MidnightBSD

Advisories for schneider-electric

CVE-2011-3143 HIGH

Use-after-free vulnerability in Control Microsystems ClearSCADA 2005, 2007, and 2009 before R2.3 and R1.4, as used in SCX before 67 R4.5 and 68 R3.9, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified long strings that trigger heap memory corruption.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-399,

Products Affected

Vendor Product Version
schneider-electric scx_68 *
aveva clearscada 2005
schneider-electric scx_67 *
aveva clearscada 2007
aveva clearscada 2009
CVE-2011-3144 MEDIUM

Cross-site scripting (XSS) vulnerability in Control Microsystems ClearSCADA 2005, 2007, and 2009 before R2.3 and R1.4, as used in SCX before 67 R4.5 and 68 R3.9, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
schneider-electric scx_68 *
aveva clearscada 2005
schneider-electric scx_67 *
aveva clearscada 2007
aveva clearscada 2009
CVE-2011-3330 HIGH

Buffer overflow in the UnitelWay Windows Device Driver, as used in Schneider Electric Unity Pro 6 and earlier, OPC Factory Server 3.34, Vijeo Citect 7.20 and earlier, Telemecanique Driver Pack 2.6 and earlier, Monitor Pro 7.6 and earlier, and PL7 Pro 4.5 and earlier, allows local users, and possibly remote attackers, to execute arbitrary code via an unspecified system parameter.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
schneider-electric monitor_pro *
schneider-electric opc_factory_server *
schneider-electric unity_pro *
schneider-electric vijeo_citect *
schneider-electric telemecanique_driver_pack *
schneider-electric pl7_pro *
CVE-2011-4033 MEDIUM

Buffer overflow in the Steema TeeChart ActiveX control, as used in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADAReports 4.10 and earlier, allows remote attackers to cause a denial of service via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
schneider-electric citecthistorian *
schneider-electric citecthistorian 4.20
schneider-electric vijeo_historian *
schneider-electric vijeo_historian 4.20
schneider-electric citectscada_reports *
schneider-electric citectscada_reports 4.0
schneider-electric vijeo_historian 4.0
schneider-electric vijeo_historian 4.10
CVE-2011-4034 HIGH

Buffer overflow in the Steema TeeChart ActiveX control, as used in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADAReports 4.10 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
schneider-electric citecthistorian *
schneider-electric citecthistorian 4.20
schneider-electric vijeo_historian *
schneider-electric vijeo_historian 4.20
schneider-electric citectscada_reports *
schneider-electric citectscada_reports 4.0
schneider-electric vijeo_historian 4.0
schneider-electric vijeo_historian 4.10
CVE-2011-4035 MEDIUM

Cross-site scripting (XSS) vulnerability in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADAReports 4.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
schneider-electric citecthistorian *
schneider-electric citecthistorian 4.20
schneider-electric vijeo_historian *
schneider-electric vijeo_historian 4.20
schneider-electric citectscada_reports *
schneider-electric citectscada_reports 4.0
schneider-electric vijeo_historian 4.0
schneider-electric vijeo_historian 4.10
CVE-2011-4036 MEDIUM

Directory traversal vulnerability in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADAReports 4.10 and earlier allows remote attackers to read arbitrary files via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
schneider-electric citecthistorian *
schneider-electric citecthistorian 4.20
schneider-electric vijeo_historian *
schneider-electric vijeo_historian 4.20
schneider-electric citectscada_reports *
schneider-electric citectscada_reports 4.0
schneider-electric vijeo_historian 4.0
schneider-electric vijeo_historian 4.10
CVE-2011-4859 HIGH

The Schneider Electric Quantum Ethernet Module, as used in the Quantum 140NOE771* and 140CPU65* modules, the Premium TSXETY* and TSXP57* modules, the M340 BMXNOE01* and BMXP3420* modules, and the STB DIO STBNIC2212 and STBNIP2* modules, uses hardcoded passwords for the (1) AUTCSE, (2) AUT_CSE, (3) fdrusers, (4) ftpuser, (5) loader, (6) nic2212, (7) nimrohs2212, (8) nip2212, (9) noe77111_v500, (10) ntpupdate, (11) pcfactory, (12) sysdiag, (13) target, (14) test, (15) USER, and (16) webserver accounts, which makes it easier for remote attackers to obtain access via the (a) TELNET, (b) Windriver Debug, or (c) FTP port.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
schneider-electric premium_ethernet_module_tsxp573634m *
schneider-electric premium_ethernet_module_tsxp57163m *
schneider-electric m340_ethernet_module_bmxnoe0100 *
schneider-electric quantum_ethernet_module_140cpu65150 *
schneider-electric premium_ethernet_module_tsxp576634m *
schneider-electric stb_dio_ethernet_module_stbnip2311 *
schneider-electric quantum_ethernet_module_140noe77111 *
schneider-electric quantum_ethernet_module_140cpu65160 *
schneider-electric premium_ethernet_module_tsxp575634m *
schneider-electric m340_ethernet_module_bmxp342020 *
schneider-electric premium_ethernet_module_tsxety5103 *
schneider-electric premium_ethernet_module_tsxp572634m *
schneider-electric m340_ethernet_module_bmxnoe0110 *
schneider-electric m340_ethernet_module_bmxp342030 *
schneider-electric stb_dio_ethernet_module_stbnic2212 *
schneider-electric quantum_ethernet_module_140noe77101 *
schneider-electric quantum_ethernet_module_140cpu65260 *
schneider-electric premium_ethernet_module_tsxety4103 *
schneider-electric premium_ethernet_module_tsxp574634m *
schneider-electric quantum_ethernet_module_140noe77100 *
schneider-electric stb_dio_ethernet_module_stbnip2212 *
CVE-2011-4860 HIGH

The ComputePassword function in the Schneider Electric Quantum Ethernet Module on the NOE 771 device (aka the Quantum 140NOE771* module) generates the password for the fwupgrade account by performing a calculation on the MAC address, which makes it easier for remote attackers to obtain access via a (1) ARP request message or (2) Neighbor Solicitation message.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
schneider-electric quantum_ethernet_module_140noe77101 *
schneider-electric quantum_ethernet_module_140noe77100 *
schneider-electric quantum_ethernet_module_140noe77111 *
CVE-2011-4861 HIGH

The modbus_125_handler function in the Schneider Electric Quantum Ethernet Module on the NOE 771 device (aka the Quantum 140NOE771* module) allows remote attackers to install arbitrary firmware updates via a MODBUS 125 function code to TCP port 502.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
schneider-electric quantum_ethernet_module_140noe77101 *
schneider-electric quantum_ethernet_module_140noe77100 *
schneider-electric quantum_ethernet_module_140noe77111 *
CVE-2011-5163 MEDIUM

Buffer overflow in an unspecified third-party component in the Batch module for Schneider Electric CitectSCADA before 7.20 and Mitsubishi MX4 SCADA before 7.20 allows local users to execute arbitrary code via a long string in a login sequence.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
schneider-electric citectscada *
mitsubishi-automation mx4_scada *
CVE-2012-0929 HIGH

Multiple buffer overflows in Schneider Electric Modicon Quantum PLC allow remote attackers to cause a denial of service via malformed requests to the (1) FTP server or (2) HTTP server.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
schneider-electric modicon_quantum_plc -
CVE-2012-0930 MEDIUM

Cross-site scripting (XSS) vulnerability in Schneider Electric Modicon Quantum PLC allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
schneider-electric modicon_quantum_plc -
CVE-2012-0931 HIGH

Schneider Electric Modicon Quantum PLC does not perform authentication between the Unity software and PLC, which allows remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
schneider-electric modicon_quantum_plc -
CVE-2012-1990 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in Schneider Electric Kerweb before 3.0.1 and Kerwin before 6.0.1 allow remote attackers to inject arbitrary web script or HTML via (1) the evtvariablename parameter in an evts.xml action to kw.dll, (2) unspecified search fields, or (3) unspecified content-display fields.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
schneider-electric kerwin *
schneider-electric kerweb *
CVE-2013-0655 HIGH

The client in Schneider Electric Software Update (SESU) Utility 1.0.x and 1.1.x does not ensure that updates have a valid origin, which allows man-in-the-middle attackers to spoof updates, and consequently execute arbitrary code, by modifying the data stream on TCP port 80.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
schneider-electric software_update_utility 1.0
schneider-electric software_update_utility 1.1
schneider-electric software_update_utility 1.0.13
CVE-2013-0657 HIGH

Stack-based buffer overflow in Schneider Electric Interactive Graphical SCADA System (IGSS) 10 and earlier allows remote attackers to execute arbitrary code by sending TCP port-12397 data that does not comply with a protocol.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
schneider-electric interactive_graphical_scada_system *
schneider-electric interactive_graphical_scada_system 9.0
CVE-2013-0658 HIGH

Heap-based buffer overflow in RFManagerService.exe in Schneider Electric Accutech Manager 2.00.1 and earlier allows remote attackers to execute arbitrary code via a crafted HTTP request.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
schneider-electric accutech_manager *
CVE-2013-0662 HIGH

Multiple stack-based buffer overflows in ModbusDrv.exe in Schneider Electric Modbus Serial Driver 1.10 through 3.2 allow remote attackers to execute arbitrary code via a large buffer-size value in a Modbus Application Header.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
schneider-electric modbus_serial_driver 2.2
schneider-electric twidosuite *
schneider-electric sft2841 *
schneider-electric somachine 3.0
schneider-electric unityloader *
schneider_electric somachine 3.0
schneider-electric opc_factory_server 3.35
schneider-electric opc_factory_server *
schneider-electric somove *
schneider-electric sft2841 13.1
schneider-electric unity_pro 6.0
schneider-electric concept *
schneider-electric modbus_serial_driver 3.2
schneider-electric pl7 *
schneider-electric modbus_serial_driver 1.10
schneider-electric somachine *
schneider-electric modbuscommdtm_sl *
schneider-electric somachine 2.0
schneider-electric unity_pro *
schneider-electric opc_factory_server 3.34
schneider-electric powersuite *
CVE-2013-0663 MEDIUM

Cross-site request forgery (CSRF) vulnerability on the Schneider Electric Quantum 140NOE77111, 140NOE77101, and 140NWM10000; M340 BMXNOC0401, BMXNOE0100x, and BMXNOE011xx; and Premium TSXETY4103, TSXETY5103, and TSXWMY100 PLC modules allows remote attackers to hijack the authentication of arbitrary users for requests that execute commands, as demonstrated by modifying HTTP credentials.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
schneider-electric modicon_quantum_plc 140nwm10000
schneider-electric modicon_quantum_plc 140noe77111
schneider-electric modicon_premium tsxety4103
schneider-electric modicon_premium tsxety5103
schneider-electric modicon_m340 bmxnoe011xx
schneider-electric modicon_quantum_plc 140noe77101
schneider-electric modicon_m340 bmxnoc0401
schneider-electric modicon_premium tsxwmy100
schneider-electric modicon_m340 bmxnoe0100x
CVE-2013-0664 HIGH

The FactoryCast service on the Schneider Electric Quantum 140NOE77111 and 140NWM10000, M340 BMXNOE0110x, and Premium TSXETY5103 PLC modules allows remote authenticated users to send Modbus messages, and consequently execute arbitrary code, by embedding these messages in SOAP HTTP POST requests.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
schneider-electric modicon_quantum_plc 140nwm10000
schneider-electric modicon_quantum_plc 140noe77111
schneider-electric modicon_premium tsxety5103
schneider-electric modicon_m340 bmxnoe0110x
CVE-2013-0687 MEDIUM

The installer routine in Schneider Electric MiCOM S1 Studio uses world-writable permissions for executable files, which allows local users to modify the service or the configuration files, and consequently gain privileges or trigger incorrect protective-relay operation, via a Trojan horse executable file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
schneider-electric micom_s1_studio -
CVE-2013-2761 MEDIUM

The Schneider Electric M340 BMXNOE01xx and BMXP3420xx PLC modules allow remote authenticated users to cause a denial of service (module crash) via crafted FTP traffic, as demonstrated by the FileZilla FTP client.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
schneider-electric modicon_m340 bmxnoe01xx
schneider-electric modicon_m340 bmxp3420xx
CVE-2013-2762 HIGH

The Schneider Electric Magelis XBT HMI controller has a default password for authentication of configuration uploads, which makes it easier for remote attackers to bypass intended access restrictions via crafted configuration data.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-255,CWE-352,

Products Affected

Vendor Product Version
schneider-electric magelis_xbt_hmi -
CVE-2013-2763 MEDIUM

The Schneider Electric M340 PLC modules allow remote attackers to cause a denial of service (resource consumption) via unspecified vectors. NOTE: the vendor reportedly disputes this issue because it "could not be duplicated" and "an attacker could not remotely exploit this observed behavior to deny PLC control functions.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,

Products Affected

Vendor Product Version
schneider-electric modicon_m340_bmx_p34-2010_firmware -
schneider-electric modicon_m340_bmxp342030_firmware -
schneider-electric modicon_m340_bmx_noe_0110_firmware -
schneider-electric modicon_m340_bmxp342010_firmware -
schneider-electric modicon_m340_bmxp341000_firmware -
schneider-electric modicon_m340_bmxp342020_firmware -
schneider-electric modicon_m340_bmx_noc_0401_firmware -
schneider-electric modicon_m340_bmx_noe_0110h_firmware -
schneider-electric modicon_m340_bmx_noe_0100_firmware -
schneider-electric modicon_m340_bmx_p34-2030_firmware -
schneider-electric modicon_m340_bmx_noe_0100h_firmware -
schneider-electric modicon_m340_bmx_nor_0200h_firmware -
CVE-2013-2782 HIGH

Schneider Electric Trio J-Series License Free Ethernet Radio with firmware 3.6.0 through 3.6.3 uses the same AES encryption key across different customers' installations, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-310,

Products Affected

Vendor Product Version
schneider-electric tburjr900_firmware 3.6.3
schneider-electric tburjr900 01002dh0
schneider-electric tburjr900 06002eh0
schneider-electric tburjr900 00002dh0
schneider-electric tburjr900 06002dh0
schneider-electric tburjr900_firmware 3.6.0
schneider-electric tburjr900 01002eh0
schneider-electric tburjr900 05002eh0
schneider-electric tburjr900_firmware 3.6.1
schneider-electric tburjr900_firmware 3.6.2
schneider-electric tburjr900 05002dh0
schneider-electric tburjr900 00002eh0
CVE-2013-2796 MEDIUM

Schneider Electric Vijeo Citect 7.20 and earlier, CitectSCADA 7.20 and earlier, and PowerLogic SCADA 7.20 and earlier allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
schneider-electric citectscada *
schneider-electric powerlogic_scada 7.10
schneider-electric powerlogic_scada *
schneider-electric vijeo_citect *
schneider-electric vijeo_citect 7.10
schneider-electric citectscada 7.10
CVE-2013-2824 HIGH

Schneider Electric StruxureWare SCADA Expert Vijeo Citect 7.40, Vijeo Citect 7.20 through 7.30SP1, CitectSCADA 7.20 through 7.30SP1, StruxureWare PowerSCADA Expert 7.30 through 7.30SR1, and PowerLogic SCADA 7.20 through 7.20SR1 do not properly handle exceptions, which allows remote attackers to cause a denial of service via a crafted packet.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
schneider-electric struxureware_scada_expert_vijeo_citect 7.20
schneider-electric citectscada 7.20
schneider-electric citectscada 7.30
schneider-electric struxureware_powerscada_expert 7.30
schneider-electric struxureware_scada_expert_vijeo_citect 7.30
schneider-electric powerlogic_scada 7.20
schneider-electric struxureware_scada_expert_vijeo_citect 7.40
CVE-2013-3075 HIGH

Multiple buffer overflows in ActUWzd.dll 1.0.0.1 in Mitsubishi MX Component 3, as distributed in Citect CitectFacilities 7.10 and CitectScada 7.10r1, allow remote attackers to execute arbitrary code via a long string, as demonstrated by a long WzTitle property value to a certain ActiveX control.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
mitsubishi-automation mitsubishi_mx_component 3
schneider-electric citectfacilities 7.10
schneider-electric citectscada 7.10
CVE-2013-6143 MEDIUM

The Schneider Electric Telvent SAGE 3030 RTU with firmware C3413-500-001D3_P4 and C3413-500-001F0_PB allows remote attackers to cause a denial of service (temporary outage and CPU consumption) via malformed DNP3 traffic.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,CWE-399,

Products Affected

Vendor Product Version
schneider-electric telvent_sage_3030_firmware c3413-500-001d3_p4
schneider-electric telvent_sage_3030_firmware c3413-500-001f0_pb
CVE-2014-0754 HIGH

Directory traversal vulnerability in SchneiderWEB on Schneider Electric Modicon PLC Ethernet modules 140CPU65x Exec before 5.5, 140NOC78x Exec before 1.62, 140NOE77x Exec before 6.2, BMXNOC0401 before 2.05, BMXNOE0100 before 2.9, BMXNOE0110x Exec before 6.0, TSXETC101 Exec before 2.04, TSXETY4103x Exec before 5.7, TSXETY5103x Exec before 5.9, TSXP57x ETYPort Exec before 5.7, and TSXP57x Ethernet Copro Exec before 5.5 allows remote attackers to visit arbitrary resources via a crafted HTTP request.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-22,

Products Affected

Vendor Product Version
schneider-electric tsxp573634m_firmware -
schneider-electric modicon_m340_bmxp342030_firmware -
schneider-electric stbnic2212_firmware -
schneider-electric modicon_m340_bmxp3420302_firmware -
schneider-electric modicon_m340_bmxnoc0401_firmware -
schneider-electric modicon_m340_bmxp342030h_firmware -
schneider-electric 171ccc96020_firmware -
schneider-electric tsxety5103c_firmware -
schneider-electric modicon_m340_bmxp3420302h_firmware -
schneider-electric tsxp574823m_firmware -
schneider-electric tsxety110ws_firmware -
schneider-electric tsxety110wsc_firmware -
schneider-electric tsxp574823am_firmware -
schneider-electric stbnip2212_firmware -
schneider-electric tsxetc0101_firmware -
schneider-electric tsxp574634m_firmware -
schneider-electric modicon_m580_bmxnoc0402_firmware -
schneider-electric modicon_m340_bmxnoe0110h_firmware -
schneider-electric tsxety5103_firmware -
schneider-electric tsxp574823mc_firmware -
schneider-electric 171ccc96020c_firmware -
schneider-electric modicon_m340_bmxnor0200h_firmware -
schneider-electric tsxetz510_firmware -
schneider-electric 171ccc96030_firmware -
schneider-electric modicon_m340_bmxp342020h_firmware -
schneider-electric tsxp572634m_firmware -
schneider-electric 171ccc96030c_firmware -
schneider-electric tsxp571634m_firmware -
schneider-electric tsxntp100_firmware -
schneider-electric tsxp575634m_firmware -
schneider-electric tsxetz410_firmware -
schneider-electric 171ccc98020_firmware -
schneider-electric modicon_m340_bmxp342020_firmware -
schneider-electric tsxety4103c_firmware -
schneider-electric 171ccc98030_firmware -
schneider-electric tsxp576634m_firmware -
schneider-electric tsxwmy100_firmware -
schneider-electric modicon_m340_bmxnoe0100_firmware -
schneider-electric tsxp573623mc_firmware -
schneider-electric tsxwmy100c_firmware -
schneider-electric modicon_m340_bmxnoe0110_firmware -
schneider-electric tsxety4103_firmware -
schneider-electric tsxetc100_firmware -
CVE-2014-0759 MEDIUM

Unquoted Windows search path vulnerability in Schneider Electric Floating License Manager 1.0.0 through 1.4.0 allows local users to gain privileges via a Trojan horse application with a name composed of an initial substring of a path that contains a space character.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-428,NVD-CWE-Other,

Products Affected

Vendor Product Version
schneider-electric floating_license_manager 1.4.0
schneider-electric floating_license_manager 1.0.0
CVE-2014-0774 MEDIUM

Stack-based buffer overflow in the C++ sample client in Schneider Electric OPC Factory Server (OFS) TLXCDSUOFS33 - 3.35, TLXCDSTOFS33 - 3.35, TLXCDLUOFS33 - 3.35, TLXCDLTOFS33 - 3.35, and TLXCDLFOFS33 - 3.35 allows local users to gain privileges via vectors involving a malformed configuration file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-121,CWE-119,

Products Affected

Vendor Product Version
schneider-electric ofs_test_client_tlxcdluofs33 3.35
schneider-electric ofs_test_client_tlxcdstofs33 3.35
schneider-electric ofs_test_client_tlxcdsuofs33 3.35
schneider-electric opc_factory_server 3.35
schneider-electric ofs_test_client_tlxcdltofs33 3.35
schneider-electric ofs_test_client_tlxcdlfofs33 3.35
CVE-2014-0789 MEDIUM

Multiple buffer overflows in the OPC Automation 2.0 Server Object ActiveX control in Schneider Electric OPC Factory Server (OFS) TLXCDSUOFS33 3.5 and earlier, TLXCDSTOFS33 3.5 and earlier, TLXCDLUOFS33 3.5 and earlier, TLXCDLTOFS33 3.5 and earlier, and TLXCDLFOFS33 3.5 and earlier allow remote attackers to cause a denial of service via long arguments to unspecified functions.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-122,CWE-119,

Products Affected

Vendor Product Version
schneider-electric opc_factory_server_tlxcdltofs *
schneider-electric opc_factory_server_tlxcdlfofs *
schneider-electric opc_factory_server_tlxcdsuofs *
schneider-electric opc_factory_server_tlxcdstofs *
schneider-electric opc_factory_server_tlxcdluofs *
CVE-2014-5407 MEDIUM

Multiple stack-based buffer overflows in Schneider Electric VAMPSET 2.2.136 and earlier allow local users to cause a denial of service (application halt) via a malformed (1) setting file or (2) disturbance recording file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-121,CWE-119,

Products Affected

Vendor Product Version
schneider-electric vampset *
CVE-2014-5411 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
aveva clearscada 2013
aveva clearscada 2010
schneider-electric scada_expert_clearscada 2014
schneider-electric scada_expert_clearscada 2013
CVE-2014-5412 MEDIUM

Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allows remote attackers to read database records by leveraging access to the guest account.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,CWE-264,

Products Affected

Vendor Product Version
aveva clearscada 2013
aveva clearscada 2010
schneider-electric scada_expert_clearscada 2014
schneider-electric scada_expert_clearscada 2013
CVE-2014-5413 MEDIUM

Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 uses the MD5 algorithm for an X.509 certificate, which makes it easier for remote attackers to spoof servers via a cryptographic attack against this algorithm.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,CWE-310,

Products Affected

Vendor Product Version
aveva clearscada 2013
aveva clearscada 2010
schneider-electric scada_expert_clearscada 2014
schneider-electric scada_expert_clearscada 2013
CVE-2014-8390 MEDIUM

Multiple buffer overflows in Schneider Electric VAMPSET before 2.2.168 allow local users to gain privileges via malformed disturbance-recording data in a (1) CFG or (2) DAT file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
schneider-electric vampset *
CVE-2014-8511 HIGH

Buffer overflow in an ActiveX control in Atx45.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8512. NOTE: this may be clarified later based on details provided by researchers.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
schneider-electric proclima *
CVE-2014-9190 HIGH

Stack-based buffer overflow in Schneider Electric Wonderware InTouch Access Anywhere Server 10.6 and 11.0 allows remote attackers to execute arbitrary code via a request for a filename that does not exist.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-121,CWE-119,

Products Affected

Vendor Product Version
schneider-electric wonderware_intouch_access_anywhere_server 10.6
schneider-electric wonderware_intouch_access_anywhere_server 11.0
CVE-2014-9197 HIGH

The Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware before 1.60 IR 04 stores rde.jar under the web root with insufficient access control, which allows remote attackers to obtain sensitive setup and configuration information via a direct request.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-306,CWE-284,

Products Affected

Vendor Product Version
schneider-electric tsxetg3010 -
schneider-electric tsxetg3021 -
schneider-electric etg3000_factorycast_hmi_gateway_firmware 1.60.2
schneider-electric tsxetg3022 -
schneider-electric tsxetg3000 -
CVE-2014-9198 HIGH

The FTP server on the Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware through 1.60 IR 04 has hardcoded credentials, which makes it easier for remote attackers to obtain access via an FTP session.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-798,CWE-255,

Products Affected

Vendor Product Version
schneider-electric tsxetg3010 -
schneider-electric tsxetg3021 -
schneider-electric etg3000_factorycast_hmi_gateway_firmware *
schneider-electric tsxetg3022 -
schneider-electric tsxetg3000 -
CVE-2014-9200 HIGH

Stack-based buffer overflow in an unspecified DLL file in a DTM development kit in Schneider Electric Unity Pro, SoMachine, SoMove, SoMove Lite, Modbus Communication Library 2.2.6 and earlier, CANopen Communication Library 1.0.2 and earlier, EtherNet/IP Communication Library 1.0.0 and earlier, EM X80 Gateway DTM (MB TCP/SL), Advantys DTM for OTB, Advantys DTM for STB, KINOS DTM, SOLO DTM, and Xantrex DTMs allows remote attackers to execute arbitrary code via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-121,CWE-119,

Products Affected

Vendor Product Version
schneider-electric somove -
schneider-electric somachine -
schneider-electric unity_pro -
schneider-electric somove_lite -
CVE-2014-9206 MEDIUM

Stack-based buffer overflow in Device Type Manager (DTM) 3.1.6 and earlier for Schneider Electric Invensys SRD Control Valve Positioner devices 960 and 991 allows local users to gain privileges via a malformed DLL file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
schneider-electric device_type_manager *
CVE-2015-0982 HIGH

Buffer overflow in an unspecified DLL in Schneider Electric Pelco DS-NVs before 7.8.90 allows remote attackers to execute arbitrary code via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,

Products Affected

Vendor Product Version
schneider-electric pelco_ds-nv *
CVE-2015-0996 LOW

Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 rely on a hardcoded cleartext password to control read access to Project files and Project Configuration files, which makes it easier for local users to obtain sensitive information by discovering this password.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
schneider-electric wonderware_intouch_2014 *
aveva aveva_edge *
CVE-2015-0997 MEDIUM

Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 provide an HMI user interface that lists all valid usernames, which makes it easier for remote attackers to obtain access via a brute-force password-guessing attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
schneider-electric wonderware_intouch_2014 *
aveva aveva_edge *
CVE-2015-0998 LOW

Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 transmit cleartext credentials, which allows remote attackers to obtain sensitive information by sniffing the network.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
schneider-electric wonderware_intouch_2014 *
aveva aveva_edge *
CVE-2015-0999 LOW

Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 store cleartext OPC User credentials in a configuration file, which allows local users to obtain sensitive information by reading this file.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
schneider-electric wonderware_intouch_2014 *
aveva aveva_edge *
CVE-2015-1014 MEDIUM

A successful exploit of these vulnerabilities requires the local user to load a crafted DLL file in the system directory on servers running Schneider Electric OFS v3.5 with version v7.40 of SCADA Expert Vijeo Citect/CitectSCADA, OFS v3.5 with version v7.30 of Vijeo Citect/CitectSCADA, and OFS v3.5 with version v7.20 of Vijeo Citect/CitectSCADA.. If the application attempts to open that file, the application could crash or allow the attacker to execute arbitrary code. Schneider Electric recommends vulnerable users upgrade the OFS to V3.5 and install the latest service pack (SP 6 or newer) for their associated version.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-427,CWE-427,

Products Affected

Vendor Product Version
schneider-electric opc_factory_server 3.5
CVE-2015-3940 MEDIUM

Untrusted search path vulnerability in Schneider Electric Wonderware System Platform before 2014 R2 Patch 01 allows local users to gain privileges via a Trojan horse DLL in an unspecified directory.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
schneider-electric wonderware_system_platform_2014 r2
CVE-2015-3962 MEDIUM

Schneider Electric StruxureWare Building Expert MPM before 2.15 does not use encryption for the client-server data stream, which allows remote attackers to discover credentials by sniffing the network.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-522,

Products Affected

Vendor Product Version
schneider-electric struxureware_building_expert_multi-purpose_management *
CVE-2015-3977 HIGH

Buffer overflow in Schneider Electric IMT25 Magnetic Flow DTM before 1.500.004 for the HART Protocol allows remote authenticated users to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HART reply.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
schneider-electric imt25_magnetic_flow_dtm *
CVE-2015-6461 MEDIUM

Remote file inclusion allows an attacker to craft a specific URL referencing the Schneider Electric Modicon BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, or BMXP342030H PLC web server, which, when launched, will result in the browser redirecting to a remote file via a Java script loaded with the web page.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-98,CWE-20,

Products Affected

Vendor Product Version
schneider-electric modicon_m340_bmxp3420302h_firmware -
schneider-electric modicon_m340_bmxp342020h_firmware -
schneider-electric modicon_m340_bmxp342030_firmware -
schneider-electric bmxnoe0110h_firmware -
schneider-electric bmxnoc0401_firmware -
schneider-electric modicon_m340_bmxp3420302_firmware -
schneider-electric bmxnor0200h_firmware -
schneider-electric bmxnoe0110_firmware -
schneider-electric modicon_m340_bmxp342020_firmware -
schneider-electric bmxnoe0100_firmware -
schneider-electric modicon_m340_bmxp342030h_firmware -
CVE-2015-6462 LOW

Reflected Cross-Site Scripting (nonpersistent) allows an attacker to craft a specific URL, which contains Java script that will be executed on the Schneider Electric Modicon BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, or BMXP342030H PLC client browser.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
schneider-electric modicon_m340_bmxp3420302h_firmware -
schneider-electric modicon_m340_bmxp342020h_firmware -
schneider-electric modicon_m340_bmxp342030_firmware -
schneider-electric bmxnoe0110h_firmware -
schneider-electric bmxnoc0401_firmware -
schneider-electric modicon_m340_bmxp3420302_firmware -
schneider-electric bmxnor0200h_firmware -
schneider-electric bmxnoe0110_firmware -
schneider-electric modicon_m340_bmxp342020_firmware -
schneider-electric bmxnoe0100_firmware -
schneider-electric modicon_m340_bmxp342030h_firmware -
CVE-2015-6485 MEDIUM

Schneider Electric Telvent Sage 2300 RTUs with firmware before C3413-500-S01, and LANDAC II-2, Sage 1410, Sage 1430, Sage 1450, Sage 2400, and Sage 3030M RTUs with firmware before C3414-500-S02J2, allow remote attackers to obtain sensitive information from device memory by reading a padding field of an Ethernet packet.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
schneider-electric telvent_rtu_firmware *
CVE-2015-7918 MEDIUM

Multiple buffer overflows in the F1BookView ActiveX control in F1 Bookview in Schneider Electric ProClima before 6.2 allow remote attackers to execute arbitrary code via the (1) Attach, (2) DefinedName, (3) DefinedNameLocal, (4) ODBCPrepareEx, (5) ObjCreatePolygon, (6) SetTabbedTextEx, or (7) SetValidationRule method, a different vulnerability than CVE-2015-8561.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
schneider-electric proclima *
CVE-2015-7921 MEDIUM

The FTP server in Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before 4.05.000, PFXEXEDLS before 4.05.000, and PFXEXGRPLS before 4.05.000 has hardcoded credentials, which makes it easier for remote attackers to bypass authentication by leveraging knowledge of these credentials.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 3.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-255,

Products Affected

Vendor Product Version
schneider-electric proface_gp-pro_ex_ex-ed *
schneider-electric proface_gp-pro_ex_pfxexgrpls *
schneider-electric proface_gp-pro_ex_pfxexedls *
schneider-electric proface_gp-pro_ex_pfxexedv *
CVE-2015-7937 HIGH

Stack-based buffer overflow in the GoAhead Web Server on Schneider Electric Modicon M340 PLC BMXNOx and BMXPx devices allows remote attackers to execute arbitrary code via a long password in HTTP Basic Authentication data.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
schneider-electric modicon_m340_bmxp3420302 -
schneider-electric bmxnor0200h -
schneider-electric bmxnoe0100 -
schneider-electric modicon_m340_bmxp3420302h -
schneider-electric modicon_m340_bmxp342030 -
schneider-electric bmxnoe0110h -
schneider-electric bmxpra0100 -
schneider-electric bmxnoc0401 -
schneider-electric modicon_m340_bmxp342020 -
schneider-electric bmxnoe0110 -
schneider-electric bmxnor0200 -
schneider-electric bmxnoe0100h -
schneider-electric modicon_m340_bmxp342020h -
CVE-2015-8561 MEDIUM

The F1BookView ActiveX control in F1 Bookview in Schneider Electric ProClima before 6.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted integer value to the (1) AttachToSS, (2) CopyAll, (3) CopyRange, (4) CopyRangeEx, or (5) SwapTable method, a different vulnerability than CVE-2015-7918.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
schneider-electric proclima *
CVE-2016-2278 HIGH

Schneider Electric Struxureware Building Operations Automation Server AS 1.7 and earlier and AS-P 1.7 and earlier allows remote authenticated administrators to execute arbitrary OS commands by defeating an msh (aka Minimal Shell) protection mechanism.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-284,

Products Affected

Vendor Product Version
schneider-electric struxureware_building_operations_automation_server_as_firmware *
schneider-electric struxureware_building_operations_automation_server_as-p_firmware 1.7
CVE-2016-2290 MEDIUM

Heap-based buffer overflow in Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before 4.05.000, PFXEXEDLS before 4.05.000, and PFXEXGRPLS before 4.05.000 allows remote attackers to execute arbitrary code via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
schneider-electric proface_gp-pro_ex_ex-ed *
schneider-electric proface_gp-pro_ex_pfxexgrpls *
schneider-electric proface_gp-pro_ex_pfxexedls *
schneider-electric proface_gp-pro_ex_pfxexedv *
CVE-2016-2291 MEDIUM

Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before 4.05.000, PFXEXEDLS before 4.05.000, and PFXEXGRPLS before 4.05.000 allow remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
schneider-electric proface_gp-pro_ex_ex-ed *
schneider-electric proface_gp-pro_ex_pfxexgrpls *
schneider-electric proface_gp-pro_ex_pfxexedls *
schneider-electric proface_gp-pro_ex_pfxexedv *
CVE-2016-2292 MEDIUM

Stack-based buffer overflow in Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before 4.05.000, PFXEXEDLS before 4.05.000, and PFXEXGRPLS before 4.05.000 allows remote attackers to execute arbitrary code via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
schneider-electric proface_gp-pro_ex_ex-ed *
schneider-electric proface_gp-pro_ex_pfxexgrpls *
schneider-electric proface_gp-pro_ex_pfxexedls *
schneider-electric proface_gp-pro_ex_pfxexedv *
CVE-2016-4513 MEDIUM

Cross-site scripting (XSS) vulnerability in the Schneider Electric PowerLogic PM8ECC module before 2.651 for PowerMeter 800 devices allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
schneider-electric powerlogic_pm8ecc_firmware *
CVE-2016-4520 HIGH

Schneider Electric Pelco Digital Sentry Video Management System with firmware before 7.14 has hardcoded credentials, which allows remote attackers to obtain access, and consequently execute arbitrary code, via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
schneider-electric pelco_digital_sentry_video_management_system_firmware *
CVE-2016-4529 HIGH

An unspecified ActiveX control in Schneider Electric SoMachine HVAC Programming Software for M171/M172 Controllers before 2.1.0 allows remote attackers to execute arbitrary code via unknown vectors, related to the INTERFACESAFE_FOR_UNTRUSTED_CALLER (aka safe for scripting) flag.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.3 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 3.9 3.4

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
schneider-electric somachine_hvac_firmware *
CVE-2016-5809 MEDIUM

An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. There is no CSRF Token generated to authenticate the user during a session. Successful exploitation of this vulnerability can allow unauthorized configuration changes to be made and saved.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
schneider-electric ion8800 -
schneider-electric ion8650 -
schneider-electric ion7500 -
schneider-electric ion5000 -
schneider-electric ion7300 -
schneider-electric ion7600 -
CVE-2016-5815 HIGH

