Vulnerabilities > Schneider Electric > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-11-30 | CVE-2018-7831 | Cross-site Scripting vulnerability in Schneider-Electric products An Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 allowing an attacker to send a specially crafted URL to a currently authenticated web server user to execute a password change on the web server. | 8.8 |
| 2018-11-30 | CVE-2018-7830 | HTTP Response Splitting vulnerability in Schneider-Electric products Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where a denial of service can occur for ~1 minute by sending a specially crafted HTTP request. | 7.5 |
| 2018-11-30 | CVE-2018-7807 | Path Traversal vulnerability in Schneider-Electric Struxureware Data Center Expert Data Center Expert, versions 7.5.0 and earlier, allows for the upload of a zip file from its user interface to the server. | 8.8 |
| 2018-11-30 | CVE-2018-7806 | Path Traversal vulnerability in Schneider-Electric Struxureware Data Center Operation Data Center Operation allows for the upload of a zip file from its user interface to the server. | 8.8 |
| 2018-11-02 | CVE-2018-7799 | Uncontrolled Search Path Element vulnerability in Schneider-Electric Software Update Utility A DLL hijacking vulnerability exists in Schneider Electric Software Update (SESU), all versions prior to V2.2.0, which could allow an attacker to execute arbitrary code on the targeted system when placing a specific DLL file. | 7.8 |
| 2018-11-02 | CVE-2018-7798 | Insufficient Verification of Data Authenticity vulnerability in Schneider-Electric Somachine Basic A Insufficient Verification of Data Authenticity (CWE-345) vulnerability exists in the Modicon M221, all versions, which could cause a change of IPv4 configuration (IP address, mask and gateway) when remotely connected to the device. | 8.2 |
| 2018-08-29 | CVE-2018-7792 | Missing Authorization vulnerability in Schneider-Electric Modicon M221 Firmware 1.1.1.5 A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). | 7.5 |
| 2018-08-29 | CVE-2018-7789 | Improper Check for Unusual or Exceptional Conditions vulnerability in Schneider-Electric Modicon M221 Firmware 1.1.1.5 An Improper Check for Unusual or Exceptional Conditions vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). | 7.5 |
| 2018-07-03 | CVE-2018-7783 | XXE vulnerability in Schneider-Electric Somachine Basic Schneider Electric SoMachine Basic prior to v1.6 SP1 suffers from an XML External Entity (XXE) vulnerability using the DTD parameter entities technique resulting in disclosure and retrieval of arbitrary data on the affected node via out-of-band (OOB) attack. | 7.5 |
| 2018-07-03 | CVE-2018-7782 | Insufficiently Protected Credentials vulnerability in Schneider-Electric products In Schneider Electric Pelco Sarix Professional 1st generation cameras with firmware versions prior to 3.29.69, authenticated users can view passwords in clear text. | 8.8 |