← Back

Schneider Electric

schneider-electric

771 CVEs • 1,745 products

Products (1,745)

Click to collapse
Toggle
Struxureware Data Center Expert
struxureware_data_center_expert
48 CVEs
Interactive Graphical Scada System
interactive_graphical_scada_system
43 CVEs
Modicon M580 Firmware
modicon_m580_firmware
41 CVEs
Modicon M340 Firmware
modicon_m340_firmware
39 CVEs
Modicon M340 Bmxp342020 Firmware
modicon_m340_bmxp342020_firmware
32 CVEs
Modicon M340 Bmxp3420302 Firmware
modicon_m340_bmxp3420302_firmware
28 CVEs
Modicon M340 Bmxp341000 Firmware
modicon_m340_bmxp341000_firmware
27 CVEs
Ecostruxure Control Expert
ecostruxure_control_expert
26 CVEs
Modicon M340 Bmxp342000 Firmware
modicon_m340_bmxp342000_firmware
25 CVEs
Modicon M340 Bmxp3420102 Firmware
modicon_m340_bmxp3420102_firmware
25 CVEs
Modicon Quantum Firmware
modicon_quantum_firmware
25 CVEs
U.motion Builder
u.motion_builder
24 CVEs
Easergy T300 Firmware
easergy_t300_firmware
24 CVEs
Modicon Premium Firmware
modicon_premium_firmware
23 CVEs
140cpu65150 Firmware
140cpu65150_firmware
20 CVEs
Evlink City Evc1s22p4 Firmware
evlink_city_evc1s22p4_firmware
18 CVEs
Evlink City Evc1s7p4 Firmware
evlink_city_evc1s7p4_firmware
18 CVEs
Evlink Parking Evw2 Firmware
evlink_parking_evw2_firmware
18 CVEs
Evlink Parking Evf2 Firmware
evlink_parking_evf2_firmware
18 CVEs
Evlink Smart Wallbox Evb1a Firmware
evlink_smart_wallbox_evb1a_firmware
18 CVEs
Modicon M340 Bmxp3420102cl Firmware
modicon_m340_bmxp3420102cl_firmware
17 CVEs
Spacelynk Firmware
spacelynk_firmware
17 CVEs
Modicon M340 Bmxp342020h Firmware
modicon_m340_bmxp342020h_firmware
16 CVEs
Modicon M340 Bmxp3420302h Firmware
modicon_m340_bmxp3420302h_firmware
16 CVEs
Modicon M221 Firmware
modicon_m221_firmware
16 CVEs
Modicon M340 Bmxp3420302cl Firmware
modicon_m340_bmxp3420302cl_firmware
16 CVEs
Imps110 1er Firmware
imps110-1er_firmware
15 CVEs
Ibps110 1er Firmware
ibps110-1er_firmware
15 CVEs
Imp1110 1 Firmware
imp1110-1_firmware
15 CVEs
Imp1110 1e Firmware
imp1110-1e_firmware
15 CVEs
Imp1110 1er Firmware
imp1110-1er_firmware
15 CVEs
Ibp1110 1er Firmware
ibp1110-1er_firmware
15 CVEs
Imp219 1 Firmware
imp219-1_firmware
15 CVEs
Imp219 1e Firmware
imp219-1e_firmware
15 CVEs
Imp219 1er Firmware
imp219-1er_firmware
15 CVEs
Ibp219 1er Firmware
ibp219-1er_firmware
15 CVEs
Imp319 1 Firmware
imp319-1_firmware
15 CVEs
Imp319 1e Firmware
imp319-1e_firmware
15 CVEs
Ibp319 1er Firmware
ibp319-1er_firmware
15 CVEs
Imp519 1 Firmware
imp519-1_firmware
15 CVEs
Imp319 1er Firmware
imp319-1er_firmware
15 CVEs
Imp519 1e Firmware
imp519-1e_firmware
15 CVEs
Imp519 1er Firmware
imp519-1er_firmware
15 CVEs
Ibp519 1er Firmware
ibp519-1er_firmware
15 CVEs
Imps110 1e Firmware
imps110-1e_firmware
15 CVEs
Bmxnoe0100 Firmware
bmxnoe0100_firmware
14 CVEs
Bmxnoe0110 Firmware
bmxnoe0110_firmware
14 CVEs
Bmxnor0200h Firmware
bmxnor0200h_firmware
14 CVEs
Ecostruxure Process Expert
ecostruxure_process_expert
14 CVEs
Modicon M340 Bmxp342030 Firmware
modicon_m340_bmxp342030_firmware
13 CVEs
140cpu65160 Firmware
140cpu65160_firmware
13 CVEs
Ecostruxure Power Monitoring Expert
ecostruxure_power_monitoring_expert
13 CVEs
Evlink Parking Ev.2 Firmware
evlink_parking_ev.2_firmware
13 CVEs
Bmxnoc0401 Firmware
bmxnoc0401_firmware
12 CVEs
Mps110 1 Firmware
mps110-1_firmware
12 CVEs
140cpu65260 Firmware
140cpu65260_firmware
12 CVEs
Modicon M580 Bmep584040 Firmware
modicon_m580_bmep584040_firmware
12 CVEs
