Vulnerabilities > Schneider Electric > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-18 | CVE-2023-25553 | Unspecified vulnerability in Schneider-Electric Struxureware Data Center Expert A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists on a DCE endpoint through the logging capabilities of the webserver. | 6.1 |
| 2023-04-18 | CVE-2022-34755 | Unspecified vulnerability in Schneider-Electric Easergy Builder Installer A CWE-427 - Uncontrolled Search Path Element vulnerability exists that could allow an attacker with a local privileged account to place a specially crafted file on the target machine, which may give the attacker the ability to execute arbitrary code during the installation process initiated by a valid user. | 6.7 |
| 2023-04-18 | CVE-2022-43376 | Unspecified vulnerability in Schneider-Electric products A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause code and session manipulation when malicious code is inserted into the browser. Affected Products: NetBotz 4 - 355/450/455/550/570 (V4.7.0 and prior) | 6.1 |
| 2023-04-18 | CVE-2023-1548 | Unspecified vulnerability in Schneider-Electric Ecostruxure Control Expert 15.1 A CWE-269: Improper Privilege Management vulnerability exists that could cause a local user to perform a denial of service through the console server service that is part of EcoStruxure Control Expert. | 5.5 |
| 2023-03-21 | CVE-2023-27983 | Unspecified vulnerability in Schneider-Electric Custom Reports, Igss Dashboard and Igss Data Server A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Data Server TCP interface that could allow deletion of reports from the IGSS project report directory, this would lead to loss of data when an attacker abuses this functionality. | 5.3 |
| 2023-03-21 | CVE-2023-27979 | Unspecified vulnerability in Schneider-Electric Custom Reports, Igss Dashboard and Igss Data Server A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server that could allow the renaming of files in the IGSS project report directory, this could lead to denial of service when an attacker sends specific crafted messages to the Data Server TCP port. | 6.5 |
| 2023-03-21 | CVE-2023-27977 | Unspecified vulnerability in Schneider-Electric Custom Reports, Igss Dashboard and Igss Data Server A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server that could cause access to delete files in the IGSS project report directory, this could lead to loss of data when an attacker sends specific crafted messages to the Data Server TCP port. | 5.3 |
| 2023-02-24 | CVE-2023-0595 | Unspecified vulnerability in Schneider-Electric products A CWE-117: Improper Output Neutralization for Logs vulnerability exists that could cause the misinterpretation of log files when malicious packets are sent to the Geo SCADA server's database web port (default 443). | 5.3 |
| 2023-01-30 | CVE-2022-32516 | Unspecified vulnerability in Schneider-Electric Conext Combox Firmware A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists that could cause system’s configurations override and cause a reboot loop when the product suffers from POST-Based Cross-Site Request Forgery (CSRF). | 6.5 |
| 2023-01-30 | CVE-2022-32517 | Unspecified vulnerability in Schneider-Electric Conext Combox Firmware A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause an adversary to trick the interface user/admin into interacting with the application in an unintended way when the product does not implement restrictions on the ability to render within frames on external addresses. | 6.5 |