Vulnerabilities > Schneider Electric > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-09 | CVE-2022-22812 | Cross-site Scripting vulnerability in Schneider-Electric products A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause a web session compromise when an attacker injects and then executes arbitrary malicious JavaScript code inside the target browser. | 4.3 |
| 2022-02-09 | CVE-2022-24314 | Out-of-bounds Read vulnerability in Schneider-Electric Interactive Graphical Scada System Data Server A CWE-125: Out-of-bounds Read vulnerability exists that could cause memory leaks potentially resulting in denial of service when an attacker repeatedly sends a specially crafted message. | 5.0 |
| 2022-02-09 | CVE-2022-24315 | Out-of-bounds Read vulnerability in Schneider-Electric Interactive Graphical Scada System Data Server A CWE-125: Out-of-bounds Read vulnerability exists that could cause denial of service when an attacker repeatedly sends a specially crafted message. | 5.0 |
| 2022-02-09 | CVE-2022-24316 | Improper Initialization vulnerability in Schneider-Electric Interactive Graphical Scada System Data Server A CWE-665: Improper Initialization vulnerability exists that could cause information exposure when an attacker sends a specially crafted message. | 5.0 |
| 2022-02-09 | CVE-2022-24317 | Missing Authorization vulnerability in Schneider-Electric Interactive Graphical Scada System Data Server A CWE-862: Missing Authorization vulnerability exists that could cause information exposure when an attacker sends a specific message. | 5.0 |
| 2022-02-09 | CVE-2022-24318 | Inadequate Encryption Strength vulnerability in Schneider-Electric products A CWE-326: Inadequate Encryption Strength vulnerability exists that could cause non-encrypted communication with the server when outdated versions of the ViewX client are used. | 5.0 |
| 2022-02-09 | CVE-2022-24319 | Improper Certificate Validation vulnerability in Schneider-Electric products A CWE-295: Improper Certificate Validation vulnerability exists that could allow a Man-in-theMiddle attack when communications between the client and Geo SCADA web server are intercepted. | 4.3 |
| 2022-02-09 | CVE-2022-24320 | Improper Certificate Validation vulnerability in Schneider-Electric products A CWE-295: Improper Certificate Validation vulnerability exists that could allow a Man-in-theMiddle attack when communications between the client and Geo SCADA database server are intercepted. | 4.3 |
| 2022-02-09 | CVE-2022-24321 | Improper Check for Unusual or Exceptional Conditions vulnerability in Schneider-Electric products A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause Denial of Service against the Geo SCADA server when receiving a malformed HTTP request. | 5.0 |
| 2022-02-04 | CVE-2022-22722 | Use of Hard-coded Credentials vulnerability in Schneider-Electric Easergy P5 Firmware A CWE-798: Use of Hard-coded Credentials vulnerability exists that could result in information disclosure. | 5.4 |