Filtered by vendor Schneider-electric
Subscriptions
Total
732 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-22778 | 1 Schneider-electric | 3 Ecostruxure Control Expert, Ecostruxure Process Expert, Remoteconnect | 2021-07-26 | 7.1 High |
| Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all versions, that could cause protected derived function blocks to be read or modified by unauthorized users when accessing a project file. | ||||
| CVE-2015-3963 | 2 Schneider-electric, Windriver | 14 Sage 1210, Sage 1230, Sage 1250 and 11 more | 2021-07-22 | N/A |
| Wind River VxWorks before 5.5.1, 6.5.x through 6.7.x before 6.7.1.1, 6.8.x before 6.8.3, 6.9.x before 6.9.4.4, and 7.x before 7 ipnet_coreip 1.2.2.0, as used on Schneider Electric SAGE RTU devices before J2 and other devices, does not properly generate TCP initial sequence number (ISN) values, which makes it easier for remote attackers to spoof TCP sessions by predicting an ISN value. | ||||
| CVE-2021-22749 | 1 Schneider-electric | 2 Modicon X80 Bmxnor0200h Rtu, Modicon X80 Bmxnor0200h Rtu Firmware | 2021-06-22 | 5.3 Medium |
| A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Modicon X80 BMXNOR0200H RTU SV1.70 IR22 and prior that could cause information leak concerning the current RTU configuration including communication parameters dedicated to telemetry, when a specially crafted HTTP request is sent to the web server of the module. | ||||
| CVE-2021-22762 | 1 Schneider-electric | 1 Interactive Graphical Scada System | 2021-06-15 | 7.8 High |
| A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in remote code execution, when a malicious CGF or WSP file is being parsed by IGSS Definition. | ||||
| CVE-2021-22761 | 1 Schneider-electric | 1 Interactive Graphical Scada System | 2021-06-15 | 7.8 High |
| A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in disclosure of information or remote code e+F15xecution due to missing length check on user supplied data, when a malicious CGF file is imported to IGSS Definition. | ||||
| CVE-2021-22760 | 1 Schneider-electric | 1 Interactive Graphical Scada System | 2021-06-15 | 7.8 High |
| A CWE-763: Release of invalid pointer or reference vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to missing checks of user-supplied input data, when a malicious CGF file is imported to IGSS Definition. | ||||
| CVE-2021-22759 | 1 Schneider-electric | 1 Interactive Graphical Scada System | 2021-06-15 | 7.8 High |
| A CWE-416: Use after free vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to use of unchecked input data, when a malicious CGF file is imported to IGSS Definition. | ||||
| CVE-2021-22753 | 1 Schneider-electric | 1 Interactive Graphical Scada System | 2021-06-15 | 7.8 High |
| A CWE-125: Out-of-bounds read vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to missing length checks, when a malicious WSP file is being parsed by IGSS Definition. | ||||
| CVE-2021-22754 | 1 Schneider-electric | 1 Interactive Graphical Scada System | 2021-06-15 | 7.8 High |
| A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to lack of proper validation of user-supplied data, when a malicious CGF file is imported to IGSS Definition. | ||||
| CVE-2021-22758 | 1 Schneider-electric | 1 Interactive Graphical Scada System | 2021-06-15 | 7.8 High |
| A CWE-824: Access of uninitialized pointer vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to lack validation of user-supplied input data, when a malicious CGF file is imported to IGSS Definition. | ||||
| CVE-2021-22750 | 1 Schneider-electric | 1 Interactive Graphical Scada System | 2021-06-15 | 7.8 High |
| A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21041 and prior that could result in loss of data or remote code execution due to missing length checks, when a malicious CGF file is imported to IGSS Definition. | ||||
| CVE-2021-22751 | 1 Schneider-electric | 1 Interactive Graphical Scada System | 2021-06-15 | 7.8 High |
| A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in disclosure of information or execution of arbitrary code due to lack of input validation, when a malicious CGF (Configuration Group File) file is imported to IGSS Definition. | ||||
| CVE-2021-22752 | 1 Schneider-electric | 1 Interactive Graphical Scada System | 2021-06-15 | 7.8 High |
| A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to missing size checks, when a malicious WSP (Workspace) file is being parsed by IGSS Definition. | ||||
| CVE-2021-22757 | 1 Schneider-electric | 1 Interactive Graphical Scada System | 2021-06-15 | 7.8 High |
| A CWE-125: Out-of-bounds read vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in disclosure of information or remote code execution due to lack of sanity checks on user-supplied input data, when a malicious CGF file is imported to IGSS Definition. | ||||
| CVE-2021-22756 | 1 Schneider-electric | 1 Interactive Graphical Scada System | 2021-06-15 | 7.8 High |
| A CWE-125: Out-of-bounds read vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in disclosure of information or remote code execution due to lack of user-supplied data validation, when a malicious CGF file is imported to IGSS Definition. | ||||
| CVE-2021-22755 | 1 Schneider-electric | 1 Interactive Graphical Scada System | 2021-06-15 | 7.8 High |
| A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in disclosure of information or remote code execution due to lack of sanity checks on user-supplied data, when a malicious CGF file is imported to IGSS Definition. | ||||
| CVE-2020-7506 | 1 Schneider-electric | 2 Easergy T300, Easergy T300 Firmware | 2021-06-11 | 7.5 High |
| A CWE-200: Information Exposure vulnerability exists in Easergy T300, Firmware V1.5.2 and prior, which could allow an attacker to pack or unpack the archive with the firmware for the controller and modules using the usual tar archiver resulting in an information exposure. | ||||
| CVE-2021-22743 | 1 Schneider-electric | 4 Tcm 4351b, Tcm 4351b Firmware, Triconex Model 3009 Mp and 1 more | 2021-06-07 | 3.9 Low |
| Improper Check for Unusual or Exceptional Conditions vulnerability exists in Triconex TCM 4351B installed on Tricon V11.3.x systems that could cause module reset when TCM receives malformed TriStation packets while the write-protect keyswitch is in the program position. | ||||
| CVE-2021-22742 | 1 Schneider-electric | 4 Tcm 4351b, Tcm 4351b Firmware, Triconex Model 3009 Mp and 1 more | 2021-06-07 | 3.9 Low |
| Improper Check for Unusual or Exceptional Conditions vulnerability exists in Triconex Model 3009 MP installed on Tricon V11.3.x systems that could cause module reset when TCM receives malformed TriStation packets while the write-protect keyswitch is in the program position. | ||||
| CVE-2021-22744 | 1 Schneider-electric | 4 Tcm 4351b, Tcm 4351b Firmware, Triconex Model 3009 Mp and 1 more | 2021-06-07 | 3.9 Low |
| Improper Check for Unusual or Exceptional Conditions vulnerability exists in Triconex Model 3009 MP installed on Tricon V11.3.x systems that could cause module reset when TCM receives malformed TriStation packets while the write-protect keyswitch is in the program position. This CVE ID is unique from CVE-2021-22742, CVE-2021-22745, CVE-2021-22746, and CVE-2021-22747. | ||||