← Back

Schneider Electric

schneider-electric

771 CVEs • 1,745 products

Products (1,745)

Click to collapse
Toggle
Struxureware Data Center Expert
struxureware_data_center_expert
48 CVEs
Interactive Graphical Scada System
interactive_graphical_scada_system
43 CVEs
Modicon M580 Firmware
modicon_m580_firmware
41 CVEs
Modicon M340 Firmware
modicon_m340_firmware
39 CVEs
Modicon M340 Bmxp342020 Firmware
modicon_m340_bmxp342020_firmware
32 CVEs
Modicon M340 Bmxp3420302 Firmware
modicon_m340_bmxp3420302_firmware
28 CVEs
Modicon M340 Bmxp341000 Firmware
modicon_m340_bmxp341000_firmware
27 CVEs
Ecostruxure Control Expert
ecostruxure_control_expert
26 CVEs
Modicon M340 Bmxp342000 Firmware
modicon_m340_bmxp342000_firmware
25 CVEs
Modicon M340 Bmxp3420102 Firmware
modicon_m340_bmxp3420102_firmware
25 CVEs
Modicon Quantum Firmware
modicon_quantum_firmware
25 CVEs
U.motion Builder
u.motion_builder
24 CVEs
Easergy T300 Firmware
easergy_t300_firmware
24 CVEs
Modicon Premium Firmware
modicon_premium_firmware
23 CVEs
140cpu65150 Firmware
140cpu65150_firmware
20 CVEs
Evlink City Evc1s22p4 Firmware
evlink_city_evc1s22p4_firmware
18 CVEs
Evlink City Evc1s7p4 Firmware
evlink_city_evc1s7p4_firmware
18 CVEs
Evlink Parking Evw2 Firmware
evlink_parking_evw2_firmware
18 CVEs
Evlink Parking Evf2 Firmware
evlink_parking_evf2_firmware
18 CVEs
Evlink Smart Wallbox Evb1a Firmware
evlink_smart_wallbox_evb1a_firmware
18 CVEs
Modicon M340 Bmxp3420102cl Firmware
modicon_m340_bmxp3420102cl_firmware
17 CVEs
Spacelynk Firmware
spacelynk_firmware
17 CVEs
Modicon M340 Bmxp342020h Firmware
modicon_m340_bmxp342020h_firmware
16 CVEs
Modicon M340 Bmxp3420302h Firmware
modicon_m340_bmxp3420302h_firmware
16 CVEs
Modicon M221 Firmware
modicon_m221_firmware
16 CVEs
Modicon M340 Bmxp3420302cl Firmware
modicon_m340_bmxp3420302cl_firmware
16 CVEs
Imps110 1er Firmware
imps110-1er_firmware
15 CVEs
Ibps110 1er Firmware
ibps110-1er_firmware
15 CVEs
Imp1110 1 Firmware
imp1110-1_firmware
15 CVEs
Imp1110 1e Firmware
imp1110-1e_firmware
15 CVEs
Imp1110 1er Firmware
imp1110-1er_firmware
15 CVEs
Ibp1110 1er Firmware
ibp1110-1er_firmware
15 CVEs
Imp219 1 Firmware
imp219-1_firmware
15 CVEs
Imp219 1e Firmware
imp219-1e_firmware
15 CVEs
Imp219 1er Firmware
imp219-1er_firmware
15 CVEs
Ibp219 1er Firmware
ibp219-1er_firmware
15 CVEs
Imp319 1 Firmware
imp319-1_firmware
15 CVEs
Imp319 1e Firmware
imp319-1e_firmware
15 CVEs
Ibp319 1er Firmware
ibp319-1er_firmware
15 CVEs
Imp519 1 Firmware
imp519-1_firmware
15 CVEs
Imp319 1er Firmware
imp319-1er_firmware
15 CVEs
Imp519 1e Firmware
imp519-1e_firmware
15 CVEs
Imp519 1er Firmware
imp519-1er_firmware
15 CVEs
Ibp519 1er Firmware
ibp519-1er_firmware
15 CVEs
Imps110 1e Firmware
imps110-1e_firmware
15 CVEs
Bmxnoe0100 Firmware
bmxnoe0100_firmware
14 CVEs
Bmxnoe0110 Firmware
bmxnoe0110_firmware
14 CVEs
Bmxnor0200h Firmware
bmxnor0200h_firmware
14 CVEs
Ecostruxure Process Expert
ecostruxure_process_expert
14 CVEs
Modicon M340 Bmxp342030 Firmware
modicon_m340_bmxp342030_firmware
13 CVEs
140cpu65160 Firmware
140cpu65160_firmware
13 CVEs
Ecostruxure Power Monitoring Expert
ecostruxure_power_monitoring_expert
13 CVEs
Evlink Parking Ev.2 Firmware
evlink_parking_ev.2_firmware
13 CVEs
Bmxnoc0401 Firmware
bmxnoc0401_firmware
12 CVEs
Mps110 1 Firmware
mps110-1_firmware
12 CVEs
140cpu65260 Firmware
140cpu65260_firmware
12 CVEs
Modicon M580 Bmep584040 Firmware
modicon_m580_bmep584040_firmware
12 CVEs
Modicon M580 Bmep586040 Firmware
modicon_m580_bmep586040_firmware
12 CVEs
Modicon M580 Bmep581020 Firmware
modicon_m580_bmep581020_firmware
12 CVEs
Modicon M580 Bmep582020 Firmware
modicon_m580_bmep582020_firmware
12 CVEs
Modicon M580 Bmep582040 Firmware
modicon_m580_bmep582040_firmware
12 CVEs
Modicon M580 Bmep583020 Firmware
modicon_m580_bmep583020_firmware
12 CVEs
Modicon M580 Bmep583040 Firmware
modicon_m580_bmep583040_firmware
12 CVEs
Modicon M580 Bmep584020 Firmware
modicon_m580_bmep584020_firmware
12 CVEs
Modicon M580 Bmep585040 Firmware
modicon_m580_bmep585040_firmware
12 CVEs
Ecostruxure Operator Terminal Expert
ecostruxure_operator_terminal_expert
12 CVEs
Tsxp574634m Firmware
tsxp574634m_firmware
11 CVEs
Tsxety4103 Firmware
tsxety4103_firmware
11 CVEs
Tsxety5103 Firmware
tsxety5103_firmware
11 CVEs
Tsxp575634m Firmware
