← Back

Schneider Electric

schneider-electric

771 CVEs • 1,745 products

Products (1,745)

Click to collapse
Toggle
Struxureware Data Center Expert
struxureware_data_center_expert
48 CVEs
Interactive Graphical Scada System
interactive_graphical_scada_system
43 CVEs
Modicon M580 Firmware
modicon_m580_firmware
41 CVEs
Modicon M340 Firmware
modicon_m340_firmware
39 CVEs
Modicon M340 Bmxp342020 Firmware
modicon_m340_bmxp342020_firmware
32 CVEs
Modicon M340 Bmxp3420302 Firmware
modicon_m340_bmxp3420302_firmware
28 CVEs
Modicon M340 Bmxp341000 Firmware
modicon_m340_bmxp341000_firmware
27 CVEs
Ecostruxure Control Expert
ecostruxure_control_expert
26 CVEs
Modicon M340 Bmxp342000 Firmware
modicon_m340_bmxp342000_firmware
25 CVEs
Modicon M340 Bmxp3420102 Firmware
modicon_m340_bmxp3420102_firmware
25 CVEs
Modicon Quantum Firmware
modicon_quantum_firmware
25 CVEs
U.motion Builder
u.motion_builder
24 CVEs
Easergy T300 Firmware
easergy_t300_firmware
24 CVEs
Modicon Premium Firmware
modicon_premium_firmware
23 CVEs
140cpu65150 Firmware
140cpu65150_firmware
20 CVEs
Evlink City Evc1s22p4 Firmware
evlink_city_evc1s22p4_firmware
18 CVEs
Evlink City Evc1s7p4 Firmware
evlink_city_evc1s7p4_firmware
18 CVEs
Evlink Parking Evw2 Firmware
evlink_parking_evw2_firmware
18 CVEs
Evlink Parking Evf2 Firmware
evlink_parking_evf2_firmware
18 CVEs
Evlink Smart Wallbox Evb1a Firmware
evlink_smart_wallbox_evb1a_firmware
18 CVEs
Modicon M340 Bmxp3420102cl Firmware
modicon_m340_bmxp3420102cl_firmware
17 CVEs
Spacelynk Firmware
spacelynk_firmware
17 CVEs
Modicon M340 Bmxp342020h Firmware
modicon_m340_bmxp342020h_firmware
16 CVEs
Modicon M340 Bmxp3420302h Firmware
modicon_m340_bmxp3420302h_firmware
16 CVEs
Modicon M221 Firmware
modicon_m221_firmware
16 CVEs
Modicon M340 Bmxp3420302cl Firmware
modicon_m340_bmxp3420302cl_firmware
16 CVEs
Imps110 1er Firmware
imps110-1er_firmware
15 CVEs
Ibps110 1er Firmware
ibps110-1er_firmware
15 CVEs
Imp1110 1 Firmware
imp1110-1_firmware
15 CVEs
Imp1110 1e Firmware
imp1110-1e_firmware
15 CVEs
Imp1110 1er Firmware
imp1110-1er_firmware
15 CVEs
Ibp1110 1er Firmware
ibp1110-1er_firmware
15 CVEs
Imp219 1 Firmware
imp219-1_firmware
15 CVEs
Imp219 1e Firmware
imp219-1e_firmware
15 CVEs
Imp219 1er Firmware
imp219-1er_firmware
15 CVEs
Ibp219 1er Firmware
ibp219-1er_firmware
15 CVEs
Imp319 1 Firmware
imp319-1_firmware
15 CVEs
Imp319 1e Firmware
imp319-1e_firmware
15 CVEs
Ibp319 1er Firmware
ibp319-1er_firmware
15 CVEs
Imp519 1 Firmware
imp519-1_firmware
15 CVEs
Imp319 1er Firmware
imp319-1er_firmware
15 CVEs
Imp519 1e Firmware
imp519-1e_firmware
15 CVEs
Imp519 1er Firmware
imp519-1er_firmware
15 CVEs
Ibp519 1er Firmware
ibp519-1er_firmware
15 CVEs
Imps110 1e Firmware
imps110-1e_firmware
15 CVEs
Bmxnoe0100 Firmware
bmxnoe0100_firmware
14 CVEs
Bmxnoe0110 Firmware
bmxnoe0110_firmware
14 CVEs
Bmxnor0200h Firmware
bmxnor0200h_firmware
14 CVEs
Ecostruxure Process Expert
ecostruxure_process_expert
14 CVEs
Modicon M340 Bmxp342030 Firmware
modicon_m340_bmxp342030_firmware
13 CVEs
140cpu65160 Firmware
140cpu65160_firmware
13 CVEs
Ecostruxure Power Monitoring Expert
