Vulnerabilities > Schneider Electric > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-05-22 | CVE-2018-7816 | Unspecified vulnerability in Schneider-Electric products A Permissions, Privileges, and Access Control vulnerability exists in the web-based GUI of the 1st Gen Pelco Sarix Enhanced Camera that could allow a remote attacker to delete an arbitrary file. | 6.5 |
| 2019-05-22 | CVE-2018-7788 | Unspecified vulnerability in Schneider-Electric Modicon Quantum Firmware A CWE-255 Credentials Management vulnerability exists in Modicon Quantum with firmware versions prior to V2.40. | 6.5 |
| 2019-03-21 | CVE-2015-6462 | Cross-site Scripting vulnerability in Schneider-Electric products Reflected Cross-Site Scripting (nonpersistent) allows an attacker to craft a specific URL, which contains Java script that will be executed on the Schneider Electric Modicon BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, or BMXP342030H PLC client browser. | 5.4 |
| 2019-03-21 | CVE-2015-6461 | Improper Input Validation vulnerability in Schneider-Electric products Remote file inclusion allows an attacker to craft a specific URL referencing the Schneider Electric Modicon BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, or BMXP342030H PLC web server, which, when launched, will result in the browser redirecting to a remote file via a Java script loaded with the web page. | 5.4 |
| 2019-02-06 | CVE-2018-7839 | Cryptographic Issues vulnerability in Schneider-Electric Iiot Monitor 3.1.38 A Cryptographic Issue (CWE-310) vulnerability exists in IIoT Monitor 3.1.38 which could allow information disclosure. | 5.5 |
| 2018-12-24 | CVE-2018-7796 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Schneider-Electric Powersuite 2 A Buffer Error vulnerability exists in PowerSuite 2, all released versions (VW3A8104 & Patches), which could cause an overflow in the memcpy function, leading to corruption of data and program instability. | 6.3 |
| 2018-12-17 | CVE-2018-7804 | Open Redirect vulnerability in Schneider-Electric products A URL Redirection to Untrusted Site vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where a user clicking on a specially crafted link can be redirected to a URL of the attacker's choosing. | 6.1 |
| 2018-12-17 | CVE-2018-7797 | Open Redirect vulnerability in Schneider-Electric products A URL redirection vulnerability exists in Power Monitoring Expert, Energy Expert (formerly Power Manager) - EcoStruxure Power Monitoring Expert (PME) v8.2 (all editions), EcoStruxure Energy Expert 1.3 (formerly Power Manager), EcoStruxure Power SCADA Operation (PSO) 8.2 Advanced Reports and Dashboards Module, EcoStruxure Power Monitoring Expert (PME) v9.0, EcoStruxure Energy Expert v2.0, and EcoStruxure Power SCADA Operation (PSO) 9.0 Advanced Reports and Dashboards Module which could cause a phishing attack when redirected to a malicious site. | 6.1 |
| 2018-11-30 | CVE-2018-7810 | Cross-site Scripting vulnerability in Schneider-Electric products An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 allowing an attacker to craft a URL containing JavaScript that will be executed within the user's browser, potentially impacting the machine the browser is running on. | 6.1 |
| 2018-08-29 | CVE-2018-7795 | Cross-site Scripting vulnerability in Schneider-Electric Powerlogic Pm5560 Firmware 1.0 A Cross Protocol Injection vulnerability exists in Schneider Electric's PowerLogic (PM5560 prior to FW version 2.5.4) product. | 6.1 |