schneider-electric

776 tracked vulnerabilities.

CVE-2024-6528 MEDIUM
Schneider Electric Modicon PLCs - Cross-Site Scripting
Jul 11, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-5681 HIGH
EcoStruxure Foxboro DCS Control Core Services < 9.8 - Local DoS & Privilege Escalation via Foxboro.sys IOCTL
Jul 11, 2024
CVSS 7.8
EPSS 0.00
CVE-2024-5680 HIGH
EcoStruxure Foxboro DCS Control Core Services < 9.8 - Local Denial of Service via Foxboro.sys IOCTL Call
Jul 11, 2024
CVSS 7.1
EPSS 0.00
CVE-2024-5679 HIGH
EcoStruxure Foxboro DCS Control Core Services < 9.8 - Out-of-Bounds Write via Foxboro.sys IOCTL Call
Jul 11, 2024
CVSS 7.1
EPSS 0.00
CVE-2024-2602 HIGH
Schneider Electric FoxRTU Station <= 9.3.0 - Path Traversal
Jul 11, 2024
CVSS 7.3
EPSS 0.00
CVE-2024-5559 MEDIUM
PowerLogic P5 Firmware < 01.500.104 - Denial of Service and Remote Code Execution via Reset Token
Jun 12, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-2747 HIGH
Easergy Studio < 9.3.3 - Unquoted Search Path Privilege Escalation
Jun 12, 2024
CVSS 7.8
EPSS 0.00
CVE-2024-0865 HIGH
EcoStruxure IT Gateway < 1.21.0 - Local Privilege Escalation via Hard-coded Credentials
Jun 12, 2024
CVSS 7.8
EPSS 0.00
CVE-2024-5560 MEDIUM
Sage RTU Firmware < c3414-500-s02k5_p9 - Denial of Service via Crafted HTTP Request
Jun 12, 2024
CVSS 5.3
EPSS 0.01
CVE-2024-5558 MEDIUM
Schneider Electric SpaceLogic AS-B and AS-P Firmware < 6.0.1 - Privilege Escalation via TOCTOU Race Condition
Jun 12, 2024
CVSS 6.4
EPSS 0.00
CVE-2024-5557 MEDIUM
Schneider Electric SpaceLogic AS-B and AS-P Firmware < 6.0.1 - Sensitive Information Exposure via Log File
Jun 12, 2024
CVSS 4.5
EPSS 0.00
CVE-2024-37040 MEDIUM
Sage RTU Firmware < c3414-500-s02k5_p9 - Authenticated Denial of Service via Malformed HTTP Request
Jun 12, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-37039 MEDIUM
Sage RTU Firmware < c3414-500-s02k5_p9 - Denial of Service via Crafted HTTP Request
Jun 12, 2024
CVSS 5.9
EPSS 0.01
CVE-2024-37038 HIGH
Schneider Electric SAGE RTU < c3414-500-s02k5_p9 - Authenticated Unauthorized File/Firmware Upload
Jun 12, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-37037 HIGH
Sage RTU Firmware < c3414-500-s02k5_p9 - Authenticated Path Traversal via Crafted HTTP Request
Jun 12, 2024
CVSS 8.1
EPSS 0.01
CVE-2024-37036 CRITICAL
Sage RTU Firmware < c3414-500-s02k5_p8 - Authentication Bypass via Malformed POST Request
Jun 12, 2024
CVSS 9.8
EPSS 0.01
CVE-2024-5313 MEDIUM
EVlink Home Firmware - Exposure of SSH Interface to Unauthorized Network Access
Jun 12, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-5056 MEDIUM
Modicon M340 Firmware - Files or Directories Accessible to External Parties
Jun 12, 2024
CVSS 6.5
EPSS 0.00
CVE-2023-6409 HIGH
EcoStruxure Control Expert - Info Disclosure
Feb 14, 2024
CVSS 7.7
EPSS 0.00
CVE-2023-6408 HIGH
Schneider Electric EcoStruxure Control Expert and Process Expert - Denial of Service via Man-in-the-Middle Attack
Feb 14, 2024
CVSS 8.1
EPSS 0.00
CVE-2023-27975 HIGH
EcoStruxure Control Expert < 16.0 and EcoStruxure Process Expert < 2023 - Unauthorized Access via Memory Tampering
Feb 14, 2024
CVSS 7.1
EPSS 0.00
CVE-2023-7032 HIGH
Easergy Studio < 9.3.5 - Authenticated Privilege Escalation via Deserialization of Untrusted Data
Jan 09, 2024
CVSS 7.8
EPSS 0.00
CVE-2023-6407 MEDIUM
Schneider Electric Easy UPS Online Monitoring Software <= 2.6-ga-01-23248 - Path Traversal
Dec 14, 2023
CVSS 5.3
EPSS 0.00
CVE-2023-5630 MEDIUM
Schneider-electric Eb450 Firmware - Download Without Integrity Check
Dec 14, 2023
CVSS 6.5
EPSS 0.00
CVE-2023-5629 HIGH
Schneider-electric Eb450 Firmware < 2.7.0 - Open Redirect
Dec 14, 2023
CVSS 8.2
EPSS 0.00