schneider-electric

776 tracked vulnerabilities.

CVE-2026-9718 MEDIUM
Schneider Electric PowerLogic™ P7 - Reachable Assertion
Jun 25, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-9717 HIGH
Schneider Electric PowerLogic™ P7 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Jun 25, 2026
CVSS 7.2
EPSS 0.01
CVE-2026-9716 HIGH
Schneider Electric PowerLogic™ P7 - NULL Pointer Dereference
Jun 25, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-8045 MEDIUM
Schneider Electric EcoStruxure™ IT Data Center Expert - Improper Restriction of XML External Entity Reference
Jun 09, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-6332 HIGH
Clear Text Storage of Sensitive Information on EcoStruxure™ Machine Expert HVAC
May 14, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-6866 HIGH
Initialization of a Resource with an Insecure Default vulnerability on EcoStruxure™ Panel Server
May 12, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-2405 MEDIUM
Schneider Electric PowerChute Serial Shutdown < 1.5 - Denial of Service via Excessive POST /helpabout Requests
Apr 14, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-2404 MEDIUM
Schneider Electric PowerChute Serial Shutdown <=1.4 - Log Injection
Apr 14, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-2403 MEDIUM
Schneider Electric PowerChute Serial Shutdown <=1.4 - Log Truncation
Apr 14, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-2402 MEDIUM
Schneider Electric PowerChute Serial Shutdown <=v1.4 - Auth Bypass
Apr 14, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-2401 MEDIUM
Schneider Electric PowerChute Serial Shutdown <=1.4 - Info Disclosure
Apr 14, 2026
CVSS 5.0
EPSS 0.00
CVE-2026-2400 MEDIUM
Schneider Electric PowerChute Serial Shutdown <=1.4 - CRLF Injection
Apr 14, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-2399 MEDIUM
PowerChute Serial Shutdown < 1.5 - Path Traversal via /REST/upssleep Request
Apr 14, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-2273 HIGH
Engineering Workstation - Code Injection
Mar 10, 2026
CVSS 8.2
EPSS 0.00
CVE-2026-1286 MEDIUM
Unspecified Product - Deserialization
Mar 10, 2026
CVSS 6.5
EPSS 0.00
CVE-2025-13902 MEDIUM
Web Server - Cross-Site Scripting
Mar 10, 2026
CVSS 5.4
EPSS 0.00
CVE-2025-13901 MEDIUM
Machine Expert - DoS
Mar 10, 2026
CVSS 5.3
EPSS 0.00
CVE-2025-11739 HIGH
Product Version - Deserialization
Mar 10, 2026
CVSS 7.8
EPSS 0.00
CVE-2025-13845 HIGH
EcoStruxure Power Build Rapsody - Use-After-Free via Malicious SSD Project File Import
Jan 15, 2026
CVSS 7.8
EPSS 0.00
CVE-2025-13844 MEDIUM
EcoStruxure Power Build - Rapsody < 2.8.8 - Double Free via Malicious SSD File Import
Jan 15, 2026
CVSS 5.3
EPSS 0.00
CVE-2024-9409 HIGH
Schneider Electric PowerLogic PM5341, PM5340, PM5320 Firmware - Denial of Service via IGMP Packet Flood
Nov 13, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-10575 CRITICAL
EcoStruxure IT Gateway - Missing Authorization
Nov 13, 2024
CVSS 9.8
EPSS 0.01
CVE-2024-8422 HIGH
Zelio Soft 2 < 5.4.2.2 - Use-After-Free via Malicious Project File
Oct 08, 2024
CVSS 7.8
EPSS 0.00
CVE-2024-8306 HIGH
Vijeo Designer < 6.3 - Authenticated Privilege Escalation via Binary Tampering
Sep 11, 2024
CVSS 7.8
EPSS 0.00
CVE-2024-6407 CRITICAL
Schneider Electric WHC-5918A Firmware - Information Exposure
Jul 11, 2024
CVSS 9.8
EPSS 0.00