tsxp575634m_firmware
11 CVEs
Tsxp576634m Firmware
tsxp576634m_firmware
11 CVEs
Tsxp571634m Firmware
tsxp571634m_firmware
11 CVEs
Tsxp572634m Firmware
tsxp572634m_firmware
11 CVEs
Tsxp573634m Firmware
tsxp573634m_firmware
11 CVEs
140cpu65860 Firmware
140cpu65860_firmware
11 CVEs
140cpu65160s Firmware
140cpu65160s_firmware
11 CVEs
Tsxp574634 Firmware
tsxp574634_firmware
11 CVEs
Tsxp575634 Firmware
tsxp575634_firmware
11 CVEs
Tsxp576634 Firmware
tsxp576634_firmware
11 CVEs
Modicon M340 Bmxp342030h Firmware
modicon_m340_bmxp342030h_firmware
10 CVEs
Proclima
proclima
10 CVEs
Tsxh5724m Firmware
tsxh5724m_firmware
10 CVEs
Tsxh5744m Firmware
tsxh5744m_firmware
10 CVEs
Tsxp57104m Firmware
tsxp57104m_firmware
10 CVEs
Tsxp57154m Firmware
tsxp57154m_firmware
10 CVEs
Tsxp57204m Firmware
tsxp57204m_firmware
10 CVEs
Tsxp57254m Firmware
tsxp57254m_firmware
10 CVEs
Tsxp57304m Firmware
tsxp57304m_firmware
10 CVEs
Tsxp57454m Firmware
tsxp57454m_firmware
10 CVEs
Tsxp57554m Firmware
tsxp57554m_firmware
10 CVEs
Homelynk Firmware
homelynk_firmware
10 CVEs
Modicon M340 Bmxp342010 Firmware
modicon_m340_bmxp342010_firmware
9 CVEs
Tsxp57354m Firmware
tsxp57354m_firmware
9 CVEs
Ecostruxure Geo Scada Expert 2019
ecostruxure_geo_scada_expert_2019
9 CVEs
Ecostruxure Geo Scada Expert 2020
ecostruxure_geo_scada_expert_2020
9 CVEs
Igss Dashboard
igss_dashboard
9 CVEs
Modicon M251 Firmware
modicon_m251_firmware
8 CVEs
Modicon M241 Firmware
modicon_m241_firmware
8 CVEs
Clearscada
clearscada
8 CVEs
Wiser For Knx Firmware
wiser_for_knx_firmware
8 CVEs

CVEs (771)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2022-24324
1Schneider Electric
1Interactive Graphical Scada System
Nov 21, 2024
Feb 1, 2023
N/A· v4
9.8 CRITICAL· v3
N/A· v2
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow potentially leading to remote code execution when an attacker sends a specially crafted message. A...Show more
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow potentially leading to remote code execution when an attacker sends a specially crafted message. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22073)Show less
CVE-2021-22786
1Schneider Electric
41Modicon M340 Bmxp341000 Firmware
Modicon M340 Bmxp342000 FirmwareModicon M340 Bmxp3420102 Firmware+38 more
Nov 21, 2024
Feb 1, 2023
N/A· v4
7.5 HIGH· v3
N/A· v2
A CWE-200: Information Exposure vulnerability exists that could cause the exposure of sensitive information stored on the memory of the controller when communicating over the Modbus TCP protocol. Affected Products: Modic...Show more
A CWE-200: Information Exposure vulnerability exists that could cause the exposure of sensitive information stored on the memory of the controller when communicating over the Modbus TCP protocol. Affected Products: Modicon M340 CPU (part numbers BMXP34*) (Versions prior to V3.30), Modicon M580 CPU (part numbers BMEP* and BMEH*) (Versions prior to SV3.20), Modicon MC80 (BMKC80) (Versions prior to V1.6), Modicon M580 CPU Safety (part numbers BMEP58*S and BMEH58*S) (All Versions), Modicon Momentum MDI (171CBU*) (Versions prior to V2.3), Legacy Modicon Quantum (All Versions)Show less
CVE-2023-22611
1Schneider Electric
3Ecostruxure Geo Scada Expert 2019
Ecostruxure Geo Scada Expert 2020Ecostruxure Geo Scada Expert 2021
Nov 21, 2024
Jan 31, 2023
N/A· v4
7.5 HIGH· v3
N/A· v2
A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could cause information disclosure when specific messages are sent to the server over the database server TCP port. Affected...Show more
A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could cause information disclosure when specific messages are sent to the server over the database server TCP port. Affected Products: EcoStruxure Geo SCADA Expert 2019 - 2021 (formerly known as ClearSCADA) (Versions prior to October 2022)Show less
CVE-2023-22610
1Schneider Electric
3Ecostruxure Geo Scada Expert 2019
Ecostruxure Geo Scada Expert 2020Ecostruxure Geo Scada Expert 2021
Nov 21, 2024
Jan 31, 2023
N/A· v4
7.5 HIGH· v3
N/A· v2
A CWE-863: Incorrect Authorization vulnerability exists that could cause Denial of Service against the Geo SCADA server when specific messages are sent to the server over the database server TCP port.
CVE-2022-45789
1Schneider Electric
37Ecostruxure Control Expert