An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. No authentication is configured by default. An unauthorized user can access the device management portal and make configuration changes.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-284,

Products Affected

Vendor Product Version
schneider-electric ion8800 -
schneider-electric ion8650 -
schneider-electric ion7500 -
schneider-electric ion5000 -
schneider-electric ion7300 -
schneider-electric ion7600 -
CVE-2016-5818 HIGH

An issue was discovered in Schneider Electric PowerLogic PM8ECC device 2.651 and older. Undocumented hard-coded credentials allow access to the device.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-798,

Products Affected

Vendor Product Version
schneider-electric powerlogic_pm8ecc_firmware 2.651
CVE-2016-8352 HIGH

An issue was discovered in Schneider Electric ConneXium firewalls TCSEFEC23F3F20 all versions, TCSEFEC23F3F21 all versions, TCSEFEC23FCF20 all versions, TCSEFEC23FCF21 all versions, and TCSEFEC2CF3F20 all versions. A stack-based buffer overflow can be triggered during the SNMP login authentication process that may allow an attacker to remotely execute code.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
schneider-electric connexium_firmware -
CVE-2016-8354 MEDIUM

An issue was discovered in Schneider Electric Unity PRO prior to V11.1. Unity projects can be compiled as x86 instructions and loaded onto the PLC Simulator delivered with Unity PRO. These x86 instructions are subsequently executed directly by the simulator. A specially crafted patched Unity project file can make the simulator execute malicious code by redirecting the control flow of these instructions.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-94,

Products Affected

Vendor Product Version
schneider-electric unity_pro *
CVE-2016-8367 MEDIUM

An issue was discovered in Schneider Electric Magelis HMI Magelis GTO Advanced Optimum Panels, all versions, Magelis GTU Universal Panel, all versions, Magelis STO5xx and STU Small panels, all versions, Magelis XBT GH Advanced Hand-held Panels, all versions, Magelis XBT GK Advanced Touchscreen Panels with Keyboard, all versions, Magelis XBT GT Advanced Touchscreen Panels, all versions, and Magelis XBT GTW Advanced Open Touchscreen Panels (Windows XPe). An attacker can open multiple connections to a targeted web server and keep connections open preventing new connections from being made, rendering the web server unavailable during an attack.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,

Products Affected

Vendor Product Version
schneider-electric magelis_xbt_gk_advanced_touchscreen_panel_with_keyboard_firmware -
schneider-electric magelis_xbt_gt_advanced_touchscreen_panel_firmware -
schneider-electric magelis_gto_advanced_optimum_panel_firmware -
schneider-electric magelis_xbt_gtw_advanced_open_touchscreen_panel_firmware -
schneider-electric magelis_gtu_universal_panel_firmware -
schneider-electric magelis_sto5_small_panel_firmware -
schneider-electric magelis_xbt_gh_advanced_hand-held_panel_firmware -
schneider-electric magelis_stu_small_panel_firmware -
CVE-2016-8374 HIGH

An issue was discovered in Schneider Electric Magelis HMI Magelis GTO Advanced Optimum Panels, all versions, Magelis GTU Universal Panel, all versions, Magelis STO5xx and STU Small panels, all versions, Magelis XBT GH Advanced Hand-held Panels, all versions, Magelis XBT GK Advanced Touchscreen Panels with Keyboard, all versions, Magelis XBT GT Advanced Touchscreen Panels, all versions, and Magelis XBT GTW Advanced Open Touchscreen Panels (Windows XPe). An attacker may be able to disrupt a targeted web server, resulting in a denial of service because of UNCONTROLLED RESOURCE CONSUMPTION.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-400,

Products Affected

Vendor Product Version
schneider-electric magelis_xbt_gk_advanced_touchscreen_panel_with_keyboard_firmware -
schneider-electric magelis_xbt_gt_advanced_touchscreen_panel_firmware -
schneider-electric magelis_gto_advanced_optimum_panel_firmware -
schneider-electric magelis_xbt_gtw_advanced_open_touchscreen_panel_firmware -
schneider-electric magelis_gtu_universal_panel_firmware -
schneider-electric magelis_sto5_small_panel_firmware -
schneider-electric magelis_xbt_gh_advanced_hand-held_panel_firmware -
schneider-electric magelis_stu_small_panel_firmware -
CVE-2017-13997 HIGH

A Missing Authentication for Critical Function issue was discovered in Schneider Electric InduSoft Web Studio v8.0 SP2 or prior, and InTouch Machine Edition v8.0 SP2 or prior. InduSoft Web Studio provides the capability for an HMI client to trigger script execution on the server for the purposes of performing customized calculations or actions. A remote malicious entity could bypass the server authentication and trigger the execution of an arbitrary command. The command is executed under high privileges and could lead to a complete compromise of the server.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-306,CWE-306,

Products Affected

Vendor Product Version
schneider-electric wonderware_indusoft_web_studio *
schneider-electric wonderware_intouch *
CVE-2017-14024 HIGH

A Stack-based Buffer Overflow issue was discovered in Schneider Electric InduSoft Web Studio v8.0 SP2 Patch 1 and prior versions, and InTouch Machine Edition v8.0 SP2 Patch 1 and prior versions. The stack-based buffer overflow vulnerability has been identified, which may allow remote code execution with high privileges.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
schneider-electric wonderware_indusoft_web_studio *
schneider-electric wonderware_intouch *
CVE-2017-5155 HIGH

An issue was discovered in Schneider Electric Wonderware Historian 2014 R2 SP1 P01 and earlier. Wonderware Historian creates logins with default passwords, which can allow a malicious entity to compromise Historian databases. In some installation scenarios, resources beyond those created by Wonderware Historian may be compromised as well.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-1188,

Products Affected

Vendor Product Version
schneider-electric wonderware_historian 2014_r2_sp1_p01
CVE-2017-5178 HIGH

An issue was discovered in Schneider Electric Tableau Server/Desktop Versions 7.0 to 10.1.3 in Wonderware Intelligence Versions 2014R3 and prior. These versions contain a system account that is installed by default. The default system account is difficult to configure with non-default credentials after installation, and changing the default credentials in the embedded Tableau Server is not documented. If Tableau Server is used with Windows integrated security (Active Directory), the software is not vulnerable. However, when Tableau Server is used with local authentication mode, the software is vulnerable. The default system account could be used to gain unauthorized access.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-1188,

Products Affected

Vendor Product Version
schneider-electric tableau_server 7.0
schneider-electric wonderware_intelligence *
schneider-electric tableau_desktop 7.0
schneider-electric tableau_desktop 10.1.3
schneider-electric tableau_server 10.1.3
CVE-2017-6017 HIGH

A Resource Exhaustion issue was discovered in Schneider Electric Modicon M340 PLC BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP341000, BMXP342000, BMXP3420102, BMXP3420102CL, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, and BMXP342030H. A remote attacker could send a specially crafted set of packets to the PLC causing it to freeze, requiring the operator to physically press the reset button on the PLC in order to recover.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-400,CWE-400,

Products Affected

Vendor Product Version
schneider-electric modicon_m340_bmxp3420302h_firmware 2.8
schneider-electric modicon_m340_bmxp3420102_firmware 2.8
schneider-electric modicon_m340_bmxp342020h_firmware 2.8
schneider-electric modicon_m340_bmxp342030_firmware 2.8
schneider-electric bmxnoe0110_firmware 2.8
schneider-electric bmxnoc0401_firmware 2.8
schneider-electric bmxnoe0110h_firmware 2.8
schneider-electric modicon_m340_bmxp341000_firmware 2.8
schneider-electric bmxnoe0100_firmware 2.8
schneider-electric modicon_m340_bmxp342030h_firmware 2.8
schneider-electric modicon_m340_bmxp3420102cl_firmware 2.8
schneider-electric modicon_m340_bmxp342000_firmware 2.8
schneider-electric modicon_m340_bmxp342020_firmware 2.8
schneider-electric modicon_m340_bmxp3420302_firmware 2.8
schneider-electric bmxnor0200h_firmware 2.8
CVE-2017-6019 HIGH

An issue was discovered in Schneider Electric Conext ComBox, model 865-1058, all firmware versions prior to V3.03 BN 830. A series of rapid requests to the device may cause it to reboot.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-400,CWE-400,

Products Affected

Vendor Product Version
schneider-electric conext_combox_865-1058_firmware *
CVE-2017-6021 MEDIUM

In Schneider Electric ClearSCADA 2014 R1 (build 75.5210) and prior, 2014 R1.1 (build 75.5387) and prior, 2015 R1 (build 76.5648) and prior, and 2015 R2 (build 77.5882) and prior, an attacker with network access to the ClearSCADA server can send specially crafted sequences of commands and data packets to the ClearSCADA server that can cause the ClearSCADA server process and ClearSCADA communications driver processes to terminate. A CVSS v3 base score of 7.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,CWE-20,

Products Affected

Vendor Product Version
schneider-electric clearscada 2014
schneider-electric clearscada 2015
aveva clearscada *
CVE-2017-6026 MEDIUM

A Use of Insufficiently Random Values issue was discovered in Schneider Electric Modicon PLCs Modicon M241, firmware versions prior to Version 4.0.5.11, and Modicon M251, firmware versions prior to Version 4.0.5.11. The session numbers generated by the web application are lacking randomization and are shared between several users. This may allow a current session to be compromised.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 3.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-330,CWE-330,

Products Affected

Vendor Product Version
schneider-electric modicon_m251_firmware *
schneider-electric modicon_m241_firmware *
CVE-2017-6028 MEDIUM

An Insufficiently Protected Credentials issue was discovered in Schneider Electric Modicon PLCs Modicon M241, all firmware versions, and Modicon M251, all firmware versions. Log-in credentials are sent over the network with Base64 encoding leaving them susceptible to sniffing. Sniffed credentials could then be used to log into the web application.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-522,CWE-522,

Products Affected

Vendor Product Version
schneider-electric modicon_m251_firmware *
schneider-electric modicon_m241_firmware *
CVE-2017-6030 MEDIUM

A Predictable Value Range from Previous Values issue was discovered in Schneider Electric Modicon PLCs Modicon M221, firmware versions prior to Version 1.5.0.0, Modicon M241, firmware versions prior to Version 4.0.5.11, and Modicon M251, firmware versions prior to Version 4.0.5.11. The affected products generate insufficiently random TCP initial sequence numbers that may allow an attacker to predict the numbers from previous values. This may allow an attacker to spoof or disrupt TCP connections.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L 3.9 2.5

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-343,CWE-331,

Products Affected

Vendor Product Version
schneider-electric modicon_m251_firmware *
schneider-electric modicon_m221_firmware *
schneider-electric modicon_m241_firmware *
CVE-2017-6032 MEDIUM

A Violation of Secure Design Principles issue was discovered in Schneider Electric Modicon Modbus Protocol. The Modicon Modbus protocol has a session-related weakness making it susceptible to brute-force attacks.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-657,CWE-358,

Products Affected

Vendor Product Version
schneider-electric modbus_firmware -
CVE-2017-6033 MEDIUM

A DLL Hijacking issue was discovered in Schneider Electric Interactive Graphical SCADA System (IGSS) Software, Version 12 and previous versions. The software will execute a malicious file if it is named the same as a legitimate file and placed in a location that is earlier in the search path.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-427,CWE-427,

Products Affected

Vendor Product Version
schneider-electric interactive_graphical_scada_system *
CVE-2017-6034 HIGH

An Authentication Bypass by Capture-Replay issue was discovered in Schneider Electric Modicon Modbus Protocol. Sensitive information is transmitted in cleartext in the Modicon Modbus protocol, which may allow an attacker to replay the following commands: run, stop, upload, and download.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-294,CWE-287,

Products Affected

Vendor Product Version
schneider-electric modbus_firmware -
CVE-2017-7574 HIGH

Schneider Electric SoMachine Basic 1.4 SP1 and Schneider Electric Modicon TM221CE16R 1.3.3.3 devices have a hardcoded-key vulnerability. The Project Protection feature is used to prevent unauthorized users from opening an XML protected project file, by prompting the user for a password. This XML file is AES-CBC encrypted; however, the key used for encryption (SoMachineBasicSoMachineBasicSoMa) cannot be changed. After decrypting the XML file with this key, the user password can be found in the decrypted data. After reading the user password, the project can be opened and modified with the Schneider product.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-798,

Products Affected

Vendor Product Version
schneider-electric modicon_tm221ce16r_firmware 1.3.3.3
schneider-electric somachine 1.4
CVE-2017-7575 MEDIUM

Schneider Electric Modicon TM221CE16R 1.3.3.3 devices allow remote attackers to discover the application-protection password via a \x00\x01\x00\x00\x00\x05\x01\x5a\x00\x03\x00 request to the Modbus port (502/tcp). Subsequently the application may be arbitrarily downloaded, modified, and uploaded.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
schneider-electric modicon_tm221ce16r_firmware 1.3.3.3
CVE-2017-7689 HIGH

A Command Injection vulnerability in Schneider Electric homeLYnk Controller exists in all versions before 1.5.0.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-77,

Products Affected

Vendor Product Version
schneider-electric homelynk_controller_lss100100_firmware *
CVE-2017-7907 LOW

An Improper XML Parser Configuration issue was discovered in Schneider Electric Wonderware Historian Client 2014 R2 SP1 and prior. An improperly restricted XML parser (with improper restriction of XML external entity reference, or XXE) may allow an attacker to enter malicious input through the application which could cause a denial of service or disclose file contents from a server or connected network.

CVSS 2.0

Severity: LOW

Problem Type: CWE-611,CWE-611,

Products Affected

Vendor Product Version
schneider-electric wonderware_historian_client *
CVE-2017-7965 MEDIUM

A buffer overflow vulnerability exists in Programming Software executable AlTracePrint.exe, in Schneider Electric's SoMachine HVAC v2.1.0 for Modicon M171/M172 Controller.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 1.3 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
schneider-electric somachine_hvac 2.1.0
CVE-2017-7966 MEDIUM

A DLL Hijacking vulnerability in the programming software in Schneider Electric's SoMachine HVAC v2.1.0 allows a remote attacker to execute arbitrary code on the targeted system. The vulnerability exists due to the improper loading of a DLL.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-427,

Products Affected

Vendor Product Version
schneider-electric somachine 2.1.0
CVE-2017-7967 LOW

All versions of VAMPSET software produced by Schneider Electric, prior to V2.2.189, are susceptible to a memory corruption vulnerability when a corrupted vf2 file is used. This vulnerability causes the software to halt or not start when trying to open the corrupted file. This vulnerability occurs when fill settings are intentionally malformed and is opened in a standalone state, without connection to a protection relay. This attack is not considered to be remotely exploitable. This vulnerability has no effect on the operation of the protection relay to which VAMPSET is connected. As Windows operating system remains operational and VAMPSET responds, it is able to be shut down through its normal closing protocol.

CVSS 2.0

Severity: LOW

Problem Type: CWE-119,

Products Affected

Vendor Product Version
schneider-electric vampset *
CVE-2017-7968 HIGH

An Incorrect Default Permissions issue was discovered in Schneider Electric Wonderware InduSoft Web Studio v8.0 Patch 3 and prior versions. Upon installation, Wonderware InduSoft Web Studio creates a new directory and two files, which are placed in the system's path and can be manipulated by non-administrators. This could allow an authenticated user to escalate his or her privileges.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-276,CWE-276,

Products Affected

Vendor Product Version
schneider-electric wonderware_indusoft_web_studio *
CVE-2017-7969 MEDIUM

A cross-site request forgery vulnerability exists on the Secure Gateway component of Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 for multiple state-changing requests. This type of attack requires some level of social engineering in order to get a legitimate user to click on or access a malicious link/site containing the CSRF attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
schneider-electric powerscada_anywhere 1.0
schneider-electric citect_anywhere 1.0
CVE-2017-7970 LOW

A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the ability to specify Arbitrary Server Target Nodes in connection requests to the Secure Gateway and Server components.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
schneider-electric powerscada_anywhere 1.0
schneider-electric citect_anywhere 1.0
CVE-2017-7971 MEDIUM

A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the use of outdated cipher suites and improper verification of peer SSL Certificate.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,

Products Affected

Vendor Product Version
schneider-electric powerscada_anywhere 1.0
schneider-electric citect_anywhere 1.0
CVE-2017-7972 MEDIUM

A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the ability to escape out of remote PowerSCADA Anywhere applications and launch other processes.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
schneider-electric powerscada_anywhere 1.0
schneider-electric citect_anywhere 1.0
CVE-2017-7973 HIGH

A SQL injection vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an unauthenticated user can use calls to various paths allowing performance of arbitrary SQL commands against the underlying database.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
schneider-electric u.motion_builder *
CVE-2017-7974 HIGH

A path traversal information disclosure vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an unauthenticated user can execute arbitrary code and exfiltrate files.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-22,

Products Affected

Vendor Product Version
schneider-electric u.motion_builder *
CVE-2017-8371 MEDIUM

Schneider Electric StruxureWare Data Center Expert before 7.4.0 uses cleartext RAM storage for passwords, which might allow remote attackers to obtain sensitive information via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-522,

Products Affected

Vendor Product Version
schneider-electric struxureware_data_center_expert *
CVE-2017-9627 MEDIUM

An Uncontrolled Resource Consumption issue was discovered in Schneider Electric Wonderware ArchestrA Logger, versions 2017.426.2307.1 and prior. The uncontrolled resource consumption vulnerability could allow an attacker to exhaust the memory resources of the machine, causing a denial of service.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,CWE-400,

Products Affected

Vendor Product Version
schneider-electric wonderware_archestra_logger 2017.426.2307.1
CVE-2017-9629 HIGH

A Stack-Based Buffer Overflow issue was discovered in Schneider Electric Wonderware ArchestrA Logger, versions 2017.426.2307.1 and prior. The stack-based buffer overflow vulnerability has been identified, which may allow a remote attacker to execute arbitrary code in the context of a highly privileged account.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-121,CWE-119,

Products Affected

Vendor Product Version
schneider-electric wonderware_archestra_logger *
CVE-2017-9631 MEDIUM

A Null Pointer Dereference issue was discovered in Schneider Electric Wonderware ArchestrA Logger, versions 2017.426.2307.1 and prior. The null pointer dereference vulnerability could allow an attacker to crash the logger process, causing a denial of service for logging and log-viewing (applications that use the Wonderware ArchestrA Logger continue to run when the Wonderware ArchestrA Logger service is unavailable).

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,CWE-476,

Products Affected

Vendor Product Version
schneider-electric wonderware_archestra_logger *
CVE-2017-9635 LOW

Schneider Electric Ampla MES 6.4 provides capability to configure users and their privileges. When Ampla MES users are configured to use Simple Security, a weakness in the password hashing algorithm could be exploited to reverse the user's password. Schneider Electric recommends that users of Ampla MES versions 6.4 and prior should upgrade to Ampla MES version 6.5 as soon as possible.

CVSS 2.0

Severity: LOW

Problem Type: CWE-326,CWE-326,

Products Affected

Vendor Product Version
schneider-electric ampla_manufacturing_execution_system *
CVE-2017-9637 LOW

Schneider Electric Ampla MES 6.4 provides capability to interact with data from third party databases. When connectivity to those databases is configured to use a SQL user name and password, an attacker may be able to sniff details from the connection string. Schneider Electric recommends that users of Ampla MES versions 6.4 and prior should upgrade to Ampla MES version 6.5 as soon as possible.

CVSS 2.0

Severity: LOW

Problem Type: CWE-319,CWE-522,

Products Affected

Vendor Product Version
schneider-electric ampla_manufacturing_execution_system *
CVE-2017-9956 HIGH

An authentication bypass vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the system contains a hard-coded valid session. An attacker can use that session ID as part of the HTTP cookie of a web request, resulting in authentication bypass

CVSS 2.0

Severity: HIGH

Problem Type: CWE-798,

Products Affected

Vendor Product Version
schneider-electric u.motion_builder *
CVE-2017-9957 HIGH

A vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the web service contains a hidden system account with a hardcoded password. An attacker can use this information to log into the system with high-privilege credentials.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-798,

Products Affected

Vendor Product Version
schneider-electric u.motion_builder *
CVE-2017-9958 HIGH

An improper access control vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an improper handling of the system configuration can allow an attacker to execute arbitrary code under the context of root.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-732,

Products Affected

Vendor Product Version
schneider-electric u.motion_builder *
CVE-2017-9959 MEDIUM

A vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the system accepts reboot in session from unauthenticated users, supporting a denial of service condition.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
schneider-electric u.motion_builder *
CVE-2017-9960 MEDIUM

An information disclosure vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the system response to error provides more information than should be available to an unauthenticated user.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
schneider-electric u.motion_builder *
CVE-2017-9961 MEDIUM

A vulnerability exists in Schneider Electric's Pro-Face GP Pro EX version 4.07.000 that allows an attacker to execute arbitrary code. Malicious code installation requires an access to the computer. By placing a specific DLL/OCX file, an attacker is able to force the process to load arbitrary DLL and execute arbitrary code in the context of the process.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
schneider-electric pro-face_gp_pro_ex 4.07.000
CVE-2017-9963 MEDIUM

A cross-site request forgery vulnerability exists on the Secure Gateway component of Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 for multiple state-changing requests. This type of attack requires some level of social engineering in order to get a legitimate user to click on or access a malicious link/site containing the CSRF attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
schneider-electric powerscada_anywhere 1.0
CVE-2017-9964 MEDIUM

A Path Traversal issue was discovered in Schneider Electric Pelco VideoXpert Enterprise all versions prior to 2.1. By sniffing communications, an unauthorized person can execute a directory traversal attack resulting in authentication bypass or session hijack.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
schneider-electric pelco_videoxpert *
CVE-2017-9965 MEDIUM

An exposure of sensitive information vulnerability exists in Schneider Electric's Pelco VideoXpert Enterprise versions 2.0 and prior. Using a directory traversal attack, an unauthorized person can view web server files.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
schneider-electric pelco_videoxpert *
CVE-2017-9966 HIGH

A privilege escalation vulnerability exists in Schneider Electric's Pelco VideoXpert Enterprise versions 2.0 and prior. By replacing certain files, an unauthorized user can obtain system privileges and the inserted code would execute at an elevated privilege level.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
schneider-electric pelco_videoxpert *
CVE-2017-9967 MEDIUM

A security misconfiguration vulnerability exists in Schneider Electric's IGSS SCADA Software versions 12 and prior. Security configuration settings such as Address Space Layout Randomization (ASLR) and Data Execution prevention (DEP) were not properly configured resulting in weak security.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
schneider-electric interactive_graphical_scada_system *
CVE-2017-9968 MEDIUM

A security misconfiguration vulnerability exists in Schneider Electric's IGSS Mobile application versions 3.01 and prior in which a lack of certificate pinning during the TLS/SSL connection establishing process can result in a man-in-the-middle attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,

Products Affected

Vendor Product Version
schneider-electric igss_mobile *
CVE-2017-9969 LOW

An information disclosure vulnerability exists in Schneider Electric's IGSS Mobile application version 3.01 and prior. Passwords are stored in clear text in the configuration which can result in exposure of sensitive information.

CVSS 2.0

Severity: LOW

Problem Type: CWE-522,

Products Affected

Vendor Product Version
schneider-electric igss_mobile *
CVE-2017-9970 HIGH

A remote code execution vulnerability exists in Schneider Electric's StruxureOn Gateway versions 1.1.3 and prior. Uploading a zip which contains carefully crafted metadata allows for the file to be uploaded to any directory on the host machine information which could lead to remote code execution.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-434,

Products Affected

Vendor Product Version
schneider-electric struxureon_gateway *
CVE-2018-1124 MEDIUM

procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-122,CWE-190,CWE-190,CWE-787,

Products Affected

Vendor Product Version
redhat enterprise_linux_workstation 7.0
opensuse leap 15.1
redhat enterprise_linux 7.5
debian debian_linux 8.0
opensuse leap 15.0
schneider-electric struxureware_data_center_expert *
canonical ubuntu_linux 17.10
debian debian_linux 7.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux 6.0
redhat enterprise_linux 7.0
canonical ubuntu_linux 16.04
canonical ubuntu_linux 14.04
procps-ng_project procps-ng *
canonical ubuntu_linux 18.04
debian debian_linux 9.0
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_server 6.0
redhat enterprise_linux_workstation 6.0
CVE-2018-1126 HIGH

procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading to truncation/integer overflow issues. This flaw is related to CVE-2018-1124.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-190,CWE-190,

Products Affected

Vendor Product Version
redhat enterprise_linux_workstation 7.0
debian debian_linux 8.0
schneider-electric struxureware_data_center_expert *
canonical ubuntu_linux 17.10
debian debian_linux 7.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux 7.0
canonical ubuntu_linux 16.04
redhat enterprise_linux_server 7.5
canonical ubuntu_linux 14.04
procps-ng_project procps-ng *
canonical ubuntu_linux 18.04
debian debian_linux 9.0
redhat enterprise_linux_server_tus 6.6
redhat enterprise_linux_server_aus 6.6
CVE-2018-2579 MEDIUM

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.7 LOW CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N 2.2 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
schneider-electric struxureware_data_center_expert *
oracle jre 1.6.0
redhat satellite 5.7
oracle jdk 1.7.0
redhat enterprise_linux_server 7.0
oracle jrockit r28.3.16
hp xp7_command_view *
canonical ubuntu_linux 16.04
debian debian_linux 9.0
redhat satellite 5.6
redhat enterprise_linux_desktop 6.0
oracle jdk 1.6.0
redhat enterprise_linux_server_eus 7.5
oracle jre 9.0.1
redhat enterprise_linux_server 6.0
oracle jdk 9.0.1
hp xp_p9000_command_view *
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_server_aus 7.6
debian debian_linux 8.0
canonical ubuntu_linux 17.10
redhat enterprise_linux_server_aus 7.4
debian debian_linux 7.0
redhat enterprise_linux_desktop 7.0
oracle jre 1.8.0
canonical ubuntu_linux 14.04
redhat enterprise_linux_server_tus 7.6
redhat satellite 5.8
hp xp_command_view *
oracle jdk 1.8.0
redhat enterprise_linux_server_eus 7.4
redhat enterprise_linux_server_tus 7.4
redhat enterprise_linux_server_eus 7.6
oracle jre 1.7.0
redhat enterprise_linux_workstation 6.0
CVE-2018-2582 MEDIUM

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 8u152 and 9.0.1; Java SE Embedded: 8u151. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 6.5 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle jdk 9.0.1
hp xp_p9000_command_view *
redhat enterprise_linux_workstation 7.0
schneider-electric struxureware_data_center_expert *
canonical ubuntu_linux 17.10
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server 7.0
oracle jre 1.8.0
hp xp7_command_view *
canonical ubuntu_linux 16.04
redhat satellite 5.8
hp xp_command_view *
debian debian_linux 9.0
redhat enterprise_linux_desktop 6.0
oracle jdk 1.8.0
redhat enterprise_linux_server_eus 7.5
oracle jre 9.0.1
redhat enterprise_linux_server 6.0
redhat enterprise_linux_workstation 6.0
CVE-2018-2588 MEDIUM

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: LDAP). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
schneider-electric struxureware_data_center_expert *
oracle jre 1.6.0
redhat satellite 5.7
oracle jdk 1.7.0
redhat enterprise_linux_server 7.0
oracle jrockit r28.3.16
hp xp7_command_view *
canonical ubuntu_linux 16.04
debian debian_linux 9.0
redhat satellite 5.6
redhat enterprise_linux_desktop 6.0
oracle jdk 1.6.0
redhat enterprise_linux_server_eus 7.5
oracle jre 9.0.1
redhat enterprise_linux_server 6.0
oracle jdk 9.0.1
hp xp_p9000_command_view *
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_server_aus 7.6
debian debian_linux 8.0
canonical ubuntu_linux 17.10
redhat enterprise_linux_server_aus 7.4
debian debian_linux 7.0
redhat enterprise_linux_desktop 7.0
oracle jre 1.8.0
canonical ubuntu_linux 14.04
redhat enterprise_linux_server_tus 7.6
redhat satellite 5.8
hp xp_command_view *
oracle jdk 1.8.0
redhat enterprise_linux_server_eus 7.4
redhat enterprise_linux_server_tus 7.4
redhat enterprise_linux_server_eus 7.6
oracle jre 1.7.0
redhat enterprise_linux_workstation 6.0
CVE-2018-2599 MEDIUM

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.8 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L 2.2 2.5

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
schneider-electric struxureware_data_center_expert *
oracle jre 1.6.0
redhat satellite 5.7
oracle jdk 1.7.0
redhat enterprise_linux_server 7.0
oracle jrockit r28.3.16
hp xp7_command_view *
canonical ubuntu_linux 16.04
debian debian_linux 9.0
redhat satellite 5.6
redhat enterprise_linux_desktop 6.0
oracle jdk 1.6.0
redhat enterprise_linux_server_eus 7.5
oracle jre 9.0.1
redhat enterprise_linux_server 6.0
oracle jdk 9.0.1
hp xp_p9000_command_view *
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_server_aus 7.6
debian debian_linux 8.0
canonical ubuntu_linux 17.10
redhat enterprise_linux_server_aus 7.4
debian debian_linux 7.0
redhat enterprise_linux_desktop 7.0
oracle jre 1.8.0
canonical ubuntu_linux 14.04
redhat enterprise_linux_server_tus 7.6
redhat satellite 5.8
hp xp_command_view *
oracle jdk 1.8.0
redhat enterprise_linux_server_eus 7.4
redhat enterprise_linux_server_tus 7.4
redhat enterprise_linux_server_eus 7.6
oracle jre 1.7.0
redhat enterprise_linux_workstation 6.0
CVE-2018-2602 LOW

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: I18n). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, Java SE Embedded executes to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.5 MEDIUM CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L 1.0 3.4

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
schneider-electric struxureware_data_center_expert *
oracle jre 1.6.0
redhat satellite 5.7
oracle jdk 1.7.0
redhat enterprise_linux_server 7.0
hp xp7_command_view *
canonical ubuntu_linux 16.04
debian debian_linux 9.0
redhat satellite 5.6
redhat enterprise_linux_desktop 6.0
oracle jdk 1.6.0
redhat enterprise_linux_server_eus 7.5
oracle jre 9.0.1
redhat enterprise_linux_server 6.0
oracle jdk 9.0.1
hp xp_p9000_command_view *
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_server_aus 7.6
debian debian_linux 8.0
canonical ubuntu_linux 17.10
redhat enterprise_linux_server_aus 7.4
debian debian_linux 7.0
redhat enterprise_linux_desktop 7.0
oracle jre 1.8.0
canonical ubuntu_linux 14.04
redhat enterprise_linux_server_tus 7.6
redhat satellite 5.8
hp xp_command_view *
oracle jdk 1.8.0
redhat enterprise_linux_server_eus 7.4
redhat enterprise_linux_server_tus 7.4
redhat enterprise_linux_server_eus 7.6
oracle jre 1.7.0
redhat enterprise_linux_workstation 6.0
CVE-2018-2603 MEDIUM

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
schneider-electric struxureware_data_center_expert *
oracle jre 1.6.0
redhat satellite 5.7
oracle jdk 1.7.0
redhat enterprise_linux_server 7.0
oracle jrockit r28.3.16
hp xp7_command_view *
canonical ubuntu_linux 16.04
debian debian_linux 9.0
redhat satellite 5.6
redhat enterprise_linux_desktop 6.0
oracle jdk 1.6.0
redhat enterprise_linux_server_eus 7.5
oracle jre 9.0.1
redhat enterprise_linux_server 6.0
oracle jdk 9.0.1
hp xp_p9000_command_view *
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_server_aus 7.6
debian debian_linux 8.0
canonical ubuntu_linux 17.10
redhat enterprise_linux_server_aus 7.4
debian debian_linux 7.0
redhat enterprise_linux_desktop 7.0
oracle jre 1.8.0
canonical ubuntu_linux 14.04
redhat enterprise_linux_server_tus 7.6
redhat satellite 5.8
hp xp_command_view *
oracle jdk 1.8.0
redhat enterprise_linux_server_eus 7.4
redhat enterprise_linux_server_tus 7.4
redhat enterprise_linux_server_eus 7.6
oracle jre 1.7.0
redhat enterprise_linux_workstation 6.0
CVE-2018-2618 MEDIUM

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
schneider-electric struxureware_data_center_expert *
oracle jre 1.6.0
redhat satellite 5.7
oracle jdk 1.7.0
redhat enterprise_linux_server 7.0
oracle jrockit r28.3.16
hp xp7_command_view *
canonical ubuntu_linux 16.04
debian debian_linux 9.0
redhat satellite 5.6
redhat enterprise_linux_desktop 6.0
oracle jdk 1.6.0
redhat enterprise_linux_server_eus 7.5
oracle jre 9.0.1
redhat enterprise_linux_server 6.0
oracle jdk 9.0.1
hp xp_p9000_command_view *
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_server_aus 7.6
debian debian_linux 8.0
canonical ubuntu_linux 17.10
redhat enterprise_linux_server_aus 7.4
debian debian_linux 7.0
redhat enterprise_linux_desktop 7.0
oracle jre 1.8.0
canonical ubuntu_linux 14.04
redhat enterprise_linux_server_tus 7.6
redhat satellite 5.8
hp xp_command_view *
oracle jdk 1.8.0
redhat enterprise_linux_server_eus 7.4
redhat enterprise_linux_server_tus 7.4
redhat enterprise_linux_server_eus 7.6
oracle jre 1.7.0
redhat enterprise_linux_workstation 6.0
CVE-2018-2629 LOW

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JGSS). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N 1.6 3.6

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
schneider-electric struxureware_data_center_expert *
oracle jre 1.6.0
redhat satellite 5.7
oracle jdk 1.7.0
redhat enterprise_linux_server 7.0
oracle jrockit r28.3.16
hp xp7_command_view *
canonical ubuntu_linux 16.04
debian debian_linux 9.0
redhat satellite 5.6
redhat enterprise_linux_desktop 6.0
oracle jdk 1.6.0
redhat enterprise_linux_server_eus 7.5
oracle jre 9.0.1
redhat enterprise_linux_server 6.0
oracle jdk 9.0.1
hp xp_p9000_command_view *
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_server_aus 7.6
debian debian_linux 8.0
canonical ubuntu_linux 17.10
redhat enterprise_linux_server_aus 7.4
debian debian_linux 7.0
redhat enterprise_linux_desktop 7.0
oracle jre 1.8.0
canonical ubuntu_linux 14.04
redhat enterprise_linux_server_tus 7.6
redhat satellite 5.8
hp xp_command_view *
oracle jdk 1.8.0
redhat enterprise_linux_server_eus 7.4
redhat enterprise_linux_server_tus 7.4
redhat enterprise_linux_server_eus 7.6
oracle jre 1.7.0
redhat enterprise_linux_workstation 6.0
CVE-2018-2633 MEDIUM

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.3 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H 1.6 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
schneider-electric struxureware_data_center_expert *
oracle jre 1.6.0
redhat satellite 5.7
oracle jdk 1.7.0
redhat enterprise_linux_server 7.0
oracle jrockit r28.3.16
hp xp7_command_view *
canonical ubuntu_linux 16.04
debian debian_linux 9.0
redhat satellite 5.6
redhat enterprise_linux_desktop 6.0
oracle jdk 1.6.0
redhat enterprise_linux_server_eus 7.5
oracle jre 9.0.1
redhat enterprise_linux_server 6.0
oracle jdk 9.0.1
hp xp_p9000_command_view *
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_server_aus 7.6
debian debian_linux 8.0
canonical ubuntu_linux 17.10
redhat enterprise_linux_server_aus 7.4
debian debian_linux 7.0
redhat enterprise_linux_desktop 7.0
oracle jre 1.8.0
canonical ubuntu_linux 14.04
redhat enterprise_linux_server_tus 7.6
redhat satellite 5.8
hp xp_command_view *
oracle jdk 1.8.0
redhat enterprise_linux_server_eus 7.4
redhat enterprise_linux_server_tus 7.4
redhat enterprise_linux_server_eus 7.6
oracle jre 1.7.0
redhat enterprise_linux_workstation 6.0
CVE-2018-2634 MEDIUM

