Vulnerabilities > Schneider Electric > High

DATE CVE VULNERABILITY TITLE RISK
2022-11-04 CVE-2022-41670 Unspecified vulnerability in Schneider-Electric products
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load malicious DLL which could result in execution of malicious code.
local
low complexity
schneider-electric
7.8
2022-11-04 CVE-2022-41669 Unspecified vulnerability in Schneider-Electric products
A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load a malicious DLL which could result in execution of malicious code.
local
low complexity
schneider-electric
7.8
2022-11-04 CVE-2022-41667 Unspecified vulnerability in Schneider-Electric products
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that allows adversaries with local user privileges to load a malicious DLL which could lead to execution of malicious code.
local
low complexity
schneider-electric
7.8
2022-11-04 CVE-2022-41668 Unspecified vulnerability in Schneider-Electric products
A CWE-704: Incorrect Project Conversion vulnerability exists that allows adversaries with local user privileges to load a project file from an adversary-controlled network share which could result in execution of malicious code.
local
low complexity
schneider-electric
7.8
2022-11-04 CVE-2022-41666 Unspecified vulnerability in Schneider-Electric products
A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists that allows adversaries with local user privileges to load a malicious DLL which could lead to execution of malicious code.
local
low complexity
schneider-electric
7.8
2022-07-13 CVE-2022-34753 Unspecified vulnerability in Schneider-Electric Spacelogic C-Bus Home Controller Firmware
A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause remote root exploit when the command is compromised.
network
low complexity
schneider-electric
8.8
2022-07-13 CVE-2022-34759 Unspecified vulnerability in Schneider-Electric products
A CWE-787: Out-of-bounds Write vulnerability exists that could cause a denial of service of the webserver due to improper parsing of the HTTP Headers.
network
low complexity
schneider-electric
7.5
2022-07-13 CVE-2022-34760 Unspecified vulnerability in Schneider-Electric products
A CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability exists that could cause a denial of service of the webserver due to improper handling of the cookies.
network
low complexity
schneider-electric
7.5
2022-07-13 CVE-2022-34761 Unspecified vulnerability in Schneider-Electric products
A CWE-476: NULL Pointer Dereference vulnerability exists that could cause a denial of service of the webserver when parsing JSON content type.
network
low complexity
schneider-electric
7.5
2022-07-13 CVE-2022-34762 Unspecified vulnerability in Schneider-Electric products
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause unauthorized firmware image loading when unsigned images are added to the firmware image path.
network
low complexity
schneider-electric
7.5