ecostruxure_power_monitoring_expert
13 CVEs
Evlink Parking Ev.2 Firmware
evlink_parking_ev.2_firmware
13 CVEs
Bmxnoc0401 Firmware
bmxnoc0401_firmware
12 CVEs
Mps110 1 Firmware
mps110-1_firmware
12 CVEs
140cpu65260 Firmware
140cpu65260_firmware
12 CVEs
Modicon M580 Bmep584040 Firmware
modicon_m580_bmep584040_firmware
12 CVEs
Modicon M580 Bmep586040 Firmware
modicon_m580_bmep586040_firmware
12 CVEs
Modicon M580 Bmep581020 Firmware
modicon_m580_bmep581020_firmware
12 CVEs
Modicon M580 Bmep582020 Firmware
modicon_m580_bmep582020_firmware
12 CVEs
Modicon M580 Bmep582040 Firmware
modicon_m580_bmep582040_firmware
12 CVEs
Modicon M580 Bmep583020 Firmware
modicon_m580_bmep583020_firmware
12 CVEs
Modicon M580 Bmep583040 Firmware
modicon_m580_bmep583040_firmware
12 CVEs
Modicon M580 Bmep584020 Firmware
modicon_m580_bmep584020_firmware
12 CVEs
Modicon M580 Bmep585040 Firmware
modicon_m580_bmep585040_firmware
12 CVEs
Ecostruxure Operator Terminal Expert
ecostruxure_operator_terminal_expert
12 CVEs
Tsxp574634m Firmware
tsxp574634m_firmware
11 CVEs
Tsxety4103 Firmware
tsxety4103_firmware
11 CVEs
Tsxety5103 Firmware
tsxety5103_firmware
11 CVEs
Tsxp575634m Firmware
tsxp575634m_firmware
11 CVEs
Tsxp576634m Firmware
tsxp576634m_firmware
11 CVEs
Tsxp571634m Firmware
tsxp571634m_firmware
11 CVEs
Tsxp572634m Firmware
tsxp572634m_firmware
11 CVEs
Tsxp573634m Firmware
tsxp573634m_firmware
11 CVEs
140cpu65860 Firmware
140cpu65860_firmware
11 CVEs
140cpu65160s Firmware
140cpu65160s_firmware
11 CVEs
Tsxp574634 Firmware
tsxp574634_firmware
11 CVEs
Tsxp575634 Firmware
tsxp575634_firmware
11 CVEs
Tsxp576634 Firmware
tsxp576634_firmware
11 CVEs
Modicon M340 Bmxp342030h Firmware
modicon_m340_bmxp342030h_firmware
10 CVEs
Proclima
proclima
10 CVEs
Tsxh5724m Firmware
tsxh5724m_firmware
10 CVEs
Tsxh5744m Firmware
tsxh5744m_firmware
10 CVEs
Tsxp57104m Firmware
tsxp57104m_firmware
10 CVEs
Tsxp57154m Firmware
tsxp57154m_firmware
10 CVEs
Tsxp57204m Firmware
tsxp57204m_firmware
10 CVEs
Tsxp57254m Firmware
tsxp57254m_firmware
10 CVEs
Tsxp57304m Firmware
tsxp57304m_firmware
10 CVEs
Tsxp57454m Firmware
tsxp57454m_firmware
10 CVEs
Tsxp57554m Firmware
tsxp57554m_firmware
10 CVEs
Homelynk Firmware
homelynk_firmware
10 CVEs
Modicon M340 Bmxp342010 Firmware
modicon_m340_bmxp342010_firmware
9 CVEs
Tsxp57354m Firmware
tsxp57354m_firmware
9 CVEs
Ecostruxure Geo Scada Expert 2019
ecostruxure_geo_scada_expert_2019
9 CVEs
Ecostruxure Geo Scada Expert 2020
ecostruxure_geo_scada_expert_2020
9 CVEs
Igss Dashboard
igss_dashboard
9 CVEs
Modicon M251 Firmware
modicon_m251_firmware
8 CVEs
Modicon M241 Firmware
modicon_m241_firmware
8 CVEs
Clearscada
clearscada
8 CVEs
Wiser For Knx Firmware
wiser_for_knx_firmware
8 CVEs

CVEs (771)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2018-7792
1Schneider Electric
1Modicon M221 Firmware
May 29, 2026
Aug 29, 2018
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to de...Show more
A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to decode the password using rainbow table.Show less
CVE-2018-7791
1Schneider Electric
1Modicon M221 Firmware
May 29, 2026