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JGSS). Supported versions that are affected are Java SE: 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N 2.2 4.0

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
schneider-electric struxureware_data_center_expert *
redhat satellite 5.7
oracle jdk 1.7.0
redhat enterprise_linux_server 7.0
hp xp7_command_view *
canonical ubuntu_linux 16.04
debian debian_linux 9.0
redhat satellite 5.6
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_server_eus 7.5
oracle jre 9.0.1
redhat enterprise_linux_server 6.0
oracle jdk 9.0.1
hp xp_p9000_command_view *
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_server_aus 7.6
debian debian_linux 8.0
canonical ubuntu_linux 17.10
redhat enterprise_linux_server_aus 7.4
debian debian_linux 7.0
redhat enterprise_linux_desktop 7.0
oracle jre 1.8.0
canonical ubuntu_linux 14.04
redhat enterprise_linux_server_tus 7.6
redhat satellite 5.8
hp xp_command_view *
oracle jdk 1.8.0
redhat enterprise_linux_server_eus 7.4
redhat enterprise_linux_server_tus 7.4
redhat enterprise_linux_server_eus 7.6
oracle jre 1.7.0
redhat enterprise_linux_workstation 6.0
CVE-2018-2637 MEDIUM

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JMX). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, JRockit accessible data as well as unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.4 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N 2.2 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
schneider-electric struxureware_data_center_expert *
oracle jre 1.6.0
redhat satellite 5.7
oracle jdk 1.7.0
redhat enterprise_linux_server 7.0
oracle jrockit r28.3.16
hp xp7_command_view *
canonical ubuntu_linux 16.04
debian debian_linux 9.0
redhat satellite 5.6
redhat enterprise_linux_desktop 6.0
oracle jdk 1.6.0
redhat enterprise_linux_server_eus 7.5
oracle jre 9.0.1
redhat enterprise_linux_server 6.0
oracle jdk 9.0.1
hp xp_p9000_command_view *
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_server_aus 7.6
debian debian_linux 8.0
canonical ubuntu_linux 17.10
redhat enterprise_linux_server_aus 7.4
debian debian_linux 7.0
redhat enterprise_linux_desktop 7.0
oracle jre 1.8.0
canonical ubuntu_linux 14.04
redhat enterprise_linux_server_tus 7.6
redhat satellite 5.8
hp xp_command_view *
oracle jdk 1.8.0
redhat enterprise_linux_server_eus 7.4
redhat enterprise_linux_server_tus 7.4
redhat enterprise_linux_server_eus 7.6
oracle jre 1.7.0
redhat enterprise_linux_workstation 6.0
CVE-2018-2641 LOW

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 6.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N 1.6 4.0

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
schneider-electric struxureware_data_center_expert *
oracle jre 1.6.0
redhat satellite 5.7
oracle jdk 1.7.0
redhat enterprise_linux_server 7.0
hp xp7_command_view *
canonical ubuntu_linux 16.04
debian debian_linux 9.0
redhat satellite 5.6
redhat enterprise_linux_desktop 6.0
oracle jdk 1.6.0
redhat enterprise_linux_server_eus 7.5
oracle jre 9.0.1
redhat enterprise_linux_server 6.0
oracle jdk 9.0.1
hp xp_p9000_command_view *
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_server_aus 7.6
debian debian_linux 8.0
canonical ubuntu_linux 17.10
redhat enterprise_linux_server_aus 7.4
debian debian_linux 7.0
redhat enterprise_linux_desktop 7.0
oracle jre 1.8.0
canonical ubuntu_linux 14.04
redhat enterprise_linux_server_tus 7.6
redhat satellite 5.8
hp xp_command_view *
oracle jdk 1.8.0
redhat enterprise_linux_server_eus 7.4
redhat enterprise_linux_server_tus 7.4
redhat enterprise_linux_server_eus 7.6
oracle jre 1.7.0
redhat enterprise_linux_workstation 6.0
CVE-2018-2657 MEDIUM

Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u171 and 7u161; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, JRockit. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp xp_p9000_command_view *
schneider-electric struxureware_data_center_expert *
oracle jre 1.6.0
redhat satellite 5.7
oracle jdk 1.7.0
redhat enterprise_linux_server 7.0
oracle jrockit r28.3.16
hp xp7_command_view *
redhat satellite 5.8
hp xp_command_view *
redhat satellite 5.6
redhat enterprise_linux_desktop 6.0
oracle jdk 1.6.0
redhat enterprise_linux_server_eus 7.5
redhat enterprise_linux_server 6.0
oracle jre 1.7.0
redhat enterprise_linux_workstation 6.0
CVE-2018-2663 MEDIUM

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L 2.8 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
schneider-electric struxureware_data_center_expert *
oracle jre 1.6.0
redhat satellite 5.7
oracle jdk 1.7.0
redhat enterprise_linux_server 7.0
oracle jrockit r28.3.16
hp xp7_command_view *
canonical ubuntu_linux 16.04
debian debian_linux 9.0
redhat satellite 5.6
redhat enterprise_linux_desktop 6.0
oracle jdk 1.6.0
redhat enterprise_linux_server_eus 7.5
oracle jre 9.0.1
redhat enterprise_linux_server 6.0
oracle jdk 9.0.1
hp xp_p9000_command_view *
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_server_aus 7.6
debian debian_linux 8.0
canonical ubuntu_linux 17.10
redhat enterprise_linux_server_aus 7.4
debian debian_linux 7.0
redhat enterprise_linux_desktop 7.0
oracle jre 1.8.0
canonical ubuntu_linux 14.04
redhat enterprise_linux_server_tus 7.6
redhat satellite 5.8
hp xp_command_view *
oracle jdk 1.8.0
redhat enterprise_linux_server_eus 7.4
redhat enterprise_linux_server_tus 7.4
redhat enterprise_linux_server_eus 7.6
oracle jre 1.7.0
redhat enterprise_linux_workstation 6.0
CVE-2018-2677 MEDIUM

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L 2.8 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
schneider-electric struxureware_data_center_expert *
oracle jre 1.6.0
redhat satellite 5.7
oracle jdk 1.7.0
redhat enterprise_linux_server 7.0
hp xp7_command_view *
canonical ubuntu_linux 16.04
debian debian_linux 9.0
redhat satellite 5.6
redhat enterprise_linux_desktop 6.0
oracle jdk 1.6.0
redhat enterprise_linux_server_eus 7.5
oracle jre 9.0.1
redhat enterprise_linux_server 6.0
oracle jdk 9.0.1
hp xp_p9000_command_view *
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_server_aus 7.6
debian debian_linux 8.0
canonical ubuntu_linux 17.10
redhat enterprise_linux_server_aus 7.4
debian debian_linux 7.0
redhat enterprise_linux_desktop 7.0
oracle jre 1.8.0
canonical ubuntu_linux 14.04
redhat enterprise_linux_server_tus 7.6
redhat satellite 5.8
hp xp_command_view *
oracle jdk 1.8.0
redhat enterprise_linux_server_eus 7.4
redhat enterprise_linux_server_tus 7.4
redhat enterprise_linux_server_eus 7.6
oracle jre 1.7.0
redhat enterprise_linux_workstation 6.0
CVE-2018-2678 MEDIUM

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L 2.8 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
schneider-electric struxureware_data_center_expert *
oracle jre 1.6.0
redhat satellite 5.7
oracle jdk 1.7.0
redhat enterprise_linux_server 7.0
oracle jrockit r28.3.16
hp xp7_command_view *
canonical ubuntu_linux 16.04
debian debian_linux 9.0
redhat satellite 5.6
redhat enterprise_linux_desktop 6.0
oracle jdk 1.6.0
redhat enterprise_linux_server_eus 7.5
oracle jre 9.0.1
redhat enterprise_linux_server 6.0
oracle jdk 9.0.1
hp xp_p9000_command_view *
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_server_aus 7.6
debian debian_linux 8.0
canonical ubuntu_linux 17.10
redhat enterprise_linux_server_aus 7.4
debian debian_linux 7.0
redhat enterprise_linux_desktop 7.0
oracle jre 1.8.0
canonical ubuntu_linux 14.04
redhat enterprise_linux_server_tus 7.6
redhat satellite 5.8
hp xp_command_view *
oracle jdk 1.8.0
redhat enterprise_linux_server_eus 7.4
redhat enterprise_linux_server_tus 7.4
redhat enterprise_linux_server_eus 7.6
oracle jre 1.7.0
redhat enterprise_linux_workstation 6.0
CVE-2018-2790 LOW

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.1 LOW CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N 1.6 1.4

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
schneider-electric struxureware_data_center_expert *
oracle jre 1.6.0
redhat satellite 5.7
oracle jdk 10
oracle jdk 1.7.0
redhat enterprise_linux_server 7.0
hp xp7_command_view *
canonical ubuntu_linux 16.04
debian debian_linux 9.0
redhat satellite 5.6
redhat enterprise_linux_desktop 6.0
oracle jre 10
oracle jdk 1.6.0
redhat enterprise_linux_server_eus 7.5
redhat enterprise_linux_server 6.0
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_server_aus 7.6
debian debian_linux 8.0
canonical ubuntu_linux 17.10
redhat enterprise_linux_desktop 7.0
oracle jre 1.8.0
canonical ubuntu_linux 14.04
redhat enterprise_linux_server_tus 7.6
redhat satellite 5.8
oracle jdk 1.8.0
redhat enterprise_linux_server_eus 7.6
oracle jre 1.7.0
redhat enterprise_linux_workstation 6.0
CVE-2018-2794 LOW

Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162, 10 and JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, JRockit executes to compromise Java SE, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.7 HIGH CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H 1.0 6.0

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
schneider-electric struxureware_data_center_expert *
oracle jre 1.6.0
redhat satellite 5.7
oracle jdk 10
oracle jdk 1.7.0
redhat enterprise_linux_server 7.0
hp xp7_command_view *
canonical ubuntu_linux 16.04
oracle jrockit r28.3.17
debian debian_linux 9.0
redhat satellite 5.6
redhat enterprise_linux_desktop 6.0
oracle jre 10
oracle jdk 1.6.0
redhat enterprise_linux_server_eus 7.5
redhat enterprise_linux_server 6.0
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_server_aus 7.6
debian debian_linux 8.0
canonical ubuntu_linux 17.10
redhat enterprise_linux_desktop 7.0
oracle jre 1.8.0
canonical ubuntu_linux 14.04
redhat enterprise_linux_server_tus 7.6
redhat satellite 5.8
oracle jdk 1.8.0
redhat enterprise_linux_server_eus 7.6
oracle jre 1.7.0
redhat enterprise_linux_workstation 6.0
CVE-2018-2795 MEDIUM

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
schneider-electric struxureware_data_center_expert *
oracle jre 1.6.0
redhat satellite 5.7
oracle jdk 10
oracle jdk 1.7.0
redhat enterprise_linux_server 7.0
hp xp7_command_view *
canonical ubuntu_linux 16.04
oracle jrockit r28.3.17
debian debian_linux 9.0
redhat satellite 5.6
redhat enterprise_linux_desktop 6.0
oracle jre 10
oracle jdk 1.6.0
redhat enterprise_linux_server_eus 7.5
redhat enterprise_linux_server 6.0
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_server_aus 7.6
debian debian_linux 8.0
canonical ubuntu_linux 17.10
redhat enterprise_linux_desktop 7.0
oracle jre 1.8.0
canonical ubuntu_linux 14.04
redhat enterprise_linux_server_tus 7.6
redhat satellite 5.8
oracle jdk 1.8.0
redhat enterprise_linux_server_eus 7.6
oracle jre 1.7.0
redhat enterprise_linux_workstation 6.0
CVE-2018-2796 MEDIUM

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency). Supported versions that are affected are Java SE: 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
schneider-electric struxureware_data_center_expert *
redhat satellite 5.7
oracle jdk 10
oracle jdk 1.7.0
redhat enterprise_linux_server 7.0
hp xp7_command_view *
canonical ubuntu_linux 16.04
oracle jrockit r28.3.17
debian debian_linux 9.0
redhat satellite 5.6
redhat enterprise_linux_desktop 6.0
oracle jre 10
redhat enterprise_linux_server_eus 7.5
redhat enterprise_linux_server 6.0
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_server_aus 7.6
debian debian_linux 8.0
canonical ubuntu_linux 17.10
redhat enterprise_linux_desktop 7.0
oracle jre 1.8.0
canonical ubuntu_linux 14.04
redhat enterprise_linux_server_tus 7.6
redhat satellite 5.8
oracle jdk 1.8.0
redhat enterprise_linux_server_eus 7.6
oracle jre 1.7.0
redhat enterprise_linux_workstation 6.0
CVE-2018-2797 MEDIUM

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JMX). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
schneider-electric struxureware_data_center_expert *
oracle jre 1.6.0
redhat satellite 5.7
oracle jdk 10
oracle jdk 1.7.0
redhat enterprise_linux_server 7.0
hp xp7_command_view *
canonical ubuntu_linux 16.04
oracle jrockit r28.3.17
debian debian_linux 9.0
redhat satellite 5.6
redhat enterprise_linux_desktop 6.0
oracle jre 10
oracle jdk 1.6.0
redhat enterprise_linux_server_eus 7.5
redhat enterprise_linux_server 6.0
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_server_aus 7.6
debian debian_linux 8.0
canonical ubuntu_linux 17.10
redhat enterprise_linux_desktop 7.0
oracle jre 1.8.0
canonical ubuntu_linux 14.04
redhat enterprise_linux_server_tus 7.6
redhat satellite 5.8
oracle jdk 1.8.0
redhat enterprise_linux_server_eus 7.6
oracle jre 1.7.0
redhat enterprise_linux_workstation 6.0
CVE-2018-2798 MEDIUM

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
schneider-electric struxureware_data_center_expert *
oracle jre 1.6.0
redhat satellite 5.7
oracle jdk 10
oracle jdk 1.7.0
redhat enterprise_linux_server 7.0
hp xp7_command_view *
canonical ubuntu_linux 16.04
oracle jrockit r28.3.17
debian debian_linux 9.0
redhat satellite 5.6
redhat enterprise_linux_desktop 6.0
oracle jre 10
oracle jdk 1.6.0
redhat enterprise_linux_server_eus 7.5
redhat enterprise_linux_server 6.0
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_server_aus 7.6
debian debian_linux 8.0
canonical ubuntu_linux 17.10
redhat enterprise_linux_desktop 7.0
oracle jre 1.8.0
canonical ubuntu_linux 14.04
redhat enterprise_linux_server_tus 7.6
redhat satellite 5.8
oracle jdk 1.8.0
redhat enterprise_linux_server_eus 7.6
oracle jre 1.7.0
redhat enterprise_linux_workstation 6.0
CVE-2018-2799 MEDIUM

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache xerces-j *
schneider-electric struxureware_data_center_expert *
redhat satellite 5.7
oracle jdk 10
oracle jdk 1.7.0
redhat enterprise_linux_server 7.0
hp xp7_command_view *
canonical ubuntu_linux 16.04
oracle jrockit r28.3.17
debian debian_linux 9.0
redhat satellite 5.6
redhat enterprise_linux_desktop 6.0
oracle jre 10
redhat enterprise_linux_server_eus 7.5
redhat enterprise_linux_server 6.0
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_server_aus 7.6
debian debian_linux 8.0
canonical ubuntu_linux 17.10
redhat enterprise_linux_desktop 7.0
oracle jre 1.8.0
canonical ubuntu_linux 14.04
redhat enterprise_linux_server_tus 7.6
redhat satellite 5.8
oracle jdk 1.8.0
redhat enterprise_linux_server_eus 7.6
oracle jre 1.7.0
redhat enterprise_linux_workstation 6.0
CVE-2018-2800 MEDIUM

Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u181, 7u171 and 8u162; JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, JRockit accessible data as well as unauthorized read access to a subset of Java SE, JRockit accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N).

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
schneider-electric struxureware_data_center_expert *
oracle jre 1.6.0
redhat satellite 5.7
oracle jdk 1.7.0
redhat enterprise_linux_server 7.0
hp xp7_command_view *
canonical ubuntu_linux 16.04
oracle jrockit r28.3.17
debian debian_linux 9.0
redhat satellite 5.6
redhat enterprise_linux_desktop 6.0
oracle jdk 1.6.0
redhat enterprise_linux_server_eus 7.5
redhat enterprise_linux_server 6.0
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_server_aus 7.6
debian debian_linux 8.0
canonical ubuntu_linux 17.10
redhat enterprise_linux_desktop 7.0
oracle jre 1.8.0
canonical ubuntu_linux 14.04
redhat enterprise_linux_server_tus 7.6
redhat satellite 5.8
oracle jdk 1.8.0
redhat enterprise_linux_server_eus 7.6
oracle jre 1.7.0
redhat enterprise_linux_workstation 6.0
CVE-2018-2811 LOW

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Install). Supported versions that are affected are Java SE: 8u162 and 10. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE executes to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: Applies to installation process on client deployment of Java. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.7 HIGH CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H 1.0 6.0

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_workstation 7.0
oracle jdk 1.8.0
oracle jre 10
schneider-electric struxureware_data_center_expert *
oracle jdk 10
redhat enterprise_linux_server 7.0
oracle jre 1.8.0
redhat enterprise_linux_server 6.0
redhat enterprise_linux_workstation 6.0
CVE-2018-2814 MEDIUM

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.3 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H 1.6 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
schneider-electric struxureware_data_center_expert *
oracle jre 1.6.0
oracle jdk 10
oracle jdk 1.7.0
redhat enterprise_linux_server 7.0
hp xp7_command_view *
canonical ubuntu_linux 16.04
debian debian_linux 9.0
redhat enterprise_linux_desktop 6.0
oracle jre 10
oracle jdk 1.6.0
redhat enterprise_linux_server_eus 7.5
redhat enterprise_linux_server 6.0
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_server_aus 7.6
debian debian_linux 8.0
canonical ubuntu_linux 17.10
redhat enterprise_linux_desktop 7.0
oracle jre 1.8.0
canonical ubuntu_linux 14.04
redhat enterprise_linux_server_tus 7.6
oracle jdk 1.8.0
redhat enterprise_linux_server_eus 7.6
oracle jre 1.7.0
redhat enterprise_linux_workstation 6.0
CVE-2018-2815 MEDIUM

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
schneider-electric struxureware_data_center_expert *
oracle jre 1.6.0
oracle jdk 10
oracle jdk 1.7.0
redhat enterprise_linux_server 7.0
canonical ubuntu_linux 16.04
oracle jrockit r28.3.17
debian debian_linux 9.0
redhat enterprise_linux_desktop 6.0
oracle jre 10
oracle jdk 1.6.0
redhat enterprise_linux_server_eus 7.5
redhat enterprise_linux_server 6.0
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_server_aus 7.6
debian debian_linux 8.0
canonical ubuntu_linux 17.10
redhat enterprise_linux_desktop 7.0
oracle jre 1.8.0
hp xp7_command_view -
canonical ubuntu_linux 14.04
redhat enterprise_linux_server_tus 7.6
oracle jdk 1.8.0
redhat enterprise_linux_server_eus 7.6
oracle jre 1.7.0
redhat enterprise_linux_workstation 6.0
CVE-2018-3639 LOW

Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-203,

Products Affected

Vendor Product Version
intel xeon_gold 86142f
intel xeon_gold 86126
intel core_m 32nm
intel xeon_e5_2603_v2 -
intel xeon_platinum 8180
intel xeon_e5 2660_v2
intel xeon_silver 4114
intel xeon_e3_1125c_v2 -
intel xeon_e5 2660_v3
microsoft surface_book 2
intel xeon_e3_1245_v3 -
canonical ubuntu_linux 12.04
intel xeon_e5_2643 -
intel xeon_e3_1258l_v4 -
intel xeon_e7 8870
intel xeon_e7 4850_v4
redhat enterprise_linux_server 6.0
intel xeon_e5_2650l_v2 -
intel atom_x5-e3940 -
intel xeon_e5_2450_v2 -
microsoft windows_10 1809
intel atom_z z3590
mitel micloud_management_portal *
intel xeon_e7 4830
siemens itc2200_firmware *
mitel open_integration_gateway -
canonical ubuntu_linux 17.10
intel xeon_e7 4809_v2
intel xeon_e3_1268l_v5 -
intel xeon_e3_1245 -
intel xeon_e7 4860
microsoft windows_server_2012 r2
intel atom_z z3735d
intel xeon_e5 2698_v4
intel xeon_silver 4109t
intel xeon_e3_1241_v3 -
redhat enterprise_linux_server_tus 7.4
intel xeon_e5_2430 -
intel xeon_e5_2609_v4 -
intel xeon_e3 x3470
intel xeon_e7 8880_v2
siemens simatic_ipc477e_pro_firmware *
intel xeon_e5_2623_v4 -
intel celeron_n n3450
intel atom_z z3735g
intel atom_z z2520
intel xeon_e5 2667_v4
intel xeon_e3_1225 -
intel xeon_e3_1280 -
intel xeon_e3_1225_v6 -
intel xeon_e3 e6540
intel xeon_e3_12201 -
intel xeon_e7 2850
microsoft surface_pro 4
intel xeon_e3_1270 -
oracle local_service_management_system *
siemens simatic_ipc647d_firmware *
mitel mivoice_5000 -
intel xeon_e5_2640_v2 -
intel xeon_e3 l3426
intel atom_z z2420
intel xeon_e7 8890_v2
siemens simatic_ipc847c_firmware *
intel xeon_e7 8893_v2
intel xeon_e5_2438l_v3 -
intel pentium n4200
siemens simatic_field_pg_m4_firmware *
siemens simatic_ipc547e_firmware *
intel xeon_e3 x3440
canonical ubuntu_linux 18.04
intel xeon_e3_1230_v6 -
intel xeon_e5_1620_v2 -
intel xeon_e5_2650_v2 -
intel xeon_gold 86130t
siemens simatic_ipc847d_firmware *
intel xeon_e3 e5506
intel xeon_e5 4655_v4
intel xeon_gold 86132
intel xeon_e7 2830
intel xeon_e5_2648l_v2 -
intel xeon_platinum 8164
intel xeon_e5_2643_v2 -
intel xeon_e5_2428l_v3 -
intel xeon_e5_2608l_v3 -
intel xeon_e5 2699_v4
microsoft surface_pro 3
intel atom_c c3708
intel xeon_e5_2470 -
intel xeon_e5 2699_v3
intel atom_e e3826
mitel mivoice_border_gateway -
siemens simatic_ipc827c_firmware *
microsoft windows_10 1607
intel atom_z z3735e
intel xeon_e7 8890_v4
siemens itc1500_firmware *
intel xeon_gold 86130f
intel xeon_e5_2620 -
intel xeon_e5_2470_v2 -
intel xeon_e3 1275_
intel xeon_e5_1630_v3 -
redhat enterprise_linux_server_aus 7.4
intel xeon_e5_2618l_v3 -
intel xeon_e7 8890_v3
intel xeon_gold 85122
intel pentium_silver j5005
intel atom_z z3460
intel xeon_e3_1505l_v6 -
intel xeon_e5_2650_v4 -
microsoft windows_server_2016 1803
intel xeon_e5 2695_v3
intel xeon_e3_1230l_v3 -
intel xeon_e5_1428l -
intel xeon_e3 l5506
intel xeon_e3 l3403
intel xeon_e3 1535m_v6
intel xeon_e5_1428l_v3 -
intel xeon_e5_2650 -
intel xeon_gold 86146
intel xeon_e5 2699a_v4
intel atom_e e3815
intel xeon_e3_1280_v2 -
intel xeon_e5_1650_v4 -
intel core_i7 45nm
intel xeon_e3_1220_v6 -
redhat enterprise_linux_server_aus 6.5
intel xeon_e5 4628l_v4
intel xeon_e3_1270_v5 -
intel xeon_e5 2650l_v4
intel xeon_e3_1240l_v3 -
intel xeon_e3_1285l_v4 -
intel xeon_e5_2603_v4 -
siemens simatic_ipc827d_firmware *
intel atom_z z3785
redhat enterprise_linux_server_tus 6.6
microsoft windows_8.1 -
redhat enterprise_linux_server_aus 7.3
intel xeon_e7 8867l
intel xeon_gold 86138f
intel atom_z z3775
intel xeon_e5_1660_v3 -
intel xeon_e5_2407 -
intel xeon_e5 4607
intel xeon_e3_1290_v2 -
microsoft windows_server_2008 sp2
intel xeon_e5 2660
intel xeon_e5_2630_v3 -
intel atom_e e3845
intel xeon_e5 2660_v4
intel xeon_gold 86128
intel xeon_e5 2690_v2
intel xeon_e5 4627_v4
intel core_i7 32nm
intel xeon_e7 8857_v2
intel xeon_e5 2698_v3
intel xeon_e5 4620_v2
intel xeon_e3_1226_v3 -
intel xeon_e5_2630_v2 -
intel xeon_e5_2450l_v2 -
intel xeon_e7 4807
siemens sinumerik_pcu_50.5_firmware *
redhat enterprise_linux_desktop 6.0
intel xeon_gold 86142
intel xeon_e3_1505m_v5 -
intel xeon_e3 l3406
intel xeon_e3_1285_v6 -
intel xeon_e5_2640 -
intel xeon_gold 86140
intel xeon_gold 86154
sonicwall secure_mobile_access -
intel xeon_e7 4830_v4
intel xeon_platinum 8160m
intel xeon_e5 2697a_v4
intel atom_z z2560
intel xeon_e3_1225_v5 -
intel xeon_e7 8860_v3
intel xeon_e3_1220l_v3 -
intel xeon_e5 4650l
microsoft surface_pro_with_lte_advanced 1807
siemens simatic_itp1000_firmware *
intel xeon_e3_1245_v2 -
intel xeon_e5 4627_v2
intel xeon_e5 4640
intel xeon_e7 4850_v3
intel xeon_e5_1660 -
intel xeon_e7 2820
mitel mivoice_connect -
intel xeon_e3 1515m_v5
intel atom_e e3825
intel xeon_e5 4648_v3
intel xeon_platinum 8160t
microsoft windows_10 -
microsoft windows_server_2012 -
intel atom_c c3830
intel xeon_e5_2628l_v3 -
intel xeon_silver 4112
arm cortex-a 72
intel xeon_e5 4610
intel xeon_e5_2650l -
intel xeon_e3_1278l_v4 -
intel xeon_e5 4650_v4
intel xeon_e7 4870_v2
intel xeon_e5 2658
intel xeon_e5 4650_v2
redhat enterprise_linux_server_aus 5.9
intel xeon_platinum 8153
intel xeon_e5 4610_v2
intel xeon_e7 4820_v2
intel xeon_e5 2658a_v3
intel xeon_e5 2680_v2
intel xeon_e3_1225_v2 -
intel xeon_e3_1275_v3 -
intel xeon_e3 1575m_v5
intel atom_z z3735f
intel xeon_gold 86144
intel xeon_e5 2667_v2
intel xeon_e7 8860
intel xeon_e5_2609_v2 -
intel xeon_e3_1220_v2 -
intel xeon_e7 8870_v3
intel xeon_e3_1220_v3 -
intel xeon_e5_2408l_v3 -
canonical ubuntu_linux 14.04
siemens simatic_et_200_sp_firmware *
intel atom_c c3850
intel xeon_e5_2630l -
redhat openstack 12
intel xeon_e5 2697_v2
intel xeon_e5_2428l_v2 -
intel xeon_e5_2640_v3 -
siemens simatic_ipc427e_firmware *
intel xeon_e5_2637_v4 -
microsoft surface_book -
intel atom_e e3805
siemens simatic_ipc627d_firmware *
intel xeon_e3_1220_v5 -
intel xeon_e3_1235 -
intel xeon_e5_2640_v4 -
mitel micollab -
intel xeon_e5 4640_v3
intel xeon_e3 e5507
intel atom_c c3955
intel xeon_e5_1650_v3 -
intel xeon_e7 4809_v3
intel atom_z z3745
redhat openstack 7.0
intel pentium_silver n5000
intel xeon_e3_1280_v6 -
canonical ubuntu_linux 16.04
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_server_tus 7.2
intel xeon_e3_1240_v5 -
intel xeon_platinum 8176
intel xeon_e5_1620_v4 -
intel xeon_e3_1281_v3 -
intel xeon_e5_2630 -
intel xeon_e5_2630l_v3 -
intel atom_c c3808
intel xeon_e3_1268l_v3 -
intel xeon_e7 8837
intel xeon_e3 1585_v5
intel xeon_e3_1501m_v6 -
intel xeon_e5_2418l -
intel xeon_platinum 8156
redhat enterprise_linux_eus 7.3
intel xeon_e3 1558l_v5
intel xeon_e3_1240_v2 -
intel xeon_e3_1265l_v3 -
redhat virtualization 4.0
intel xeon_e5_2430l_v2 -
intel xeon_e7 4830_v3
intel xeon_gold 86150
intel xeon_e5 2670
intel xeon_e3 1220_
intel xeon_e3_1280_v5 -
intel xeon_e5_2618l_v4 -
intel xeon_e5_2643_v4 -
intel xeon_e3 l5520
intel xeon_e3 x5550
siemens simatic_ipc547g_firmware *
intel xeon_e3 125c_
siemens simatic_ipc427d_firmware *
intel xeon_e5_1630_v4 -
intel xeon_e5_2620_v3 -
intel xeon_gold 86138
intel xeon_e5_1620_v3 -
intel atom_c c3950
intel xeon_e7 4830_v2
intel xeon_e3_1501l_v6 -
redhat enterprise_linux_server_aus 7.2
intel xeon_e5 4607_v2
intel xeon_gold 85118
sonicwall web_application_firewall -
intel xeon_e5_2628l_v4 -
intel xeon_e3_1240l_v5 -
redhat enterprise_linux_workstation 7.0
intel atom_c c3858
siemens itc1900_pro_firmware *
debian debian_linux 8.0
intel xeon_gold 86142m
siemens simatic_ipc477c_firmware -
siemens simatic_ipc677c_firmware *
intel xeon_gold 86130
intel xeon_e5 2670_v3
intel xeon_e3 3600
intel xeon_e5 2667_v3
intel xeon_e5 4655_v3
intel atom_e e3827
intel xeon_e5 2699r_v4
intel xeon_e5_2420 -
intel xeon_e5 2667
intel xeon_e5_1650 -
intel xeon_e5_2420_v2 -
intel xeon_platinum 8170
redhat enterprise_linux_server_aus 6.4
intel xeon_e3_1286_v3 -
intel atom_c c3758
redhat enterprise_linux_server_aus 7.7
intel xeon_e5 2683_v3
intel xeon_e3_1245_v5 -
intel xeon_e7 2890_v2
intel xeon_e5_1620 -
intel xeon_gold 86140m
intel xeon_gold 85119t
nvidia jetson_tx2 *
intel atom_z z3570
intel xeon_platinum 8168
intel xeon_e3_1245_v6 -
intel xeon_e5 4657l_v2
intel xeon_e7 4809_v4
intel xeon_e3 1578l_v5
intel xeon_e3 x3430
intel xeon_e3_1225_v3 -
intel xeon_e5_2609_v3 -
intel xeon_e3_1286l_v3 -
mitel mivoic_mx-one -
siemens itc2200_pro_firmware *
siemens simatic_ipc477e_firmware *
intel atom_z z2580
siemens simatic_ipc3000_smart_firmware *
intel xeon_e5 4603_v2
intel xeon_platinum 8160
intel xeon_silver 4116t
intel xeon_e3_1280_v3 -
intel xeon_e7 2870_v2
intel xeon_e3 x3460
intel xeon_e5 2658_v2
intel xeon_e5 4620_v3
redhat enterprise_linux_eus 7.6
intel xeon_e3 1505m_v6
intel xeon_e5 4624l_v2
mitel mivoice_business -
intel celeron_j j3455
intel xeon_e5_2428l -
redhat openstack 10
siemens simatic_ipc647c_firmware *
arm cortex-a 15
intel xeon_e3_1275l_v3 -
intel xeon_e5 2690_v3
intel xeon_e5_2418l_v3 -
intel xeon_gold 86126t
intel xeon_e3_1270_v6 -
intel xeon_e3_1271_v3 -
intel xeon_e5_1660_v2 -
intel xeon_e7 8891_v4
intel xeon_platinum 8158
intel xeon_e7 4820_v3
intel pentium n4100
intel xeon_e5 2687w
redhat enterprise_linux_server_tus 7.3
intel xeon_e7 2803
intel atom_c c3958
intel xeon_e7 4820
intel xeon_e3_12201_v2 -
intel xeon_e7 8894_v4
intel xeon_e5 2680_v3
intel xeon_e3 1545m_v5
intel xeon_e5 4660_v4
intel atom_x7-e3950 -
intel xeon_e7 4860_v2
intel xeon_e7 8891_v3
intel atom_z z2480
intel xeon_e3_1240_v6 -
intel xeon_e3 e5540
intel xeon_e5 2687w_v3
intel atom_z z3775d
intel xeon_e5_2450 -
intel xeon_e5_2608l_v4 -
intel xeon_e5 2680_v4
intel xeon_e5 2690_v4
intel xeon_e7 8891_v2
intel xeon_platinum 8170m
intel celeron_j j4005
intel xeon_e3 1565l_v5
redhat mrg_realtime 2.0
intel atom_z z3560
intel xeon_e7 8860_v4
microsoft windows_server_2016 -
intel xeon_e5 4610_v3
intel xeon_e5_2609 -
intel xeon_gold 85120
intel xeon_gold 86138t
debian debian_linux 9.0
intel xeon_e7 8850
intel xeon_e5_2648l -
siemens sinema_remote_connect_firmware -
intel xeon_e7 8880l_v2
intel xeon_e5 2690
intel xeon_e5 2695_v2
intel xeon_e5_2650_v3 -
intel xeon_e3_1235l_v5 -
intel xeon_silver 4110
siemens sinumerik_840_d_sl_firmware -
intel xeon_e5 4660_v3
intel xeon_e3 x3480
intel xeon_e7 8830
intel xeon_e3_1275_v2 -
intel xeon_e5_2630l_v4 -
intel xeon_gold 5115
redhat virtualization_manager 4.3
intel atom_x5-e3930 -
intel xeon_e5_1680_v4 -
siemens sinumerik_tcu_30.3_firmware -
intel atom_z z3770d
intel xeon_e5_2448l_v2 -
intel atom_z z3736g
intel xeon_e7 4850_v2
intel xeon_e5_2648l_v4 -
intel xeon_e5 4627_v3
intel xeon_e5 2658_v3
intel xeon_gold 85115
intel xeon_gold 86126f
intel celeron_j j4105
sonicwall cloud_global_management_system -
microsoft windows_10 1803
intel xeon_e5 2680
intel xeon_e5 2697_v4
intel xeon_e3_1230_v3 -
redhat enterprise_linux_server_aus 6.6
intel xeon_e3_1265l_v2 -
intel xeon_e5_2403_v2 -
intel xeon_e3 7500
redhat enterprise_linux_eus 7.7
intel atom_z z2460
arm cortex-a 57
microsoft surface -
intel xeon_e3 l5508_
intel xeon_e5_2650l_v3 -
intel xeon_e3_1246_v3 -
intel atom_z z3740d
intel xeon_e3_1276_v3 -
intel xeon_e3 w5590
intel xeon_e3_1105c_v2 -
intel atom_z z3795
intel xeon_platinum 8160f
intel atom_z z3740
intel xeon_silver 4116
intel xeon_e3_1265l_v4 -
intel xeon_e5_2637_v3 -
intel xeon_gold 86134
nvidia jetson_tx1 *
intel xeon_e5_2448l -
intel xeon_e3 e5503
intel xeon_e5_2440_v2 -
intel xeon_e3_1270_v2 -
intel xeon_e5 4603
microsoft windows_server_2008 r2
siemens simatic_ipc677d_firmware *
intel xeon_e7 2860
intel atom_z z3745d
intel core_i5 45nm
siemens simatic_ipc477d_firmware *
intel xeon_e5 4620_v4
intel xeon_e5_2403 -
intel xeon_e3_1240 -
intel xeon_e5 4640_v2
intel xeon_e5 2670_v2
intel xeon_e7 8870_v2
intel xeon_e5 4620
intel xeon_e5_1650_v2 -
intel xeon_gold 86152
intel atom_z z3480
intel xeon_silver 4114t
intel atom_z z3736f
intel core_m 45nm
intel xeon_e3 x3450
intel xeon_e3 e5504
microsoft surface_studio -
siemens itc1500_pro_firmware *
redhat enterprise_linux_server_tus 7.7
intel xeon_e-1105c -
intel xeon_gold 85120t
intel core_i3 45nm
intel core_i5 32nm
intel xeon_e3 e5530
intel xeon_e7 8893_v4
intel xeon_e5_2623_v3 -
sonicwall sonicosv -
microsoft windows_10 1703
intel xeon_e3_1260l_v5 -
intel xeon_e5_2430l -
intel xeon_e5 4650
intel atom_c c3508
intel xeon_e3 e5502
redhat openstack 13
intel xeon_e5_2450l -
intel xeon_e7 8880_v4
intel xeon_e5 4650_v3
microsoft surface_pro 1796
redhat enterprise_linux_server 7.0
intel xeon_e3 x5560
intel xeon_e5 4610_v4
redhat virtualization_manager 4.2
intel xeon_e5_2630_v4 -
siemens itc1900_firmware *
intel xeon_e3 1585l_v5
intel xeon_e5_1680_v3 -
intel xeon_e5_2407_v2 -
intel atom_z z2760
intel xeon_e5 4669_v3
intel xeon_e3_1240_v3 -
intel xeon_e3_1260l -
intel atom_c c3308
intel xeon_e5 2683_v4
intel xeon_e5 2687w_v2
siemens simatic_ipc427c_firmware -
intel xeon_e3 l5518_
intel xeon_e5 2665
intel xeon_e3_1275_v6 -
redhat enterprise_linux_eus 7.4
intel xeon_e3_1230 -
redhat enterprise_linux_desktop 7.0
intel xeon_e5_2630l_v2 -
intel pentium n4000
intel xeon_e7 8867_v3
intel xeon_e3 l5530
intel xeon_e3_1230_v5 -
intel xeon_gold 86148
intel xeon_e7 4850
redhat enterprise_linux_workstation 6.0
intel xeon_e5_2603_v3 -
intel xeon_e3_1230_v2 -
intel xeon_e3_1285_v4 -
schneider-electric struxureware_data_center_expert *
intel atom_z z3580
intel core_i3 32nm
siemens simatic_ipc627c_firmware *
intel xeon_e5 2658_v4
intel atom_z z3530
intel xeon_e5 4669_v4
intel xeon_gold 86136
intel xeon_e3 w5580
siemens simatic_field_pg_m5_firmware *
redhat openstack 8
redhat enterprise_linux_eus 6.7
intel xeon_e3_1290 -
intel xeon_e7 8880l_v3
intel xeon_e3 x5570
intel xeon_e3_1285l_v3 -
intel xeon_e5_2628l_v2 -
intel xeon_e7 2880_v2
intel xeon_e7 4870
intel xeon_e3_1275_v5 -
siemens simatic_s7-1500_firmware *
intel xeon_e5_2618l_v2 -
siemens simotion_p320-4e_firmware *
intel atom_c c3538
intel xeon_e7 8893_v3
redhat enterprise_linux_server_tus 7.6
siemens simatic_ipc347e_firmware *
intel xeon_e7 8870_v4
intel xeon_e3_1270_v3 -
intel xeon_e5 4667_v3
intel xeon_e5_2637_v2 -
intel atom_c c3750
intel xeon_e7 8867_v4
intel xeon_e3 5600
intel atom_z z3770
intel xeon_e5_1660_v4 -
redhat openstack 9
intel xeon_platinum 8176f
intel xeon_e5_2620_v2 -
intel xeon_e5_2637 -
intel xeon_e3_1231_v3 -
intel xeon_e3_1285_v3 -
intel xeon_e5_2648l_v3 -
sonicwall email_security -
intel xeon_e7 8850_v2
intel xeon_platinum 8176m
intel xeon_gold 86148f
intel xeon_e5 2697_v3
sonicwall global_management_system -
microsoft windows_7 -
intel xeon_e3_1505l_v5 -
intel xeon_e5 4667_v4
intel xeon_silver 4108
intel atom_c c3558
intel xeon_e7 2870
microsoft windows_server_2016 1709
intel pentium_j j4205
intel xeon_e5_2603 -
intel xeon_e7 2850_v2
intel xeon_e7 4820_v4
intel xeon_e5_2430_v2 -
intel xeon_e7 4880_v2
oracle solaris 11
intel atom_c c2308
intel atom_c c3338
intel xeon_e5 2687w_v4
intel xeon_e5_2440 -
intel xeon_e5_1428l_v2 -
intel xeon_e5_2418l_v2 -
intel xeon_e5_2620_v4 -
intel xeon_gold 86134m
intel xeon_e3 e6550
intel xeon_e3 1535m_v5
intel xeon_e3 e6510
intel xeon_e7 8880_v3
siemens ruggedcom_ape_firmware -
intel xeon_e3 e5520
intel xeon_e5 4640_v4
intel xeon_e5_2643_v3 -
intel xeon_e7 4890_v2
intel xeon_e5 2695_v4
microsoft windows_10 1709
intel xeon_e5 4617
CVE-2018-3693 MEDIUM

Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.6 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N 1.1 4.0

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
intel xeon x3470
intel atom_c c2738
intel core_i3 4340
intel xeon_e5_2603_v2 -
intel xeon_platinum 8180
intel xeon_e3_1125c_v2 -
intel xeon_e5 2660_v3
intel core_i7 2960xm
intel xeon x7542
intel core_i7 4722hq
intel core_i7 4765t
intel xeon l5530
intel core_i7 860
intel xeon_e5_2650l_v2 -
intel core_i7 2820qm
intel core_i7 740qm
intel core_i3 330um
intel core_i3 3250
intel core_i3 2115c
intel core_i7 4600u
intel core_i7 4558u
intel xeon_e7 4809_v2
intel xeon_e3_1268l_v5 -
intel xeon x3460
intel atom_z z3735d
intel xeon ec5549
intel xeon_phi 7295
intel core_i7 880
intel core_i7 980
intel xeon_e5_2430 -
intel core_i7 4700ec
intel core_i7 620m
intel xeon_e7 8880_v2
intel celeron_n n3450
intel core_i5 6600
intel core_i7 720qm
intel atom_z z3735g
intel xeon_e5 2667_v4
intel core_i3 5020u
intel core_i7 2760qm
intel core_i7 4650u
intel core_i5 3380m
intel xeon_e3_1280 -
intel core_i5 4440s
intel xeon e5504
intel core_i7 3610qm
intel xeon_e7 2850
intel xeon l7545
intel xeon_gold 6132
intel core_i3 4112e
intel core_i3 3120me
intel xeon_gold 6138t
intel core_i7 620ue
intel core_i7 2600
intel core_i3 4130t
intel xeon_e5_2438l_v3 -
intel core_i5 3339y
intel xeon l5630
intel core_i7 4860hq
intel core_i3 3217u
intel core_i5 2500
intel xeon_bronze_3104 -
intel xeon_e3_1230_v6 -
intel xeon_e5_2650_v2 -
intel xeon e6510
intel xeon_e5 4655_v4
arm cortex-a 12
intel celeron_n n2805
intel xeon_e3_1275 -
intel core_i3 390m
intel xeon x5660
intel xeon_e5_2648l_v2 -
intel core_i7 660lm
intel core_i5 520um
intel xeon_e5 2699_v4
intel core_i5 3450
intel core_i3 4330
intel core_i5 560m
intel xeon_e5 2699_v3
intel atom_e e3826
intel atom_c c2358
intel atom_z z3735e
intel xeon_e5_1630_v3 -
intel xeon_e5_2618l_v3 -
intel xeon_e7 8890_v3
intel core_i3 4360t
intel xeon_e3_1220 -
oracle communications_eagle_application_processor 16.1.0
intel xeon x5680
intel core_i7 4770
intel xeon_e3_1505l_v6 -
intel core_i5 430um
intel xeon_phi 7210
intel core_i7 2720qm
intel core_i7 4760hq
intel xeon x5690
intel xeon_e5_2650_v4 -
intel xeon_e5 2695_v3
intel xeon e5540
intel xeon_e3_1125c -
intel core_i7 3537u
intel core_i5 2520m
oracle communications_lsms *
intel core_i5 480m
intel xeon_e3_1230l_v3 -
intel core_i3 3120m
intel core_i5 4570r
intel core_i5 8400
intel xeon_e5_1428l -
intel xeon_e3 1535m_v6
intel xeon_e5_1428l_v3 -
intel xeon_e5_2650 -
intel core_i3 2102
arm cortex-a 9
intel core_i5 760
intel xeon_e5_1650_v4 -
intel xeon_e3_1240l_v3 -
intel xeon_e3_1285l_v4 -
intel xeon_e5_2603_v4 -
intel core_i3 4100u
intel core_i3 3217ue
intel core_i7 3667u
intel core_i7 7660u
intel atom_z z3775
intel xeon_e5_1660_v3 -
intel xeon_e5_2407 -
intel core_i3 550
intel xeon_e3_1290_v2 -
intel core_i7 8650u
intel xeon_e5_2630_v3 -
intel atom_e e3845
intel core_i3 4330te
intel xeon_e5 2660_v4
intel xeon_e5 2690_v2
intel xeon_gold 5119t
intel xeon_e5 4627_v4
intel core_i5 2405s
intel core_i7 4600m
intel core_i5 2450p
intel xeon_e5_2630_v2 -
intel xeon_e7 4807
intel xeon_gold 6138f
redhat enterprise_linux_desktop 6.0
intel xeon x5550
intel core_i3 4170t
intel xeon_e3_1505m_v5 -
intel pentium_j j3710
intel xeon_e3_1285_v6 -
intel xeon_e7 4830_v4
intel core_i7 2640m
intel core_i3 3110m
intel xeon_gold 5120
intel core_i5 8600k
intel atom_z z2560
intel core_i5 6267u
intel xeon_e3_1220l_v3 -
intel core_i3 4110e
intel xeon_e3_1245_v2 -
arm cortex-a 8
intel xeon_e5 4627_v2
intel core_i7 5850hq
intel xeon_gold 6138
intel xeon_e7 4850_v3
intel celeron_n n2820
intel celeron_n n2930
intel xeon_e7 2820
intel core_i7 2677m
intel core_i5 6500te
intel core_i3 4030u
intel atom_c c3830
intel core_i3 380um
intel pentium_n n3530
intel atom_x3 c3405
intel core_i3 4360
intel xeon_e5 4610
intel xeon_e7 4870_v2
intel xeon_platinum 8153
intel xeon_e5 4610_v2
intel xeon_e5 2658a_v3
intel core_i5 4302y
intel xeon_e3_1275_v3 -
intel xeon l5508
intel xeon_e5 2667_v2
intel core_m 5y51
intel celeron_n n3350
intel xeon_e5_2609_v2 -
intel core_i7 4700hq
intel core_i7 4578u
intel core_i7 4500u
intel atom_c c3850
intel xeon_e5_2630l -
intel core_i3 6006u
intel xeon_e5_2428l_v2 -
intel xeon_e5_2640_v3 -
schneider-electric struxureware_data_center_expert 7.6.0
intel core_i7 3555le
intel xeon x5687
intel xeon_e3_1220_v5 -
intel core_i5 4440
intel xeon_e5_2640_v4 -
intel xeon_e5 4640_v3
intel atom_c c3955
intel core_i5 2515e
intel celeron_n n4100
intel xeon e5649
intel core_i7 3630qm
intel core_i5 5200u
intel xeon_e3_1280_v6 -
intel celeron_j j1800
intel xeon_e5_1620_v4 -
intel xeon_e3_1281_v3 -
intel xeon_e5_2630 -
intel xeon_e5_2630l_v3 -
intel core_i5 4210u
intel xeon_e3_1268l_v3 -
intel core_i5 6360u
intel core_i3 3250t
intel xeon_e7 8837
intel xeon_e3 1585_v5
intel core_i7 7y75
intel core_i7 930
intel xeon_platinum 8156
intel core_i3 6102e
intel core_i7 870
intel core_i3 2375m
intel xeon_e3_1240_v2 -
intel xeon_e5_2430l_v2 -
intel core_i3 6300t
intel core_i5 3610me
intel xeon_e7 4830_v3
intel xeon_e5 2670
intel xeon_gold 6128
intel core_i7 5700hq
intel xeon_e3_1280_v5 -
intel xeon w5580
intel xeon_e5_2618l_v4 -
intel core_i5 4590t
intel xeon e5640
intel atom_c c2758
intel core_i5 5350u
intel core_i7 620lm
intel xeon x7560
intel xeon_e5_2620_v3 -
intel core_m 5y71
intel xeon_e7 4830_v2
intel core_i3 3220
intel core_i3 4010u
intel xeon_e3_1501l_v6 -
intel core_i5 2435m
intel xeon_e5 4607_v2
intel core_i5 5675c
intel core_i3 4158u
intel core_i5 4260u
intel core_i5 2320
intel xeon l5506
intel core_i7 4800mq
intel core_i7 5775r
intel core_i3 3229y
redhat enterprise_linux_workstation 7.0
intel core_i7 4702hq
intel core_i5 4570t
intel core_i7 4712mq
intel core_i3 330e
intel core_i5 750s
intel xeon_e5 2670_v3
intel core_i7 3820qm
intel core_i5 4430s
intel atom_e e3827
intel xeon ec5539
intel xeon_e5_2420 -
intel xeon_e5 2667
intel xeon_e5_1650 -
intel xeon_e5_2420_v2 -
intel core_i3 4110m
intel core_i3 4130
intel xeon_platinum 8170
intel core_i5 4460
intel xeon_e5 2683_v3
intel core_i5 3570
intel xeon_e7 2890_v2
intel xeon_phi 7230f
intel core_i5 5300u
intel core_i7 2700k
intel atom_z z3570
intel xeon_platinum 8168
intel celeron_n n2830
intel xeon_gold 6140
intel core_i5 4460t
intel xeon_e5 4657l_v2
intel core_i5 6287u
intel core_i5 8250u
intel xeon_e7 4809_v4
intel xeon_e5_2609_v3 -
intel core_m 5y70
intel xeon_e3_1286l_v3 -
intel xeon_gold 6134
intel atom_c c2530
intel core_i7 3770t
intel atom_z z2580
intel core_i5 6440hq
intel core_i5 3317u
intel core_i5 3330
intel atom_x3 c3445
intel xeon e5507
intel xeon_e5 4603_v2
intel xeon_platinum 8160
intel xeon w3670
intel xeon_e7 2870_v2
intel core_i3 540
intel xeon_e5 2658_v2
intel core_i7 4870hq
intel celeron_n n3150
intel core_i3 4000m
intel xeon x5560
intel xeon_e5 4620_v3
intel core_i5 655k
intel atom_x3 c3205rk
intel core_i7 4950hq
intel celeron_j j3455
intel xeon_e5_2428l -
intel core_i5 2450m
intel atom_c c2518
intel atom_c c2730
intel xeon_e5_2418l_v3 -
intel xeon_gold 6154
intel xeon_e3_1270_v6 -
redhat enterprise_linux_server_eus 7.5
intel core_i5 3570s
intel xeon_gold 6130t
intel xeon_e7 4820_v3
intel core_i7 7700k
intel xeon_e7 2803
intel core_i5 2300
intel celeron_n n4000
intel xeon_e7 8894_v4
intel xeon_e5 2680_v3
intel core_i7 5557u
intel core_i7 2600k
intel core_i3 4030y
intel xeon_e7 4860_v2
intel xeon_e7 8891_v3
intel xeon_e5 2687w_v3
intel core_i5 3340s
intel core_i3 2330e
intel atom_z z3775d
intel xeon_e5_2450 -
intel core_i5 4670r
intel core_i7 4770t
intel xeon_phi 7230
intel core_i7 3840qm
intel core_i7 4790k
intel core_i7 3770
intel core_i3 2310m
intel celeron_j j4005
intel xeon_e3 1565l_v5
intel celeron_n n2810
intel core_i7 640lm
intel atom_z z3560
intel atom_x3 c3295rk
intel xeon_e5_2609 -
intel core_i3 4100e
intel xeon_gold 6148f
intel xeon l5638
intel xeon_e7 8850
intel xeon_e5_2648l -
intel xeon_e7 8880l_v2
intel core_i7 2655le
intel core_i7 7820eq
intel core_m 5y31
intel core_i5 3437u
intel xeon_silver 4110
intel core_i7 4771
intel xeon_e7 8830
intel core_i3 4350t
intel xeon_e5_1680_v4 -
intel atom_z z3770d
intel core_i5 4200h
intel core_i7 4770s
intel xeon_phi 7210f
intel xeon_e5_2448l_v2 -
intel atom_z z3736g
intel xeon_phi 7290
intel xeon_e5 4627_v3
intel core_i5 3337u
intel core_i5 2510e
intel core_i5 430m
intel core_i5 2390t
intel pentium_j j2850
intel core_i5 4690
intel core_i7 8550u
intel xeon_e5 2680
intel xeon x5675
intel xeon_e5 2697_v4
fujitsu m12-2_firmware *
intel core_m3 6y30
intel core_i7 2920xm
intel atom_c c2558
intel core_i5 580m
intel core_i7 3610qe
intel core_i3 5005u
intel xeon e5503
intel core_i5 3360m
intel xeon_e5_2650l_v3 -
intel xeon_e3_1246_v3 -
intel core_i7 620le
intel xeon_e3_1276_v3 -
netapp solidfire_element_os_management_node -
intel core_i3 4025u
intel xeon_e3_1105c_v2 -
intel core_i7 5500u
intel atom_z z3795
intel core_i7 660um
intel atom_z z3740
intel core_i5 4210m
intel core_i7 3612qm
intel xeon_e3_1265l_v4 -
intel xeon_e5_2637_v3 -
intel core_i3 2312m
intel core_i3 3220t
intel core_i5 4430
intel core_i7 4550u
intel xeon_e3_1270_v2 -
intel core_i5 520e
intel atom_z z3745d
intel xeon e5520
intel xeon_gold 6152
intel core_i5 2540m
intel atom_x3 c3265rk
intel xeon_e5_2403 -
intel xeon_e5 4620_v4
intel core_i5 470um
intel core_i5 4590s
intel core_i5 4250u
intel xeon x5677
intel core_i5 6685r
intel xeon_e3_1240 -
intel core_i5 3470
intel xeon_e5 4640_v2
intel xeon_e5 2670_v2
intel xeon_e7 8870_v2
intel core_i5 3340m
intel xeon_e5 4620
intel xeon_bronze_3106 -
intel atom_z z3480
intel xeon_silver 4114t
intel xeon e5603
intel atom_z z3736f
intel core_i3 530
intel core_i7 3540m
intel core_i3 4350
intel core_i5 650
intel core_i7 5850eq
intel xeon_e5_2623_v3 -
intel core_i5 4590
intel xeon_e3_1260l_v5 -
intel xeon_e5_2430l -
intel xeon_phi 7250
intel xeon x7550
intel atom_c c3508
intel xeon e7540
intel xeon_e5_2450l -
intel xeon_e7 8880_v4
intel core_i3 2328m
redhat enterprise_linux_server 7.0
intel xeon ec5509
intel xeon_gold 6136
redhat enterprise_linux 7.0
intel core_i5 6600t
intel core_i7 2710qe
intel celeron_n n2806
intel core_i7 7567u
intel xeon_e5_1680_v3 -
intel xeon_e5_2407_v2 -
intel core_i7 860s
intel core_i5 6402p
intel xeon_e3_1240_v3 -
intel xeon_e3_1260l -
intel atom_c c3308
intel xeon_e5 2683_v4
intel celeron_n n3010
intel core_i5 6260u
intel atom_c c2750
intel xeon_gold 6130f
redhat enterprise_linux_eus 7.4
intel core_i5 2430m
intel core_i5 4410e
intel xeon_e5_2630l_v2 -
intel core_i7 610e
intel core_i7 7820hk
intel xeon_e3_1230_v5 -
intel core_i5 2400
intel core_i7 7920hq
intel core_i5 2537m
intel core_i7 970
intel core_i3 4330t
intel core_i7 5650u
intel core_i3 4020y
intel xeon_e3_1285_v4 -
intel atom_z z3580
intel core_i5 6300hq
intel core_i7 2675qm
intel core_i5 6400
intel core_i7 950
intel core_i5 3350p
intel core_i5 540m
intel core_i5 560um
intel core_i3 6100e
intel xeon_e3_1290 -
intel xeon_e7 8880l_v3
intel xeon_e5_2628l_v2 -
intel xeon_e7 2880_v2
intel xeon_e7 4870
intel xeon_e3_1275_v5 -
intel core_i7 2600s
intel xeon_e5_2618l_v2 -
intel atom_c c3538
intel core_i5 6400t
redhat enterprise_linux_server_tus 7.6
intel core_i5 540um
intel xeon_gold 5118
intel xeon_e7 8870_v4
intel xeon_e3_1270_v3 -
intel xeon_e5_2637_v2 -
intel atom_c c3750
intel xeon_e7 8867_v4
intel core_i5 4422e
intel core_i5 520m
intel core_i7 3687u
intel xeon_e3_1231_v3 -
intel xeon_e3_1285_v3 -
intel xeon_e5_2648l_v3 -
intel core_i5 4210y
intel xeon_e7 8850_v2
intel core_i5 4300u
intel xeon_platinum 8176m
intel xeon_e5 2697_v3
intel xeon_e3_1505l_v5 -
intel xeon_silver 4108
intel atom_c c3558
intel xeon_e7 2870
intel core_i7 4610y
fujitsu m12-2s_firmware *
intel core_m 5y10
intel pentium_n n3540
intel xeon_e7 2850_v2
intel core_i5 3439y
intel xeon_phi 7235
intel core_i5 5350h
intel xeon e7530
arm cortex-a 73
intel atom_c c3338
intel xeon_e5_1428l_v2 -
intel xeon_e5_2418l_v2 -
intel xeon_e5_2620_v4 -
intel xeon w5590
intel xeon_e7 4890_v2
intel xeon_e5 4640_v4
intel core_i7 2637m
intel core_i5 3570t
intel core_i5 3470t
intel xeon e5620
intel celeron_j j1850
intel xeon_e5 2660_v2
intel xeon_silver 4114
intel core_i3 4100m
intel xeon_e3_1245_v3 -
intel core_i3 6100
intel core_i3 6157u
intel xeon_e5_2643 -
intel xeon_e3_1258l_v4 -
intel core_i5 4310m
intel xeon_e7 8870
intel xeon_e7 4850_v4
redhat enterprise_linux_server 6.0
intel core_i7 4770te
intel core_i3 2125
intel core_i3 3130m
intel xeon_e5_2450_v2 -
redhat enterprise_linux_server_aus 7.6
intel atom_z z3590
intel core_i3 8100
intel xeon_e7 4830
intel core_i7 7560u
intel core_i5 5575r
intel core_i5 3550s
intel xeon_e3_1245 -
intel xeon_e7 4860
intel core_i5 2557m
intel xeon_e5 2698_v4
intel xeon_silver 4109t
intel xeon_e3_1241_v3 -
intel core_i7 4702mq
redhat enterprise_linux_server_tus 7.4
intel core_i5 3450s
intel xeon_e5_2609_v4 -
intel xeon_e5_2623_v4 -
intel atom_z z2520
intel xeon_e3_1225 -
intel core_i5 4570s
intel core_i7 940xm
intel pentium_j j2900
intel xeon_e3_1225_v6 -
intel core_i7 4770r
intel xeon_e3_12201 -
intel core_i5 4308u
intel xeon_e3_1270 -
intel core_i5 450m
intel core_i5 3475s
intel atom_c c2538
intel core_i3 2120t
intel xeon_e5_2640_v2 -
intel atom_z z2420
intel xeon_e7 8890_v2
intel xeon_e7 8893_v2
intel core_i5 2500s
intel core_i7 4980hq
intel core_i5 2310
intel core_i7 3770s
intel core_i3 3240
intel xeon_e5_1620_v2 -
intel core_i3 5010u
intel core_i3 6300
intel xeon x5650
intel xeon_e7 2830
intel core_m5 6y57
intel xeon x5670
intel xeon_platinum 8164
intel core_i3 2370m
intel xeon_e5_2643_v2 -
intel xeon_e5_2428l_v3 -
intel xeon w3690
intel xeon_e5_2608l_v3 -
intel core_i3 2105
intel core_i3 4340te
intel atom_c c2350
intel core_i7 3612qe
intel atom_c c3708
intel pentium_n n3510
intel xeon_e5_2470 -
intel core_i7 4510u
intel core_i7 4810mq
intel core_i5 2400s
intel celeron_n n3060
intel core_i7 5775c
intel core_i3 2100
intel core_i5 4340m
intel core_i7 975
intel xeon_e7 8890_v4
intel atom_c c2316
intel xeon_e5_2620 -
intel xeon_e5_2470_v2 -
redhat enterprise_linux_server_aus 7.4
intel core_i3 6100u
intel atom_x3 c3230rk
intel atom_z z3460
intel core_i5 2500k
intel xeon l7555
intel core_i5 6600k
intel core_i7 5600u
intel core_i5 4200m
intel xeon_gold 6126
intel core_i7 2630qm
intel core_m3 7y30
intel xeon_e5 2699a_v4
intel atom_e e3815
intel xeon_e3_1280_v2 -
intel xeon_gold 5122
intel xeon_e3_1220_v6 -
intel xeon_e5 4628l_v4
intel xeon_e3_1270_v5 -
intel xeon_e5 2650l_v4
intel core_i5 4670s
intel core_i3 2330m
intel core_i3 4170
intel atom_z z3785
intel core_i5 2380p
intel xeon_e7 8867l
intel core_i5 4570te
intel xeon e5607
intel core_i3 6098p
intel xeon_e5 4607
intel core_i7 7700
intel xeon e5645
intel xeon_e5 2660
intel xeon_gold 6142f
intel xeon l3426
intel core_i5 4670
intel core_m 5y10c
intel xeon_gold 6126t
intel xeon_e7 8857_v2
intel xeon_gold 6126f
intel core_i5 6440eq
intel xeon_e5 2698_v3
intel xeon_e5 4620_v2
intel xeon_e3_1226_v3 -
intel core_i7 3635qm
intel core_i5 4670k
intel xeon_e5_2450l_v2 -
intel core_i3 4120u
intel celeron_n n2840
intel core_i3 3210
intel xeon_e5_2640 -
intel core_i7 920
intel core_m 5y10a
intel xeon_platinum 8160m
intel xeon_e5 2697a_v4
intel core_i7 875k
intel atom_x3 c3235rk
intel xeon_gold 6144
intel core_i7 3632qm
intel xeon_e3_1225_v5 -
intel core_i7 4770hq
intel xeon_e7 8860_v3
intel xeon_e5 4650l
intel xeon_gold 6148
intel core_i5 3340
intel xeon_e5 4640
intel core_i5 4300m
intel core_i7 660ue
intel xeon_e5_1660 -
intel core_i7 4850hq
intel xeon_e3 1515m_v5
intel atom_c c2508
intel atom_e e3825
intel xeon_e5 4648_v3
intel xeon_platinum 8160t
intel core_i5 4690k
intel xeon_e5_2628l_v3 -
intel core_i7 960
intel atom_c c2338
intel xeon_silver 4112
intel xeon_gold 6142
arm cortex-a 72
arm cortex-a 76
intel core_i5 3330s
intel core_i3 5157u
intel xeon_e5_2650l -
intel xeon_e3_1278l_v4 -
intel xeon_e5 4650_v4
intel xeon_e5 2658
intel xeon_e5 4650_v2
intel xeon_e7 4820_v2
intel core_i3 350m
intel xeon_e5 2680_v2
intel pentium_n n3700
intel xeon_e3_1225_v2 -
intel xeon_e3 1575m_v5
intel atom_z z3735f
intel core_i7 4720hq
intel core_i7 980x
intel xeon_e7 8860
intel core_i7 8700k
intel xeon l5609
intel xeon_e3_1220_v2 -
intel xeon_e7 8870_v3
intel xeon_e3_1220_v3 -
intel xeon_e5_2408l_v3 -
intel xeon_e5 2697_v2
intel xeon_e5_2637_v4 -
redhat enterprise_linux_server_eus 7.6
intel atom_e e3805
intel core_i3 380m
intel xeon_e3_1235 -
intel xeon_e5_1650_v3 -
intel xeon_e7 4809_v3
intel atom_z z3745
intel core_i5 4258u
intel celeron_n n3160
intel xeon_e3_1240_v5 -
intel xeon_platinum 8176
intel core_i5 6500
intel core_i3 2100t
intel core_i7 840qm
intel atom_c c3808
intel core_i5 2410m
intel pentium_n n4200
intel core_i7 4785t
intel core_i7 7500u
intel core_m5 6y54
intel xeon_e3_1501m_v6 -
intel core_i5 2500t
intel xeon_e5_2418l -
intel core_i5 4200y
intel xeon_e3 1558l_v5
intel xeon_e3_1265l_v3 -
intel core_i7 640m
intel xeon_e5_2643_v4 -
intel core_i5 6300u
intel core_i3 4010y
intel core_i7 2860qm
intel xeon l5618
intel xeon_e5_1630_v4 -
intel xeon x3480
intel core_i3 2357m
intel core_i3 6320
intel core_i7 4790s
intel xeon_e5_1620_v3 -
intel atom_c c3950
intel xeon l5520
intel celeron_n n2920
intel core_i5 460m
intel core_i7 3720qm
intel xeon_e5_2628l_v4 -
intel core_i3 3245
intel core_i7 640um
intel core_i7 4710mq
intel xeon_e3_1240l_v5 -
intel core_i5 4330m
intel atom_c c3858
intel core_i5 5257u
intel xeon_phi 7250f
intel core_i3 4150
intel core_i7 3689y
intel xeon_e5 2667_v3
intel xeon_e5 4655_v3
intel core_i3 6100te
intel core_i5 3230m
intel core_i3 4370t
intel xeon e5630
intel core_i7 3615qe
intel xeon_e5 2699r_v4
intel xeon e5502
intel xeon e5506
intel core_i5 6442eq
intel core_i7 3770k
intel xeon_e3_1286_v3 -
intel atom_c c3758
intel core_i7 7820hq
intel core_i7 7600u
intel core_i7 620um
intel xeon_e3_1245_v5 -
intel core_i5 660
intel core_i5 2467m
intel core_i7 7700hq
intel xeon_e5_1620 -
intel xeon_e3_1245_v6 -
intel core_i7 4750hq
intel celeron_j j1900
intel core_i5 4360u
intel core_i5 680
intel xeon e6540
intel core_i3 4370
intel xeon_e3 1578l_v5
intel core_i7 3740qm
intel xeon_e3_1225_v3 -
intel core_i5 4300y
intel atom_x3 c3130
intel xeon_silver 4116t
intel xeon_e3_1280_v3 -
intel core_i5 4278u
intel core_i5 750
intel core_i5 4288u
intel core_i3 2365m
intel xeon_gold 6146
intel core_i5 4460s
intel core_i7 5700eq
intel xeon_e3 1505m_v6
intel xeon_e5 4624l_v2
intel core_i7 940
intel core_i5 3427u
arm cortex-a 15
intel xeon_e3_1275l_v3 -
intel xeon_e5 2690_v3
intel xeon_e3_1271_v3 -
intel xeon_e5_1660_v2 -
intel xeon_e7 8891_v4
intel core_i3 6100h
intel xeon_platinum 8158
intel core_i5 4690s
intel core_i3 3227u
intel core_i7 7700t
intel celeron_j j3355
intel xeon_e5 2687w
intel core_i7 2617m
intel atom_c c3958
intel xeon_e7 4820
intel atom_c c2516
intel core_i3 560
intel xeon_e3_12201_v2 -
intel core_i5 4220y
intel xeon_e3 1545m_v5
intel xeon_e5 4660_v4
intel xeon e5606
intel core_i5 4200u
intel core_i7 2610ue
intel atom_z z2480
intel core_m7 6y75
intel xeon_e3_1240_v6 -
intel core_i5 4310u
intel core_i7 4790
intel core_i7 4960hq
intel core_i3 2310e
intel celeron_n n3050
intel xeon x5647
intel xeon_e5_2608l_v4 -
intel core_i3 2120
intel celeron_j j1750
intel xeon_e5 2680_v4
intel xeon x5570
intel xeon_e5 2690_v4
intel xeon_gold 6130
intel xeon_e7 8891_v2
intel xeon_platinum 8170m
intel core_i3 4150t
intel atom_c c2550
intel xeon_e7 8860_v4
intel core_i3 4102e
intel xeon_e5 4610_v3
intel core_i3 8350k
intel xeon_e5 2690
intel xeon_e5 2695_v2
intel xeon_e5_2650_v3 -
intel core_i5 6350hq
intel xeon_e3_1235l_v5 -
intel xeon_e5 4660_v3
intel core_i5 8350u
intel core_i5 3320m
intel core_i5 4690t
intel xeon x3450
intel core_i7 4900mq
intel xeon_e3_1275_v2 -
intel xeon_e5_2630l_v4 -
intel xeon_gold 5115
intel core_i5 4400e
intel core_i3 5015u
intel core_i5 5675r
intel xeon lc5518
intel xeon_phi 7290f
intel xeon_e7 4850_v2
intel xeon_e5_2648l_v4 -
intel xeon_e5 2658_v3
intel core_m3 7y32
intel celeron_j j4105
intel xeon_gold 6140m
intel xeon e5530
intel xeon x3440
intel core_i3 4005u
intel core_i3 3240t
intel xeon_e3_1230_v3 -
intel pentium_n n3710
intel xeon_e3_1265l_v2 -
intel core_i7 2629m
intel xeon x5667
intel xeon_e5_2403_v2 -
intel pentium_n n3520
intel xeon l3406
intel core_i5 6200u
intel atom_z z2460
arm cortex-a 57
intel core_i3 4012y
intel core_i7 2635qm
intel core_i5 5287u
intel core_i3 370m
intel atom_z z3740d
intel xeon_platinum 8160f
intel core_i7 4610m
intel xeon_silver 4116
intel core_i7 8700
intel xeon_gold 6150
intel xeon lc5528
intel xeon_e5_2448l -
intel xeon_e5_2440_v2 -
intel xeon_e5 4603
intel core_i3 3225
intel core_i5 2550k
intel core_i7 5550u
intel xeon_e7 2860
intel core_i7 3517ue
intel core_i3 2377m
intel xeon_gold 5120t
intel core_i7 990x
arm cortex-r 7
intel celeron_n n2910
intel xeon_e5_1650_v2 -
intel core_i3 3115c
intel core_i7 4712hq
intel xeon_e-1105c -
intel xeon e7520
intel core_i3 4160t
intel core_i7 3615qm
intel xeon x3430
intel core_i7 2620m
intel celeron_n n2807
arm cortex-a 17
intel core_i3 4160
intel core_i3 6167u
intel xeon_e7 8893_v4
intel celeron_j j3160
intel xeon_e5 4650
intel core_i7 4700eq
intel celeron_n n2815
arm cortex-a 75
intel core_i3 2348m
intel core_i5 3210m
intel xeon l5518
intel xeon_e5 4650_v3
intel core_i7 2657m
intel xeon_e5 4610_v4
intel xeon_e5_2630_v4 -
intel xeon_e3 1585l_v5
intel atom_z z2760
intel xeon_e5 4669_v3
arm cortex-r 8
intel xeon_e5 2687w_v2
intel core_i7 4700mq
intel atom_c c2718
intel xeon_e5 2665
intel core_i5 3470s
intel xeon_e3_1275_v6 -
intel xeon_e3_1230 -
redhat enterprise_linux_desktop 7.0
intel core_i3 6100t
intel core_i5 4350u
intel xeon_e7 8867_v3
intel core_i3 2130
intel core_i3 330m
intel core_i7 820qm
intel core_i7 3517u
intel core_i7 2649m
intel xeon_e7 4850
redhat enterprise_linux_workstation 6.0
intel core_i5 3570k
intel xeon_e5_2603_v3 -
oracle communications_eagle_application_processor 16.2.0
intel core_i7 965
intel xeon_e3_1230_v2 -
intel core_i7 4910mq
intel celeron_n n2940
intel core_i7 5750hq
intel xeon_e5 2658_v4
intel celeron_n n2808
intel atom_z z3530
intel xeon_e5 4669_v4
intel xeon_phi 7285
intel core_i5 4570
intel xeon_gold 6134m
intel xeon w3680
intel xeon_e3_1285l_v3 -
intel core_i5 6500t
intel core_i3 2367m
intel celeron_n n3000
intel xeon l5640
intel xeon_gold 6142m
intel xeon_e7 8893_v3
intel core_i5 6585r
intel xeon_e5 4667_v3
intel core_i7 3520m
intel core_i7 4790t
intel atom_z z3770
intel xeon_e5_1660_v4 -
intel core_i3 2350m
intel core_i5 670
intel core_i7 2715qe
intel core_i5 5250u
intel xeon_platinum 8176f
intel xeon_e5_2620_v2 -
intel xeon x5672
intel xeon_e5_2637 -
intel core_i7 5950hq
intel core_i7 4702ec
intel celeron_j j3060
intel core_i5 4402ec
intel xeon_e5 4667_v4
intel core_i7 680um
intel core_i5 4670t
intel core_i5 4202y
intel pentium_j j4205
intel xeon_e5_2603 -
intel core_i5 4210h
intel core_i7 920xm
intel xeon_e7 4820_v4
intel xeon x6550
intel core_i7 2670qm
intel atom_x3 c3200rk
intel xeon_e5_2430_v2 -
intel xeon_e7 4880_v2
intel core_i7 4710hq
intel atom_c c2308
intel xeon_e5 2687w_v4
intel xeon_e5_2440 -
intel core_i7 870s
intel core_i3 2340ue
intel core_i5 3550
intel xeon_e3 1535m_v5
intel xeon_e7 8880_v3
intel core_i7 4770k
intel xeon_e5_2643_v3 -
fujitsu m12-1_firmware *
intel core_i5 4402e
intel xeon_e5 2695_v4
intel core_i5 661
intel xeon_e5 4617
CVE-2018-7227 MEDIUM