Ecostruxure Process ExpertModicon M340 Bmxp341000 Firmware+34 more
Nov 21, 2024
Jan 31, 2023
N/A· v4
9.8 CRITICAL· v3
N/A· v2
A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause execution of unauthorized Modbus functions on the controller when hijacking an authenticated Modbus session. Affected Products: Eco...Show more
A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause execution of unauthorized Modbus functions on the controller when hijacking an authenticated Modbus session. Affected Products: EcoStruxure Control Expert (All Versions), EcoStruxure Process Expert (All Versions), Modicon M340 CPU - part numbers BMXP34* (All Versions), Modicon M580 CPU - part numbers BMEP* and BMEH* (All Versions), Modicon M580 CPU Safety - part numbers BMEP58*S and BMEH58*S (All Versions) Show less
CVE-2022-32748
1Schneider Electric
1Ecostruxure Cybersecurity Admin Expert
Nov 21, 2024
Jan 30, 2023
N/A· v4
8.3 HIGH· v3
N/A· v2
A CWE-295: Improper Certificate Validation vulnerability exists that could cause the CAE software to give wrong data to end users when using CAE to configure devices. Additionally, credentials could leak which would enab...Show more
A CWE-295: Improper Certificate Validation vulnerability exists that could cause the CAE software to give wrong data to end users when using CAE to configure devices. Additionally, credentials could leak which would enable an attacker the ability to log into the configuration tool and compromise other devices in the network. Affected Products: EcoStruxure™ Cybersecurity Admin Expert (CAE) (Versions prior to 2.2)Show less
CVE-2022-32747
1Schneider Electric
1Ecostruxure Cybersecurity Admin Expert
Nov 21, 2024
Jan 30, 2023
N/A· v4
8.1 HIGH· v3
N/A· v2
A CWE-290: Authentication Bypass by Spoofing vulnerability exists that could cause legitimate users to be locked out of devices or facilitate backdoor account creation by spoofing a device on the local network. Affected...Show more
A CWE-290: Authentication Bypass by Spoofing vulnerability exists that could cause legitimate users to be locked out of devices or facilitate backdoor account creation by spoofing a device on the local network. Affected Products: EcoStruxure™ Cybersecurity Admin Expert (CAE) (Versions prior to 2.2)Show less
CVE-2022-32529
1Schneider Electric
1Interactive Graphical Scada System
Nov 21, 2024
Jan 30, 2023
N/A· v4
9.8 CRITICAL· v3
N/A· v2
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted log data re...Show more
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted log data request messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170)Show less
CVE-2022-32528
1Schneider Electric
1Interactive Graphical Scada System
Nov 21, 2024
Jan 30, 2023
N/A· v4
9.1 CRITICAL· v3
N/A· v2
A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause access to manipulate and read specific files in the IGSS project report directory, potentially leading to a denial-of-service...Show more
A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause access to manipulate and read specific files in the IGSS project report directory, potentially leading to a denial-of-service condition when an attacker sends specific messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170) Show less
CVE-2022-32527
1Schneider Electric
1Interactive Graphical Scada System
Nov 21, 2024
Jan 30, 2023
N/A· v4
9.8 CRITICAL· v3
N/A· v2
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted alarm cache...Show more
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted alarm cache data messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170)Show less
CVE-2022-32526
1Schneider Electric
1Interactive Graphical Scada System
Nov 21, 2024
Jan 30, 2023
N/A· v4
9.8 CRITICAL· v3
N/A· v2
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted setting val...Show more
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted setting value messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170)Show less
CVE-2022-32525
1Schneider Electric
1Interactive Graphical Scada System
Nov 21, 2024
Jan 30, 2023
N/A· v4
9.8 CRITICAL· v3
N/A· v2
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted alarm data...Show more
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted alarm data messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170)Show less
