Vulnerabilities > Schneider Electric > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-07-13 | CVE-2022-34763 | Unspecified vulnerability in Schneider-Electric products A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists that could cause loading of unauthorized firmware images due to improper verification of the firmware signature. | 7.5 |
| 2022-07-13 | CVE-2022-34764 | Unspecified vulnerability in Schneider-Electric products A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause denial of service when parsing the URL. | 7.5 |
| 2022-06-24 | CVE-2022-32530 | Unspecified vulnerability in Schneider-Electric GEO Scada Mobile 2020 A CWE-668 Exposure of Resource to Wrong Sphere vulnerability exists that could cause users to be misled, hiding alarms, showing the wrong server connection option or the wrong control request when a mobile device has been compromised by a malicious application. | 7.8 |
| 2022-06-02 | CVE-2022-30232 | Unspecified vulnerability in Schneider-Electric Powerlogic ION Setup Firmware A CWE-20: Improper Input Validation vulnerability exists that could cause potential remote code execution when an attacker is able to intercept and modify a request on the same network or has configuration access to an ION device on the network. | 8.8 |
| 2022-06-02 | CVE-2022-30236 | Unspecified vulnerability in Schneider-Electric products A CWE-669: Incorrect Resource Transfer Between Spheres vulnerability exists that could allow unauthorized access when an attacker uses cross-domain attacks. | 8.2 |
| 2022-06-02 | CVE-2022-30237 | Unspecified vulnerability in Schneider-Electric products A CWE-311: Missing Encryption of Sensitive Data vulnerability exists that could allow authentication credentials to be recovered when an attacker breaks the encoding. | 7.5 |
| 2022-06-02 | CVE-2022-30238 | Unspecified vulnerability in Schneider-Electric products A CWE-287: Improper Authentication vulnerability exists that could allow an attacker to take over the admin account when an attacker hijacks a session. | 8.8 |
| 2022-04-13 | CVE-2019-6834 | Unspecified vulnerability in Schneider-Electric Software Update 2.1.1/2.3.0 A CWE-502: Deserialization of Untrusted Data vulnerability exists which could allow an attacker to execute arbitrary code on the targeted system with SYSTEM privileges when placing a malicious user to be authenticated for this vulnerability to be successfully exploited. | 7.8 |
| 2022-04-13 | CVE-2021-22797 | Unspecified vulnerability in Schneider-Electric products A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal) vulnerability exists that could cause malicious script to be deployed in an unauthorized location and may result in code execution on the engineering workstation when a malicious project file is loaded in the engineering software. | 7.8 |
| 2022-04-03 | CVE-2021-30062 | On Schneider Electric ConneXium Tofino OPCLSM TCSEFM0000 before 03.23 and Belden Tofino Xenon Security Appliance, crafted OPC packets can bypass the OPC enforcer. | 7.5 |