Vulnerabilities > Schneider Electric > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-30 | CVE-2022-22732 | Unspecified vulnerability in Schneider-Electric Ecostruxure Power Commission A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that could cause all remote domains to access the resources (data) supplied by the server when an attacker sends a fetch request from third-party site or malicious site. | 7.5 |
| 2023-01-30 | CVE-2022-32512 | Unspecified vulnerability in Schneider-Electric Canbrass A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause remote code execution when a command which exploits this vulnerability is utilized. | 7.8 |
| 2023-01-30 | CVE-2022-32521 | Unspecified vulnerability in Schneider-Electric Data Center Expert A CWE 502: Deserialization of Untrusted Data vulnerability exists that could allow code to be remotely executed on the server when unsafely deserialized data is posted to the web server. | 8.8 |
| 2023-01-30 | CVE-2022-32747 | Unspecified vulnerability in Schneider-Electric Ecostruxure Cybersecurity Admin Expert 2.2 A CWE-290: Authentication Bypass by Spoofing vulnerability exists that could cause legitimate users to be locked out of devices or facilitate backdoor account creation by spoofing a device on the local network. low complexity schneider-electric | 8.1 |
| 2023-01-30 | CVE-2022-32748 | Unspecified vulnerability in Schneider-Electric Ecostruxure Cybersecurity Admin Expert 2.2 A CWE-295: Improper Certificate Validation vulnerability exists that could cause the CAE software to give wrong data to end users when using CAE to configure devices. high complexity schneider-electric | 8.3 |
| 2023-01-30 | CVE-2022-2988 | Unspecified vulnerability in Schneider-Electric Ecostruxure Machine Expert - Hvac and Somachine Hvac A CWE-787: Out-of-bounds Write vulnerability exists that could cause sensitive information leakage when accessing a malicious web page from the commissioning software. | 7.5 |
| 2022-11-22 | CVE-2022-0222 | Improper Privilege Management vulnerability in Schneider-Electric products A CWE-269: Improper Privilege Management vulnerability exists that could cause a denial of service of the Ethernet communication of the controller when sending a specific request over SNMP. | 7.5 |
| 2022-11-22 | CVE-2022-37301 | Unspecified vulnerability in Schneider-Electric products A CWE-191: Integer Underflow (Wrap or Wraparound) vulnerability exists that could cause a denial of service of the controller due to memory access violations when using the Modbus TCP protocol. | 7.5 |
| 2022-11-04 | CVE-2022-41671 | Unspecified vulnerability in Schneider-Electric products A CWE-89: Improper Neutralization of Special Elements used in SQL Command (‘SQL Injection’) vulnerability exists that allows adversaries with local user privileges to craft a malicious SQL query and execute as part of project migration which could result in execution of malicious code. | 7.8 |
| 2022-11-04 | CVE-2022-41670 | Unspecified vulnerability in Schneider-Electric products A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load malicious DLL which could result in execution of malicious code. | 7.8 |