Aug 29, 2018
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to ov...Show more
A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to overwrite the original password with their password. If an attacker exploits this vulnerability and overwrite the password, the attacker can upload the original program from the PLC.Show less
CVE-2018-7790
1Schneider Electric
1Modicon M221 Firmware
May 29, 2026
Aug 29, 2018
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
An Information Management Error vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to replay authentic...Show more
An Information Management Error vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to replay authentication sequences. If an attacker exploits this vulnerability and connects to a Modicon M221, the attacker can upload the original program from the PLC.Show less
CVE-2018-7795
1Schneider Electric
1Powerlogic Pm5560 Firmware
May 29, 2026
Aug 29, 2018
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
A Cross Protocol Injection vulnerability exists in Schneider Electric's PowerLogic (PM5560 prior to FW version 2.5.4) product. The vulnerability makes the product susceptible to cross site scripting attack on its web bro...Show more
A Cross Protocol Injection vulnerability exists in Schneider Electric's PowerLogic (PM5560 prior to FW version 2.5.4) product. The vulnerability makes the product susceptible to cross site scripting attack on its web browser. User inputs can be manipulated to cause execution of java script code.Show less
CVE-2018-7789
1Schneider Electric
1Modicon M221 Firmware
May 29, 2026
Aug 29, 2018
N/A· v4
7.5 HIGH· v3
7.8 HIGH· v2
An Improper Check for Unusual or Exceptional Conditions vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized u...Show more
An Improper Check for Unusual or Exceptional Conditions vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to remotely reboot Modicon M221 using crafted programing protocol frames.Show less
CVE-2018-3693
7Arm
FujitsuIntel+4 more
225Atom C
Atom EAtom X3+222 more
Nov 21, 2024
Jul 10, 2018
N/A· v4
5.6 MEDIUM· v3
4.7 MEDIUM· v2
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel...Show more
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis.Show less
CVE-2018-7787
1Schneider Electric
1U.motion Builder
Nov 21, 2024
Jul 3, 2018
N/A· v4
5.3 MEDIUM· v3
5.0 MEDIUM· v2
In Schneider Electric U.motion Builder software versions prior to v1.3.4, this vulnerability is due to improper validation of input of context parameter in HTTP GET request.
CVE-2018-7786
1Schneider Electric
1U.motion Builder
Nov 21, 2024
Jul 3, 2018
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
In Schneider Electric U.motion Builder software versions prior to v1.3.4, a cross site scripting (XSS) vulnerability exists which could allow injection of malicious scripts.
CVE-2018-7785
1Schneider Electric
1U.motion Builder
Nov 21, 2024
Jul 3, 2018
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
In Schneider Electric U.motion Builder software versions prior to v1.3.4, a remote command injection allows authentication bypass.
