Vulnerabilities > Schneider Electric > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-21 | CVE-2023-27981 | Unspecified vulnerability in Schneider-Electric Custom Reports, Igss Dashboard and Igss Data Server A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists in Custom Reports that could cause a remote code execution when a victim tries to open a malicious report. | 8.8 |
| 2023-03-21 | CVE-2023-27978 | Unspecified vulnerability in Schneider-Electric Custom Reports, Igss Dashboard and Igss Data Server A CWE-502: Deserialization of Untrusted Data vulnerability exists in the Dashboard module that could cause an interpretation of malicious payload data, potentially leading to remote code execution when an attacker gets the user to open a malicious file. | 7.8 |
| 2023-03-21 | CVE-2023-27982 | Unspecified vulnerability in Schneider-Electric Custom Reports, Igss Dashboard and Igss Data Server A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server that could cause manipulation of dashboard files in the IGSS project report directory, when an attacker sends specific crafted messages to the Data Server TCP port, this could lead to remote code execution when a victim eventually opens a malicious dashboard file. | 8.8 |
| 2023-03-21 | CVE-2023-27980 | Unspecified vulnerability in Schneider-Electric Custom Reports, Igss Dashboard and Igss Data Server A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Data Server TCP interface that could allow the creation of a malicious report file in the IGSS project report directory, this could lead to remote code execution when a victim eventually opens the report. | 8.8 |
| 2023-02-01 | CVE-2021-22786 | Unspecified vulnerability in Schneider-Electric products A CWE-200: Information Exposure vulnerability exists that could cause the exposure of sensitive information stored on the memory of the controller when communicating over the Modbus TCP protocol. | 7.5 |
| 2023-02-01 | CVE-2022-42972 | Unspecified vulnerability in Schneider-Electric products A CWE-732: Incorrect Permission Assignment for Critical Resource vulnerability exists that could cause local privilege escalation when a local attacker modifies the webroot directory. | 7.8 |
| 2023-02-01 | CVE-2022-42973 | Unspecified vulnerability in Schneider-Electric products A CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause local privilege escalation when local attacker connects to the database. | 7.8 |
| 2023-02-01 | CVE-2022-4062 | Unspecified vulnerability in Schneider-Electric Ecostruxure Power Commission 2.22/2.25 A CWE-285: Improper Authorization vulnerability exists that could cause unauthorized access to certain software functions when an attacker gets access to localhost interface of the EcoStruxure Power Commission application. | 7.8 |
| 2023-01-31 | CVE-2023-22610 | Unspecified vulnerability in Schneider-Electric products A CWE-863: Incorrect Authorization vulnerability exists that could cause Denial of Service against the Geo SCADA server when specific messages are sent to the server over the database server TCP port. | 7.5 |
| 2023-01-31 | CVE-2023-22611 | Unspecified vulnerability in Schneider-Electric products A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could cause information disclosure when specific messages are sent to the server over the database server TCP port. | 7.5 |