Vulnerabilities > SE

DATE CVE VULNERABILITY TITLE RISK
2021-07-21 CVE-2021-22777 Deserialization of Untrusted Data vulnerability in SE Sosafe Configurable
A CWE-502: Deserialization of Untrusted Data vulnerability exists that could cause code execution by opening a malicious project file.
network
se CWE-502
6.8
2021-07-21 CVE-2021-22784 Missing Authentication for Critical Function vulnerability in SE C-Bus Toolkit
A CWE-306: Missing Authentication for Critical Function vulnerability exists in C-Bus Toolkit v1.15.8 and prior that could allow an attacker to use a crafted webpage to obtain remote access to the system.
network
se CWE-306
4.3
2021-06-11 CVE-2021-22765 Improper Input Validation vulnerability in SE products
** UNSUPPORTED WHEN ASSIGNED ** A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service or remote code execution via a specially crafted HTTP packet.
network
low complexity
se CWE-20
7.5
2021-06-11 CVE-2021-22766 Improper Input Validation vulnerability in SE products
** UNSUPPORTED WHEN ASSIGNED ** A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service via a specially crafted HTTP packet.
network
low complexity
se CWE-20
5.0
2021-06-11 CVE-2021-22767 Improper Input Validation vulnerability in SE products
** UNSUPPORTED WHEN ASSIGNED ** A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service or remote code execution via a specially crafted HTTP packet.This CVE ID is unique from CVE-2021-22768
network
low complexity
se CWE-20
7.5
2021-06-11 CVE-2021-22768 Improper Input Validation vulnerability in SE products
** UNSUPPORTED WHEN ASSIGNED ** A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service or remote code execution via a specially crafted HTTP packet.This CVE ID is unique from CVE-2021-22767.
network
low complexity
se CWE-20
7.5
2021-05-26 CVE-2021-22699 Improper Input Validation vulnerability in SE Modicon M241 Firmware and Modicon M251 Firmware
Improper Input Validation vulnerability exists in Modicon M241/M251 logic controllers firmware prior to V5.1.9.1 that could cause denial of service when specific crafted requests are sent to the controller over HTTP.
network
low complexity
se CWE-20
7.8
2021-05-26 CVE-2021-22705 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause denial of service or unauthorized access to system information when interacting directly with a driver installed by Vijeo Designer or EcoStruxure Machine Expert
local
low complexity
schneider-electric se CWE-119
4.6
2021-03-11 CVE-2021-22714 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in SE products
A CWE-119:Improper restriction of operations within the bounds of a memory buffer vulnerability exists in PowerLogic ION7400, PM8000 and ION9000 (All versions prior to V3.0.0), which could cause the meter to reboot or allow for remote code execution.
network
low complexity
se CWE-119
7.5
2021-03-11 CVE-2021-22713 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in SE products
A CWE-119:Improper restriction of operations within the bounds of a memory buffer vulnerability exists in PowerLogic ION8650, ION8800, ION7650, ION7700/73xx, and ION83xx/84xx/85xx/8600 (see security notifcation for affected versions), which could cause the meter to reboot.
network
low complexity
se CWE-119
7.8