Vulnerabilities > Schneider Electric > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-13 | CVE-2022-37302 | Unspecified vulnerability in Schneider-Electric Ecostruxure Control Expert 15.1 A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause a crash of the Control Expert software when an incorrect project file is opened. | 5.5 |
| 2022-07-13 | CVE-2022-34754 | Unspecified vulnerability in Schneider-Electric products A CWE-269: Improper Privilege Management vulnerability exists that could allow elevated functionality when guessing credentials. low complexity schneider-electric | 6.8 |
| 2022-07-13 | CVE-2022-34757 | Unspecified vulnerability in Schneider-Electric Easergy P5 Firmware 01.401.101/01.401.102 A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists where weak cipher suites can be used for the SSH connection between Easergy Pro software and the device, which may allow an attacker to observe protected communication details. | 5.3 |
| 2022-07-13 | CVE-2022-34758 | Unspecified vulnerability in Schneider-Electric Easergy P5 Firmware 01.401.101/01.401.102 A CWE-20: Improper Input Validation vulnerability exists that could cause the device watchdog function to be disabled if the attacker had access to privileged user credentials. | 4.9 |
| 2022-07-13 | CVE-2022-34765 | Exposure of Resource to Wrong Sphere vulnerability in Schneider-Electric products A CWE-73: External Control of File Name or Path vulnerability exists that could cause loading of unauthorized firmware images when user-controlled data is written to the file path. | 5.3 |
| 2022-06-02 | CVE-2022-30233 | Unspecified vulnerability in Schneider-Electric products A CWE-20: Improper Input Validation vulnerability exists that could allow the product to be maliciously manipulated when the user is tricked into performing certain actions on a webpage. | 6.5 |
| 2022-04-13 | CVE-2022-0221 | XXE vulnerability in Schneider-Electric Scadapack Workbench 6.6.8A A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could result in information disclosure when opening a malicious solution file provided by an attacker with SCADAPack Workbench. | 5.5 |
| 2022-04-03 | CVE-2021-30066 | Improper Verification of Cryptographic Signature vulnerability in multiple products On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, an arbitrary firmware image can be loaded because firmware signature verification (for a USB stick) can be bypassed. | 6.8 |
| 2022-04-03 | CVE-2021-30061 | On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, physically proximate attackers can execute code via a crafted file on a USB stick. | 6.8 |
| 2022-03-18 | CVE-2020-25180 | Use of Hard-coded Credentials vulnerability in multiple products Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x includes the functionality of setting a password that is required to execute privileged commands. | 6.5 |