Vulnerabilities > Schneider Electric > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-26 | CVE-2017-7971 | Improper Certificate Validation vulnerability in Schneider-Electric Citect Anywhere and Powerscada Anywhere A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the use of outdated cipher suites and improper verification of peer SSL Certificate. | 6.5 |
| 2017-09-26 | CVE-2017-7970 | Unspecified vulnerability in Schneider-Electric Citect Anywhere and Powerscada Anywhere A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the ability to specify Arbitrary Server Target Nodes in connection requests to the Secure Gateway and Server components. low complexity schneider-electric | 6.5 |
| 2017-06-30 | CVE-2017-6032 | Improperly Implemented Security Check for Standard vulnerability in Schneider-Electric Modbus Firmware A Violation of Secure Design Principles issue was discovered in Schneider Electric Modicon Modbus Protocol. | 5.3 |
| 2017-06-30 | CVE-2017-6030 | Insufficient Entropy vulnerability in Schneider-Electric products A Predictable Value Range from Previous Values issue was discovered in Schneider Electric Modicon PLCs Modicon M221, firmware versions prior to Version 1.5.0.0, Modicon M241, firmware versions prior to Version 4.0.5.11, and Modicon M251, firmware versions prior to Version 4.0.5.11. | 6.5 |
| 2017-05-19 | CVE-2017-7907 | XXE vulnerability in Schneider-Electric Wonderware Historian Client 2014R2 An Improper XML Parser Configuration issue was discovered in Schneider Electric Wonderware Historian Client 2014 R2 SP1 and prior. | 6.6 |
| 2017-05-09 | CVE-2017-7967 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Schneider-Electric Vampset 2.2.145 All versions of VAMPSET software produced by Schneider Electric, prior to V2.2.189, are susceptible to a memory corruption vulnerability when a corrupted vf2 file is used. | 5.5 |
| 2017-04-30 | CVE-2017-8371 | Insufficiently Protected Credentials vulnerability in Schneider-Electric Struxureware Data Center Expert 7.3.1 Schneider Electric StruxureWare Data Center Expert before 7.4.0 uses cleartext RAM storage for passwords, which might allow remote attackers to obtain sensitive information via unspecified vectors. | 6.8 |
| 2017-02-13 | CVE-2017-5157 | Cross-site Scripting vulnerability in Schneider Electric Homelynk Controller Lss100100 Firmware 1.3.0 An issue was discovered in Schneider Electric homeLYnk Controller, LSS100100, all versions prior to V1.5.0. | 6.1 |
| 2017-02-13 | CVE-2016-8367 | Resource Exhaustion vulnerability in Schneider-Electric products An issue was discovered in Schneider Electric Magelis HMI Magelis GTO Advanced Optimum Panels, all versions, Magelis GTU Universal Panel, all versions, Magelis STO5xx and STU Small panels, all versions, Magelis XBT GH Advanced Hand-held Panels, all versions, Magelis XBT GK Advanced Touchscreen Panels with Keyboard, all versions, Magelis XBT GT Advanced Touchscreen Panels, all versions, and Magelis XBT GTW Advanced Open Touchscreen Panels (Windows XPe). | 5.3 |
| 2016-06-26 | CVE-2016-4513 | Cross-site Scripting vulnerability in Schneider-Electric Powerlogic Pm8Ecc Firmware 2.60 Cross-site scripting (XSS) vulnerability in the Schneider Electric PowerLogic PM8ECC module before 2.651 for PowerMeter 800 devices allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.1 |