Vulnerabilities > Schneider Electric > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-03 | CVE-2021-30063 | On Schneider Electric ConneXium Tofino OPCLSM TCSEFM0000 before 03.23 and Belden Tofino Xenon Security Appliance, crafted OPC packets can cause an OPC enforcer denial of service. | 7.5 |
| 2022-04-03 | CVE-2021-30065 | On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, crafted ModBus packets can bypass the ModBus enforcer. | 7.5 |
| 2022-03-18 | CVE-2020-25178 | Cleartext Transmission of Sensitive Information vulnerability in multiple products ISaGRAF Workbench communicates with Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x using TCP/IP. | 8.8 |
| 2022-03-09 | CVE-2021-22783 | Unspecified vulnerability in Schneider-Electric Ritto Wiser Door A CWE-200: Information Exposure vulnerability exists which could allow a session hijack when the door panel is communicating with the door. low complexity schneider-electric | 7.6 |
| 2022-02-11 | CVE-2021-22748 | Unspecified vulnerability in Schneider-Electric C-Bus Toolkit 1.15.7/1.15.8 A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could allow a remote code execution when a file is saved. | 8.8 |
| 2022-02-11 | CVE-2021-22785 | Information Exposure vulnerability in Schneider-Electric products A CWE-200: Information Exposure vulnerability exists that could cause sensitive information of files located in the web root directory to leak when an attacker sends a HTTP request to the web server of the device. | 7.5 |
| 2022-02-11 | CVE-2021-22787 | Improper Input Validation vulnerability in Schneider-Electric products A CWE-20: Improper Input Validation vulnerability exists that could cause denial of service of the device when an attacker sends a specially crafted HTTP request to the web server of the device. | 7.5 |
| 2022-02-11 | CVE-2021-22788 | Out-of-bounds Write vulnerability in Schneider-Electric products A CWE-787: Out-of-bounds Write vulnerability exists that could cause denial of service when an attacker sends a specially crafted HTTP request to the web server of the device. | 7.5 |
| 2022-02-11 | CVE-2021-22796 | Unspecified vulnerability in Schneider-Electric C-Gate Server 2.11.7 A CWE-287: Improper Authentication vulnerability exists that could allow remote code execution when a malicious file is uploaded. | 7.8 |
| 2022-02-11 | CVE-2021-22798 | Unspecified vulnerability in Schneider-Electric Conext Combox Firmware A CWE-522: Insufficiently Protected Credentials vulnerability exists that could cause Sensitive data such as login credentials being exposed when a Network is sniffed. | 7.5 |