Vulnerabilities > Schneider Electric > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-18 | CVE-2023-28003 | Unspecified vulnerability in Schneider-Electric Ecostruxure Power Monitoring Expert A CWE-613: Insufficient Session Expiration vulnerability exists that could allow an attacker to maintain unauthorized access over a hijacked session in PME after the legitimate user has signed out of their account. | 8.8 |
| 2023-04-18 | CVE-2023-25547 | Unspecified vulnerability in Schneider-Electric Struxureware Data Center Expert A CWE-863: Incorrect Authorization vulnerability exists that could allow remote code execution on upload and install packages when a hacker is using a low privileged user account. | 8.8 |
| 2023-04-18 | CVE-2023-25552 | Unspecified vulnerability in Schneider-Electric Struxureware Data Center Expert A CWE-862: Missing Authorization vulnerability exists that could allow viewing of unauthorized content, changes or deleting of content, or performing unauthorized functions when tampering the Device File Transfer settings on DCE endpoints. | 8.1 |
| 2023-04-18 | CVE-2023-25554 | Unspecified vulnerability in Schneider-Electric Struxureware Data Center Expert A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that allows a local privilege escalation on the appliance when a maliciously crafted Operating System command is entered on the device. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior) | 7.8 |
| 2023-04-18 | CVE-2023-25555 | Unspecified vulnerability in Schneider-Electric Struxureware Data Center Expert A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could allow a user that knows the credentials to execute unprivileged shell commands on the appliance over SSH. | 8.1 |
| 2023-04-18 | CVE-2023-29413 | Unspecified vulnerability in Schneider-Electric products A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause Denial-of-Service when accessed by an unauthenticated user on the Schneider UPS Monitor service. | 7.5 |
| 2023-04-18 | CVE-2022-43377 | Unspecified vulnerability in Schneider-Electric products A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could cause account takeover when a brute force attack is performed on the account. Affected Products: NetBotz 4 - 355/450/455/550/570 (V4.7.0 and prior) | 7.5 |
| 2023-04-18 | CVE-2023-25556 | Unspecified vulnerability in Schneider-Electric products A CWE-287: Improper Authentication vulnerability exists that could allow a device to be compromised when a key of less than seven digits is entered and the attacker has access to the KNX installation. low complexity schneider-electric | 8.8 |
| 2023-04-18 | CVE-2023-27976 | Unspecified vulnerability in Schneider-Electric Ecostruxure Control Expert 15.1 A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that could cause remote code execution when a valid user visits a malicious link provided through the web endpoints. | 8.8 |
| 2023-03-21 | CVE-2023-27984 | Unspecified vulnerability in Schneider-Electric Custom Reports, Igss Dashboard and Igss Data Server A CWE-20: Improper Input Validation vulnerability exists in Custom Reports that could cause a macro to be executed, potentially leading to remote code execution when a user opens a malicious report file planted by an attacker. | 8.8 |