Filtered by vendor Schneider-electric
Subscriptions
Total
732 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-7773 | 1 Schneider-electric | 1 U.motion Builder | 2018-08-23 | N/A |
| The vulnerability exists within processing of nfcserver.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the sessionid input parameter. | ||||
| CVE-2018-7769 | 1 Schneider-electric | 1 U.motion Builder | 2018-08-21 | N/A |
| The vulnerability exists within processing of xmlserver.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the id input parameter. | ||||
| CVE-2018-7767 | 1 Schneider-electric | 1 U.motion Builder | 2018-08-21 | N/A |
| The vulnerability exists within processing of editobject.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the type input parameter. | ||||
| CVE-2018-7774 | 1 Schneider-electric | 1 U.motion Builder | 2018-08-21 | N/A |
| The vulnerability exists within processing of localize.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the username input parameter. | ||||
| CVE-2018-7768 | 1 Schneider-electric | 1 U.motion Builder | 2018-08-21 | N/A |
| The vulnerability exists within processing of loadtemplate.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the tpl input parameter. | ||||
| CVE-2018-7766 | 1 Schneider-electric | 1 U.motion Builder | 2018-08-21 | N/A |
| The vulnerability exists within processing of track_getdata.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the id input parameter. | ||||
| CVE-2013-0657 | 1 Schneider-electric | 1 Interactive Graphical Scada System | 2018-08-21 | N/A |
| Stack-based buffer overflow in Schneider Electric Interactive Graphical SCADA System (IGSS) 10 and earlier allows remote attackers to execute arbitrary code by sending TCP port-12397 data that does not comply with a protocol. | ||||
| CVE-2018-7758 | 1 Schneider-electric | 46 Micom P141, Micom P141 Firmware, Micom P142 and 43 more | 2018-05-29 | N/A |
| A denial of service vulnerability exists in Schneider Electric's MiCOM Px4x (P540 range excluded) with legacy Ethernet board, MiCOM P540D Range with Legacy Ethernet Board, and MiCOM Px4x Rejuvenated could lose network communication in case of TCP/IP open requests on port 20000 (DNP3oE) if an older TCI/IP session is still open with identical IP address and port number. | ||||
| CVE-2013-0663 | 1 Schneider-electric | 3 Modicon M340, Modicon Premium, Modicon Quantum Plc | 2018-05-24 | N/A |
| Cross-site request forgery (CSRF) vulnerability on the Schneider Electric Quantum 140NOE77111, 140NOE77101, and 140NWM10000; M340 BMXNOC0401, BMXNOE0100x, and BMXNOE011xx; and Premium TSXETY4103, TSXETY5103, and TSXWMY100 PLC modules allows remote attackers to hijack the authentication of arbitrary users for requests that execute commands, as demonstrated by modifying HTTP credentials. | ||||
| CVE-2018-7244 | 1 Schneider-electric | 11 66074 Mge Network Management Card Transverse, Mge Comet Ups, Mge Eps 6000 and 8 more | 2018-05-23 | N/A |
| An information disclosure vulnerability exists In Schneider Electric's 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. The integrated web server (Port 80/443/TCP) of the affected devices could allow a remote attacker to obtain sensitive device information if network access was obtained. | ||||
| CVE-2016-5809 | 1 Schneider-electric | 6 Ion5000, Ion7300, Ion7500 and 3 more | 2018-05-20 | N/A |
| An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. There is no CSRF Token generated to authenticate the user during a session. Successful exploitation of this vulnerability can allow unauthorized configuration changes to be made and saved. | ||||
| CVE-2018-7239 | 1 Schneider-electric | 13 Atv12 Dtm, Atv212 Dtm, Atv312 Dtm and 10 more | 2018-03-26 | N/A |
| A DLL hijacking vulnerability exists in Schneider Electric's SoMove Software and associated DTM software components in all versions prior to 2.6.2 which could allow an attacker to execute arbitrary code. | ||||
| CVE-2017-9970 | 1 Schneider-electric | 1 Struxureon Gateway | 2018-03-09 | N/A |
| A remote code execution vulnerability exists in Schneider Electric's StruxureOn Gateway versions 1.1.3 and prior. Uploading a zip which contains carefully crafted metadata allows for the file to be uploaded to any directory on the host machine information which could lead to remote code execution. | ||||
| CVE-2017-9968 | 1 Schneider-electric | 1 Igss Mobile | 2018-03-09 | N/A |
| A security misconfiguration vulnerability exists in Schneider Electric's IGSS Mobile application versions 3.01 and prior in which a lack of certificate pinning during the TLS/SSL connection establishing process can result in a man-in-the-middle attack. | ||||
| CVE-2017-9965 | 1 Schneider-electric | 1 Pelco Videoxpert | 2018-02-13 | N/A |
| An exposure of sensitive information vulnerability exists in Schneider Electric's Pelco VideoXpert Enterprise versions 2.0 and prior. Using a directory traversal attack, an unauthorized person can view web server files. | ||||
| CVE-2017-9964 | 1 Schneider-electric | 1 Pelco Videoxpert | 2018-02-13 | N/A |
| A Path Traversal issue was discovered in Schneider Electric Pelco VideoXpert Enterprise all versions prior to 2.1. By sniffing communications, an unauthorized person can execute a directory traversal attack resulting in authentication bypass or session hijack. | ||||
| CVE-2017-14024 | 1 Schneider-electric | 2 Wonderware Indusoft Web Studio, Wonderware Intouch | 2017-12-01 | N/A |
| A Stack-based Buffer Overflow issue was discovered in Schneider Electric InduSoft Web Studio v8.0 SP2 Patch 1 and prior versions, and InTouch Machine Edition v8.0 SP2 Patch 1 and prior versions. The stack-based buffer overflow vulnerability has been identified, which may allow remote code execution with high privileges. | ||||
| CVE-2017-7971 | 1 Schneider-electric | 3 Citect Anywhere, Powerscada Anywhere, Powerscada Expert | 2017-09-29 | N/A |
| A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the use of outdated cipher suites and improper verification of peer SSL Certificate. | ||||
| CVE-2017-7969 | 1 Schneider-electric | 3 Citect Anywhere, Powerscada Anywhere, Powerscada Expert | 2017-09-29 | N/A |
| A cross-site request forgery vulnerability exists on the Secure Gateway component of Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 for multiple state-changing requests. This type of attack requires some level of social engineering in order to get a legitimate user to click on or access a malicious link/site containing the CSRF attack. | ||||
| CVE-2017-7973 | 1 Schneider-electric | 1 U.motion Builder | 2017-09-27 | N/A |
| A SQL injection vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an unauthenticated user can use calls to various paths allowing performance of arbitrary SQL commands against the underlying database. | ||||