Vulnerabilities > Schneider Electric > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-12-15 | CVE-2015-8561 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Schneider-Electric Proclima 6.0.1/6.1 The F1BookView ActiveX control in F1 Bookview in Schneider Electric ProClima before 6.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted integer value to the (1) AttachToSS, (2) CopyAll, (3) CopyRange, (4) CopyRangeEx, or (5) SwapTable method, a different vulnerability than CVE-2015-7918. | 6.8 |
| 2015-12-15 | CVE-2015-7918 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Schneider-Electric Proclima 6.0.1/6.1 Multiple buffer overflows in the F1BookView ActiveX control in F1 Bookview in Schneider Electric ProClima before 6.2 allow remote attackers to execute arbitrary code via the (1) Attach, (2) DefinedName, (3) DefinedNameLocal, (4) ODBCPrepareEx, (5) ObjCreatePolygon, (6) SetTabbedTextEx, or (7) SetValidationRule method, a different vulnerability than CVE-2015-8561. | 6.8 |
| 2015-09-18 | CVE-2015-3962 | Insufficiently Protected Credentials vulnerability in Schneider-Electric Struxureware Building Expert Multi-Purpose Management Schneider Electric StruxureWare Building Expert MPM before 2.15 does not use encryption for the client-server data stream, which allows remote attackers to discover credentials by sniffing the network. | 5.0 |
| 2015-08-04 | CVE-2015-3940 | Path Traversal vulnerability in Schneider-Electric Wonderware System Platform 2014 R2 Untrusted search path vulnerability in Schneider Electric Wonderware System Platform before 2014 R2 Patch 01 allows local users to gain privileges via a Trojan horse DLL in an unspecified directory. | 6.9 |
| 2015-04-03 | CVE-2014-8390 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Schneider-Electric Vampset 2.2.145 Multiple buffer overflows in Schneider Electric VAMPSET before 2.2.168 allow local users to gain privileges via malformed disturbance-recording data in a (1) CFG or (2) DAT file. | 4.4 |
| 2015-03-29 | CVE-2015-0997 | Information Exposure vulnerability in multiple products Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 provide an HMI user interface that lists all valid usernames, which makes it easier for remote attackers to obtain access via a brute-force password-guessing attack. | 5.0 |
| 2015-03-14 | CVE-2014-9206 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Schneider-Electric Device Type Manager 3.1.6 Stack-based buffer overflow in Device Type Manager (DTM) 3.1.6 and earlier for Schneider Electric Invensys SRD Control Valve Positioner devices 960 and 991 allows local users to gain privileges via a malformed DLL file. | 6.9 |
| 2014-09-18 | CVE-2014-5413 | Cryptographic Issues vulnerability in multiple products Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 uses the MD5 algorithm for an X.509 certificate, which makes it easier for remote attackers to spoof servers via a cryptographic attack against this algorithm. | 5.0 |
| 2014-09-18 | CVE-2014-5412 | Permissions, Privileges, and Access Controls vulnerability in multiple products Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allows remote attackers to read database records by leveraging access to the guest account. | 5.0 |
| 2014-09-15 | CVE-2014-5407 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Schneider-Electric Vampset Multiple stack-based buffer overflows in Schneider Electric VAMPSET 2.2.136 and earlier allow local users to cause a denial of service (application halt) via a malformed (1) setting file or (2) disturbance recording file. | 4.4 |