CVE-2018-7784
1Schneider Electric
1U.motion
Nov 21, 2024
Jul 3, 2018
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
In Schneider Electric U.motion Builder software versions prior to v1.3.4, this exploit occurs when the submitted data of an input string is evaluated as a command by the application. In this way, the attacker could execu...Show more
In Schneider Electric U.motion Builder software versions prior to v1.3.4, this exploit occurs when the submitted data of an input string is evaluated as a command by the application. In this way, the attacker could execute code, read the stack, or cause a segmentation fault in the running application.Show less
CVE-2018-7783
1Schneider Electric
1Somachine Basic
Nov 21, 2024
Jul 3, 2018
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
Schneider Electric SoMachine Basic prior to v1.6 SP1 suffers from an XML External Entity (XXE) vulnerability using the DTD parameter entities technique resulting in disclosure and retrieval of arbitrary data on the affec...Show more
Schneider Electric SoMachine Basic prior to v1.6 SP1 suffers from an XML External Entity (XXE) vulnerability using the DTD parameter entities technique resulting in disclosure and retrieval of arbitrary data on the affected node via out-of-band (OOB) attack. The vulnerability is triggered when input passed to the xml parser is not sanitized while parsing the xml project/template file.Show less
CVE-2018-7782
1Schneider Electric
20Ibp1110 1er Firmware
Ibp219 1er FirmwareIbp319 1er Firmware+17 more
Nov 21, 2024
Jul 3, 2018
N/A· v4
8.8 HIGH· v3
4.0 MEDIUM· v2
In Schneider Electric Pelco Sarix Professional 1st generation cameras with firmware versions prior to 3.29.69, authenticated users can view passwords in clear text.
CVE-2018-7781
1Schneider Electric
20Ibp1110 1er Firmware
Ibp219 1er FirmwareIbp319 1er Firmware+17 more
Nov 21, 2024
Jul 3, 2018
N/A· v4
8.8 HIGH· v3
4.0 MEDIUM· v2
In Schneider Electric Pelco Sarix Professional 1st generation cameras with firmware versions prior to 3.29.69, by sending a specially crafted request an authenticated user can view password in clear text and results in p...Show more
In Schneider Electric Pelco Sarix Professional 1st generation cameras with firmware versions prior to 3.29.69, by sending a specially crafted request an authenticated user can view password in clear text and results in privilege escalation.Show less
CVE-2018-7780
1Schneider Electric
20Ibp1110 1er Firmware
Ibp219 1er FirmwareIbp319 1er Firmware+17 more
Nov 21, 2024
Jul 3, 2018
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
In Schneider Electric Pelco Sarix Professional 1st generation cameras with firmware versions prior to 3.29.69, a buffer overflow vulnerability exist in cgi program "set".
CVE-2018-7779
1Schneider Electric
3Homelynk Firmware
Spacelynk FirmwareWiser For Knx Firmware
Nov 21, 2024
Jul 3, 2018
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
In Schneider Electric Wiser for KNX V2.1.0 and prior, homeLYnk V2.0.1 and prior; and spaceLYnk V2.1.0 and prior, weak and unprotected FTP access could allow an attacker unauthorized access.
CVE-2018-7778
1Schneider Electric
1Evlink Charging Station Firmware
Nov 21, 2024
Jul 3, 2018
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
In Schneider Electric Evlink Charging Station versions prior to v3.2.0-12_v1, the Web Interface has an issue that may allow a remote attacker to gain administrative privileges without properly authenticating remote users...Show more
In Schneider Electric Evlink Charging Station versions prior to v3.2.0-12_v1, the Web Interface has an issue that may allow a remote attacker to gain administrative privileges without properly authenticating remote users.Show less
CVE-2018-7777
1Schneider Electric
1U.motion Builder
Nov 21, 2024
Jul 3, 2018
N/A· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
The vulnerability is due to insufficient handling of update_file request parameter on update_module.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. A remote, authenticated attacker can explo...Show more
The vulnerability is due to insufficient handling of update_file request parameter on update_module.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. A remote, authenticated attacker can exploit this vulnerability by sending a crafted request to the target server.Show less
CVE-2018-7776
1Schneider Electric
1U.motion Builder
Nov 21, 2024
Jul 3, 2018
N/A· v4
4.3 MEDIUM· v3
4.3 MEDIUM· v2
The vulnerability exists within error.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. System information is returned to the attacker that contains sensitive data.
CVE-2018-7774
1Schneider Electric
1U.motion Builder
Nov 21, 2024
Jul 3, 2018
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
The vulnerability exists within processing of localize.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the username input...Show more
The vulnerability exists within processing of localize.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the username input parameter.Show less
CVE-2018-7773
1Schneider Electric
1U.motion Builder
Nov 21, 2024
Jul 3, 2018
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
The vulnerability exists within processing of nfcserver.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the sessionid inpu...Show more
The vulnerability exists within processing of nfcserver.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the sessionid input parameter.Show less