Modicon M580 Bmep586040 Firmware
modicon_m580_bmep586040_firmware
12 CVEs
Modicon M580 Bmep581020 Firmware
modicon_m580_bmep581020_firmware
12 CVEs
Modicon M580 Bmep582020 Firmware
modicon_m580_bmep582020_firmware
12 CVEs
Modicon M580 Bmep582040 Firmware
modicon_m580_bmep582040_firmware
12 CVEs
Modicon M580 Bmep583020 Firmware
modicon_m580_bmep583020_firmware
12 CVEs
Modicon M580 Bmep583040 Firmware
modicon_m580_bmep583040_firmware
12 CVEs
Modicon M580 Bmep584020 Firmware
modicon_m580_bmep584020_firmware
12 CVEs
Modicon M580 Bmep585040 Firmware
modicon_m580_bmep585040_firmware
12 CVEs
Ecostruxure Operator Terminal Expert
ecostruxure_operator_terminal_expert
12 CVEs
Tsxp574634m Firmware
tsxp574634m_firmware
11 CVEs
Tsxety4103 Firmware
tsxety4103_firmware
11 CVEs
Tsxety5103 Firmware
tsxety5103_firmware
11 CVEs
Tsxp575634m Firmware
tsxp575634m_firmware
11 CVEs
Tsxp576634m Firmware
tsxp576634m_firmware
11 CVEs
Tsxp571634m Firmware
tsxp571634m_firmware
11 CVEs
Tsxp572634m Firmware
tsxp572634m_firmware
11 CVEs
Tsxp573634m Firmware
tsxp573634m_firmware
11 CVEs
140cpu65860 Firmware
140cpu65860_firmware
11 CVEs
140cpu65160s Firmware
140cpu65160s_firmware
11 CVEs
Tsxp574634 Firmware
tsxp574634_firmware
11 CVEs
Tsxp575634 Firmware
tsxp575634_firmware
11 CVEs
Tsxp576634 Firmware
tsxp576634_firmware
11 CVEs
Modicon M340 Bmxp342030h Firmware
modicon_m340_bmxp342030h_firmware
10 CVEs
Proclima
proclima
10 CVEs
Tsxh5724m Firmware
tsxh5724m_firmware
10 CVEs
Tsxh5744m Firmware
tsxh5744m_firmware
10 CVEs
Tsxp57104m Firmware
tsxp57104m_firmware
10 CVEs
Tsxp57154m Firmware
tsxp57154m_firmware
10 CVEs
Tsxp57204m Firmware
tsxp57204m_firmware
10 CVEs
Tsxp57254m Firmware
tsxp57254m_firmware
10 CVEs
Tsxp57304m Firmware
tsxp57304m_firmware
10 CVEs
Tsxp57454m Firmware
tsxp57454m_firmware
10 CVEs
Tsxp57554m Firmware
tsxp57554m_firmware
10 CVEs
Homelynk Firmware
homelynk_firmware
10 CVEs
Modicon M340 Bmxp342010 Firmware
modicon_m340_bmxp342010_firmware
9 CVEs
Tsxp57354m Firmware
tsxp57354m_firmware
9 CVEs
Ecostruxure Geo Scada Expert 2019
ecostruxure_geo_scada_expert_2019
9 CVEs
Ecostruxure Geo Scada Expert 2020
ecostruxure_geo_scada_expert_2020
9 CVEs
Igss Dashboard
igss_dashboard
9 CVEs
Modicon M251 Firmware
modicon_m251_firmware
8 CVEs
Modicon M241 Firmware
modicon_m241_firmware
8 CVEs
Clearscada
clearscada
8 CVEs
Wiser For Knx Firmware
wiser_for_knx_firmware
8 CVEs

CVEs (771)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2026-6332
1Schneider Electric
1Ecostruxure Machine Expert Hvac
May 27, 2026
May 14, 2026
6.8 MEDIUM· v4
7.5 HIGH· v3
N/A· v2
CWE-312: Cleartext Storage of Sensitive Information vulnerability exists that could cause the disclosure of a sensitive information which could result in revealing protected source code and loss of confidentiality, When...Show more
CWE-312: Cleartext Storage of Sensitive Information vulnerability exists that could cause the disclosure of a sensitive information which could result in revealing protected source code and loss of confidentiality, When an authorized attacker accesses the source code for editing or compiling it.Show less
CVE-2026-2405
1Schneider Electric
1Powerchute Serial Shutdown
Apr 22, 2026
Apr 14, 2026
5.3 MEDIUM· v4
6.5 MEDIUM· v3
N/A· v2
CWE-400 Uncontrolled Resource Consumption vulnerability exists that could cause excessive troubleshooting zip file creation and denial of service when a Web Admin user floods the system with POST /helpabout requests.
