8.8 |
| 2018-12-24 | CVE-2018-7801 | Code Injection vulnerability in Schneider-Electric Evlink Parking Firmware 3.1.133/3.2.012 A Code Injection vulnerability exists in EVLink Parking, v3.2.0-12_v1 and earlier, which could enable access with maximum privileges when a remote code execution is performed. | 8.8 |
| 2018-12-24 | CVE-2018-7793 | Unspecified vulnerability in Schneider-Electric products A Credential Management vulnerability exists in FoxView HMI SCADA (All Foxboro DCS, Foxboro Evo, and IA Series versions prior to Foxboro DCS Control Core Services 9.4 (CCS 9.4) and FoxView 10.5.) which could cause unauthorized disclosure, modification, or disruption in service when the password is modified without permission. | 8.7 |
| 2018-12-17 | CVE-2018-7833 | Improper Check for Unusual or Exceptional Conditions vulnerability in Schneider-Electric products An Improper Check for Unusual or Exceptional Conditions vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where an unauthenticated user can send a specially crafted XML data via a POST request to cause the web server to become unavailable | 7.5 |
| 2018-12-17 | CVE-2018-7812 | Information Exposure vulnerability in Schneider-Electric products An Information Exposure through Discrepancy vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where the web server sends different responses in a way that exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not. | 7.5 |
| 2018-11-30 | CVE-2018-7831 | Cross-site Scripting vulnerability in Schneider-Electric products An Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 allowing an attacker to send a specially crafted URL to a currently authenticated web server user to execute a password change on the web server. | 8.8 |