Vulnerabilities > Schneider Electric > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-02 | CVE-2017-9966 | Unspecified vulnerability in Schneider-Electric Pelco Videoxpert A privilege escalation vulnerability exists in Schneider Electric's Pelco VideoXpert Enterprise versions 2.0 and prior. | 7.1 |
| 2017-09-26 | CVE-2017-9961 | Unspecified vulnerability in Schneider-Electric Pro-Face GP PRO EX 4.07.000 A vulnerability exists in Schneider Electric's Pro-Face GP Pro EX version 4.07.000 that allows an attacker to execute arbitrary code. | 7.8 |
| 2017-09-26 | CVE-2017-9958 | Incorrect Permission Assignment for Critical Resource vulnerability in Schneider-Electric U.Motion Builder 1.2.1 An improper access control vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an improper handling of the system configuration can allow an attacker to execute arbitrary code under the context of root. | 7.8 |
| 2017-09-26 | CVE-2017-9956 | Use of Hard-coded Credentials vulnerability in Schneider-Electric U.Motion Builder 1.2.1 An authentication bypass vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the system contains a hard-coded valid session. | 7.3 |
| 2017-09-26 | CVE-2017-7969 | Cross-Site Request Forgery (CSRF) vulnerability in Schneider-Electric Citect Anywhere and Powerscada Anywhere A cross-site request forgery vulnerability exists on the Secure Gateway component of Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 for multiple state-changing requests. | 8.8 |
| 2017-07-07 | CVE-2017-9631 | NULL Pointer Dereference vulnerability in Schneider-Electric Wonderware Archestra Logger 2017.426.2307.1 A Null Pointer Dereference issue was discovered in Schneider Electric Wonderware ArchestrA Logger, versions 2017.426.2307.1 and prior. | 7.5 |
| 2017-07-07 | CVE-2017-9627 | Resource Exhaustion vulnerability in Schneider-Electric Wonderware Archestra Logger 2017.426.2307.1 An Uncontrolled Resource Consumption issue was discovered in Schneider Electric Wonderware ArchestrA Logger, versions 2017.426.2307.1 and prior. | 8.6 |
| 2017-06-30 | CVE-2017-6017 | Resource Exhaustion vulnerability in Schneider-Electric products A Resource Exhaustion issue was discovered in Schneider Electric Modicon M340 PLC BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP341000, BMXP342000, BMXP3420102, BMXP3420102CL, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, and BMXP342030H. | 7.5 |
| 2017-06-07 | CVE-2017-7966 | Uncontrolled Search Path Element vulnerability in Schneider-Electric Somachine 2.1.0 A DLL Hijacking vulnerability in the programming software in Schneider Electric's SoMachine HVAC v2.1.0 allows a remote attacker to execute arbitrary code on the targeted system. | 8.8 |
| 2017-06-07 | CVE-2017-7965 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Schneider-Electric Somachine Hvac 2.1.0 A buffer overflow vulnerability exists in Programming Software executable AlTracePrint.exe, in Schneider Electric's SoMachine HVAC v2.1.0 for Modicon M171/M172 Controller. | 7.3 |