schneider-electric

776 tracked vulnerabilities.

CVE-2020-7537 HIGH
Modicon M580 and M340 Firmware < 3.20 - Denial of Service via Crafted Modbus Read Physical Memory Request
Dec 11, 2020
CVSS 7.5
EPSS 0.01
CVE-2020-7536 HIGH
Modicon M340 and BMXNOE/BMXNOR Firmware - Denial of Service via SNMP Network Parameter Modification
Dec 11, 2020
CVSS 7.5
EPSS 0.01
CVE-2020-7535 HIGH
Modicon M340 BMXP341000 Firmware < 3.30 - Path Traversal via HTTP Request
Dec 11, 2020
CVSS 7.5
EPSS 0.01
CVE-2020-28220 MEDIUM
Modicon M258 Firmware < 5.0.4.11 and SoMachine/SoMachine Motion - Buffer Overflow via File Transfer
Dec 11, 2020
CVSS 6.8
EPSS 0.01
CVE-2020-28219 HIGH
EcoStruxure Geo SCADA Expert 2019-2020 Credential Exposure via Virtual ViewX
Dec 11, 2020
CVSS 7.8
EPSS 0.00
CVE-2020-28218 MEDIUM
Easergy T300 Firmware < 2.7 - Clickjacking
Dec 11, 2020
CVSS 6.5
EPSS 0.01
CVE-2020-28217 HIGH
Easergy T300 Firmware < 2.7 - Missing Encryption of Sensitive Data
Dec 11, 2020
CVSS 7.5
EPSS 0.01
CVE-2020-28216 HIGH
Easergy T300 Firmware < 2.7 - Missing Encryption of Sensitive Data
Dec 11, 2020
CVSS 7.5
EPSS 0.01
CVE-2020-28215 CRITICAL
Easergy T300 Firmware < 2.7 - Missing Authorization
Dec 11, 2020
CVSS 9.8
EPSS 0.02
CVE-2020-28214 MEDIUM
Modicon M221 Firmware - Use of a One-Way Hash with a Predictable Salt
Dec 11, 2020
CVSS 5.5
EPSS 0.01
CVE-2020-7548 CRITICAL
Smartlink PowerTag Wiser Series Gateways - Info Disclosure
Dec 01, 2020
CVSS 9.8
EPSS 0.01
CVE-2020-7547 HIGH
EcoStruxure and SmartStruxure Power Monitoring and SCADA Software - Improper Access Control via Web Interface
Dec 01, 2020
CVSS 8.8
EPSS 0.01
CVE-2020-7546 MEDIUM
EcoStruxure and SmartStruxure Power Monitoring and SCADA Software - Cross-Site Scripting
Dec 01, 2020
CVSS 5.4
EPSS 0.01
CVE-2020-7545 HIGH
EcoStruxure & SmartStruxure Power Monitoring/SCADA - Authenticated RCE via Web Access
Dec 01, 2020
CVSS 7.2
EPSS 0.02
CVE-2020-7533 CRITICAL
Schneider Electric Modicon M340 RCE via Crafted HTTP Requests
Dec 01, 2020
CVSS 9.8
EPSS 0.02
CVE-2020-7573 MEDIUM
EcoStruxure Building Operation WebReports 1.9-3.1 - Improper Access Control
Nov 19, 2020
CVSS 6.5
EPSS 0.01
CVE-2020-7572 HIGH
EcoStruxure Building Operation WebReports 1.9-3.1 - Authenticated XML External Entity Injection
Nov 19, 2020
CVSS 8.8
EPSS 0.02
CVE-2020-7571 MEDIUM
EcoStruxure Building Operation WebReports 1.9-3.1 - Reflected Cross-Site Scripting
Nov 19, 2020
CVSS 5.4
EPSS 0.01
CVE-2020-7570 MEDIUM
EcoStruxure Building Operation WebReports 1.9-3.1 - Authenticated Stored Cross-Site Scripting
Nov 19, 2020
CVSS 5.4
EPSS 0.01
CVE-2020-7569 HIGH
EcoStruxure Building Operation WebReports 1.9-3.1 - Authenticated Remote Code Execution via Unrestricted File Upload
Nov 19, 2020
CVSS 8.8
EPSS 0.02
CVE-2020-7568 MEDIUM
Modicon M221 Firmware - Exposure of Sensitive Information via Traffic Capture
Nov 19, 2020
CVSS 4.3
EPSS 0.01
CVE-2020-7567 MEDIUM
Modicon M221 Firmware - Missing Encryption of Sensitive Data
Nov 19, 2020
CVSS 5.7
EPSS 0.00
CVE-2020-7566 HIGH
Modicon M221 Firmware - Small Space of Random Values in Encryption Key Generation
Nov 19, 2020
CVSS 7.3
EPSS 0.00
CVE-2020-7565 HIGH
Modicon M221 Firmware - Inadequate Encryption Strength
Nov 19, 2020
CVSS 7.3
EPSS 0.00
CVE-2020-7561 CRITICAL
Easergy T300 Firmware < 2.7 - Unauthenticated Improper Access Control
Nov 19, 2020
CVSS 9.8
EPSS 0.03