CVE-2026-2404
1Schneider Electric
1Powerchute Serial Shutdown
Apr 22, 2026
Apr 14, 2026
6.9 MEDIUM· v4
5.3 MEDIUM· v3
N/A· v2
CWE-116 Improper Encoding or Escaping of Output vulnerability exists that could cause log injection and forged log when an attacker alters the POST /j_security check request payload.
CVE-2026-2403
1Schneider Electric
1Powerchute Serial Shutdown
Apr 22, 2026
Apr 14, 2026
5.3 MEDIUM· v4
4.3 MEDIUM· v3
N/A· v2
CWE-1284 Improper Validation of Specified Quantity in Input vulnerability exists that could cause Event and Data Log truncation impacting log integrity when a Web Admin user alters the POST /logsettings request payload.
CVE-2026-2402
1Schneider Electric
1Powerchute Serial Shutdown
Apr 22, 2026
Apr 14, 2026
6.9 MEDIUM· v4
5.3 MEDIUM· v3
N/A· v2
CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists that would allow an attacker to gain access to the user account by performing an arbitrary number of authentication attempts with dif...Show more
CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists that would allow an attacker to gain access to the user account by performing an arbitrary number of authentication attempts with different credentials on a sequence of requests to multiple endpoints.Show less
CVE-2026-2401
1Schneider Electric
1Powerchute Serial Shutdown
Apr 22, 2026
Apr 14, 2026
2.4 LOW· v4
5.0 MEDIUM· v3
N/A· v2
CWE-532 Insertion of Sensitive Information into Log File vulnerability exists that could cause confidential information to be exposed when a Web Admin user executes a malicious file provided by an attacker.
CVE-2026-2400
1Schneider Electric
1Powerchute Serial Shutdown
Apr 22, 2026
Apr 14, 2026
5.3 MEDIUM· v4
4.3 MEDIUM· v3
N/A· v2
CWE-93 Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability exists that could cause application user credentials to reset when a Web Admin user alters the POST /setPCBEDesc request payload.
CVE-2026-2399
1Schneider Electric
1Powerchute Serial Shutdown
Apr 22, 2026
Apr 14, 2026
6.9 MEDIUM· v4
6.1 MEDIUM· v3
N/A· v2
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause critical files overwritten with text data when a Web Admin user alters the POST /REST/upssleep r...Show more
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause critical files overwritten with text data when a Web Admin user alters the POST /REST/upssleep request payload.Show less
CVE-2025-13845
1Schneider Electric
1Ecostruxure Power Build Rapsody
Apr 27, 2026
Jan 15, 2026
8.4 HIGH· v4
7.8 HIGH· v3
N/A· v2
CWE-416: Use After Free vulnerability that could cause remote code execution when the end user imports the malicious project file (SSD file) into Rapsody.
CVE-2025-13844
1Schneider Electric
1Ecostruxure Power Build Rapsody
Mar 3, 2026
Jan 15, 2026
8.4 HIGH· v4
5.3 MEDIUM· v3
N/A· v2
CWE-415: Double Free vulnerability exists that could cause heap memory corruption when the end user imports a malicious project file (SSD file) shared by the attacker into Rapsody.
CVE-2024-9409
1Schneider Electric
3Powerlogic Pm5320 Firmware
Powerlogic Pm5340 FirmwarePowerlogic Pm5341 Firmware
Nov 19, 2024
Nov 13, 2024
8.7 HIGH· v4
7.5 HIGH· v3
N/A· v2
CWE-400: An Uncontrolled Resource Consumption vulnerability exists that could cause the device to become unresponsive resulting in communication loss when a large amount of IGMP packets is present in the network.
