Vulnerabilities > Schneider Electric > Software Update
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-13 | CVE-2019-6834 | Unspecified vulnerability in Schneider-Electric Software Update 2.1.1/2.3.0 A CWE-502: Deserialization of Untrusted Data vulnerability exists which could allow an attacker to execute arbitrary code on the targeted system with SYSTEM privileges when placing a malicious user to be authenticated for this vulnerability to be successfully exploited. | 7.8 |
| 2022-01-28 | CVE-2021-22799 | Insufficient Entropy vulnerability in Schneider-Electric Software Update 2.3.0/2.3.1/2.5.1 A CWE-331: Insufficient Entropy vulnerability exists that could cause unintended connection from an internal network to an external network when an attacker manages to decrypt the SESU proxy password from the registry. | 3.8 |