CVE-2022-32524
1Schneider Electric
1Interactive Graphical Scada System
Nov 21, 2024
Jan 30, 2023
N/A· v4
9.8 CRITICAL· v3
N/A· v2
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted time reduce...Show more
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted time reduced data messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170)Show less
CVE-2022-32523
1Schneider Electric
1Interactive Graphical Scada System
Nov 21, 2024
Jan 30, 2023
N/A· v4
9.8 CRITICAL· v3
N/A· v2
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted online data...Show more
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted online data request messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170)Show less
CVE-2022-32522
1Schneider Electric
1Interactive Graphical Scada System
Nov 21, 2024
Jan 30, 2023
N/A· v4
9.8 CRITICAL· v3
N/A· v2
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted mathematica...Show more
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted mathematically reduced data request messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170)Show less
CVE-2022-32521
1Schneider Electric
1Data Center Expert
Nov 21, 2024
Jan 30, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
A CWE 502: Deserialization of Untrusted Data vulnerability exists that could allow code to be remotely executed on the server when unsafely deserialized data is posted to the web server. Affected Products: Data Center Ex...Show more
A CWE 502: Deserialization of Untrusted Data vulnerability exists that could allow code to be remotely executed on the server when unsafely deserialized data is posted to the web server. Affected Products: Data Center Expert (Versions prior to V7.9.0)Show less
CVE-2022-32520
1Schneider Electric
1Data Center Expert
Nov 21, 2024
Jan 30, 2023
N/A· v4
9.8 CRITICAL· v3
N/A· v2
A CWE-522: Insufficiently Protected Credentials vulnerability exists that could result in unwanted access to a DCE instance when performed over a network by a malicious third-party. This CVE is unique from CVE-2022-32518...Show more
A CWE-522: Insufficiently Protected Credentials vulnerability exists that could result in unwanted access to a DCE instance when performed over a network by a malicious third-party. This CVE is unique from CVE-2022-32518. Affected Products: Data Center Expert (Versions prior to V7.9.0)Show less
CVE-2022-32519
1Schneider Electric
1Data Center Expert
Nov 21, 2024
Jan 30, 2023
N/A· v4
9.8 CRITICAL· v3
N/A· v2
A CWE-257: Storing Passwords in a Recoverable Format vulnerability exists that could result in unwanted access to a DCE instance when performed over a network by a malicious third-party. Affected Products: Data Center Ex...Show more
A CWE-257: Storing Passwords in a Recoverable Format vulnerability exists that could result in unwanted access to a DCE instance when performed over a network by a malicious third-party. Affected Products: Data Center Expert (Versions prior to V7.9.0)Show less
CVE-2022-32518
1Schneider Electric
1Data Center Expert
Nov 21, 2024
Jan 30, 2023
N/A· v4
9.8 CRITICAL· v3
N/A· v2
A CWE-522: Insufficiently Protected Credentials vulnerability exists that could result in unwanted access to a DCE instance when performed over a network by a malicious third-party. This CVE is unique from CVE-2022-32520...Show more
A CWE-522: Insufficiently Protected Credentials vulnerability exists that could result in unwanted access to a DCE instance when performed over a network by a malicious third-party. This CVE is unique from CVE-2022-32520. Affected Products: Data Center Expert (Versions prior to V7.9.0)Show less
CVE-2022-32517
1Schneider Electric
1Conext Combox Firmware
Nov 21, 2024
Jan 30, 2023
N/A· v4
6.5 MEDIUM· v3
N/A· v2
A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause an adversary to trick the interface user/admin into interacting with the application in an unintended way when the pr...Show more
A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause an adversary to trick the interface user/admin into interacting with the application in an unintended way when the product does not implement restrictions on the ability to render within frames on external addresses. Affected Products: Conext™ ComBox (All Versions)Show less