Vulnerabilities > Schneider Electric > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-02-13 | CVE-2017-5157 | Cross-site Scripting vulnerability in Schneider Electric Homelynk Controller Lss100100 Firmware 1.3.0 An issue was discovered in Schneider Electric homeLYnk Controller, LSS100100, all versions prior to V1.5.0. | 4.3 |
| 2017-02-13 | CVE-2016-8367 | Resource Exhaustion vulnerability in Schneider-Electric products An issue was discovered in Schneider Electric Magelis HMI Magelis GTO Advanced Optimum Panels, all versions, Magelis GTU Universal Panel, all versions, Magelis STO5xx and STU Small panels, all versions, Magelis XBT GH Advanced Hand-held Panels, all versions, Magelis XBT GK Advanced Touchscreen Panels with Keyboard, all versions, Magelis XBT GT Advanced Touchscreen Panels, all versions, and Magelis XBT GTW Advanced Open Touchscreen Panels (Windows XPe). | 5.0 |
| 2017-02-13 | CVE-2016-8354 | Code Injection vulnerability in Schneider-Electric Unity PRO 11.0/6.0/7.0 An issue was discovered in Schneider Electric Unity PRO prior to V11.1. | 5.1 |
| 2017-02-13 | CVE-2016-5809 | Cross-Site Request Forgery (CSRF) vulnerability in Schneider-Electric products An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. | 6.8 |
| 2016-06-26 | CVE-2016-4513 | Cross-site Scripting vulnerability in Schneider-Electric Powerlogic Pm8Ecc Firmware Cross-site scripting (XSS) vulnerability in the Schneider Electric PowerLogic PM8ECC module before 2.651 for PowerMeter 800 devices allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2016-04-06 | CVE-2016-2292 | Out-of-bounds Write vulnerability in Schneider-Electric products Stack-based buffer overflow in Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before 4.05.000, PFXEXEDLS before 4.05.000, and PFXEXGRPLS before 4.05.000 allows remote attackers to execute arbitrary code via unspecified vectors. | 4.3 |
| 2016-04-06 | CVE-2016-2291 | Out-of-bounds Read vulnerability in Schneider-Electric products Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before 4.05.000, PFXEXEDLS before 4.05.000, and PFXEXGRPLS before 4.05.000 allow remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors. | 4.3 |
| 2016-04-06 | CVE-2016-2290 | Out-of-bounds Write vulnerability in Schneider-Electric products Heap-based buffer overflow in Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before 4.05.000, PFXEXEDLS before 4.05.000, and PFXEXGRPLS before 4.05.000 allows remote attackers to execute arbitrary code via unspecified vectors. | 6.8 |
| 2016-04-06 | CVE-2015-7921 | Credentials Management vulnerability in Schneider-Electric products The FTP server in Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before 4.05.000, PFXEXEDLS before 4.05.000, and PFXEXGRPLS before 4.05.000 has hardcoded credentials, which makes it easier for remote attackers to bypass authentication by leveraging knowledge of these credentials. | 6.4 |
| 2016-03-12 | CVE-2015-6485 | Information Exposure vulnerability in Schneider-Electric Telvent RTU Firmware C3413500001D3/C3414500S02J1 Schneider Electric Telvent Sage 2300 RTUs with firmware before C3413-500-S01, and LANDAC II-2, Sage 1410, Sage 1430, Sage 1450, Sage 2400, and Sage 3030M RTUs with firmware before C3414-500-S02J2, allow remote attackers to obtain sensitive information from device memory by reading a padding field of an Ethernet packet. | 5.0 |