A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow retrieving of specially crafted URLs without authentication that can reveal sensitive information to an attacker.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
schneider-electric imps110-1er_firmware *
schneider-electric imp1110-1er_firmware *
schneider-electric imp219-1e_firmware *
schneider-electric imp519-1e_firmware *
schneider-electric ibps110-1er_firmware *
schneider-electric imp1110-1e_firmware *
schneider-electric imp319-1e_firmware *
schneider-electric imps110-1e_firmware *
schneider-electric imp219-1_firmware *
schneider-electric mps110-1_firmware *
schneider-electric imp219-1er_firmware *
schneider-electric ibp219-1er_firmware *
schneider-electric imp519-1er_firmware *
schneider-electric ibp519-1er_firmware *
schneider-electric ibp1110-1er_firmware *
schneider-electric imp1110-1_firmware *
schneider-electric ibp319-1er_firmware *
schneider-electric imp319-1er_firmware *
schneider-electric imp319-1_firmware *
schneider-electric imp519-1_firmware *
CVE-2018-7228 HIGH

A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow an unauthenticated, remote attacker to bypass authentication and get the administrator privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
schneider-electric imps110-1er_firmware *
schneider-electric imp1110-1er_firmware *
schneider-electric imp219-1e_firmware *
schneider-electric imp519-1e_firmware *
schneider-electric ibps110-1er_firmware *
schneider-electric imp1110-1e_firmware *
schneider-electric imp319-1e_firmware *
schneider-electric imps110-1e_firmware *
schneider-electric imp219-1_firmware *
schneider-electric mps110-1_firmware *
schneider-electric imp219-1er_firmware *
schneider-electric ibp219-1er_firmware *
schneider-electric imp519-1er_firmware *
schneider-electric ibp519-1er_firmware *
schneider-electric ibp1110-1er_firmware *
schneider-electric imp1110-1_firmware *
schneider-electric ibp319-1er_firmware *
schneider-electric imp319-1er_firmware *
schneider-electric imp319-1_firmware *
schneider-electric imp519-1_firmware *
CVE-2018-7229 HIGH

A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow an unauthenticated, remote attacker to bypass authentication and gain administrator privileges because the use of hardcoded credentials.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-798,

Products Affected

Vendor Product Version
schneider-electric imps110-1er_firmware *
schneider-electric imp1110-1er_firmware *
schneider-electric imp219-1e_firmware *
schneider-electric imp519-1e_firmware *
schneider-electric ibps110-1er_firmware *
schneider-electric imp1110-1e_firmware *
schneider-electric imp319-1e_firmware *
schneider-electric imps110-1e_firmware *
schneider-electric imp219-1_firmware *
schneider-electric mps110-1_firmware *
schneider-electric imp219-1er_firmware *
schneider-electric ibp219-1er_firmware *
schneider-electric imp519-1er_firmware *
schneider-electric ibp519-1er_firmware *
schneider-electric ibp1110-1er_firmware *
schneider-electric imp1110-1_firmware *
schneider-electric ibp319-1er_firmware *
schneider-electric imp319-1er_firmware *
schneider-electric imp319-1_firmware *
schneider-electric imp519-1_firmware *
CVE-2018-7230 MEDIUM

A XML external entity (XXE) vulnerability exists in the import.cgi of the web interface component of the Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-611,

Products Affected

Vendor Product Version
schneider-electric imps110-1er_firmware *
schneider-electric imp1110-1er_firmware *
schneider-electric imp219-1e_firmware *
schneider-electric imp519-1e_firmware *
schneider-electric ibps110-1er_firmware *
schneider-electric imp1110-1e_firmware *
schneider-electric imp319-1e_firmware *
schneider-electric imps110-1e_firmware *
schneider-electric imp219-1_firmware *
schneider-electric mps110-1_firmware *
schneider-electric imp219-1er_firmware *
schneider-electric ibp219-1er_firmware *
schneider-electric imp519-1er_firmware *
schneider-electric ibp519-1er_firmware *
schneider-electric ibp1110-1er_firmware *
schneider-electric imp1110-1_firmware *
schneider-electric ibp319-1er_firmware *
schneider-electric imp319-1er_firmware *
schneider-electric imp319-1_firmware *
schneider-electric imp519-1_firmware *
CVE-2018-7231 HIGH

A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow execution of commands due to lack of validation of the shell meta characters with the value of 'system.opkg.remove'.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
schneider-electric imps110-1er_firmware *
schneider-electric imp1110-1er_firmware *
schneider-electric imp219-1e_firmware *
schneider-electric imp519-1e_firmware *
schneider-electric ibps110-1er_firmware *
schneider-electric imp1110-1e_firmware *
schneider-electric imp319-1e_firmware *
schneider-electric imps110-1e_firmware *
schneider-electric imp219-1_firmware *
schneider-electric mps110-1_firmware *
schneider-electric imp219-1er_firmware *
schneider-electric ibp219-1er_firmware *
schneider-electric imp519-1er_firmware *
schneider-electric ibp519-1er_firmware *
schneider-electric ibp1110-1er_firmware *
schneider-electric imp1110-1_firmware *
schneider-electric ibp319-1er_firmware *
schneider-electric imp319-1er_firmware *
schneider-electric imp319-1_firmware *
schneider-electric imp519-1_firmware *
CVE-2018-7232 HIGH

A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow execution of commands due to lack of validation of the shell meta characters with the value of 'network.ieee8021x.delete_certs'.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
schneider-electric imps110-1er_firmware *
schneider-electric imp1110-1er_firmware *
schneider-electric imp219-1e_firmware *
schneider-electric imp519-1e_firmware *
schneider-electric ibps110-1er_firmware *
schneider-electric imp1110-1e_firmware *
schneider-electric imp319-1e_firmware *
schneider-electric imps110-1e_firmware *
schneider-electric imp219-1_firmware *
schneider-electric mps110-1_firmware *
schneider-electric imp219-1er_firmware *
schneider-electric ibp219-1er_firmware *
schneider-electric imp519-1er_firmware *
schneider-electric ibp519-1er_firmware *
schneider-electric ibp1110-1er_firmware *
schneider-electric imp1110-1_firmware *
schneider-electric ibp319-1er_firmware *
schneider-electric imp319-1er_firmware *
schneider-electric imp319-1_firmware *
schneider-electric imp519-1_firmware *
CVE-2018-7233 HIGH

A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow execution of commands due to lack of validation of the shell meta characters with the value of 'model_name' or 'mac_address'.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
schneider-electric imps110-1er_firmware *
schneider-electric imp1110-1er_firmware *
schneider-electric imp219-1e_firmware *
schneider-electric imp519-1e_firmware *
schneider-electric ibps110-1er_firmware *
schneider-electric imp1110-1e_firmware *
schneider-electric imp319-1e_firmware *
schneider-electric imps110-1e_firmware *
schneider-electric imp219-1_firmware *
schneider-electric mps110-1_firmware *
schneider-electric imp219-1er_firmware *
schneider-electric ibp219-1er_firmware *
schneider-electric imp519-1er_firmware *
schneider-electric ibp519-1er_firmware *
schneider-electric ibp1110-1er_firmware *
schneider-electric imp1110-1_firmware *
schneider-electric ibp319-1er_firmware *
schneider-electric imp319-1er_firmware *
schneider-electric imp319-1_firmware *
schneider-electric imp519-1_firmware *
CVE-2018-7234 HIGH

A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow arbitrary system file download due to lack of validation of SSL certificate.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-295,

Products Affected

Vendor Product Version
schneider-electric imps110-1er_firmware *
schneider-electric imp1110-1er_firmware *
schneider-electric imp219-1e_firmware *
schneider-electric imp519-1e_firmware *
schneider-electric ibps110-1er_firmware *
schneider-electric imp1110-1e_firmware *
schneider-electric imp319-1e_firmware *
schneider-electric imps110-1e_firmware *
schneider-electric imp219-1_firmware *
schneider-electric mps110-1_firmware *
schneider-electric imp219-1er_firmware *
schneider-electric ibp219-1er_firmware *
schneider-electric imp519-1er_firmware *
schneider-electric ibp519-1er_firmware *
schneider-electric ibp1110-1er_firmware *
schneider-electric imp1110-1_firmware *
schneider-electric ibp319-1er_firmware *
schneider-electric imp319-1er_firmware *
schneider-electric imp319-1_firmware *
schneider-electric imp519-1_firmware *
CVE-2018-7235 HIGH

A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow arbitrary system file download due to lack of validation of the shell meta characters with the value of 'system.download.sd_file'

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
schneider-electric imps110-1er_firmware *
schneider-electric imp1110-1er_firmware *
schneider-electric imp219-1e_firmware *
schneider-electric imp519-1e_firmware *
schneider-electric ibps110-1er_firmware *
schneider-electric imp1110-1e_firmware *
schneider-electric imp319-1e_firmware *
schneider-electric imps110-1e_firmware *
schneider-electric imp219-1_firmware *
schneider-electric mps110-1_firmware *
schneider-electric imp219-1er_firmware *
schneider-electric ibp219-1er_firmware *
schneider-electric imp519-1er_firmware *
schneider-electric ibp519-1er_firmware *
schneider-electric ibp1110-1er_firmware *
schneider-electric imp1110-1_firmware *
schneider-electric ibp319-1er_firmware *
schneider-electric imp319-1er_firmware *
schneider-electric imp319-1_firmware *
schneider-electric imp519-1_firmware *
CVE-2018-7236 MEDIUM

A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could enable SSH service due to lack of authentication for /login/bin/set_param could enable SSH service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N 2.8 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
schneider-electric imps110-1er_firmware *
schneider-electric imp1110-1er_firmware *
schneider-electric imp219-1e_firmware *
schneider-electric imp519-1e_firmware *
schneider-electric ibps110-1er_firmware *
schneider-electric imp1110-1e_firmware *
schneider-electric imp319-1e_firmware *
schneider-electric imps110-1e_firmware *
schneider-electric imp219-1_firmware *
schneider-electric mps110-1_firmware *
schneider-electric imp219-1er_firmware *
schneider-electric ibp219-1er_firmware *
schneider-electric imp519-1er_firmware *
schneider-electric ibp519-1er_firmware *
schneider-electric ibp1110-1er_firmware *
schneider-electric imp1110-1_firmware *
schneider-electric ibp319-1er_firmware *
schneider-electric imp319-1er_firmware *
schneider-electric imp319-1_firmware *
schneider-electric imp519-1_firmware *
CVE-2018-7237 MEDIUM

A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow a remote attacker to delete arbitrary system file due to lack of validation of the /login/bin/set_param to the file name with the value of 'system.delete.sd_file'

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H 3.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
schneider-electric imps110-1er_firmware *
schneider-electric imp1110-1er_firmware *
schneider-electric imp219-1e_firmware *
schneider-electric imp519-1e_firmware *
schneider-electric ibps110-1er_firmware *
schneider-electric imp1110-1e_firmware *
schneider-electric imp319-1e_firmware *
schneider-electric imps110-1e_firmware *
schneider-electric imp219-1_firmware *
schneider-electric mps110-1_firmware *
schneider-electric imp219-1er_firmware *
schneider-electric ibp219-1er_firmware *
schneider-electric imp519-1er_firmware *
schneider-electric ibp519-1er_firmware *
schneider-electric ibp1110-1er_firmware *
schneider-electric imp1110-1_firmware *
schneider-electric ibp319-1er_firmware *
schneider-electric imp319-1er_firmware *
schneider-electric imp319-1_firmware *
schneider-electric imp519-1_firmware *
CVE-2018-7238 HIGH

A buffer overflow vulnerability exist in the web-based GUI of Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow an unauthenticated, remote attacker to execute arbitrary code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,

Products Affected

Vendor Product Version
schneider-electric imps110-1er_firmware *
schneider-electric imp1110-1er_firmware *
schneider-electric imp219-1e_firmware *
schneider-electric imp519-1e_firmware *
schneider-electric ibps110-1er_firmware *
schneider-electric imp1110-1e_firmware *
schneider-electric imp319-1e_firmware *
schneider-electric imps110-1e_firmware *
schneider-electric imp219-1_firmware *
schneider-electric mps110-1_firmware *
schneider-electric imp219-1er_firmware *
schneider-electric ibp219-1er_firmware *
schneider-electric imp519-1er_firmware *
schneider-electric ibp519-1er_firmware *
schneider-electric ibp1110-1er_firmware *
schneider-electric imp1110-1_firmware *
schneider-electric ibp319-1er_firmware *
schneider-electric imp319-1er_firmware *
schneider-electric imp319-1_firmware *
schneider-electric imp519-1_firmware *
CVE-2018-7239 MEDIUM

A DLL hijacking vulnerability exists in Schneider Electric's SoMove Software and associated DTM software components in all versions prior to 2.6.2 which could allow an attacker to execute arbitrary code.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-426,

Products Affected

Vendor Product Version
schneider-electric atv340_dtm *
schneider-electric atv31_dtm *
schneider-electric somove *
schneider-electric atv12_dtm *
schneider-electric atv320_dtm *
schneider-electric atv71_dtm *
schneider-electric atv312_dtm *
schneider-electric atv900_dtm *
schneider-electric atv32_dtm *
schneider-electric atv_lift_dtm *
schneider-electric atv600_dtm *
schneider-electric atv212_dtm *
schneider-electric atv61_dtm *
CVE-2018-7240 MEDIUM

A vulnerability exists in Schneider Electric's Modicon Quantum in all versions of the communication modules which could allow arbitrary code execution. An FTP command used to upgrade the firmware of the module can be misused to cause a denial of service, or in extreme cases, to load a malicious firmware.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
schneider-electric 140cpu31110_firmware -
schneider-electric 140cpu65260c_firmware -
schneider-electric 140cpu65260_firmware -
schneider-electric 140cpu65160s_firmware -
schneider-electric 140cpu65150_firmware -
schneider-electric 140cpu65860c_firmware -
schneider-electric 140cpu65160c_firmware -
schneider-electric 140cpu31110c_firmware -
schneider-electric 140cpu65150c_firmware -
schneider-electric 140cpu65160_firmware -
schneider-electric 140cpu43412u_firmware -
schneider-electric 140cpu65860_firmware -
schneider-electric 140cpu43412uc_firmware -
CVE-2018-7241 HIGH

Hard coded accounts exist in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-798,

Products Affected

Vendor Product Version
schneider-electric 140cpu31110_firmware -
schneider-electric 140cpu65260c_firmware -
schneider-electric 140cpu65160s_firmware -
schneider-electric tsxp57304mc_firmware -
schneider-electric tsxp57204m_firmware -
schneider-electric tsxp57354mc_firmware -
schneider-electric tsxp57154mc_firmware -
schneider-electric modicon_m340_bmxp3420302h_firmware -
schneider-electric 140cpu65160_firmware -
schneider-electric bmxnor0200_firmware -
schneider-electric 140cpu65860_firmware -
schneider-electric 140cpu43412uc_firmware -
schneider-electric modicon_m340_bmxp341000h_firmware -
schneider-electric modicon_m340_bmxp3420302cl_firmware -
schneider-electric tsxp576634mc_firmware -
schneider-electric tsxp573634mc_firmware -
schneider-electric tsxh5724mc_firmware -
schneider-electric tsxp57554m_firmware -
schneider-electric 140cpu65150_firmware -
schneider-electric 140cpu65160c_firmware -
schneider-electric tsxp57104m_firmware -
schneider-electric 140cpu65150c_firmware -
schneider-electric tsxp57104mc_firmware -
schneider-electric tsxp57304m_firmware -
schneider-electric tsxp57554mc_firmware -
schneider-electric modicon_m340_bmxp3420102_firmware -
schneider-electric tsxp57154m_firmware -
schneider-electric tsxp57454mc_firmware -
schneider-electric tsxp573634m_firmware -
schneider-electric tsxp57454m_firmware -
schneider-electric tsxp575634mc_firmware -
schneider-electric modicon_m340_bmxp3420302_firmware -
schneider-electric tsxp574634mc_firmware -
schneider-electric modicon_m340_bmxp341000_firmware -
schneider-electric modicon_m340_bmxp3420102cl_firmware -
schneider-electric tsxp572634mc_firmware -
schneider-electric tsxp57254mc_firmware -
schneider-electric tsxp574634m_firmware -
schneider-electric tsxh5724m_firmware -
schneider-electric modicon_m340_bmxp342020h_firmware -
schneider-electric tsxp572634m_firmware -
schneider-electric tsxp571634m_firmware -
schneider-electric bmxnor0200h_firmware -
schneider-electric 140cpu65260_firmware -
schneider-electric tsxh5744m_firmware -
schneider-electric 140cpu65860c_firmware -
schneider-electric tsxp575634m_firmware -
schneider-electric modicon_m340_bmxp342020_firmware -
schneider-electric tsxp57354m_firmware -
schneider-electric 140cpu31110c_firmware -
schneider-electric tsxp57254m_firmware -
schneider-electric tsxp57204mc_firmware -
schneider-electric tsxh5744mc_firmware -
schneider-electric tsxp576634m_firmware -
schneider-electric modicon_m340_bmxp342000_firmware -
schneider-electric 140cpu43412u_firmware -
schneider-electric tsxp571634mc_firmware -
CVE-2018-7242 MEDIUM

Vulnerable hash algorithms exists in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules. The algorithm used to encrypt the password is vulnerable to hash collision attacks.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-326,

Products Affected

Vendor Product Version
schneider-electric 140cpu31110_firmware -
schneider-electric 140cpu65260c_firmware -
schneider-electric 140cpu65160s_firmware -
schneider-electric tsxp57304mc_firmware -
schneider-electric tsxp57204m_firmware -
schneider-electric tsxp57354mc_firmware -
schneider-electric tsxp57154mc_firmware -
schneider-electric modicon_m340_bmxp3420302h_firmware -
schneider-electric 140cpu65160_firmware -
schneider-electric bmxnor0200_firmware -
schneider-electric 140cpu65860_firmware -
schneider-electric 140cpu43412uc_firmware -
schneider-electric modicon_m340_bmxp341000h_firmware -
schneider-electric modicon_m340_bmxp3420302cl_firmware -
schneider-electric tsxp576634mc_firmware -
schneider-electric tsxp573634mc_firmware -
schneider-electric tsxh5724mc_firmware -
schneider-electric tsxp57554m_firmware -
schneider-electric 140cpu65150_firmware -
schneider-electric 140cpu65160c_firmware -
schneider-electric tsxp57104m_firmware -
schneider-electric 140cpu65150c_firmware -
schneider-electric tsxp57104mc_firmware -
schneider-electric tsxp57304m_firmware -
schneider-electric tsxp57554mc_firmware -
schneider-electric modicon_m340_bmxp3420102_firmware -
schneider-electric tsxp57154m_firmware -
schneider-electric tsxp57454mc_firmware -
schneider-electric tsxp573634m_firmware -
schneider-electric tsxp57454m_firmware -
schneider-electric tsxp575634mc_firmware -
schneider-electric modicon_m340_bmxp3420302_firmware -
schneider-electric tsxp574634mc_firmware -
schneider-electric modicon_m340_bmxp341000_firmware -
schneider-electric modicon_m340_bmxp3420102cl_firmware -
schneider-electric tsxp572634mc_firmware -
schneider-electric tsxp57254mc_firmware -
schneider-electric tsxp574634m_firmware -
schneider-electric tsxh5724m_firmware -
schneider-electric modicon_m340_bmxp342020h_firmware -
schneider-electric tsxp572634m_firmware -
schneider-electric tsxp571634m_firmware -
schneider-electric bmxnor0200h_firmware -
schneider-electric 140cpu65260_firmware -
schneider-electric tsxh5744m_firmware -
schneider-electric 140cpu65860c_firmware -
schneider-electric tsxp575634m_firmware -
schneider-electric modicon_m340_bmxp342020_firmware -
schneider-electric tsxp57354m_firmware -
schneider-electric 140cpu31110c_firmware -
schneider-electric tsxp57254m_firmware -
schneider-electric tsxp57204mc_firmware -
schneider-electric tsxh5744mc_firmware -
schneider-electric tsxp576634m_firmware -
schneider-electric modicon_m340_bmxp342000_firmware -
schneider-electric 140cpu43412u_firmware -
schneider-electric tsxp571634mc_firmware -
CVE-2018-7243 HIGH

An authorization bypass vulnerability exists In Schneider Electric's 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. The integrated web server (Port 80/443/TCP) of the affected devices could allow a remote attacker to get a full access to device, bypassing the authorization system.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
schneider-electric 66074_mge_network_management_card_transverse -
CVE-2018-7244 MEDIUM

An information disclosure vulnerability exists In Schneider Electric's 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. The integrated web server (Port 80/443/TCP) of the affected devices could allow a remote attacker to obtain sensitive device information if network access was obtained.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
schneider-electric 66074_mge_network_management_card_transverse -
CVE-2018-7245 MEDIUM

An improper authorization vulnerability exists In Schneider Electric's 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. The integrated web server (Port 80/443/TCP) of the affected devices could allow a remote attacker to change UPS control and shutdown parameters or other critical settings without authorization.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-863,

Products Affected

Vendor Product Version
schneider-electric 66074_mge_network_management_card_transverse -
CVE-2018-7246 MEDIUM

A cleartext transmission of sensitive information vulnerability exists in Schneider Electric's 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. he integrated web server (Port 80/443/TCP) of the affected devices could allow remote attackers to discover an administrative account. If default on device, it is not using a SSL in settings and if multiple request of the page "Access Control" (IP-address device/ups/pas_cont.htm) account data will be sent in cleartext

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-319,

Products Affected

Vendor Product Version
schneider-electric 66074_mge_network_management_card_transverse -
CVE-2018-7522 HIGH

In Schneider Electric Triconex Tricon MP model 3008 firmware versions 10.0-10.4, when a system call is made, registers are stored to a fixed memory location. Modifying the data in this location could allow attackers to gain supervisor-level access and control system states.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
schneider-electric triconex_tricon_mp_3008_firmware *
CVE-2018-7758 LOW

A denial of service vulnerability exists in Schneider Electric's MiCOM Px4x (P540 range excluded) with legacy Ethernet board, MiCOM P540D Range with Legacy Ethernet Board, and MiCOM Px4x Rejuvenated could lose network communication in case of TCP/IP open requests on port 20000 (DNP3oE) if an older TCI/IP session is still open with identical IP address and port number.

CVSS 2.0

Severity: LOW

Problem Type: CWE-613,

Products Affected

Vendor Product Version
schneider-electric micom_p643_firmware -
schneider-electric micom_p645_firmware -
schneider-electric micom_p442_firmware -
schneider-electric micom_p544_firmware -
schneider-electric micom_p142_firmware -
schneider-electric micom_p841a_firmware -
schneider-electric micom_p849_firmware -
schneider-electric micom_p445_firmware -
schneider-electric micom_p841b_firmware -
schneider-electric micom_p546_firmware -
schneider-electric micom_p141_firmware -
schneider-electric micom_p543_firmware -
schneider-electric micom_p542_firmware -
schneider-electric micom_p642_firmware -
schneider-electric micom_p444_firmware -
schneider-electric micom_p446_firmware -
schneider-electric micom_p145_firmware -
schneider-electric micom_p441_firmware -
schneider-electric micom_p746_firmware -
schneider-electric micom_p443_firmware -
schneider-electric micom_p545_firmware -
schneider-electric micom_p541_firmware -
schneider-electric micom_p143_firmware -
CVE-2018-7759 MEDIUM

A buffer overflow vulnerability exists in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200. The buffer overflow vulnerability is caused by the length of the source string specified (instead of the buffer size) as the number of bytes to be copied.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
schneider-electric 140cpu31110_firmware -
schneider-electric 140cpu65260c_firmware -
schneider-electric 140cpu65160s_firmware -
schneider-electric tsxp57304mc_firmware -
schneider-electric tsxp57204m_firmware -
schneider-electric tsxp57354mc_firmware -
schneider-electric tsxp57154mc_firmware -
schneider-electric modicon_m340_bmxp3420302h_firmware -
schneider-electric 140cpu65160_firmware -
schneider-electric bmxnor0200_firmware -
schneider-electric 140cpu65860_firmware -
schneider-electric 140cpu43412uc_firmware -
schneider-electric modicon_m340_bmxp341000h_firmware -
schneider-electric modicon_m340_bmxp3420302cl_firmware -
schneider-electric tsxp576634mc_firmware -
schneider-electric tsxp573634mc_firmware -
schneider-electric tsxh5724mc_firmware -
schneider-electric tsxp57554m_firmware -
schneider-electric 140cpu65150_firmware -
schneider-electric 140cpu65160c_firmware -
schneider-electric tsxp57104m_firmware -
schneider-electric 140cpu65150c_firmware -
schneider-electric tsxp57104mc_firmware -
schneider-electric tsxp57304m_firmware -
schneider-electric tsxp57554mc_firmware -
schneider-electric modicon_m340_bmxp3420102_firmware -
schneider-electric tsxp57154m_firmware -
schneider-electric tsxp57454mc_firmware -
schneider-electric tsxp573634m_firmware -
schneider-electric tsxp57454m_firmware -
schneider-electric tsxp575634mc_firmware -
schneider-electric modicon_m340_bmxp3420302_firmware -
schneider-electric tsxp574634mc_firmware -
schneider-electric modicon_m340_bmxp341000_firmware -
schneider-electric modicon_m340_bmxp3420102cl_firmware -
schneider-electric tsxp572634mc_firmware -
schneider-electric tsxp57254mc_firmware -
schneider-electric tsxp574634m_firmware -
schneider-electric tsxh5724m_firmware -
schneider-electric modicon_m340_bmxp342020h_firmware -
schneider-electric tsxp572634m_firmware -
schneider-electric tsxp571634m_firmware -
schneider-electric bmxnor0200h_firmware -
schneider-electric 140cpu65260_firmware -
schneider-electric tsxh5744m_firmware -
schneider-electric 140cpu65860c_firmware -
schneider-electric tsxp575634m_firmware -
schneider-electric modicon_m340_bmxp342020_firmware -
schneider-electric tsxp57354m_firmware -
schneider-electric 140cpu31110c_firmware -
schneider-electric tsxp57254m_firmware -
schneider-electric tsxp57204mc_firmware -
schneider-electric tsxh5744mc_firmware -
schneider-electric tsxp576634m_firmware -
schneider-electric modicon_m340_bmxp342000_firmware -
schneider-electric 140cpu43412u_firmware -
schneider-electric tsxp571634mc_firmware -
CVE-2018-7760 HIGH

An authorization bypass vulnerability exists in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200. Requests to CGI functions allow malicious users to bypass authorization.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
schneider-electric 140cpu31110_firmware -
schneider-electric 140cpu65260c_firmware -
schneider-electric 140cpu65160s_firmware -
schneider-electric tsxp57304mc_firmware -
schneider-electric tsxp57204m_firmware -
schneider-electric tsxp57354mc_firmware -
schneider-electric tsxp57154mc_firmware -
schneider-electric modicon_m340_bmxp3420302h_firmware -
schneider-electric 140cpu65160_firmware -
schneider-electric bmxnor0200_firmware -
schneider-electric 140cpu65860_firmware -
schneider-electric 140cpu43412uc_firmware -
schneider-electric modicon_m340_bmxp341000h_firmware -
schneider-electric modicon_m340_bmxp3420302cl_firmware -
schneider-electric tsxp576634mc_firmware -
schneider-electric tsxp573634mc_firmware -
schneider-electric tsxh5724mc_firmware -
schneider-electric tsxp57554m_firmware -
schneider-electric 140cpu65150_firmware -
schneider-electric 140cpu65160c_firmware -
schneider-electric tsxp57104m_firmware -
schneider-electric 140cpu65150c_firmware -
schneider-electric tsxp57104mc_firmware -
schneider-electric tsxp57304m_firmware -
schneider-electric tsxp57554mc_firmware -
schneider-electric modicon_m340_bmxp3420102_firmware -
schneider-electric tsxp57154m_firmware -
schneider-electric tsxp57454mc_firmware -
schneider-electric tsxp573634m_firmware -
schneider-electric tsxp57454m_firmware -
schneider-electric tsxp575634mc_firmware -
schneider-electric modicon_m340_bmxp3420302_firmware -
schneider-electric tsxp574634mc_firmware -
schneider-electric modicon_m340_bmxp341000_firmware -
schneider-electric modicon_m340_bmxp3420102cl_firmware -
schneider-electric tsxp572634mc_firmware -
schneider-electric tsxp57254mc_firmware -
schneider-electric tsxp574634m_firmware -
schneider-electric tsxh5724m_firmware -
schneider-electric modicon_m340_bmxp342020h_firmware -
schneider-electric tsxp572634m_firmware -
schneider-electric tsxp571634m_firmware -
schneider-electric bmxnor0200h_firmware -
schneider-electric 140cpu65260_firmware -
schneider-electric tsxh5744m_firmware -
schneider-electric 140cpu65860c_firmware -
schneider-electric tsxp575634m_firmware -
schneider-electric modicon_m340_bmxp342020_firmware -
schneider-electric tsxp57354m_firmware -
schneider-electric 140cpu31110c_firmware -
schneider-electric tsxp57254m_firmware -
schneider-electric tsxp57204mc_firmware -
schneider-electric tsxh5744mc_firmware -
schneider-electric tsxp576634m_firmware -
schneider-electric modicon_m340_bmxp342000_firmware -
schneider-electric 140cpu43412u_firmware -
schneider-electric tsxp571634mc_firmware -
CVE-2018-7761 HIGH

A vulnerability exists in the HTTP request parser in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200 which could allow arbitrary code execution.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
schneider-electric 140cpu31110_firmware -
schneider-electric 140cpu65260c_firmware -
schneider-electric 140cpu65160s_firmware -
schneider-electric tsxp57304mc_firmware -
schneider-electric tsxp57204m_firmware -
schneider-electric tsxp57354mc_firmware -
schneider-electric tsxp57154mc_firmware -
schneider-electric modicon_m340_bmxp3420302h_firmware -
schneider-electric 140cpu65160_firmware -
schneider-electric bmxnor0200_firmware -
schneider-electric 140cpu65860_firmware -
schneider-electric 140cpu43412uc_firmware -
schneider-electric modicon_m340_bmxp341000h_firmware -
schneider-electric modicon_m340_bmxp3420302cl_firmware -
schneider-electric tsxp576634mc_firmware -
schneider-electric tsxp573634mc_firmware -
schneider-electric tsxh5724mc_firmware -
schneider-electric tsxp57554m_firmware -
schneider-electric 140cpu65150_firmware -
schneider-electric 140cpu65160c_firmware -
schneider-electric tsxp57104m_firmware -
schneider-electric 140cpu65150c_firmware -
schneider-electric tsxp57104mc_firmware -
schneider-electric tsxp57304m_firmware -
schneider-electric tsxp57554mc_firmware -
schneider-electric modicon_m340_bmxp3420102_firmware -
schneider-electric tsxp57154m_firmware -
schneider-electric tsxp57454mc_firmware -
schneider-electric tsxp573634m_firmware -
schneider-electric tsxp57454m_firmware -
schneider-electric tsxp575634mc_firmware -
schneider-electric modicon_m340_bmxp3420302_firmware -
schneider-electric tsxp574634mc_firmware -
schneider-electric modicon_m340_bmxp341000_firmware -
schneider-electric modicon_m340_bmxp3420102cl_firmware -
schneider-electric tsxp572634mc_firmware -
schneider-electric tsxp57254mc_firmware -
schneider-electric tsxp574634m_firmware -
schneider-electric tsxh5724m_firmware -
schneider-electric modicon_m340_bmxp342020h_firmware -
schneider-electric tsxp572634m_firmware -
schneider-electric tsxp571634m_firmware -
schneider-electric bmxnor0200h_firmware -
schneider-electric 140cpu65260_firmware -
schneider-electric tsxh5744m_firmware -
schneider-electric 140cpu65860c_firmware -
schneider-electric tsxp575634m_firmware -
schneider-electric modicon_m340_bmxp342020_firmware -
schneider-electric tsxp57354m_firmware -
schneider-electric 140cpu31110c_firmware -
schneider-electric tsxp57254m_firmware -
schneider-electric tsxp57204mc_firmware -
schneider-electric tsxh5744mc_firmware -
schneider-electric tsxp576634m_firmware -
schneider-electric modicon_m340_bmxp342000_firmware -
schneider-electric 140cpu43412u_firmware -
schneider-electric tsxp571634mc_firmware -
CVE-2018-7762 MEDIUM

A vulnerability exists in the web services to process SOAP requests in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200 which could allow result in a buffer overflow.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
schneider-electric 140cpu31110_firmware -
schneider-electric 140cpu65260c_firmware -
schneider-electric 140cpu65160s_firmware -
schneider-electric tsxp57304mc_firmware -
schneider-electric tsxp57204m_firmware -
schneider-electric tsxp57354mc_firmware -
schneider-electric tsxp57154mc_firmware -
schneider-electric modicon_m340_bmxp3420302h_firmware -
schneider-electric 140cpu65160_firmware -
schneider-electric bmxnor0200_firmware -
schneider-electric 140cpu65860_firmware -
schneider-electric 140cpu43412uc_firmware -
schneider-electric modicon_m340_bmxp341000h_firmware -
schneider-electric modicon_m340_bmxp3420302cl_firmware -
schneider-electric tsxp576634mc_firmware -
schneider-electric tsxp573634mc_firmware -
schneider-electric tsxh5724mc_firmware -
schneider-electric tsxp57554m_firmware -
schneider-electric 140cpu65150_firmware -
schneider-electric 140cpu65160c_firmware -
schneider-electric tsxp57104m_firmware -
schneider-electric 140cpu65150c_firmware -
schneider-electric tsxp57104mc_firmware -
schneider-electric tsxp57304m_firmware -
schneider-electric tsxp57554mc_firmware -
schneider-electric modicon_m340_bmxp3420102_firmware -
schneider-electric tsxp57154m_firmware -
schneider-electric tsxp57454mc_firmware -
schneider-electric tsxp573634m_firmware -
schneider-electric tsxp57454m_firmware -
schneider-electric tsxp575634mc_firmware -
schneider-electric modicon_m340_bmxp3420302_firmware -
schneider-electric tsxp574634mc_firmware -
schneider-electric modicon_m340_bmxp341000_firmware -
schneider-electric modicon_m340_bmxp3420102cl_firmware -
schneider-electric tsxp572634mc_firmware -
schneider-electric tsxp57254mc_firmware -
schneider-electric tsxp574634m_firmware -
schneider-electric tsxh5724m_firmware -
schneider-electric modicon_m340_bmxp342020h_firmware -
schneider-electric tsxp572634m_firmware -
schneider-electric tsxp571634m_firmware -
schneider-electric bmxnor0200h_firmware -
schneider-electric 140cpu65260_firmware -
schneider-electric tsxh5744m_firmware -
schneider-electric 140cpu65860c_firmware -
schneider-electric tsxp575634m_firmware -
schneider-electric modicon_m340_bmxp342020_firmware -
schneider-electric tsxp57354m_firmware -
schneider-electric 140cpu31110c_firmware -
schneider-electric tsxp57254m_firmware -
schneider-electric tsxp57204mc_firmware -
schneider-electric tsxh5744mc_firmware -
schneider-electric tsxp576634m_firmware -
schneider-electric modicon_m340_bmxp342000_firmware -
schneider-electric 140cpu43412u_firmware -
schneider-electric tsxp571634mc_firmware -
CVE-2018-7763 MEDIUM

The vulnerability exists within css.inc.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The 'css' parameter contains a directory traversal vulnerability.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
schneider-electric u.motion_builder *
CVE-2018-7764 MEDIUM

The vulnerability exists within runscript.php applet in Schneider Electric U.motion Builder software versions prior to v1.3.4. There is a directory traversal vulnerability in the processing of the 's' parameter of the applet.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
schneider-electric u.motion_builder *
CVE-2018-7765 MEDIUM

The vulnerability exists within processing of track_import_export.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the object_id input parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
schneider-electric u.motion_builder *
CVE-2018-7766 MEDIUM

The vulnerability exists within processing of track_getdata.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the id input parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
schneider-electric u.motion_builder *
CVE-2018-7767 MEDIUM

The vulnerability exists within processing of editobject.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the type input parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
schneider-electric u.motion_builder *
CVE-2018-7768 MEDIUM

The vulnerability exists within processing of loadtemplate.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the tpl input parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
schneider-electric u.motion_builder *
CVE-2018-7769 MEDIUM

The vulnerability exists within processing of xmlserver.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the id input parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
schneider-electric u.motion_builder *
CVE-2018-7770 MEDIUM

The vulnerability exists within processing of sendmail.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The applet allows callers to select arbitrary files to send to an arbitrary email address.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
schneider-electric u.motion *
CVE-2018-7771 MEDIUM

The vulnerability exists within processing of editscript.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. A directory traversal vulnerability allows a caller with standard user privileges to write arbitrary php files anywhere in the web service directory tree.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
schneider-electric u.motion_builder *
CVE-2018-7772 MEDIUM

The vulnerability exists within processing of applets which are exposed on the web service in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query to determine whether a user is logged in is subject to SQL injection on the loginSeed parameter, which can be embedded in the HTTP cookie of the request.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
schneider-electric u.motion_builder *
CVE-2018-7773 MEDIUM

The vulnerability exists within processing of nfcserver.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the sessionid input parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
schneider-electric u.motion_builder *
CVE-2018-7774 MEDIUM

The vulnerability exists within processing of localize.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the username input parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
schneider-electric u.motion_builder *
CVE-2018-7776 MEDIUM

The vulnerability exists within error.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. System information is returned to the attacker that contains sensitive data.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
schneider-electric u.motion_builder *
CVE-2018-7777 MEDIUM

The vulnerability is due to insufficient handling of update_file request parameter on update_module.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. A remote, authenticated attacker can exploit this vulnerability by sending a crafted request to the target server.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
schneider-electric u.motion_builder *
CVE-2018-7778 HIGH

In Schneider Electric Evlink Charging Station versions prior to v3.2.0-12_v1, the Web Interface has an issue that may allow a remote attacker to gain administrative privileges without properly authenticating remote users.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-306,

Products Affected

Vendor Product Version
schneider-electric evlink_charging_station_firmware *
CVE-2018-7779 MEDIUM

In Schneider Electric Wiser for KNX V2.1.0 and prior, homeLYnk V2.0.1 and prior; and spaceLYnk V2.1.0 and prior, weak and unprotected FTP access could allow an attacker unauthorized access.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
schneider-electric homelynk_firmware *
schneider-electric spacelynk_firmware *
schneider-electric wiser_for_knx_firmware *
CVE-2018-7780 HIGH

In Schneider Electric Pelco Sarix Professional 1st generation cameras with firmware versions prior to 3.29.69, a buffer overflow vulnerability exist in cgi program "set".

