Filtered by vendor Schneider-electric
Subscriptions
Total
732 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-7829 | 1 Schneider-electric | 118 D6220, D6220 Firmware, D6220l and 115 more | 2019-05-24 | N/A |
| An Improper Neutralization of Special Elements in Query vulnerability exists in the 1st Gen. Pelco Sarix Enhanced Camera and Spectra Enhanced PTZ Camera which allows an attacker to execute arbitrary system commands. | ||||
| CVE-2019-6816 | 1 Schneider-electric | 2 Modicon Quantum, Modicon Quantum Firmware | 2019-05-23 | N/A |
| In Modicon Quantum all firmware versions, a CWE-94: Code Injection vulnerability could cause an unauthorized firmware modification with possible Denial of Service when using Modbus protocol. | ||||
| CVE-2018-7841 | 1 Schneider-electric | 1 U.motion Builder | 2019-05-23 | N/A |
| A SQL Injection (CWE-89) vulnerability exists in U.motion Builder software version 1.3.4 which could cause unwanted code execution when an improper set of characters is entered. | ||||
| CVE-2018-7765 | 1 Schneider-electric | 1 U.motion Builder | 2019-05-14 | N/A |
| The vulnerability exists within processing of track_import_export.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the object_id input parameter. | ||||
| CVE-2017-9963 | 1 Schneider-electric | 1 Powerscada Anywhere | 2019-04-23 | N/A |
| A cross-site request forgery vulnerability exists on the Secure Gateway component of Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 for multiple state-changing requests. This type of attack requires some level of social engineering in order to get a legitimate user to click on or access a malicious link/site containing the CSRF attack. | ||||
| CVE-2014-9198 | 1 Schneider-electric | 5 Etg3000 Factorycast Hmi Gateway Firmware, Tsxetg3000, Tsxetg3010 and 2 more | 2019-04-15 | N/A |
| The FTP server on the Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware through 1.60 IR 04 has hardcoded credentials, which makes it easier for remote attackers to obtain access via an FTP session. | ||||
| CVE-2018-7800 | 1 Schneider-electric | 2 Evlink Parking, Evlink Parking Firmware | 2019-02-28 | N/A |
| A Hard-coded Credentials vulnerability exists in EVLink Parking, v3.2.0-12_v1 and earlier, which could enable an attacker to gain access to the device. | ||||
| CVE-2018-7802 | 1 Schneider-electric | 2 Evlink Parking, Evlink Parking Firmware | 2019-02-28 | N/A |
| A SQL Injection vulnerability exists in EVLink Parking, v3.2.0-12_v1 and earlier, which could give access to the web interface with full privileges. | ||||
| CVE-2018-7797 | 1 Schneider-electric | 3 Ecostruxure Energy Expert, Ecostruxure Power Monitoring Expert, Ecostruxure Power Scada Operation | 2019-02-11 | N/A |
| A URL redirection vulnerability exists in Power Monitoring Expert, Energy Expert (formerly Power Manager) - EcoStruxure Power Monitoring Expert (PME) v8.2 (all editions), EcoStruxure Energy Expert 1.3 (formerly Power Manager), EcoStruxure Power SCADA Operation (PSO) 8.2 Advanced Reports and Dashboards Module, EcoStruxure Power Monitoring Expert (PME) v9.0, EcoStruxure Energy Expert v2.0, and EcoStruxure Power SCADA Operation (PSO) 9.0 Advanced Reports and Dashboards Module which could cause a phishing attack when redirected to a malicious site. | ||||
| CVE-2018-7815 | 1 Schneider-electric | 1 Guicon | 2019-02-08 | N/A |
| A Type Confusion (CWE-843) vulnerability exists in Eurotherm by Schneider Electric GUIcon V2.0 (Gold Build 683.0) on c3core.dll which could cause remote code to be executed when parsing a GD1 file | ||||
| CVE-2018-7813 | 1 Schneider-electric | 1 Guicon | 2019-02-07 | N/A |
| A Type Confusion (CWE-843) vulnerability exists in Eurotherm by Schneider Electric GUIcon V2.0 (Gold Build 683.0) on pcwin.dll which could cause remote code to be executed when parsing a GD1 file | ||||
| CVE-2018-7836 | 1 Schneider-electric | 1 Iiot Monitor | 2019-02-06 | N/A |
| An unrestricted Upload of File with Dangerous Type vulnerability exists on numerous methods of the IIoT Monitor 3.1.38 software that could allow upload and execution of malicious files. | ||||
| CVE-2018-7837 | 1 Schneider-electric | 1 Iiot Monior | 2019-02-01 | N/A |
| An Improper Restriction of XML External Entity Reference ('XXE') vulnerability exists on numerous methods of the IIoT Monitor 3.1.38 software that could allow the software to resolve documents outside of the intended sphere of control, causing the software to embed incorrect documents into its output and expose restricted information. | ||||
| CVE-2018-7835 | 1 Schneider-electric | 1 Iiot Monior | 2019-02-01 | N/A |
| An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in IIoT Monitor 3.1.38 which could allow access to files available to SYSTEM user. | ||||
| CVE-2018-7796 | 1 Schneider-electric | 1 Powersuite 2 | 2019-01-11 | N/A |
| A Buffer Error vulnerability exists in PowerSuite 2, all released versions (VW3A8104 & Patches), which could cause an overflow in the memcpy function, leading to corruption of data and program instability. | ||||
| CVE-2014-5411 | 2 Aveva, Schneider-electric | 2 Clearscada, Scada Expert Clearscada | 2018-12-31 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2014-5412 | 2 Aveva, Schneider-electric | 2 Clearscada, Scada Expert Clearscada | 2018-12-31 | N/A |
| Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allows remote attackers to read database records by leveraging access to the guest account. | ||||
| CVE-2014-5413 | 2 Aveva, Schneider-electric | 2 Clearscada, Scada Expert Clearscada | 2018-12-31 | N/A |
| Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 uses the MD5 algorithm for an X.509 certificate, which makes it easier for remote attackers to spoof servers via a cryptographic attack against this algorithm. | ||||
| CVE-2011-3143 | 2 Aveva, Schneider-electric | 3 Clearscada, Scx 67, Scx 68 | 2018-12-31 | N/A |
| Use-after-free vulnerability in Control Microsystems ClearSCADA 2005, 2007, and 2009 before R2.3 and R1.4, as used in SCX before 67 R4.5 and 68 R3.9, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified long strings that trigger heap memory corruption. | ||||
| CVE-2018-7806 | 1 Schneider-electric | 1 Struxureware Data Center Operation | 2018-12-28 | N/A |
| Data Center Operation allows for the upload of a zip file from its user interface to the server. A carefully crafted, malicious file could be mistakenly uploaded by an authenticated user via this feature which could contain path traversal file names. As such, it could allow for the arbitrary upload of files contained with the zip onto the server file system outside of the intended directory. This is leveraging the more commonly known ZipSlip vulnerability within Java code. | ||||