Vulnerabilities > Schneider Electric > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-11 | CVE-2024-5680 | Unspecified vulnerability in Schneider-Electric Ecostruxure Foxboro DCS Control Core Services CWE-129: Improper Validation of Array Index vulnerability exists that could cause local denial-of-service when a malicious actor with local user access crafts a script/program using an IOCTL call in the Foxboro.sys driver. | 5.5 |
| 2024-07-11 | CVE-2024-6528 | Unspecified vulnerability in Schneider-Electric products CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause a vulnerability leading to a cross-site scripting condition where attackers can have a victim’s browser run arbitrary JavaScript when they visit a page containing the injected payload. | 6.1 |
| 2024-06-12 | CVE-2024-5559 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Schneider-Electric Powerlogic P5 Firmware CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists that could cause denial of service, device reboot, or an attacker gaining full control of the relay when a specially crafted reset token is entered into the front panel of the device. | 6.8 |
| 2024-06-12 | CVE-2024-5557 | Unspecified vulnerability in Schneider-Electric Spacelogic As-B Firmware and Spacelogic As-P Firmware CWE-532: Insertion of Sensitive Information into Log File vulnerability exists that could cause exposure of SNMP credentials when an attacker has access to the controller logs. low complexity schneider-electric | 4.5 |
| 2024-06-12 | CVE-2024-5558 | Unspecified vulnerability in Schneider-Electric Spacelogic As-B Firmware and Spacelogic As-P Firmware CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability exists that could cause escalation of privileges when an attacker abuses a limited admin account. | 6.4 |
| 2024-06-12 | CVE-2024-5313 | Unspecified vulnerability in Schneider-Electric Evlink Home Firmware 2.0.3.8.2128/2.0.4.1.2131 CWE-668: Exposure of the Resource Wrong Sphere vulnerability exists that exposes a SSH interface over the product network interface. | 6.5 |
| 2024-06-12 | CVE-2024-5056 | Unspecified vulnerability in Schneider-Electric products CWE-552: Files or Directories Accessible to External Parties vulnerability exists which may prevent user to update the device firmware and prevent proper behavior of the webserver when specific files or directories are removed from the filesystem. | 6.5 |
| 2023-12-14 | CVE-2023-5629 | Unspecified vulnerability in Schneider-Electric products A CWE-601:URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability exists that could cause disclosure of information through phishing attempts over HTTP. | 6.1 |
| 2023-12-14 | CVE-2023-5630 | Unspecified vulnerability in Schneider-Electric products A CWE-494: Download of Code Without Integrity Check vulnerability exists that could allow a privileged user to install an untrusted firmware. | 4.9 |
| 2023-11-15 | CVE-2023-5984 | Unspecified vulnerability in Schneider-Electric Ion8650 Firmware and Ion8800 Firmware A CWE-494 Download of Code Without Integrity Check vulnerability exists that could allow modified firmware to be uploaded when an authorized admin user begins a firmware update procedure which could result in full control over the device. | 4.9 |