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
schneider-electric imps110-1er_firmware *
schneider-electric imp1110-1er_firmware *
schneider-electric imp219-1e_firmware *
schneider-electric imp519-1e_firmware *
schneider-electric ibps110-1er_firmware *
schneider-electric imps110-1_firmware *
schneider-electric imp1110-1e_firmware *
schneider-electric imp319-1e_firmware *
schneider-electric imps110-1e_firmware *
schneider-electric imp219-1_firmware *
schneider-electric imp219-1er_firmware *
schneider-electric ibp219-1er_firmware *
schneider-electric imp519-1er_firmware *
schneider-electric ibp519-1er_firmware *
schneider-electric ibp1110-1er_firmware *
schneider-electric imp1110-1_firmware *
schneider-electric ibp319-1er_firmware *
schneider-electric imp319-1er_firmware *
schneider-electric imp319-1_firmware *
schneider-electric imp519-1_firmware *
CVE-2018-7781 MEDIUM

In Schneider Electric Pelco Sarix Professional 1st generation cameras with firmware versions prior to 3.29.69, by sending a specially crafted request an authenticated user can view password in clear text and results in privilege escalation.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-311,

Products Affected

Vendor Product Version
schneider-electric imps110-1er_firmware *
schneider-electric imp1110-1er_firmware *
schneider-electric imp219-1e_firmware *
schneider-electric imp519-1e_firmware *
schneider-electric ibps110-1er_firmware *
schneider-electric imps110-1_firmware *
schneider-electric imp1110-1e_firmware *
schneider-electric imp319-1e_firmware *
schneider-electric imps110-1e_firmware *
schneider-electric imp219-1_firmware *
schneider-electric imp219-1er_firmware *
schneider-electric ibp219-1er_firmware *
schneider-electric imp519-1er_firmware *
schneider-electric ibp519-1er_firmware *
schneider-electric ibp1110-1er_firmware *
schneider-electric imp1110-1_firmware *
schneider-electric ibp319-1er_firmware *
schneider-electric imp319-1er_firmware *
schneider-electric imp319-1_firmware *
schneider-electric imp519-1_firmware *
CVE-2018-7782 MEDIUM

In Schneider Electric Pelco Sarix Professional 1st generation cameras with firmware versions prior to 3.29.69, authenticated users can view passwords in clear text.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-522,

Products Affected

Vendor Product Version
schneider-electric imps110-1er_firmware *
schneider-electric imp1110-1er_firmware *
schneider-electric imp219-1e_firmware *
schneider-electric imp519-1e_firmware *
schneider-electric ibps110-1er_firmware *
schneider-electric imps110-1_firmware *
schneider-electric imp1110-1e_firmware *
schneider-electric imp319-1e_firmware *
schneider-electric imps110-1e_firmware *
schneider-electric imp219-1_firmware *
schneider-electric imp219-1er_firmware *
schneider-electric ibp219-1er_firmware *
schneider-electric imp519-1er_firmware *
schneider-electric ibp519-1er_firmware *
schneider-electric ibp1110-1er_firmware *
schneider-electric imp1110-1_firmware *
schneider-electric ibp319-1er_firmware *
schneider-electric imp319-1er_firmware *
schneider-electric imp319-1_firmware *
schneider-electric imp519-1_firmware *
CVE-2018-7783 MEDIUM

Schneider Electric SoMachine Basic prior to v1.6 SP1 suffers from an XML External Entity (XXE) vulnerability using the DTD parameter entities technique resulting in disclosure and retrieval of arbitrary data on the affected node via out-of-band (OOB) attack. The vulnerability is triggered when input passed to the xml parser is not sanitized while parsing the xml project/template file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-611,

Products Affected

Vendor Product Version
schneider-electric somachine_basic *
CVE-2018-7784 HIGH

In Schneider Electric U.motion Builder software versions prior to v1.3.4, this exploit occurs when the submitted data of an input string is evaluated as a command by the application. In this way, the attacker could execute code, read the stack, or cause a segmentation fault in the running application.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
schneider-electric u.motion *
CVE-2018-7785 HIGH

In Schneider Electric U.motion Builder software versions prior to v1.3.4, a remote command injection allows authentication bypass.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-77,

Products Affected

Vendor Product Version
schneider-electric u.motion_builder *
CVE-2018-7786 MEDIUM

In Schneider Electric U.motion Builder software versions prior to v1.3.4, a cross site scripting (XSS) vulnerability exists which could allow injection of malicious scripts.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
schneider-electric u.motion_builder *
CVE-2018-7787 MEDIUM

In Schneider Electric U.motion Builder software versions prior to v1.3.4, this vulnerability is due to improper validation of input of context parameter in HTTP GET request.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
schneider-electric u.motion_builder *
CVE-2018-7788 MEDIUM

A CWE-255 Credentials Management vulnerability exists in Modicon Quantum with firmware versions prior to V2.40. which could cause a Denial Of Service when using a Telnet connection.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-255,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
schneider-electric modicon_quantum_firmware *
CVE-2018-7789 HIGH

An Improper Check for Unusual or Exceptional Conditions vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to remotely reboot Modicon M221 using crafted programing protocol frames.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-754,

Products Affected

Vendor Product Version
schneider-electric modicon_m221_firmware *
CVE-2018-7790 HIGH

An Information Management Error vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to replay authentication sequences. If an attacker exploits this vulnerability and connects to a Modicon M221, the attacker can upload the original program from the PLC.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-294,

Products Affected

Vendor Product Version
schneider-electric modicon_m221_firmware *
CVE-2018-7791 HIGH

A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to overwrite the original password with their password. If an attacker exploits this vulnerability and overwrite the password, the attacker can upload the original program from the PLC.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
schneider-electric modicon_m221_firmware *
CVE-2018-7792 MEDIUM

A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to decode the password using rainbow table.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-862,

Products Affected

Vendor Product Version
schneider-electric modicon_m221_firmware *
CVE-2018-7793 MEDIUM

A Credential Management vulnerability exists in FoxView HMI SCADA (All Foxboro DCS, Foxboro Evo, and IA Series versions prior to Foxboro DCS Control Core Services 9.4 (CCS 9.4) and FoxView 10.5.) which could cause unauthorized disclosure, modification, or disruption in service when the password is modified without permission.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
schneider-electric foxboro_dcs *
schneider-electric foxview 10.5
schneider-electric ia_series *
schneider-electric foxboro_evo *
CVE-2018-7794 MEDIUM

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service when reading data with invalid index using Modbus TCP.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-754,CWE-754,

Products Affected

Vendor Product Version
schneider-electric tsxp57354m_firmware *
schneider-electric tsxp57554m_firmware *
schneider-electric tsxp57254m_firmware *
schneider-electric tsxp576634m_firmware *
schneider-electric tsxp575634m_firmware *
schneider-electric 140cpu67160s_firmware *
schneider-electric tsxp57204m_firmware *
schneider-electric 140cpu67261_firmware *
schneider-electric 140cpu67260_firmware *
schneider-electric tsxp571634m_firmware *
schneider-electric 140cpu65150_firmware *
schneider-electric 140cpu67861_firmware *
schneider-electric tsxp57454m_firmware *
schneider-electric tsxp57304m_firmware *
schneider-electric 140cpu65160_firmware *
schneider-electric tsxp57154m_firmware *
schneider-electric modicon_m580_firmware *
schneider-electric 140cpu67160_firmware *
schneider-electric modicon_m340_firmware *
schneider-electric 140cpu65160s_firmware *
schneider-electric tsxp573634m_firmware *
schneider-electric tsxh5724m_firmware *
schneider-electric tsxp574634m_firmware *
schneider-electric tsxp572634m_firmware *
schneider-electric tsxh5744m_firmware *
schneider-electric tsxp57104m_firmware *
schneider-electric 140cpu65860_firmware *
schneider-electric 140cpu67060_firmware *
schneider-electric 140cpu65260_firmware *
CVE-2018-7795 MEDIUM

A Cross Protocol Injection vulnerability exists in Schneider Electric's PowerLogic (PM5560 prior to FW version 2.5.4) product. The vulnerability makes the product susceptible to cross site scripting attack on its web browser. User inputs can be manipulated to cause execution of java script code.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
schneider-electric powerlogic_pm5560_firmware *
CVE-2018-7796 MEDIUM

A Buffer Error vulnerability exists in PowerSuite 2, all released versions (VW3A8104 & Patches), which could cause an overflow in the memcpy function, leading to corruption of data and program instability.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
schneider-electric powersuite_2 *
CVE-2018-7797 MEDIUM

A URL redirection vulnerability exists in Power Monitoring Expert, Energy Expert (formerly Power Manager) - EcoStruxure Power Monitoring Expert (PME) v8.2 (all editions), EcoStruxure Energy Expert 1.3 (formerly Power Manager), EcoStruxure Power SCADA Operation (PSO) 8.2 Advanced Reports and Dashboards Module, EcoStruxure Power Monitoring Expert (PME) v9.0, EcoStruxure Energy Expert v2.0, and EcoStruxure Power SCADA Operation (PSO) 9.0 Advanced Reports and Dashboards Module which could cause a phishing attack when redirected to a malicious site.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-601,

Products Affected

Vendor Product Version
schneider-electric ecostruxure_power_monitoring_expert 9.0
schneider-electric ecostruxure_energy_expert 1.3
schneider-electric ecostruxure_energy_expert 2.0
schneider-electric ecostruxure_power_scada_operation 9.0
schneider-electric ecostruxure_power_monitoring_expert 8.2
schneider-electric ecostruxure_power_scada_operation 8.2
CVE-2018-7798 MEDIUM

A Insufficient Verification of Data Authenticity (CWE-345) vulnerability exists in the Modicon M221, all versions, which could cause a change of IPv4 configuration (IP address, mask and gateway) when remotely connected to the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.2 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L 3.9 4.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-345,

Products Affected

Vendor Product Version
schneider-electric somachine_basic *
CVE-2018-7799 HIGH

A DLL hijacking vulnerability exists in Schneider Electric Software Update (SESU), all versions prior to V2.2.0, which could allow an attacker to execute arbitrary code on the targeted system when placing a specific DLL file.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-427,

Products Affected

Vendor Product Version
schneider-electric software_update_utility *
CVE-2018-7800 HIGH

A Hard-coded Credentials vulnerability exists in EVLink Parking, v3.2.0-12_v1 and earlier, which could enable an attacker to gain access to the device.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-798,

Products Affected

Vendor Product Version
schneider-electric evlink_parking_firmware *
CVE-2018-7801 MEDIUM

A Code Injection vulnerability exists in EVLink Parking, v3.2.0-12_v1 and earlier, which could enable access with maximum privileges when a remote code execution is performed.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-94,

Products Affected

Vendor Product Version
schneider-electric evlink_parking_firmware *
CVE-2018-7802 MEDIUM

A SQL Injection vulnerability exists in EVLink Parking, v3.2.0-12_v1 and earlier, which could give access to the web interface with full privileges.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
schneider-electric evlink_parking_firmware *
CVE-2018-7803 MEDIUM

A CWE-754 Improper Check for Unusual or Exceptional Conditions vulnerability exists in Triconex TriStation Emulator V1.2.0, which could cause the emulator to crash when sending a specially crafted packet. The emulator is used infrequently for application logic testing. It is susceptible to an attack only while running in off-line mode. This vulnerability does not exist in Triconex hardware products and therefore has no effect on the operating safety functions in a plant.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-754,

Products Affected

Vendor Product Version
schneider-electric triconex_tristation_emulator 1.2.0
CVE-2018-7804 MEDIUM

A URL Redirection to Untrusted Site vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where a user clicking on a specially crafted link can be redirected to a URL of the attacker's choosing.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-601,

Products Affected

Vendor Product Version
schneider-electric modicom_premium_firmware *
schneider-electric modicom_quantum_firmware *
schneider-electric modicom_m340_firmware *
schneider-electric modicom_bmxnor0200h_firmware *
CVE-2018-7806 MEDIUM

Data Center Operation allows for the upload of a zip file from its user interface to the server. A carefully crafted, malicious file could be mistakenly uploaded by an authenticated user via this feature which could contain path traversal file names. As such, it could allow for the arbitrary upload of files contained with the zip onto the server file system outside of the intended directory. This is leveraging the more commonly known ZipSlip vulnerability within Java code.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
schneider-electric struxureware_data_center_operation *
CVE-2018-7807 MEDIUM

Data Center Expert, versions 7.5.0 and earlier, allows for the upload of a zip file from its user interface to the server. A carefully crafted, malicious file could be mistakenly uploaded by an authenticated user via this feature which could contain path traversal file names. As such, it could allow for the arbitrary upload of files contained with the zip onto the server file system outside of the intended directory. This is leveraging the more commonly known ZipSlip vulnerability within Java code.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
schneider-electric struxureware_data_center_expert *
CVE-2018-7809 MEDIUM

An Unverified Password Change vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 which could allow an unauthenticated remote user to access the password delete function of the web server.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-640,

Products Affected

Vendor Product Version
schneider-electric modicom_premium_firmware *
schneider-electric modicom_quantum_firmware *
schneider-electric modicom_m340_firmware *
schneider-electric modicom_bmxnor0200h_firmware *
CVE-2018-7810 MEDIUM

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 allowing an attacker to craft a URL containing JavaScript that will be executed within the user's browser, potentially impacting the machine the browser is running on.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
schneider-electric modicom_premium_firmware *
schneider-electric modicom_quantum_firmware *
schneider-electric modicom_m340_firmware *
schneider-electric modicom_bmxnor0200h_firmware *
CVE-2018-7811 MEDIUM

An Unverified Password Change vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 which could allow an unauthenticated remote user to access the change password function of the web server

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-640,

Products Affected

Vendor Product Version
schneider-electric modicom_premium_firmware *
schneider-electric modicom_quantum_firmware *
schneider-electric modicom_m340_firmware *
schneider-electric modicom_bmxnor0200h_firmware *
CVE-2018-7812 MEDIUM

An Information Exposure through Discrepancy vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where the web server sends different responses in a way that exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
schneider-electric modicom_premium_firmware *
schneider-electric modicom_quantum_firmware *
schneider-electric modicom_m340_firmware *
schneider-electric modicom_bmxnor0200h_firmware *
CVE-2018-7813 MEDIUM

A Type Confusion (CWE-843) vulnerability exists in Eurotherm by Schneider Electric GUIcon V2.0 (Gold Build 683.0) on pcwin.dll which could cause remote code to be executed when parsing a GD1 file

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-704,

Products Affected

Vendor Product Version
schneider-electric guicon 2.0
CVE-2018-7814 MEDIUM

A Stack-based Buffer Overflow (CWE-121) vulnerability exists in Eurotherm by Schneider Electric GUIcon V2.0 (Gold Build 683.0) which could cause remote code to be executed when parsing a GD1 file

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
schneider-electric guicon 2.0
CVE-2018-7815 MEDIUM

A Type Confusion (CWE-843) vulnerability exists in Eurotherm by Schneider Electric GUIcon V2.0 (Gold Build 683.0) on c3core.dll which could cause remote code to be executed when parsing a GD1 file

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-704,

Products Affected

Vendor Product Version
schneider-electric guicon 2.0
CVE-2018-7816 MEDIUM

A Permissions, Privileges, and Access Control vulnerability exists in the web-based GUI of the 1st Gen Pelco Sarix Enhanced Camera that could allow a remote attacker to delete an arbitrary file.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
schneider-electric imes19-1s_firmware *
schneider-electric ime119-1s_firmware *
schneider-electric ime3122-1i_firmware *
schneider-electric ime3122-b1p_firmware *
schneider-electric imes19-1vi_firmware *
schneider-electric ime219-1es_firmware *
schneider-electric ime219-1vi_firmware *
schneider-electric ime319-1vp_firmware *
schneider-electric imes19-1vp_firmware *
schneider-electric ime319-1ep_firmware *
schneider-electric ime319-b1s_firmware *
schneider-electric ime119-1es_firmware *
schneider-electric ime3122-1ei_firmware *
schneider-electric ixe11_firmware *
schneider-electric ime319-1es_firmware *
schneider-electric ixe31_firmware *
schneider-electric imes19-1vs_firmware *
schneider-electric ime119-1vi_firmware *
schneider-electric ime319-b1p_firmware *
schneider-electric ime119-1vp_firmware *
schneider-electric ime3122-1vp_firmware *
schneider-electric imes19-1es_firmware *
schneider-electric ime319-1s_firmware *
schneider-electric ime3122-1vs_firmware *
schneider-electric d6220l_firmware *
schneider-electric ime219-1vs_firmware *
schneider-electric ime219-1vp_firmware *
schneider-electric ixes1_firmware *
schneider-electric imes19-1ep_firmware *
schneider-electric ime319-b1i_firmware *
schneider-electric ime3122-1s_firmware *
schneider-electric ime219-1ep_firmware *
schneider-electric ime319-1ei_firmware *
schneider-electric ime3122-b1s_firmware *
schneider-electric imes19-1p_firmware *
schneider-electric ime219-1ei_firmware *
schneider-electric ime319-1vi_firmware *
schneider-electric ime3122-1ep_firmware *
schneider-electric ime319-1p_firmware *
schneider-electric imes19-1ei_firmware *
schneider-electric ime3122-1p_firmware *
schneider-electric d6230_firmware *
schneider-electric ime219-1s_firmware *
schneider-electric d6230l_firmware *
schneider-electric ime119-1vs_firmware *
schneider-electric imes19-1i_firmware *
schneider-electric ime3122-1vi_firmware *
schneider-electric ime319-1vs_firmware *
schneider-electric ixe21_firmware *
schneider-electric d6220_firmware *
schneider-electric ime3122-b1i_firmware *
schneider-electric ime119-1ep_firmware *
schneider-electric ime319-1i_firmware *
schneider-electric ime219-1i_firmware *
schneider-electric ime3122-1es_firmware *
schneider-electric ime119-1i_firmware *
schneider-electric ime119-1ei_firmware *
schneider-electric ime219-1p_firmware *
schneider-electric ime119-1p_firmware *
CVE-2018-7817 MEDIUM

A Use After Free (CWE-416) vulnerability exists in Zelio Soft 2 v5.1 and prior versions which could cause remote code execution when opening a specially crafted Zelio Soft project file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,CWE-416,

Products Affected

Vendor Product Version
schneider-electric zelio_soft_2 *
CVE-2018-7820 MEDIUM

A Credentials Management CWE-255 vulnerability exists in the APC UPS Network Management Card 2 AOS v6.5.6, which could cause Remote Monitoring Credentials to be viewed in plaintext when Remote Monitoring is enabled, and then disabled.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-255,CWE-522,

Products Affected

Vendor Product Version
schneider-electric ap9631_firmware *
schneider-electric ap9630_firmware *
schneider-electric ap9635_firmware *
schneider-electric smart-ups_srt_5kva_firmware *
CVE-2018-7821 MEDIUM

An Environment (CWE-2) vulnerability exists in SoMachine Basic, all versions, and Modicon M221(all references, all versions prior to firmware V1.10.0.0) which could cause cycle time impact when flooding the M221 ethernet interface while the Ethernet/IP adapter is activated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-770,

Products Affected

Vendor Product Version
schneider-electric modicon_m221_firmware *
schneider-electric somachine_basic *
CVE-2018-7822 LOW

An Incorrect Default Permissions (CWE-276) vulnerability exists in SoMachine Basic, all versions, and Modicon M221(all references, all versions prior to firmware V1.10.0.0) which could cause unauthorized access to SoMachine Basic resource files when logged on the system hosting SoMachine Basic.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-276,

Products Affected

Vendor Product Version
schneider-electric modicon_m221_firmware *
schneider-electric somachine_basic *
CVE-2018-7823 MEDIUM

A Environment (CWE-2) vulnerability exists in SoMachine Basic, all versions, and Modicon M221(all references, all versions prior to firmware V1.10.0.0) which could cause remote launch of SoMachine Basic when sending crafted ethernet message.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
schneider-electric modicon_m221_firmware *
schneider-electric somachine_basic *
CVE-2018-7824 MEDIUM

An Externally Controlled Reference to a Resource (CWE-610) vulnerability exists in Schneider Electric Modbus Serial Driver (For 64-bit Windows OS:V3.17 IE 37 and prior , For 32-bit Windows OS:V2.17 IE 27 and prior, and as part of the Driver Suite version:V14.12 and prior) which could allow write access to system files available only to users with SYSTEM privilege or other important user files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-610,CWE-610,

Products Affected

Vendor Product Version
schneider-electric driver_suite *
schneider-electric modbus_serial_driver *
CVE-2018-7825 MEDIUM

A Command Injection vulnerability exists in the web-based GUI of the 1st Gen PelcoSarix Enhanced Camera that could allow a remote attacker to execute arbitrary commands.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
schneider-electric imes19-1s_firmware *
schneider-electric ime119-1s_firmware *
schneider-electric ime3122-1i_firmware *
schneider-electric ime3122-b1p_firmware *
schneider-electric imes19-1vi_firmware *
schneider-electric ime219-1es_firmware *
schneider-electric ime219-1vi_firmware *
schneider-electric ime319-1vp_firmware *
schneider-electric imes19-1vp_firmware *
schneider-electric ime319-1ep_firmware *
schneider-electric ime319-b1s_firmware *
schneider-electric ime119-1es_firmware *
schneider-electric ime3122-1ei_firmware *
schneider-electric ixe11_firmware *
schneider-electric ime319-1es_firmware *
schneider-electric ixe31_firmware *
schneider-electric imes19-1vs_firmware *
schneider-electric ime119-1vi_firmware *
schneider-electric ime319-b1p_firmware *
schneider-electric ime119-1vp_firmware *
schneider-electric ime3122-1vp_firmware *
schneider-electric imes19-1es_firmware *
schneider-electric ime319-1s_firmware *
schneider-electric ime3122-1vs_firmware *
schneider-electric d6220l_firmware *
schneider-electric ime219-1vs_firmware *
schneider-electric ime219-1vp_firmware *
schneider-electric ixes1_firmware *
schneider-electric imes19-1ep_firmware *
schneider-electric ime319-b1i_firmware *
schneider-electric ime3122-1s_firmware *
schneider-electric ime219-1ep_firmware *
schneider-electric ime319-1ei_firmware *
schneider-electric ime3122-b1s_firmware *
schneider-electric imes19-1p_firmware *
schneider-electric ime219-1ei_firmware *
schneider-electric ime319-1vi_firmware *
schneider-electric ime3122-1ep_firmware *
schneider-electric ime319-1p_firmware *
schneider-electric imes19-1ei_firmware *
schneider-electric ime3122-1p_firmware *
schneider-electric d6230_firmware *
schneider-electric ime219-1s_firmware *
schneider-electric d6230l_firmware *
schneider-electric ime119-1vs_firmware *
schneider-electric imes19-1i_firmware *
schneider-electric ime3122-1vi_firmware *
schneider-electric ime319-1vs_firmware *
schneider-electric ixe21_firmware *
schneider-electric d6220_firmware *
schneider-electric ime3122-b1i_firmware *
schneider-electric ime119-1ep_firmware *
schneider-electric ime319-1i_firmware *
schneider-electric ime219-1i_firmware *
schneider-electric ime3122-1es_firmware *
schneider-electric ime119-1i_firmware *
schneider-electric ime119-1ei_firmware *
schneider-electric ime219-1p_firmware *
schneider-electric ime119-1p_firmware *
CVE-2018-7826 MEDIUM

A Command Injection vulnerability exists in the web-based GUI of the 1st Gen Pelco Sarix Enhanced Camera that could allow a remote attacker to execute arbitrary commands.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
schneider-electric imes19-1s_firmware *
schneider-electric ime119-1s_firmware *
schneider-electric ime3122-1i_firmware *
schneider-electric ime3122-b1p_firmware *
schneider-electric imes19-1vi_firmware *
schneider-electric ime219-1es_firmware *
schneider-electric ime219-1vi_firmware *
schneider-electric ime319-1vp_firmware *
schneider-electric imes19-1vp_firmware *
schneider-electric ime319-1ep_firmware *
schneider-electric ime319-b1s_firmware *
schneider-electric ime119-1es_firmware *
schneider-electric ime3122-1ei_firmware *
schneider-electric ixe11_firmware *
schneider-electric ime319-1es_firmware *
schneider-electric ixe31_firmware *
schneider-electric imes19-1vs_firmware *
schneider-electric ime119-1vi_firmware *
schneider-electric ime319-b1p_firmware *
schneider-electric ime119-1vp_firmware *
schneider-electric ime3122-1vp_firmware *
schneider-electric imes19-1es_firmware *
schneider-electric ime319-1s_firmware *
schneider-electric ime3122-1vs_firmware *
schneider-electric d6220l_firmware *
schneider-electric ime219-1vs_firmware *
schneider-electric ime219-1vp_firmware *
schneider-electric ixes1_firmware *
schneider-electric imes19-1ep_firmware *
schneider-electric ime319-b1i_firmware *
schneider-electric ime3122-1s_firmware *
schneider-electric ime219-1ep_firmware *
schneider-electric ime319-1ei_firmware *
schneider-electric ime3122-b1s_firmware *
schneider-electric imes19-1p_firmware *
schneider-electric ime219-1ei_firmware *
schneider-electric ime319-1vi_firmware *
schneider-electric ime3122-1ep_firmware *
schneider-electric ime319-1p_firmware *
schneider-electric imes19-1ei_firmware *
schneider-electric ime3122-1p_firmware *
schneider-electric d6230_firmware *
schneider-electric ime219-1s_firmware *
schneider-electric d6230l_firmware *
schneider-electric ime119-1vs_firmware *
schneider-electric imes19-1i_firmware *
schneider-electric ime3122-1vi_firmware *
schneider-electric ime319-1vs_firmware *
schneider-electric ixe21_firmware *
schneider-electric d6220_firmware *
schneider-electric ime3122-b1i_firmware *
schneider-electric ime119-1ep_firmware *
schneider-electric ime319-1i_firmware *
schneider-electric ime219-1i_firmware *
schneider-electric ime3122-1es_firmware *
schneider-electric ime119-1i_firmware *
schneider-electric ime119-1ei_firmware *
schneider-electric ime219-1p_firmware *
schneider-electric ime119-1p_firmware *
CVE-2018-7827 LOW

A Cross-Site Scripting (XSS) vulnerability exists in the 1st Gen. Pelco Sarix Enhanced Camera and Spectra Enhanced PTZ Camera which a remote attacker can execute arbitrary HTML and script code in a user’s browser session.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
schneider-electric imes19-1s_firmware *
schneider-electric ime119-1s_firmware *
schneider-electric ime3122-1i_firmware *
schneider-electric ime3122-b1p_firmware *
schneider-electric imes19-1vi_firmware *
schneider-electric ime219-1es_firmware *
schneider-electric ime219-1vi_firmware *
schneider-electric ime319-1vp_firmware *
schneider-electric imes19-1vp_firmware *
schneider-electric ime319-1ep_firmware *
schneider-electric ime319-b1s_firmware *
schneider-electric ime119-1es_firmware *
schneider-electric ime3122-1ei_firmware *
schneider-electric ixe11_firmware *
schneider-electric ime319-1es_firmware *
schneider-electric ixe31_firmware *
schneider-electric imes19-1vs_firmware *
schneider-electric ime119-1vi_firmware *
schneider-electric ime319-b1p_firmware *
schneider-electric ime119-1vp_firmware *
schneider-electric ime3122-1vp_firmware *
schneider-electric imes19-1es_firmware *
schneider-electric ime319-1s_firmware *
schneider-electric ime3122-1vs_firmware *
schneider-electric d6220l_firmware *
schneider-electric ime219-1vs_firmware *
schneider-electric ime219-1vp_firmware *
schneider-electric ixes1_firmware *
schneider-electric imes19-1ep_firmware *
schneider-electric ime319-b1i_firmware *
schneider-electric ime3122-1s_firmware *
schneider-electric ime219-1ep_firmware *
schneider-electric ime319-1ei_firmware *
schneider-electric ime3122-b1s_firmware *
schneider-electric imes19-1p_firmware *
schneider-electric ime219-1ei_firmware *
schneider-electric ime319-1vi_firmware *
schneider-electric ime3122-1ep_firmware *
schneider-electric ime319-1p_firmware *
schneider-electric imes19-1ei_firmware *
schneider-electric ime3122-1p_firmware *
schneider-electric d6230_firmware *
schneider-electric ime219-1s_firmware *
schneider-electric d6230l_firmware *
schneider-electric ime119-1vs_firmware *
schneider-electric imes19-1i_firmware *
schneider-electric ime3122-1vi_firmware *
schneider-electric ime319-1vs_firmware *
schneider-electric ixe21_firmware *
schneider-electric d6220_firmware *
schneider-electric ime3122-b1i_firmware *
schneider-electric ime119-1ep_firmware *
schneider-electric ime319-1i_firmware *
schneider-electric ime219-1i_firmware *
schneider-electric ime3122-1es_firmware *
schneider-electric ime119-1i_firmware *
schneider-electric ime119-1ei_firmware *
schneider-electric ime219-1p_firmware *
schneider-electric ime119-1p_firmware *
CVE-2018-7828 MEDIUM

A Cross-Site Request Forgery (CSRF) vulnerability exists in the 1st Gen. Pelco Sarix Enhanced Camera and Spectra Enhanced PTZ Camera when an authenticated user clicks a specially crafted malicious link while logged into the camera.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
schneider-electric imes19-1s_firmware *
schneider-electric ime119-1s_firmware *
schneider-electric ime3122-1i_firmware *
schneider-electric ime3122-b1p_firmware *
schneider-electric imes19-1vi_firmware *
schneider-electric ime219-1es_firmware *
schneider-electric ime219-1vi_firmware *
schneider-electric ime319-1vp_firmware *
schneider-electric imes19-1vp_firmware *
schneider-electric ime319-1ep_firmware *
schneider-electric ime319-b1s_firmware *
schneider-electric ime119-1es_firmware *
schneider-electric ime3122-1ei_firmware *
schneider-electric ixe11_firmware *
schneider-electric ime319-1es_firmware *
schneider-electric ixe31_firmware *
schneider-electric imes19-1vs_firmware *
schneider-electric ime119-1vi_firmware *
schneider-electric ime319-b1p_firmware *
schneider-electric ime119-1vp_firmware *
schneider-electric ime3122-1vp_firmware *
schneider-electric imes19-1es_firmware *
schneider-electric ime319-1s_firmware *
schneider-electric ime3122-1vs_firmware *
schneider-electric d6220l_firmware *
schneider-electric ime219-1vs_firmware *
schneider-electric ime219-1vp_firmware *
schneider-electric ixes1_firmware *
schneider-electric imes19-1ep_firmware *
schneider-electric ime319-b1i_firmware *
schneider-electric ime3122-1s_firmware *
schneider-electric ime219-1ep_firmware *
schneider-electric ime319-1ei_firmware *
schneider-electric ime3122-b1s_firmware *
schneider-electric imes19-1p_firmware *
schneider-electric ime219-1ei_firmware *
schneider-electric ime319-1vi_firmware *
schneider-electric ime3122-1ep_firmware *
schneider-electric ime319-1p_firmware *
schneider-electric imes19-1ei_firmware *
schneider-electric ime3122-1p_firmware *
schneider-electric d6230_firmware *
schneider-electric ime219-1s_firmware *
schneider-electric d6230l_firmware *
schneider-electric ime119-1vs_firmware *
schneider-electric imes19-1i_firmware *
schneider-electric ime3122-1vi_firmware *
schneider-electric ime319-1vs_firmware *
schneider-electric ixe21_firmware *
schneider-electric d6220_firmware *
schneider-electric ime3122-b1i_firmware *
schneider-electric ime119-1ep_firmware *
schneider-electric ime319-1i_firmware *
schneider-electric ime219-1i_firmware *
schneider-electric ime3122-1es_firmware *
schneider-electric ime119-1i_firmware *
schneider-electric ime119-1ei_firmware *
schneider-electric ime219-1p_firmware *
schneider-electric ime119-1p_firmware *
CVE-2018-7829 HIGH

