Vulnerabilities > Schneider Electric > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-28 | CVE-2021-22809 | Out-of-bounds Read vulnerability in Schneider-Electric Guicon 2.0 A CWE-125:Out-of-Bounds Read vulnerability exists that could cause unintended data disclosure when a malicious *.gd1 configuration file is loaded into the GUIcon tool. | 5.5 |
| 2022-01-28 | CVE-2021-22810 | Cross-site Scripting vulnerability in Schneider-Electric products A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause arbritrary script execution when a privileged account clicks on a malicious URL specifically crafted for the NMC pointing to a delete policy file. | 6.1 |
| 2022-01-28 | CVE-2021-22811 | Cross-site Scripting vulnerability in Schneider-Electric products A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause script execution when the request of a privileged account accessing the vulnerable web page is intercepted. | 6.1 |
| 2022-01-28 | CVE-2021-22812 | Cross-site Scripting vulnerability in Schneider-Electric products A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause arbritrary script execution when a privileged account clicks on a malicious URL specifically crafted for the NMC. | 6.1 |
| 2022-01-28 | CVE-2021-22813 | Cross-site Scripting vulnerability in Schneider-Electric products A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause arbritrary script execution when a privileged account clicks on a malicious URL specifically crafted for the NMC pointing to an edit policy file. | 6.1 |
| 2022-01-28 | CVE-2021-22814 | Cross-site Scripting vulnerability in Schneider-Electric products A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists which could cause arbritrary script execution when a malicious file is read and displayed. | 6.1 |
| 2022-01-28 | CVE-2021-22815 | Information Exposure vulnerability in Schneider-Electric products A CWE-200: Information Exposure vulnerability exists which could cause the troubleshooting archive to be accessed. | 5.3 |
| 2022-01-28 | CVE-2021-22819 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Schneider-Electric products A CWE-1021 Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause unintended modifications of the product settings or user accounts when deceiving the user to use the web interface rendered within iframes. | 4.3 |
| 2022-01-28 | CVE-2021-22822 | Cross-site Scripting vulnerability in Schneider-Electric products A CWE-79 Improper Neutralization of Input During Web Page Generation (?Cross-site Scripting?) vulnerability exists that could allow an attacker to impersonate the user who manages the charging station or carry out actions on their behalf when crafted malicious parameters are submitted to the charging station web server. | 6.1 |
| 2021-09-02 | CVE-2021-22789 | Unspecified vulnerability in Schneider-Electric products A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxureª Control Expert, including all Unity Pro versions (former name of EcoStruxureª Control Expert, all versions), PLC Simulator for EcoStruxureª Process Expert including all HDCS versions (former name of EcoStruxureª Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions). | 6.5 |