Vulnerabilities > Schneider Electric > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-05-19 | CVE-2017-7968 | Incorrect Default Permissions vulnerability in Schneider-Electric Wonderware Indusoft web Studio 6.1/7.1/8.0 An Incorrect Default Permissions issue was discovered in Schneider Electric Wonderware InduSoft Web Studio v8.0 Patch 3 and prior versions. | 7.8 |
| 2017-04-07 | CVE-2017-6033 | Uncontrolled Search Path Element vulnerability in Schneider-Electric Interactive Graphical Scada System 10.0/12.0/9.0 A DLL Hijacking issue was discovered in Schneider Electric Interactive Graphical SCADA System (IGSS) Software, Version 12 and previous versions. | 7.8 |
| 2017-04-07 | CVE-2017-6019 | Resource Exhaustion vulnerability in Schneider-Electric Conext Combox 865-1058 Firmware 3.03 An issue was discovered in Schneider Electric Conext ComBox, model 865-1058, all firmware versions prior to V3.03 BN 830. | 7.5 |
| 2017-02-13 | CVE-2017-5155 | Insecure Default Initialization of Resource vulnerability in Schneider-Electric Wonderware Historian 2014R2Sp1P01 An issue was discovered in Schneider Electric Wonderware Historian 2014 R2 SP1 P01 and earlier. | 7.3 |
| 2017-02-13 | CVE-2016-8374 | Resource Exhaustion vulnerability in Schneider-Electric products An issue was discovered in Schneider Electric Magelis HMI Magelis GTO Advanced Optimum Panels, all versions, Magelis GTU Universal Panel, all versions, Magelis STO5xx and STU Small panels, all versions, Magelis XBT GH Advanced Hand-held Panels, all versions, Magelis XBT GK Advanced Touchscreen Panels with Keyboard, all versions, Magelis XBT GT Advanced Touchscreen Panels, all versions, and Magelis XBT GTW Advanced Open Touchscreen Panels (Windows XPe). | 7.5 |
| 2017-02-13 | CVE-2016-8354 | Code Injection vulnerability in Schneider-Electric Unity PRO 11.0/6.0/7.0 An issue was discovered in Schneider Electric Unity PRO prior to V11.1. | 7.0 |
| 2017-02-13 | CVE-2016-5809 | Cross-Site Request Forgery (CSRF) vulnerability in Schneider-Electric products An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. | 8.8 |
| 2016-07-15 | CVE-2016-4529 | Unspecified vulnerability in Schneider-Electric Somachine Hvac Firmware 2.0.2 An unspecified ActiveX control in Schneider Electric SoMachine HVAC Programming Software for M171/M172 Controllers before 2.1.0 allows remote attackers to execute arbitrary code via unknown vectors, related to the INTERFACESAFE_FOR_UNTRUSTED_CALLER (aka safe for scripting) flag. | 7.3 |
| 2016-04-06 | CVE-2016-2290 | Out-of-bounds Write vulnerability in Schneider-Electric products Heap-based buffer overflow in Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before 4.05.000, PFXEXEDLS before 4.05.000, and PFXEXGRPLS before 4.05.000 allows remote attackers to execute arbitrary code via unspecified vectors. | 8.8 |
| 2016-03-02 | CVE-2016-2278 | Improper Access Control vulnerability in Schneider-Electric products Schneider Electric Struxureware Building Operations Automation Server AS 1.7 and earlier and AS-P 1.7 and earlier allows remote authenticated administrators to execute arbitrary OS commands by defeating an msh (aka Minimal Shell) protection mechanism. | 7.2 |