An Improper Neutralization of Special Elements in Query vulnerability exists in the 1st Gen. Pelco Sarix Enhanced Camera and Spectra Enhanced PTZ Camera which allows an attacker to execute arbitrary system commands.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-943,

Products Affected

Vendor Product Version
schneider-electric imes19-1s_firmware *
schneider-electric ime119-1s_firmware *
schneider-electric ime3122-1i_firmware *
schneider-electric ime3122-b1p_firmware *
schneider-electric imes19-1vi_firmware *
schneider-electric ime219-1es_firmware *
schneider-electric ime219-1vi_firmware *
schneider-electric ime319-1vp_firmware *
schneider-electric imes19-1vp_firmware *
schneider-electric ime319-1ep_firmware *
schneider-electric ime319-b1s_firmware *
schneider-electric ime119-1es_firmware *
schneider-electric ime3122-1ei_firmware *
schneider-electric ixe11_firmware *
schneider-electric ime319-1es_firmware *
schneider-electric ixe31_firmware *
schneider-electric imes19-1vs_firmware *
schneider-electric ime119-1vi_firmware *
schneider-electric ime319-b1p_firmware *
schneider-electric ime119-1vp_firmware *
schneider-electric ime3122-1vp_firmware *
schneider-electric imes19-1es_firmware *
schneider-electric ime319-1s_firmware *
schneider-electric ime3122-1vs_firmware *
schneider-electric d6220l_firmware *
schneider-electric ime219-1vs_firmware *
schneider-electric ime219-1vp_firmware *
schneider-electric ixes1_firmware *
schneider-electric imes19-1ep_firmware *
schneider-electric ime319-b1i_firmware *
schneider-electric ime3122-1s_firmware *
schneider-electric ime219-1ep_firmware *
schneider-electric ime319-1ei_firmware *
schneider-electric ime3122-b1s_firmware *
schneider-electric imes19-1p_firmware *
schneider-electric ime219-1ei_firmware *
schneider-electric ime319-1vi_firmware *
schneider-electric ime3122-1ep_firmware *
schneider-electric ime319-1p_firmware *
schneider-electric imes19-1ei_firmware *
schneider-electric ime3122-1p_firmware *
schneider-electric d6230_firmware *
schneider-electric ime219-1s_firmware *
schneider-electric d6230l_firmware *
schneider-electric ime119-1vs_firmware *
schneider-electric imes19-1i_firmware *
schneider-electric ime3122-1vi_firmware *
schneider-electric ime319-1vs_firmware *
schneider-electric ixe21_firmware *
schneider-electric d6220_firmware *
schneider-electric ime3122-b1i_firmware *
schneider-electric ime119-1ep_firmware *
schneider-electric ime319-1i_firmware *
schneider-electric ime219-1i_firmware *
schneider-electric ime3122-1es_firmware *
schneider-electric ime119-1i_firmware *
schneider-electric ime119-1ei_firmware *
schneider-electric ime219-1p_firmware *
schneider-electric ime119-1p_firmware *
CVE-2018-7830 MEDIUM

Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where a denial of service can occur for ~1 minute by sending a specially crafted HTTP request.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-113,

Products Affected

Vendor Product Version
schneider-electric modicom_premium_firmware *
schneider-electric modicom_quantum_firmware *
schneider-electric modicom_m340_firmware *
schneider-electric modicom_bmxnor0200h_firmware *
CVE-2018-7831 MEDIUM

An Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 allowing an attacker to send a specially crafted URL to a currently authenticated web server user to execute a password change on the web server.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,CWE-352,

Products Affected

Vendor Product Version
schneider-electric modicom_premium_firmware *
schneider-electric modicom_quantum_firmware *
schneider-electric modicom_m340_firmware *
schneider-electric modicom_bmxnor0200h_firmware *
CVE-2018-7832 MEDIUM

An Improper Input Validation vulnerability exists in Pro-Face GP-Pro EX v4.08 and previous versions which could cause the execution arbitrary executable when GP-Pro EX is launched.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
schneider-electric pro-face_gp-pro_ex *
CVE-2018-7833 MEDIUM

An Improper Check for Unusual or Exceptional Conditions vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where an unauthenticated user can send a specially crafted XML data via a POST request to cause the web server to become unavailable

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-754,

Products Affected

Vendor Product Version
schneider-electric modicom_premium_firmware *
schneider-electric modicom_quantum_firmware *
schneider-electric modicom_m340_firmware *
schneider-electric modicom_bmxnor0200h_firmware *
CVE-2018-7834 MEDIUM

A CWE-79 Cross-Site Scripting vulnerability exists in all versions of the TSXETG100 allowing an attacker to send a specially crafted URL with an embedded script to a user that would then be executed within the context of that user.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
schneider-electric tsxetg100_firmware *
CVE-2018-7835 HIGH

An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in IIoT Monitor 3.1.38 which could allow access to files available to SYSTEM user.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-22,

Products Affected

Vendor Product Version
schneider-electric iiot_monior 3.1.38
CVE-2018-7836 HIGH

An unrestricted Upload of File with Dangerous Type vulnerability exists on numerous methods of the IIoT Monitor 3.1.38 software that could allow upload and execution of malicious files.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-434,

Products Affected

Vendor Product Version
schneider-electric iiot_monitor 3.1.38
CVE-2018-7837 MEDIUM

An Improper Restriction of XML External Entity Reference ('XXE') vulnerability exists on numerous methods of the IIoT Monitor 3.1.38 software that could allow the software to resolve documents outside of the intended sphere of control, causing the software to embed incorrect documents into its output and expose restricted information.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-611,

Products Affected

Vendor Product Version
schneider-electric iiot_monior 3.1.38
CVE-2018-7838 HIGH

A CWE-119 Buffer Errors vulnerability exists in Modicon M580 CPU - BMEP582040, all versions before V2.90, and Modicon Ethernet Module BMENOC0301, all versions before V2.16, which could cause denial of service on the FTP service of the controller or the Ethernet BMENOC module when it receives a FTP CWD command with a data length greater than 1020 bytes. A power cycle is then needed to reactivate the FTP service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,CWE-119,

Products Affected

Vendor Product Version
schneider-electric modicon_m580_bmep582040s_firmware *
schneider-electric modicon_m580_bmep583040_firmware *
schneider-electric modicon_m580_bmep581020_firmware *
schneider-electric modicon_m580_bmep585040_firmware *
schneider-electric modicon_m580_bmep584040_firmware *
schneider-electric modicon_m580_bmep584020_firmware *
schneider-electric modicon_m580_bmep582040_firmware *
schneider-electric modicon_m580_bmep583020_firmware *
schneider-electric bmeh582040_firmware *
schneider-electric bmeh586040_firmware *
schneider-electric modicon_m580_bmep586040_firmware *
schneider-electric modicon_m580_bmep582020_firmware *
schneider-electric bmenoc0301_firmware *
CVE-2018-7839 LOW

A Cryptographic Issue (CWE-310) vulnerability exists in IIoT Monitor 3.1.38 which could allow information disclosure.

CVSS 2.0

Severity: LOW

Problem Type: CWE-310,

Products Affected

Vendor Product Version
schneider-electric iiot_monitor 3.1.38
CVE-2018-7841 HIGH

A SQL Injection (CWE-89) vulnerability exists in U.motion Builder software version 1.3.4 which could cause unwanted code execution when an improper set of characters is entered.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,CWE-89,

Products Affected

Vendor Product Version
schneider-electric u.motion_builder 1.3.4
CVE-2018-7842 HIGH

A CWE-290: Authentication Bypass by Spoofing vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause an elevation of privilege by conducting a brute force attack on Modbus parameters sent to the controller.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-290,

Products Affected

Vendor Product Version
schneider-electric modicon_premium_firmware *
schneider-electric modicon_quantum_firmware *
schneider-electric modicon_m580_firmware *
schneider-electric modicon_m340_firmware *
CVE-2018-7843 MEDIUM

A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service when reading memory blocks with an invalid data size or with an invalid data offset in the controller over Modbus.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
schneider-electric modicon_premium_firmware *
schneider-electric modicon_quantum_firmware *
schneider-electric modicon_m580_firmware *
schneider-electric modicon_m340_firmware *
CVE-2018-7844 MEDIUM

A CWE-200: Information Exposure vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause the disclosure of SNMP information when reading memory blocks from the controller over Modbus.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
schneider-electric modicon_premium_firmware *
schneider-electric modicon_quantum_firmware *
schneider-electric modicon_m580_firmware *
schneider-electric modicon_m340_firmware *
CVE-2018-7845 MEDIUM

A CWE-125: Out-of-bounds Read vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause the disclosure of unexpected data from the controller when reading specific memory blocks in the controller over Modbus.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
schneider-electric modicon_premium_firmware *
schneider-electric modicon_quantum_firmware *
schneider-electric modicon_m580_firmware *
schneider-electric modicon_m340_firmware *
CVE-2018-7846 MEDIUM

A CWE-501: Trust Boundary Violation vulnerability on connection to the Controller exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum and Modicon Premium which could cause unauthorized access by conducting a brute force attack on Modbus protocol to the controller.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-668,

Products Affected

Vendor Product Version
schneider-electric modicon_premium_firmware *
schneider-electric modicon_quantum_firmware *
schneider-electric modicon_m580_firmware *
schneider-electric modicon_m340_firmware *
CVE-2018-7847 HIGH

A CWE-284: Improper Access Control vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service or potential code execution by overwriting configuration settings of the controller over Modbus.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
schneider-electric modicon_premium_firmware *
schneider-electric modicon_quantum_firmware *
schneider-electric modicon_m580_firmware *
schneider-electric modicon_m340_firmware *
CVE-2018-7848 MEDIUM

A CWE-200: Information Exposure vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause the disclosure of SNMP information when reading files from the controller over Modbus

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
schneider-electric modicon_premium_firmware *
schneider-electric modicon_quantum_firmware *
schneider-electric modicon_m580_firmware *
schneider-electric modicon_m340_firmware *
CVE-2018-7849 MEDIUM

A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum and Modicon Premium which could cause a possible Denial of Service due to improper data integrity check when sending files the controller over Modbus.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-755,

Products Affected

Vendor Product Version
schneider-electric modicon_premium_firmware *
schneider-electric modicon_quantum_firmware *
schneider-electric modicon_m580_firmware *
schneider-electric modicon_m340_firmware *
CVE-2018-7850 MEDIUM

A CWE-807: Reliance on Untrusted Inputs in a Security Decision vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause invalid information displayed in Unity Pro software.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
schneider-electric modicon_premium_firmware *
schneider-electric modicon_quantum_firmware *
schneider-electric modicon_m580_firmware *
schneider-electric modicon_m340_firmware *
CVE-2018-7851 MEDIUM

CWE-119: Buffer errors vulnerability exists in Modicon M580 with firmware prior to V2.50, Modicon M340 with firmware prior to V3.01, BMxCRA312xx with firmware prior to V2.40, All firmware versions of Modicon Premium and 140CRA312xxx when sending a specially crafted Modbus packet, which could cause a denial of service to the device that would force a restart to restore availability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,CWE-119,

Products Affected

Vendor Product Version
schneider-electric modicon_premium_firmware *
schneider-electric bmx/e_cra_firmware *
schneider-electric m340_firmware *
schneider-electric m580_firmware *
schneider-electric 140cra312xxx_firmware *
CVE-2018-7852 MEDIUM

A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service when an invalid private command parameter is sent to the controller over Modbus.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-755,

Products Affected

Vendor Product Version
schneider-electric modicon_premium_firmware *
schneider-electric modicon_quantum_firmware *
schneider-electric modicon_m580_firmware *
schneider-electric modicon_m340_firmware *
CVE-2018-7853 MEDIUM

A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service when reading invalid physical memory blocks in the controller over Modbus

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-754,

Products Affected

Vendor Product Version
schneider-electric modicon_premium_firmware -
schneider-electric modicon_m580_firmware *
schneider-electric modicon_m340_firmware *
schneider-electric modicon_quantum_firmware -
CVE-2018-7854 MEDIUM

A CWE-248 Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a denial of Service when sending invalid debug parameters to the controller over Modbus.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-754,

Products Affected

Vendor Product Version
schneider-electric modicon_premium_firmware *
schneider-electric modicon_quantum_firmware *
schneider-electric modicon_m580_firmware *
schneider-electric modicon_m340_firmware *
CVE-2018-7855 MEDIUM

A CWE-248 Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a Denial of Service when sending invalid breakpoint parameters to the controller over Modbus

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-754,

Products Affected

Vendor Product Version
schneider-electric modicon_premium_firmware -
schneider-electric modicon_m580_firmware *
schneider-electric modicon_m340_firmware *
schneider-electric modicon_quantum_firmware -
CVE-2018-7856 MEDIUM

A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a possible denial of Service when writing invalid memory blocks to the controller over Modbus.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-754,

Products Affected

Vendor Product Version
schneider-electric modicon_premium_firmware -
schneider-electric modicon_m580_firmware *
schneider-electric modicon_m340_firmware *
schneider-electric modicon_quantum_firmware -
CVE-2018-7857 MEDIUM

A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a possible Denial of Service when writing out of bounds variables to the controller over Modbus.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-754,

Products Affected

Vendor Product Version
schneider-electric modicon_premium_firmware *
schneider-electric modicon_quantum_firmware *
schneider-electric modicon_m580_firmware *
schneider-electric modicon_m340_firmware *
CVE-2018-8872 HIGH

In Schneider Electric Triconex Tricon MP model 3008 firmware versions 10.0-10.4, system calls read directly from memory addresses within the control program area without any verification. Manipulating this data could allow attacker data to be copied anywhere within memory.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,CWE-119,

Products Affected

Vendor Product Version
schneider-electric triconex_tricon_mp_3008_firmware *
CVE-2019-10953 MEDIUM

ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - Programmable Logic Controllers, multiple versions. Researchers have found some controllers are susceptible to a denial-of-service attack due to a flood of network packets.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,CWE-770,

Products Affected

Vendor Product Version
schneider-electric modicon_m221_firmware *
abb pm554-tp-eth_firmware -
siemens 6ed1052-1cc01-0ba8_firmware -
wago pfc100_firmware -
phoenixcontact ilc_151_eth_firmware -
siemens 6es7211-1ae40-0xb0_firmware -
wago bacnet/ip_firmware -
siemens 6es7314-6eh04-0ab0_firmware -
wago knx_ip_firmware -
wago ethernet_firmware -
CVE-2019-10981 LOW

In Vijeo Citect 7.30 and 7.40, and CitectSCADA 7.30 and 7.40, a vulnerability has been identified that may allow an authenticated local user access to Citect user credentials.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: LOW

Problem Type: CWE-522,CWE-522,

Products Affected

Vendor Product Version
schneider-electric scada_expert_vijeo_citect 7.30
schneider-electric scada_expert_vijeo_citect 7.40
schneider-electric citectscada 7.30
schneider-electric citectscada 7.40
CVE-2019-6806 MEDIUM

A CWE-200: Information Exposure vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause the disclosure of SNMP information when reading variables in the controller using Modbus.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
schneider-electric modicon_premium_firmware -
schneider-electric modicon_m580_firmware *
schneider-electric modicon_m340_firmware *
schneider-electric modicon_quantum_firmware -
CVE-2019-6807 MEDIUM

A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a possible denial of service when writing sensitive application variables to the controller over Modbus.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-755,

Products Affected

Vendor Product Version
schneider-electric modicon_premium_firmware *
schneider-electric modicon_quantum_firmware *
schneider-electric modicon_m580_firmware *
schneider-electric modicon_m340_firmware *
CVE-2019-6808 HIGH

A CWE-284: Improper Access Control vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a remote code execution by overwriting configuration settings of the controller over Modbus.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-306,

Products Affected

Vendor Product Version
schneider-electric modicon_premium_firmware *
schneider-electric modicon_quantum_firmware *
schneider-electric modicon_m580_firmware *
schneider-electric modicon_m340_firmware *
CVE-2019-6809 HIGH

A CWE-248: Uncaught Exception vulnerability exists in Modicon M580 (firmware versions prior to V2.90), Modicon M340 (firmware versions prior to V3.10), Modicon Premium (all versions), Modicon Quantum (all versions), which could cause a possible denial of service when reading invalid data from the controller.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-248,CWE-755,

Products Affected

Vendor Product Version
schneider-electric modicon_premium_firmware *
schneider-electric modicon_quantum_firmware *
schneider-electric modicon_m580_firmware *
schneider-electric modicon_m340_firmware *
CVE-2019-6810 MEDIUM

CWE-284: Improper Access Control vulnerability exists in BMXNOR0200H Ethernet / Serial RTU module (all firmware versions), which could cause the execution of commands by unauthorized users when using IEC 60870-5-104 protocol.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-284,NVD-CWE-Other,

Products Affected

Vendor Product Version
schneider-electric bmxnor0200h_firmware *
CVE-2019-6811 MEDIUM

An Improper Check for Unusual or Exceptional Conditions (CWE-754) vulnerability exists in Modicon Quantum 140 NOE771x1 version 6.9 and earlier, which could cause denial of service when the module receives an IP fragmented packet with a length greater than 65535 bytes. The module then requires a power cycle to recover.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-754,CWE-754,

Products Affected

Vendor Product Version
schneider-electric modicon_quantum_140noe77101_firmware *
schneider-electric modicon_quantum_140noe77111_firmware *
CVE-2019-6812 MEDIUM

A CWE-798 use of hardcoded credentials vulnerability exists in BMX-NOR-0200H with firmware versions prior to V1.7 IR 19 which could cause a confidentiality issue when using FTP protocol.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-798,CWE-798,

Products Affected

Vendor Product Version
schneider-electric bmx-nor-0200h_firmware 1.7
CVE-2019-6813 HIGH

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in BMXNOR0200H Ethernet / Serial RTU module (all firmware versions) and Modicon M340 controller (all firmware versions), which could cause denial of service when truncated SNMP packets on port 161/UDP are received by the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-754,CWE-754,

Products Affected

Vendor Product Version
schneider-electric bmxnor0200h_firmware -
schneider-electric modicon_m340_firmware *
CVE-2019-6814 HIGH

A CWE-287: Improper Authentication vulnerability exists in the NET55XX Encoder with firmware prior to version 2.1.9.7 which could cause impact to confidentiality, integrity, and availability when a remote attacker crafts a malicious request to the encoder webUI.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,CWE-287,

Products Affected

Vendor Product Version
schneider-electric net5508_firmware *
schneider-electric net5501_firmware *
schneider-electric net5500_firmware *
schneider-electric net5501-xt_firmware *
schneider-electric net5501-i_firmware *
schneider-electric net5504_firmware *
schneider-electric net5516_firmware *
CVE-2019-6815 MEDIUM

In Modicon Quantum all firmware versions, CWE-264: Permissions, Privileges, and Access Control vulnerabilities could cause a denial of service or unauthorized modifications of the PLC configuration when using Ethernet/IP protocol.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
schneider-electric modicon_quantum_firmware *
CVE-2019-6816 MEDIUM

In Modicon Quantum all firmware versions, a CWE-94: Code Injection vulnerability could cause an unauthorized firmware modification with possible Denial of Service when using Modbus protocol.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-94,

Products Affected

Vendor Product Version
schneider-electric modicon_quantum_firmware *
CVE-2019-6819 MEDIUM

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists which could cause a possible Denial of Service when specific Modbus frames are sent to the controller in the products: Modicon M340 - firmware versions prior to V3.01, Modicon M580 - firmware versions prior to V2.80, All firmware versions of Modicon Quantum and Modicon Premium.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-754,CWE-754,

Products Affected

Vendor Product Version
schneider-electric modicon_premium_firmware *
schneider-electric modicon_quantum_firmware *
schneider-electric modicon_m580_firmware *
schneider-electric modicon_m340_firmware *
CVE-2019-6820 MEDIUM

A CWE-306: Missing Authentication for Critical Function vulnerability exists which could cause a modification of device IP configuration (IP address, network mask and gateway IP address) when a specific Ethernet frame is received in all versions of: Modicon M100, Modicon M200, Modicon M221, ATV IMC drive controller, Modicon M241, Modicon M251, Modicon M258, Modicon LMC058, Modicon LMC078, PacDrive Eco ,PacDrive Pro, PacDrive Pro2

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.2 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H 3.9 4.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-306,CWE-306,

Products Affected

Vendor Product Version
schneider-electric modicon_m251_firmware *
schneider-electric modicon_m221_firmware *
schneider-electric modicon_m200_firmware *
schneider-electric atv_imc_drive_controller_firmware *
schneider-electric modicon_lmc058_firmware *
schneider-electric modicon_lmc078_firmware *
schneider-electric modicon_m258_firmware *
schneider-electric pacdrive_pro_firmware *
schneider-electric modicon_m100_firmware *
schneider-electric pacdrive_pro2_firmware *
schneider-electric modicon_m241_firmware *
schneider-electric pacdrive_eco_firmware *
CVE-2019-6821 MEDIUM

CWE-330: Use of Insufficiently Random Values vulnerability, which could cause the hijacking of the TCP connection when using Ethernet communication in Modicon M580 firmware versions prior to V2.30, and all firmware versions of Modicon M340, Modicon Premium, Modicon Quantum.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 3.9 2.5

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-330,CWE-330,

Products Affected

Vendor Product Version
schneider-electric modicon_premium_firmware *
schneider-electric modicon_quantum_firmware *
schneider-electric modicon_m580_firmware *
schneider-electric modicon_m340_firmware *
CVE-2019-6822 MEDIUM

A Use After Free: CWE-416 vulnerability exists in Zelio Soft 2, V5.2 and earlier, which could cause remote code execution when opening a specially crafted Zelio Soft 2 project file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,CWE-416,

Products Affected

Vendor Product Version
schneider-electric zelio_soft_2 *
CVE-2019-6823 HIGH

A CWE-94: Code Injection vulnerability exists in ProClima (all versions prior to version 8.0.0) which could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system in all versions of ProClima prior to version 8.0.0.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-94,CWE-94,

Products Affected

Vendor Product Version
schneider-electric proclima *
CVE-2019-6824 HIGH

A CWE-119: Buffer Errors vulnerability exists in ProClima (all versions prior to version 8.0.0) which allows an unauthenticated, remote attacker to execute arbitrary code on the targeted system in all versions of ProClima prior to version 8.0.0.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,CWE-119,

Products Affected

Vendor Product Version
schneider-electric proclima *
CVE-2019-6825 MEDIUM

A CWE-427: Uncontrolled Search Path Element vulnerability exists in ProClima (all versions prior to version 8.0.0) which could allow a malicious DLL file, with the same name of any resident DLLs inside the software installation, to execute arbitrary code in all versions of ProClima prior to version 8.0.0.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-427,CWE-427,

Products Affected

Vendor Product Version
schneider-electric proclima *
CVE-2019-6826 MEDIUM

A CWE-426: Untrusted Search Path vulnerability exists in SoMachine HVAC v2.4.1 and earlier versions, which could cause arbitrary code execution on the system running SoMachine HVAC when a malicious DLL library is loaded by the product.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-426,CWE-426,

Products Affected

Vendor Product Version
schneider-electric somachine_hvac *
CVE-2019-6827 MEDIUM

A CWE-787: Out-of-bounds Write vulnerability exists in Interactive Graphical SCADA System (IGSS), Version 14 and prior, which could cause a software crash when data in the mdb database is manipulated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,CWE-787,

Products Affected

Vendor Product Version
schneider-electric interactive_graphical_scada_system *
CVE-2019-6828 HIGH

A CWE-248: Uncaught Exception vulnerability exists Modicon M580 (firmware version prior to V2.90), Modicon M340 (firmware version prior to V3.10), Modicon Premium (all versions), and Modicon Quantum (all versions), which could cause a possible denial of service when reading specific coils and registers in the controller over Modbus.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-248,CWE-755,

Products Affected

Vendor Product Version
schneider-electric modicon_premium_firmware *
schneider-electric modicon_quantum_firmware *
schneider-electric modicon_m580_firmware *
schneider-electric modicon_m340_firmware *
CVE-2019-6829 HIGH

A CWE-248: Uncaught Exception vulnerability exists in Modicon M580 (firmware version prior to V2.90) and Modicon M340 (firmware version prior to V3.10), which could cause a possible denial of service when writing to specific memory addresses in the controller over Modbus.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-248,CWE-755,

Products Affected

Vendor Product Version
schneider-electric modicon_m580_firmware *
schneider-electric modicon_m340_firmware *
CVE-2019-6830 HIGH

A CWE-248: Uncaught Exception vulnerability exists IN Modicon M580 all versions prior to V2.80, which could cause a possible denial of service when sending an appropriately timed HTTP request to the controller.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 2.2 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-248,CWE-755,

Products Affected

Vendor Product Version
schneider-electric modicon_m580_firmware *
CVE-2019-6831 MEDIUM

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in BMXNOR0200H Ethernet / Serial RTU module (all firmware versions), which could cause disconnection of active connections when an unusually high number of IEC 60870- 5-104 packets are received by the module on port 2404/TCP.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.6 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H 3.9 4.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-754,CWE-754,

Products Affected

Vendor Product Version
schneider-electric bmxnor0200h_firmware *
CVE-2019-6832 MEDIUM

A CWE-287: Authentication vulnerability exists in spaceLYnk (all versions before 2.4.0) and Wiser for KNX (all versions before 2.4.0 - formerly known as homeLYnk), which could cause loss of control when an attacker bypasses the authentication.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.3 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L 2.8 5.5

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,CWE-287,

Products Affected

Vendor Product Version
schneider-electric spacelynk_firmware *
schneider-electric wiser_for_knx_firmware *
CVE-2019-6833 MEDIUM

A CWE-754 – Improper Check for Unusual or Exceptional Conditions vulnerability exists in Magelis HMI Panels (all versions of - HMIGTO, HMISTO, XBTGH, HMIGTU, HMIGTUX, HMISCU, HMISTU, XBTGT, XBTGT, HMIGXO, HMIGXU), which could cause a temporary freeze of the HMI when a high rate of frames is received. When the attack stops, the buffered commands are processed by the HMI panel.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-754,CWE-754,

Products Affected

Vendor Product Version
schneider-electric hmigxu_firmware -
schneider-electric hmigtu_firmware -
schneider-electric xbtgt_firmware -
schneider-electric hmisto_firmware -
schneider-electric hmigto_firmware -
schneider-electric hmigxo_firmware -
schneider-electric hmiscu_firmware -
schneider-electric xbtgh_firmware -
schneider-electric hmistu_firmware -
CVE-2019-6834 HIGH

A CWE-502: Deserialization of Untrusted Data vulnerability exists which could allow an attacker to execute arbitrary code on the targeted system with SYSTEM privileges when placing a malicious user to be authenticated for this vulnerability to be successfully exploited. Affected Product: Schneider Electric Software Update (SESU) SUT Service component (V2.1.1 to V2.3.0)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
cybersecurity@se.com 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 1.3 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-502,

Products Affected

Vendor Product Version
schneider-electric software_update *
CVE-2019-6835 LOW

A Cross-Site Scripting (XSS) CWE-79 vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15), which could allow an attacker to inject client-side script when a user visits a web page.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
schneider-electric meg6501-0002_firmware *
schneider-electric meg6501-0001_firmware *
schneider-electric meg6260-0415_firmware *
schneider-electric meg6260-0410_firmware *
CVE-2019-6836 MEDIUM

A CWE-863: Incorrect Authorization vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15), which could allow the file system to access the wrong file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-863,NVD-CWE-Other,

Products Affected

Vendor Product Version
schneider-electric meg6501-0002_firmware *
schneider-electric meg6501-0001_firmware *
schneider-electric meg6260-0415_firmware *
schneider-electric meg6260-0410_firmware *
CVE-2019-6837 MEDIUM

A Server-Side Request Forgery (SSRF): CWE-918 vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15), which could cause server configuration data to be exposed when an attacker modifies a URL.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-918,CWE-918,

Products Affected

Vendor Product Version
schneider-electric meg6501-0002_firmware *
schneider-electric meg6501-0001_firmware *
schneider-electric meg6260-0415_firmware *
schneider-electric meg6260-0410_firmware *
CVE-2019-6838 MEDIUM

A CWE-863: Incorrect Authorization vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15), which could allow a user with low privileges to delete a critical file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-863,NVD-CWE-Other,

Products Affected

Vendor Product Version
schneider-electric meg6501-0002_firmware *
schneider-electric meg6501-0001_firmware *
schneider-electric meg6260-0415_firmware *
schneider-electric meg6260-0410_firmware *
CVE-2019-6839 MEDIUM

A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15), which could allow a user with low privileges to upload a rogue file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-434,CWE-434,

Products Affected

Vendor Product Version
schneider-electric meg6501-0002_firmware *
schneider-electric meg6501-0001_firmware *
schneider-electric meg6260-0415_firmware *
schneider-electric meg6260-0410_firmware *
CVE-2019-6840 HIGH

A Format String: CWE-134 vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15), which could allow an attacker to send a crafted message to the target server, thereby causing arbitrary commands to be executed.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-134,CWE-134,

Products Affected

Vendor Product Version
schneider-electric meg6501-0002_firmware *
schneider-electric meg6501-0001_firmware *
schneider-electric meg6260-0415_firmware *
schneider-electric meg6260-0410_firmware *
CVE-2019-6841 MEDIUM

A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580 with firmware (version prior to V3.10), Modicon M340 (all firmware versions), and Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause a Denial of Service attack on the PLC when upgrading the firmware with no firmware image inside the package using FTP protocol.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-755,CWE-755,

Products Affected

Vendor Product Version
schneider-electric modicon_m580_firmware *
schneider-electric modicon_m340_firmware *
schneider-electric modicon_bmxcra_firmware *
schneider-electric modicon_140cra_firmware *
CVE-2019-6842 MEDIUM

A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause a Denial of Service attack on the PLC when upgrading the firmware with a missing web server image inside the package using FTP protocol.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-755,CWE-755,

Products Affected

Vendor Product Version
schneider-electric modicon_m580_firmware *
schneider-electric modicon_m340_firmware *
schneider-electric modicon_bmxcra_firmware *
schneider-electric modicon_140cra_firmware *
CVE-2019-6843 MEDIUM

A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580 with firmware (version prior to V3.10), Modicon M340 (all firmware versions), and Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause a Denial of Service attack on the PLC when upgrading the controller with an empty firmware package using FTP protocol.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-755,CWE-755,

Products Affected

Vendor Product Version
schneider-electric modicon_m580_firmware *
schneider-electric modicon_m340_firmware *
schneider-electric modicon_bmxcra_firmware *
schneider-electric modicon_140cra_firmware *
CVE-2019-6844 MEDIUM

A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause a Denial of Service atack on the PLC when upgrading the controller with a firmware package containing an invalid web server image using FTP protocol.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-755,CWE-755,

Products Affected

Vendor Product Version
schneider-electric modicon_m580_firmware *
schneider-electric modicon_m340_firmware *
schneider-electric modicon_bmxcra_firmware *
schneider-electric modicon_140cra_firmware *
CVE-2019-6845 MEDIUM

A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists in Modicon M580, Modicon M340, Modicon Premium , Modicon Quantum (all firmware versions), which could cause the disclosure of information when transferring applications to the controller using Modbus TCP protocol.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-319,CWE-319,

Products Affected

Vendor Product Version
schneider-electric tsxmcpc002m_firmware *
schneider-electric tsxmrpc001m_firmware *
schneider-electric tsxmrpc007m_firmware *
schneider-electric tsxmcpc512k_firmware *
schneider-electric tsxmrpc002m_firmware *
schneider-electric tsxmfpp001m_firmware *
schneider-electric tsxmfp0128p2_firmware *
schneider-electric tsxmrpf004m_firmware *
schneider-electric tsxmfpp384k_firmware *
schneider-electric tsxmrpf008m_firmware *
schneider-electric tsxmrpp224k_firmware *
schneider-electric tsxmrpc01m7_firmware *
schneider-electric tsxmrpc448k_firmware *
schneider-electric tsxmrpp384k_firmware *
schneider-electric tsxmfpp224k_firmware *
schneider-electric tsxmrpc768k_firmware *
schneider-electric modicon_m580_firmware *
schneider-electric tsxmfp064p2_firmware *
schneider-electric modicon_m340_firmware *
schneider-electric tsxmrpc003m_firmware *
schneider-electric tsxmfpp004m_firmware *
schneider-electric tsxmfpp002m_firmware *
schneider-electric tsxmfpp512k_firmware *
CVE-2019-6846 MEDIUM

A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause information disclosure when using the FTP protocol.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-319,CWE-319,

Products Affected

Vendor Product Version
schneider-electric modicon_m580_firmware *
schneider-electric modicon_m340_firmware *
schneider-electric modicon_bmxcra_firmware *
schneider-electric modicon_140cra_firmware *
CVE-2019-6847 MEDIUM

A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause a Denial of Service attack on the FTP service when upgrading the firmware with a version incompatible with the application in the controller using FTP protocol.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-755,CWE-755,

Products Affected

Vendor Product Version
schneider-electric modicon_m580_firmware *
schneider-electric modicon_m340_firmware *
schneider-electric modicon_bmxcra_firmware *
schneider-electric modicon_140cra_firmware *
CVE-2019-6848 MEDIUM

A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580 CPU (BMEx58*) and Modicon M580 communication module (BMENOC0311, BMENOC0321) (see notification for version info), which could cause a Denial of Service attack on the PLC when sending specific data on the REST API of the controller/communication module.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.6 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H 3.9 4.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-755,CWE-755,

Products Affected

Vendor Product Version
schneider-electric modicon_m580_firmware -
schneider-electric modicon_bmenoc_0311_firmware -
schneider-electric modicon_bmenoc_0321_firmware -
CVE-2019-6849 MEDIUM

A CWE-200: Information Exposure vulnerability exists in Modicon M580, Modicon BMENOC 0311, and Modicon BMENOC 0321, which could cause the disclosure of sensitive information when using specific Modbus services provided by the REST API of the controller/communication module.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,CWE-200,

Products Affected

Vendor Product Version
schneider-electric modicon_m580_firmware -
schneider-electric modicon_bmenoc_0311_firmware -
schneider-electric modicon_bmenoc_0321_firmware -
CVE-2019-6850 MEDIUM

A CWE-200: Information Exposure vulnerability exists in Modicon M580, Modicon BMENOC 0311, and Modicon BMENOC 0321, which could cause the disclosure of sensitive information when reading specific registers with the REST API of the controller/communication module.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,CWE-200,

Products Affected

Vendor Product Version
schneider-electric modicon_m580_firmware -
schneider-electric modicon_bmenoc_0311_firmware -
schneider-electric modicon_bmenoc_0321_firmware -
CVE-2019-6851 MEDIUM

A CWE-538: File and Directory Information Exposure vulnerability exists in Modicon M580, Modicon M340, Modicon Premium , Modicon Quantum (all firmware versions), which could cause the disclosure of information from the controller when using TFTP protocol.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-538,CWE-200,

