Vulnerabilities > Schneider Electric > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-11 | CVE-2021-22796 | Improper Authentication vulnerability in Schneider-Electric C-Gate Server 2.11.7 A CWE-287: Improper Authentication vulnerability exists that could allow remote code execution when a malicious file is uploaded. | 6.8 |
| 2022-02-11 | CVE-2021-22800 | Improper Input Validation vulnerability in Schneider-Electric Modicon M218 Firmware 4.3/5.0.0.7/5.1.0.6 A CWE-20: Improper Input Validation vulnerability exists that could cause a Denial of Service when a crafted packet is sent to the controller over network port 1105/TCP. | 5.0 |
| 2022-02-11 | CVE-2021-22804 | Path Traversal vulnerability in Schneider-Electric Interactive Graphical Scada System Data Collector A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists that could cause disclosure of arbitrary files being read in the context of the user running IGSS, due to missing validation of user supplied data in network messages. | 5.0 |
| 2022-02-11 | CVE-2021-22805 | Missing Authentication for Critical Function vulnerability in Schneider-Electric Interactive Graphical Scada System Data Collector A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause deletion of arbitrary files in the context of the user running IGSS due to lack of validation of network messages. | 5.0 |
| 2022-02-11 | CVE-2021-22806 | Incorrect Resource Transfer Between Spheres vulnerability in Schneider-Electric products A CWE-669: Incorrect Resource Transfer Between Spheres vulnerability exists that could cause data exfiltration and unauthorized access when accessing a malicious website. | 5.0 |
| 2022-02-11 | CVE-2021-22823 | Missing Authentication for Critical Function vulnerability in Schneider-Electric Interactive Graphical Scada System Data Collector A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause deletion of arbitrary files in the context of the user running IGSS due to lack of validation of network messages. | 5.0 |
| 2022-02-11 | CVE-2021-22824 | Classic Buffer Overflow vulnerability in Schneider-Electric Interactive Graphical Scada System Data Collector A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in denial of service, due to missing length check on user-supplied data from a constructed message received on the network. | 5.0 |
| 2022-02-09 | CVE-2021-22817 | Incorrect Default Permissions vulnerability in Schneider-Electric products A CWE-276: Incorrect Default Permissions vulnerability exists that could cause unauthorized access to the base installation directory leading to local privilege escalation. | 4.6 |
| 2022-02-09 | CVE-2022-22809 | Missing Authentication for Critical Function vulnerability in Schneider-Electric products A CWE-306: Missing Authentication for Critical Function vulnerability exists that could allow modifications of the touch configurations in an unauthorized manner when an attacker attempts to modify the touch configurations. | 5.3 |
| 2022-02-09 | CVE-2022-22810 | Improper Restriction of Excessive Authentication Attempts vulnerability in Schneider-Electric products A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could allow an attacker to manipulate the admin after numerous attempts at guessing credentials. | 5.0 |