CVE-2024-10575
1Schneider Electric
1Ecostruxure It Gateway
Nov 19, 2024
Nov 13, 2024
10.0 CRITICAL· v4
9.8 CRITICAL· v3
N/A· v2
CWE-862: Missing Authorization vulnerability exists that could cause unauthorized access when enabled on the network and potentially impacting connected devices.
CVE-2024-8422
1Schneider Electric
1Zelio Soft 2
Oct 16, 2024
Oct 8, 2024
N/A· v4
7.8 HIGH· v3
N/A· v2
CWE-416: Use After Free vulnerability exists that could cause arbitrary code execution, denial of service and loss of confidentiality & integrity when application user opens a malicious Zelio Soft 2 project file.
CVE-2024-8306
1Schneider Electric
2Vijeo Designer
Vijeo Designer Embedded In Ecostruxure Machine Expert
Sep 18, 2024
Sep 11, 2024
N/A· v4
7.8 HIGH· v3
N/A· v2
CWE-269: Improper Privilege Management vulnerability exists that could cause unauthorized access, loss of confidentiality, integrity and availability of the workstation when non-admin authenticated user tries to perform...Show more
CWE-269: Improper Privilege Management vulnerability exists that could cause unauthorized access, loss of confidentiality, integrity and availability of the workstation when non-admin authenticated user tries to perform privilege escalation by tampering with the binaries.Show less
CVE-2024-6407
1Schneider Electric
1Whc 5918a Firmware
Nov 21, 2024
Jul 11, 2024
N/A· v4
7.5 HIGH· v3
N/A· v2
CWE-200: Information Exposure vulnerability exists that could cause disclosure of credentials when a specially crafted message is sent to the device.
CVE-2024-6528
1Schneider Electric
5Modicon Lmc058 Firmware
Modicon M241 FirmwareModicon M251 Firmware+2 more
Nov 21, 2024
Jul 11, 2024
N/A· v4
6.1 MEDIUM· v3
N/A· v2
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause a vulnerability leading to a cross-site scripting condition where attackers can have a vi...Show more
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause a vulnerability leading to a cross-site scripting condition where attackers can have a victim’s browser run arbitrary JavaScript when they visit a page containing the injected payload.Show less
CVE-2024-5681
1Schneider Electric
1Ecostruxure Foxboro Dcs Control Core Services
Nov 21, 2024
Jul 11, 2024
N/A· v4
7.8 HIGH· v3
N/A· v2
CWE-20: Improper Input Validation vulnerability exists that could cause local denial-of-service, privilege escalation, and potentially kernel execution when a malicious actor with local user access crafts a script/progra...Show more
CWE-20: Improper Input Validation vulnerability exists that could cause local denial-of-service, privilege escalation, and potentially kernel execution when a malicious actor with local user access crafts a script/program using an IOCTL call in the Foxboro.sys driver.Show less
CVE-2024-5680
1Schneider Electric
1Ecostruxure Foxboro Dcs Control Core Services
Nov 21, 2024
Jul 11, 2024
N/A· v4
5.5 MEDIUM· v3
N/A· v2
CWE-129: Improper Validation of Array Index vulnerability exists that could cause local denial-of-service when a malicious actor with local user access crafts a script/program using an IOCTL call in the Foxboro.sys drive...Show more
CWE-129: Improper Validation of Array Index vulnerability exists that could cause local denial-of-service when a malicious actor with local user access crafts a script/program using an IOCTL call in the Foxboro.sys driver.Show less
CVE-2024-5679
1Schneider Electric
1Ecostruxure Foxboro Dcs Control Core Services
Nov 21, 2024
Jul 11, 2024
N/A· v4
7.1 HIGH· v3
N/A· v2
CWE-787: Out-of-Bounds Write vulnerability exists that could cause local denial-of-service, or kernel memory leak when a malicious actor with local user access crafts a script/program using an IOCTL call in the Foxboro.s...Show more
CWE-787: Out-of-Bounds Write vulnerability exists that could cause local denial-of-service, or kernel memory leak when a malicious actor with local user access crafts a script/program using an IOCTL call in the Foxboro.sys driver.Show less
CVE-2024-2602
1Schneider Electric
1Foxrtu Station
Nov 21, 2024
Jul 11, 2024
N/A· v4
7.8 HIGH· v3
N/A· v2
CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could result in remote code execution when an authenticated user executes a saved project file that has bee...Show more
CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could result in remote code execution when an authenticated user executes a saved project file that has been tampered by a malicious actor.Show less