Products Affected

Vendor Product Version
schneider-electric tsxmcpc002m_firmware *
schneider-electric tsxmrpc001m_firmware *
schneider-electric tsxmrpc007m_firmware *
schneider-electric tsxmcpc512k_firmware *
schneider-electric tsxmrpc002m_firmware *
schneider-electric tsxmfpp001m_firmware *
schneider-electric tsxmfp0128p2_firmware *
schneider-electric tsxmrpf004m_firmware *
schneider-electric tsxmfpp384k_firmware *
schneider-electric tsxmrpf008m_firmware *
schneider-electric tsxmrpp224k_firmware *
schneider-electric tsxmrpc01m7_firmware *
schneider-electric tsxmrpc448k_firmware *
schneider-electric tsxmrpp384k_firmware *
schneider-electric tsxmfpp224k_firmware *
schneider-electric tsxmrpc768k_firmware *
schneider-electric modicon_m580_firmware *
schneider-electric tsxmfp064p2_firmware *
schneider-electric modicon_m340_firmware *
schneider-electric tsxmrpc003m_firmware *
schneider-electric tsxmfpp004m_firmware *
schneider-electric tsxmfpp002m_firmware *
schneider-electric tsxmfpp512k_firmware *
CVE-2019-6852 MEDIUM

A CWE-200: Information Exposure vulnerability exists in Modicon Controllers (M340 CPUs, M340 communication modules, Premium CPUs, Premium communication modules, Quantum CPUs, Quantum communication modules - see security notification for specific versions), which could cause the disclosure of FTP hardcoded credentials when using the Web server of the controller on an unsecure network.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,CWE-200,

Products Affected

Vendor Product Version
schneider-electric bmx_noc_0401_firmware *
schneider-electric 140_noe_771x1_firmware *
schneider-electric 140_noc_77101_firmware *
schneider-electric bmx_noe_0100_firmware *
schneider-electric bmx_noe_0110_firmware *
schneider-electric tsx_ety_x103_firmware *
schneider-electric tsx_p57x_firmware *
schneider-electric 140_cpu6x_firmware *
schneider-electric 140_noc_78x00_firmware *
schneider-electric bmx_p34x_firmware *
CVE-2019-6853 MEDIUM

A CWE-79: Failure to Preserve Web Page Structure vulnerability exists in Andover Continuum (models 9680, 5740 and 5720, bCX4040, bCX9640, 9900, 9940, 9924 and 9702) , which could enable a successful Cross-site Scripting (XSS attack) when using the products web server.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
schneider-electric andover_continuum_9900_firmware -
schneider-electric andover_continuum_bcx4040_firmware -
schneider-electric andover_continuum_9940_firmware -
schneider-electric andover_continuum_9200_firmware -
schneider-electric andover_continuum_5740_firmware -
schneider-electric andover_continuum_5720_firmware -
schneider-electric andover_continuum_9941_firmware -
schneider-electric andover_continuum_9680_firmware -
schneider-electric andover_continuum_9702_firmware -
schneider-electric andover_continuum_bcx9640_firmware -
schneider-electric andover_continuum_9924_firmware -
CVE-2019-6854 MEDIUM

A CWE-287: Improper Authentication vulnerability exists in a folder within EcoStruxure Geo SCADA Expert (ClearSCADA) -with initial releases before 1 January 2019- which could cause a low privilege user to delete or modify database, setting or certificate files. Those users must have access to the file system of that operating system to exploit this vulnerability. Affected versions in current support includes ClearSCADA 2017 R3, ClearSCADA 2017 R2, and ClearSCADA 2017.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,NVD-CWE-Other,

Products Affected

Vendor Product Version
schneider-electric clearscada 2017
CVE-2019-6855 HIGH

Incorrect Authorization vulnerability exists in EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions), Modicon M340 (all versions prior to V3.20) , and Modicon M580 (all versions prior to V3.10), which could cause a bypass of the authentication process between EcoStruxure Control Expert and the M340 and M580 controllers.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.3 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 3.9 3.4

CVSS 2.0

Severity: HIGH

Problem Type: CWE-863,CWE-863,

Products Affected

Vendor Product Version
schneider-electric modicon_m580_bmep581020_firmware *
schneider-electric modicon_m580_bmeh586040_firmware *
schneider-electric modicon_m580_bmep582040_firmware *
schneider-electric modicon_m580_bmep586040_firmware *
schneider-electric modicon_m580_bmeh582040_firmware *
schneider-electric modicon_m580_bmep582020_firmware *
schneider-electric unity_pro *
schneider-electric modicon_m580_bmep582040s_firmware *
schneider-electric modicon_m580_bmep583040_firmware *
schneider-electric ecostruxure_control_expert *
schneider-electric modicon_m580_bmeh586040s_firmware *
schneider-electric modicon_m580_bmep585040_firmware *
schneider-electric ecostruxure_control_expert 14.1
schneider-electric modicon_m580_bmep584040_firmware *
schneider-electric modicon_m580_bmeh584040s_firmware *
schneider-electric modicon_m580_bmep584020_firmware *
schneider-electric modicon_m580_bmeh584040_firmware *
schneider-electric modicon_m580_bmep583020_firmware *
schneider-electric modicon_m340_bmxp341000_firmware *
schneider-electric modicon_m340_bmxp342020_firmware *
schneider-electric modicon_m580_bmep584040s_firmware *
schneider-electric modicon_m340_bmxp3420302_firmware *
schneider-electric modicon_m340_bmxp342000_firmware *
schneider-electric modicon_m340_bmxp3420102_firmware *
CVE-2019-6856 MEDIUM

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service when writing specific physical memory blocks using Modbus TCP.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-754,CWE-754,

Products Affected

Vendor Product Version
schneider-electric tsxp57354m_firmware *
schneider-electric tsxp57554m_firmware *
schneider-electric tsxp57254m_firmware *
schneider-electric tsxp576634m_firmware *
schneider-electric tsxp575634m_firmware *
schneider-electric 140cpu67160s_firmware *
schneider-electric tsxp57204m_firmware *
schneider-electric 140cpu67261_firmware *
schneider-electric 140cpu67260_firmware *
schneider-electric tsxp571634m_firmware *
schneider-electric 140cpu65150_firmware *
schneider-electric 140cpu67861_firmware *
schneider-electric tsxp57454m_firmware *
schneider-electric tsxp57304m_firmware *
schneider-electric 140cpu65160_firmware *
schneider-electric tsxp57154m_firmware *
schneider-electric modicon_m580_firmware *
schneider-electric 140cpu67160_firmware *
schneider-electric modicon_m340_firmware *
schneider-electric 140cpu65160s_firmware *
schneider-electric tsxp573634m_firmware *
schneider-electric tsxh5724m_firmware *
schneider-electric tsxp574634m_firmware *
schneider-electric tsxp572634m_firmware *
schneider-electric tsxh5744m_firmware *
schneider-electric tsxp57104m_firmware *
schneider-electric 140cpu65860_firmware *
schneider-electric 140cpu67060_firmware *
schneider-electric 140cpu65260_firmware *
CVE-2019-6857 MEDIUM

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service of the controller when reading specific memory blocks using Modbus TCP.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-754,CWE-754,

Products Affected

Vendor Product Version
schneider-electric tsxp57354m_firmware *
schneider-electric tsxp57554m_firmware *
schneider-electric tsxp57254m_firmware *
schneider-electric tsxp576634m_firmware *
schneider-electric tsxp575634m_firmware *
schneider-electric 140cpu67160s_firmware *
schneider-electric tsxp57204m_firmware *
schneider-electric 140cpu67261_firmware *
schneider-electric 140cpu67260_firmware *
schneider-electric tsxp571634m_firmware *
schneider-electric 140cpu65150_firmware *
schneider-electric 140cpu67861_firmware *
schneider-electric tsxp57454m_firmware *
schneider-electric tsxp57304m_firmware *
schneider-electric 140cpu65160_firmware *
schneider-electric tsxp57154m_firmware *
schneider-electric modicon_m580_firmware *
schneider-electric 140cpu67160_firmware *
schneider-electric modicon_m340_firmware *
schneider-electric 140cpu65160s_firmware *
schneider-electric tsxp573634m_firmware *
schneider-electric tsxh5724m_firmware *
schneider-electric tsxp574634m_firmware *
schneider-electric tsxp572634m_firmware *
schneider-electric tsxh5744m_firmware *
schneider-electric tsxp57104m_firmware *
schneider-electric 140cpu65860_firmware *
schneider-electric 140cpu67060_firmware *
schneider-electric 140cpu65260_firmware *
CVE-2019-6858 MEDIUM

A CWE-427:Uncontrolled Search Path Element vulnerability exists in MSX Configurator (Software Version prior to V1.0.8.1), which could cause privilege escalation when injecting a malicious DLL.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-427,CWE-427,

Products Affected

Vendor Product Version
schneider-electric msx_configurator *
CVE-2019-6859 MEDIUM

A CWE-798: Use of Hardcoded Credentials vulnerability exists in Modicon Controllers (All versions of the following CPUs and Communication Module product references listed in the Security Notifications), which could cause the disclosure of FTP hardcoded credentials when using the Web server of the controller on an unsecure network.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-798,CWE-798,

Products Affected

Vendor Product Version
schneider-electric bmx_noc_0401_firmware *
schneider-electric 140_noe_771x1_firmware *
schneider-electric 140_noc_77101_firmware *
schneider-electric bmx_noe_0100_firmware *
schneider-electric bmx_noe_0110_firmware *
schneider-electric tsx_ety_x103_firmware *
schneider-electric tsx_p57x_firmware *
schneider-electric 140_cpu6x_firmware *
schneider-electric 140_noc_78x00_firmware *
schneider-electric bmx_p34x_firmware *
CVE-2020-10626 MEDIUM

In Fazecast jSerialComm, Version 2.2.2 and prior, an uncontrolled search path element vulnerability could allow a malicious DLL file with the same name of any resident DLLs inside the software installation to execute arbitrary code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-427,CWE-427,

Products Affected

Vendor Product Version
schneider-electric ecostruxure_it_gateway *
fazecast jserialcomm *
schneider-electric ecostruxure_it_gateway 1.7.0.64
CVE-2020-25176 HIGH

Some commands used by the Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x eXchange Layer (IXL) protocol perform various file operations in the file system. Since the parameter pointing to the file name is not checked for reserved characters, it is possible for a remote, unauthenticated attacker to traverse an application’s directory, which could lead to remote code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
ics-cert@hq.dhs.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 2.3 6.0
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-23,CWE-22,

Products Affected

Vendor Product Version
schneider-electric pacis_gtw_firmware 6.1
schneider-electric pacis_gtw_firmware 5.2
schneider-electric pacis_gtw_firmware 6.3
rockwellautomation isagraf_free_runtime *
rockwellautomation micro820_firmware -
rockwellautomation isagraf_runtime *
schneider-electric epas_gtw_firmware 6.4
schneider-electric saitel_dr_firmware *
schneider-electric easergy_c5_firmware *
schneider-electric pacis_gtw_firmware 5.1
rockwellautomation micro870_firmware -
schneider-electric scd2200_firmware *
rockwellautomation aadvance_controller *
rockwellautomation micro810_firmware -
rockwellautomation micro850_firmware -
schneider-electric easergy_t300_firmware *
schneider-electric micom_c264_firmware *
rockwellautomation micro830_firmware -
xylem multismart_firmware *
schneider-electric saitel_dp_firmware *
CVE-2020-25178 HIGH

ISaGRAF Workbench communicates with Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x using TCP/IP. This communication protocol provides various file system operations, as well as the uploading of applications. Data is transferred over this protocol unencrypted, which could allow a remote unauthenticated attacker to upload, read, and delete files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9
ics-cert@hq.dhs.gov 7.5 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H 1.6 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-319,CWE-319,

Products Affected

Vendor Product Version
schneider-electric pacis_gtw_firmware 6.1
schneider-electric pacis_gtw_firmware 5.2
schneider-electric pacis_gtw_firmware 6.3
rockwellautomation isagraf_free_runtime *
rockwellautomation micro820_firmware -
rockwellautomation isagraf_runtime *
schneider-electric epas_gtw_firmware 6.4
schneider-electric saitel_dr_firmware *
schneider-electric easergy_c5_firmware *
schneider-electric pacis_gtw_firmware 5.1
rockwellautomation micro870_firmware -
schneider-electric scd2200_firmware *
rockwellautomation aadvance_controller *
rockwellautomation micro810_firmware -
rockwellautomation micro850_firmware -
schneider-electric easergy_t300_firmware *
schneider-electric micom_c264_firmware *
rockwellautomation micro830_firmware -
xylem multismart_firmware *
schneider-electric saitel_dp_firmware *
CVE-2020-25180 MEDIUM

Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x includes the functionality of setting a password that is required to execute privileged commands. The password value passed to ISaGRAF Runtime is the result of encryption performed with a fixed key value using the tiny encryption algorithm (TEA) on an entered or saved password. A remote, unauthenticated attacker could pass their own encrypted password to the ISaGRAF 5 Runtime, which may result in information disclosure on the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
ics-cert@hq.dhs.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N 1.6 3.6
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-321,CWE-798,

Products Affected

Vendor Product Version
schneider-electric pacis_gtw_firmware 6.1
schneider-electric pacis_gtw_firmware 5.2
schneider-electric pacis_gtw_firmware 6.3
rockwellautomation isagraf_free_runtime *
rockwellautomation micro820_firmware -
rockwellautomation isagraf_runtime *
schneider-electric epas_gtw_firmware 6.4
schneider-electric saitel_dr_firmware *
schneider-electric easergy_c5_firmware *
schneider-electric pacis_gtw_firmware 5.1
rockwellautomation micro870_firmware -
schneider-electric scd2200_firmware *
rockwellautomation aadvance_controller *
rockwellautomation micro810_firmware -
rockwellautomation micro850_firmware -
schneider-electric easergy_t300_firmware *
schneider-electric micom_c264_firmware *
rockwellautomation micro830_firmware -
xylem multismart_firmware *
schneider-electric saitel_dp_firmware *
CVE-2020-25182 MEDIUM

Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x searches for and loads DLLs as dynamic libraries. Uncontrolled loading of dynamic libraries could allow a local, unauthenticated attacker to execute arbitrary code. This vulnerability only affects ISaGRAF Runtime when running on Microsoft Windows systems.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
ics-cert@hq.dhs.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-427,CWE-427,

Products Affected

Vendor Product Version
schneider-electric pacis_gtw_firmware 6.1
schneider-electric pacis_gtw_firmware 5.2
schneider-electric pacis_gtw_firmware 6.3
rockwellautomation isagraf_free_runtime *
rockwellautomation micro820_firmware -
rockwellautomation isagraf_runtime *
schneider-electric epas_gtw_firmware 6.4
schneider-electric saitel_dr_firmware *
schneider-electric easergy_c5_firmware *
schneider-electric pacis_gtw_firmware 5.1
rockwellautomation micro870_firmware -
schneider-electric scd2200_firmware *
rockwellautomation aadvance_controller *
rockwellautomation micro810_firmware -
rockwellautomation micro850_firmware -
schneider-electric easergy_t300_firmware *
schneider-electric micom_c264_firmware *
rockwellautomation micro830_firmware -
xylem multismart_firmware *
schneider-electric saitel_dp_firmware *
CVE-2020-25184 LOW

Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x stores the password in plaintext in a file that is in the same directory as the executable file. ISaGRAF Runtime reads the file and saves the data in a variable without any additional modification. A local, unauthenticated attacker could compromise the user passwords, resulting in information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
ics-cert@hq.dhs.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-256,CWE-522,

Products Affected

Vendor Product Version
schneider-electric pacis_gtw_firmware 6.1
schneider-electric pacis_gtw_firmware 5.2
schneider-electric pacis_gtw_firmware 6.3
rockwellautomation isagraf_free_runtime *
rockwellautomation micro820_firmware -
rockwellautomation isagraf_runtime *
schneider-electric epas_gtw_firmware 6.4
schneider-electric saitel_dr_firmware *
schneider-electric easergy_c5_firmware *
schneider-electric pacis_gtw_firmware 5.1
rockwellautomation micro870_firmware -
schneider-electric scd2200_firmware *
rockwellautomation aadvance_controller *
rockwellautomation micro810_firmware -
rockwellautomation micro850_firmware -
schneider-electric easergy_t300_firmware *
schneider-electric micom_c264_firmware *
rockwellautomation micro830_firmware -
xylem multismart_firmware *
schneider-electric saitel_dp_firmware *
CVE-2020-28209 MEDIUM

A CWE-428 Windows Unquoted Search Path vulnerability exists in EcoStruxure Building Operation Enterprise Server installer V1.9 - V3.1 and Enterprise Central installer V2.0 - V3.1 that could cause any local Windows user who has write permission on at least one of the subfolders of the Connect Agent service binary path, being able to gain the privilege of the user who started the service. By default, the Enterprise Server and Enterprise Central is always installed at a location requiring Administrator privileges so the vulnerability is only valid if the application has been installed on a non-secure location.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.0 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.0 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-428,

Products Affected

Vendor Product Version
schneider-electric enterprise_server_installer *
CVE-2020-28210 MEDIUM

A CWE-79 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) vulnerability exists in EcoStruxure Building Operation WebStation V2.0 - V3.1 that could cause an attacker to inject HTML and JavaScript code into the user's browser.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
schneider-electric ecostruxure_building_operation *
CVE-2020-28211 MEDIUM

A CWE-863: Incorrect Authorization vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause bypass of authentication when overwriting memory using a debugger.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-863,

Products Affected

Vendor Product Version
schneider-electric ecostruxure_control_expert *
CVE-2020-28212 HIGH

A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause unauthorized command execution when a brute force attack is done over Modbus.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-307,

Products Affected

Vendor Product Version
schneider-electric ecostruxure_control_expert *
CVE-2020-28213 MEDIUM

A CWE-494: Download of Code Without Integrity Check vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause unauthorized command execution when sending specially crafted requests over Modbus.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-494,

Products Affected

Vendor Product Version
schneider-electric ecostruxure_control_expert *
CVE-2020-28214 LOW

A CWE-760: Use of a One-Way Hash with a Predictable Salt vulnerability exists in Modicon M221 (all references, all versions), that could allow an attacker to pre-compute the hash value using dictionary attack technique such as rainbow tables, effectively disabling the protection that an unpredictable salt would provide.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-760,

Products Affected

Vendor Product Version
schneider-electric modicon_m221_firmware *
CVE-2020-28215 HIGH

A CWE-862: Missing Authorization vulnerability exists in Easergy T300 (firmware 2.7 and older), that could cause a wide range of problems, including information exposures, denial of service, and arbitrary code execution when access control checks are not applied consistently.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-862,

Products Affected

Vendor Product Version
schneider-electric easergy_t300_firmware *
CVE-2020-28216 MEDIUM

A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Easergy T300 (firmware 2.7 and older), that would allow an attacker to read network traffic over HTTP protocol.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-311,

Products Affected

Vendor Product Version
schneider-electric easergy_t300_firmware *
CVE-2020-28217 MEDIUM

A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Easergy T300 (firmware 2.7 and older), that would allow an attacker to read network traffic over HTTP protocol.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-311,

Products Affected

Vendor Product Version
schneider-electric easergy_t300_firmware *
CVE-2020-28218 MEDIUM

A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists in Easergy T300 (firmware 2.7 and older), that would allow an attacker to trick a user into initiating an unintended action.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-1021,

Products Affected

Vendor Product Version
schneider-electric easergy_t300_firmware *
CVE-2020-28219 LOW

A CWE-522: Insufficiently Protected Credentials vulnerability exists in EcoStruxure Geo SCADA Expert 2019 (Original release and Monthly Updates to September 2020, from 81.7268.1 to 81.7578.1) and EcoStruxure Geo SCADA Expert 2020 (Original release and Monthly Updates to September 2020, from 83.7551.1 to 83.7578.1), that could cause exposure of credentials to server-side users when web users are logged in to Virtual ViewX.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: LOW

Problem Type: CWE-522,

Products Affected

Vendor Product Version
schneider-electric ecostruxure_geo_scada_expert_2019 *
schneider-electric ecostruxure_geo_scada_expert_2020 *
CVE-2020-28220 MEDIUM

A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Modicon M258 Firmware (All versions prior to V5.0.4.11) and SoMachine/SoMachine Motion software (All versions), that could cause a buffer overflow when the length of a file transferred to the webserver is not verified.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
schneider-electric somachine *
schneider-electric somachine_motion *
schneider-electric modicon_m258_firmware *
CVE-2020-28221 HIGH

A CWE-20: Improper Input Validation vulnerability exists in EcoStruxure™ Operator Terminal Expert and Pro-face BLUE (version details in the notification) that could cause arbitrary code execution when the Ethernet Download feature is enable on the HMI.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
schneider-electric pro-face_blue 3.1
schneider-electric ecostruxure_operator_terminal_expert 3.1
CVE-2020-7474 MEDIUM

A CWE-427: Uncontrolled Search Path Element vulnerability exists in ProSoft Configurator (v1.002 and prior), for the PMEPXM0100 (H) module, which could cause the execution of untrusted code when using double click to open a project file which may trigger execution of a malicious DLL.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-427,CWE-427,

Products Affected

Vendor Product Version
schneider-electric pmepxm0100_prosoft_configurator *
CVE-2020-7475 HIGH

A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'), reflective DLL, vulnerability exists in EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions), Modicon M340 (all versions prior to V3.20), Modicon M580 (all versions prior to V3.10), which, if exploited, could allow attackers to transfer malicious code to the controller.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-74,CWE-74,

Products Affected

Vendor Product Version
schneider-electric ecostruxure_control_expert *
schneider-electric modicon_m580_firmware *
schneider-electric modicon_m340_firmware *
schneider-electric unity_pro *
CVE-2020-7476 MEDIUM

A CWE-426: Untrusted Search Path vulnerability exists in ZigBee Installation Kit (Versions prior to 1.0.1), which could cause execution of malicious code when a malicious file is put in the search path.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-426,CWE-426,

Products Affected

Vendor Product Version
schneider-electric ulti_zigbee_installation_toolkit *
CVE-2020-7477 MEDIUM

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Quantum Ethernet Network module 140NOE771x1 (Versions 7.0 and prior), Quantum processors with integrated Ethernet – 140CPU65xxxxx (all Versions), and Premium processors with integrated Ethernet (all Versions), which could cause a Denial of Service when sending a specially crafted command over Modbus.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-754,CWE-754,

Products Affected

Vendor Product Version
schneider-electric tsxp57554m_firmware *
schneider-electric tsxp57254m_firmware *
schneider-electric tsxp576634m_firmware *
schneider-electric tsxp575634m_firmware *
schneider-electric 140cpu67160s_firmware *
schneider-electric tsxp57204m_firmware *
schneider-electric 140cpu67261_firmware *
schneider-electric 140cpu67260_firmware *
schneider-electric tsxp571634m_firmware *
schneider-electric 140noe77101_firmware *
schneider-electric 140cpu65150_firmware *
schneider-electric 140cpu67861_firmware *
schneider-electric tsxp57454m_firmware *
schneider-electric tsxp57304m_firmware *
schneider-electric 140cpu65160_firmware *
schneider-electric tsxp57154m_firmware *
schneider-electric 140cpu67160_firmware *
schneider-electric 140cpu65160s_firmware *
schneider-electric tsxp573634m_firmware *
schneider-electric 140noe77111_firmware *
schneider-electric tsxh5724m_firmware *
schneider-electric tsxp574634m_firmware *
schneider-electric tsxp572634m_firmware *
schneider-electric tsxh5744m_firmware *
schneider-electric tsxp57104m_firmware *
schneider-electric 140cpu65860_firmware *
schneider-electric 140cpu67060_firmware *
schneider-electric 140cpu65260_firmware *
CVE-2020-7478 MEDIUM

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory exists in IGSS (Versions 14 and prior using the service: IGSSupdate), which could allow a remote unauthenticated attacker to read arbitrary files from the IGSS server PC on an unrestricted or shared network when the IGSS Update Service is enabled.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,CWE-22,

Products Affected

Vendor Product Version
schneider-electric interactive_graphical_scada_system *
CVE-2020-7479 MEDIUM

A CWE-306: Missing Authentication for Critical Function vulnerability exists in IGSS (Versions 14 and prior using the service: IGSSupdate), which could allow a local user to execute processes that otherwise require escalation privileges when sending local network commands to the IGSS Update Service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-306,CWE-306,

Products Affected

Vendor Product Version
schneider-electric interactive_graphical_scada_system *
CVE-2020-7480 HIGH

A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists in Andover Continuum (All versions), which could cause files on the application server filesystem to be viewable when an attacker interferes with an application's processing of XML data.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-94,CWE-94,

Products Affected

Vendor Product Version
schneider-electric andover_continuum_9940_firmware *
schneider-electric andover_continuum_bcx4040_firmware *
schneider-electric andover_continuum_9680_firmware *
schneider-electric andover_continuum_9941_firmware *
schneider-electric andover_continuum_9200_firmware *
schneider-electric andover_continuum_5720_firmware *
schneider-electric andover_continuum_5740_firmware *
schneider-electric andover_continuum_bcx9640_firmware *
schneider-electric andover_continuum_9924_firmware *
schneider-electric andover_continuum_9900_firmware *
schneider-electric andover_continuum_9702_firmware *
CVE-2020-7481 MEDIUM

A CWE-79:Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists Andover Continuum (All versions), which could enable a successful Cross-site Scripting (XSS attack) when using the products' web server.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
schneider-electric andover_continuum_9940_firmware *
schneider-electric andover_continuum_bcx4040_firmware *
schneider-electric andover_continuum_9680_firmware *
schneider-electric andover_continuum_9941_firmware *
schneider-electric andover_continuum_9200_firmware *
schneider-electric andover_continuum_5720_firmware *
schneider-electric andover_continuum_5740_firmware *
schneider-electric andover_continuum_bcx9640_firmware *
schneider-electric andover_continuum_9924_firmware *
schneider-electric andover_continuum_9900_firmware *
schneider-electric andover_continuum_9702_firmware *
CVE-2020-7482 MEDIUM

A CWE-79:Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists Andover Continuum (All versions), which could cause a Reflective Cross-site Scripting (XSS attack) when using the products' web server.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
schneider-electric andover_continuum_9940_firmware *
schneider-electric andover_continuum_bcx4040_firmware *
schneider-electric andover_continuum_9680_firmware *
schneider-electric andover_continuum_9941_firmware *
schneider-electric andover_continuum_9200_firmware *
schneider-electric andover_continuum_5720_firmware *
schneider-electric andover_continuum_5740_firmware *
schneider-electric andover_continuum_bcx9640_firmware *
schneider-electric andover_continuum_9924_firmware *
schneider-electric andover_continuum_9900_firmware *
schneider-electric andover_continuum_9702_firmware *
CVE-2020-7483 MEDIUM

**VERSION NOT SUPPORTED WHEN ASSIGNED** A vulnerability could cause certain data to be visible on the network when the 'password' feature is enabled. This vulnerability was discovered in and remediated in versions v4.9.1 and v4.10.1 on May 30, 2013. The 'password' feature is an additional optional check performed by TS1131 that it is connected to a specific controller. This data is sent as clear text and is visible on the network. This feature is not present in TriStation 1131 versions v4.9.1 and v4.10.1 through current. Therefore, the vulnerability is not present in these versions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-319,

Products Affected

Vendor Product Version
schneider-electric tristation_1131 *
CVE-2020-7484 MEDIUM

**VERSION NOT SUPPORTED WHEN ASSIGNED** A vulnerability with the former 'password' feature could allow a denial of service attack if the user is not following documented guidelines pertaining to dedicated TriStation connection and key-switch protection. This vulnerability was discovered and remediated in versions v4.9.1 and v4.10.1 on May 30, 2013. This feature is not present in version v4.9.1 and v4.10.1 through current. Therefore, the vulnerability is not present in these versions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
schneider-electric tristation_1131 *
CVE-2020-7485 HIGH

**VERSION NOT SUPPORTED WHEN ASSIGNED** A legacy support account in the TriStation software version v4.9.0 and earlier could cause improper access to the TriStation host machine. This was addressed in TriStation version v4.9.1 and v4.10.1 released on May 30, 2013.1

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
schneider-electric tristation_1131 4.10.0
schneider-electric tristation_1131 *
schneider-electric tristation_1131 4.12.0
CVE-2020-7486 MEDIUM

**VERSION NOT SUPPORTED WHEN ASSIGNED** A vulnerability could cause TCM modules to reset when under high network load in TCM v10.4.x and in system v10.3.x. This vulnerability was discovered and remediated in version v10.5.x on August 13, 2009. TCMs from v10.5.x and on will no longer exhibit this behavior.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,

Products Affected

Vendor Product Version
schneider-electric tricon_tcm_4351a_firmware 10.4.x
schneider-electric tricon_tcm_4352_firmware 10.4.x
schneider-electric tricon_tcm_4351a_firmware 10.3.x
schneider-electric tricon_tcm_4352b_firmware 10.4.x
schneider-electric tricon_tcm_4352_firmware 10.3.x
schneider-electric tricon_tcm_4352b_firmware 10.3.x
schneider-electric tricon_tcm_4352a_firmware 10.3.x
schneider-electric tricon_tcm_4352a_firmware 10.4.x
schneider-electric tricon_tcm_4351b_firmware 10.3.x
schneider-electric tricon_tcm_4351_firmware 10.3.x
schneider-electric tricon_tcm_4351_firmware 10.4.x
schneider-electric tricon_tcm_4351b_firmware 10.4.x
CVE-2020-7487 HIGH

A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists which could allow the attacker to execute malicious code on the Modicon M218, M241, M251, and M258 controllers.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-345,CWE-345,

Products Affected

Vendor Product Version
schneider-electric modicon_m251_firmware *
schneider-electric somachine *
schneider-electric somachine_motion *
schneider-electric modicon_m258_firmware *
schneider-electric modicon_m218_firmware *
schneider-electric ecostruxure_machine_expert *
schneider-electric modicon_m241_firmware *
CVE-2020-7488 MEDIUM

A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists which could leak sensitive information transmitted between the software and the Modicon M218, M241, M251, and M258 controllers.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-319,CWE-319,

Products Affected

Vendor Product Version
schneider-electric modicon_m251_firmware *
schneider-electric somachine *
schneider-electric somachine_motion *
schneider-electric modicon_m258_firmware *
schneider-electric modicon_m218_firmware *
schneider-electric ecostruxure_machine_expert *
schneider-electric modicon_m241_firmware *
CVE-2020-7489 HIGH

A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability exists on EcoStruxure Machine Expert – Basic or SoMachine Basic programming software (versions in security notification). The result of this vulnerability, DLL substitution, could allow the transference of malicious code to the controller.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-74,CWE-74,

Products Affected

Vendor Product Version
schneider-electric modicon_m221_firmware *
schneider-electric modicon_m200_firmware *
schneider-electric ecostruxure_machine_expert *
schneider-electric modicon_m100_firmware *
schneider-electric somachine_basic *
CVE-2020-7490 MEDIUM

A CWE-426: Untrusted Search Path vulnerability exists in Vijeo Designer Basic (V1.1 HotFix 15 and prior) and Vijeo Designer (V6.9 SP9 and prior), which could cause arbitrary code execution on the system running Vijeo Basic when a malicious DLL library is loaded by the Product.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-426,CWE-426,

Products Affected

Vendor Product Version
schneider-electric vijeo_designer 6.9
schneider-electric vijeo_designer 1.1
schneider-electric vijeo_designer *
CVE-2020-7491 MEDIUM

**VERSION NOT SUPPORTED WHEN ASSIGNED** A legacy debug port account in TCMs installed in Tricon system versions 10.2.0 through 10.5.3 is visible on the network and could allow inappropriate access. This vulnerability was remediated in TCM version 10.5.4.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
schneider-electric tricon_tcm_4351a_firmware *
schneider-electric tricon_tcm_4351b_firmware *
schneider-electric tricon_tcm_4351_firmware *
schneider-electric tricon_tcm_4352b_firmware *
schneider-electric tricon_tcm_4352_firmware *
schneider-electric tricon_tcm_4352a_firmware *
schneider-electric tristation_1131_firmware *
CVE-2020-7492 MEDIUM

A CWE-521: Weak Password Requirements vulnerability exists in the GP-Pro EX V1.00 to V4.09.100 which could cause the discovery of the password when the user is entering the password because it is not masqueraded.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-521,CWE-521,

Products Affected

Vendor Product Version
schneider-electric gp-pro_ex_firmware *
CVE-2020-7493 MEDIUM

A CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD) which could cause malicious code execution when opening the project file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,CWE-89,

Products Affected

Vendor Product Version
schneider-electric ecostruxure_operator_terminal_expert *
schneider-electric ecostruxure_operator_terminal_expert 3.1
CVE-2020-7494 MEDIUM

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD) which could cause malicious code execution when opening the project file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,CWE-22,

Products Affected

Vendor Product Version
schneider-electric ecostruxure_operator_terminal_expert *
schneider-electric ecostruxure_operator_terminal_expert 3.1
CVE-2020-7495 MEDIUM

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability during zip file extraction exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD) which could cause unauthorized write access outside of expected path folder when opening the project file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,CWE-22,

Products Affected

Vendor Product Version
schneider-electric ecostruxure_operator_terminal_expert *
schneider-electric ecostruxure_operator_terminal_expert 3.1
CVE-2020-7497 HIGH

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD)which could cause arbitrary application execution when the computer starts.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-22,CWE-22,

Products Affected

Vendor Product Version
schneider-electric ecostruxure_operator_terminal_expert *
schneider-electric ecostruxure_operator_terminal_expert 3.1
CVE-2020-7498 HIGH

A CWE-798: Use of Hard-coded Credentials vulnerability exists in the Unity Loader and OS Loader Software (all versions). The fixed credentials are used to simplify file transfer. Today the use of fixed credentials is considered a vulnerability, which could cause unauthorized access to the file transfer service provided by the Modicon PLCs. This could result in various unintended results.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-798,CWE-798,

Products Affected

Vendor Product Version
schneider-electric os_loader *
schneider-electric unity_loader *
CVE-2020-7499 MEDIUM

A CWE-863: Incorrect Authorization vulnerability exists in U.motion Servers and Touch Panels (affected versions listed in the security notification) which could cause unauthorized access when a low privileged user makes unauthorized changes.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-863,CWE-863,

Products Affected

Vendor Product Version
schneider-electric mtn6501-0001_firmware *
schneider-electric mtn6501-0002_firmware *
schneider-electric mtn6260-0310_firmware *
schneider-electric mtn6260-0410_firmware *
schneider-electric mtn6260-0315_firmware *
schneider-electric mtn6260-0415_firmware *
CVE-2020-7500 HIGH

A CWE-89:Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability exists in U.motion Servers and Touch Panels (affected versions listed in the security notification) which could cause arbitrary code to be executed when a malicious command is entered.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,CWE-89,

Products Affected

Vendor Product Version
schneider-electric mtn6501-0001_firmware *
schneider-electric mtn6501-0002_firmware *
schneider-electric mtn6260-0310_firmware *
schneider-electric mtn6260-0410_firmware *
schneider-electric mtn6260-0315_firmware *
schneider-electric mtn6260-0415_firmware *
CVE-2020-7501 MEDIUM

A CWE-798: Use of Hard-coded Credentials vulnerability exists in Vijeo Designer Basic (V1.1 HotFix 16 and prior) and Vijeo Designer (V6.2 SP9 and prior) which could cause unauthorized read and write when downloading and uploading project or firmware into Vijeo Designer Basic and Vijeo Designer.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-798,CWE-798,

Products Affected

Vendor Product Version
schneider-electric vijeo_designer 6.9
schneider-electric vijeo_designer 1.1
schneider-electric vijeo_designer *
CVE-2020-7502 MEDIUM

A CWE-787: Out-of-bounds Write vulnerability exists in Modicon M218 Logic Controller (Firmware version 4.3 and prior), which may cause a Denial of Service when specific TCP/IP crafted packets are sent to the Modicon M218 Logic Controller.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,CWE-787,

Products Affected

Vendor Product Version
schneider-electric modicon_m218_firmware *
CVE-2020-7503 MEDIUM

A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to execute malicious commands on behalf of a legitimate user when xsrf-token data is intercepted.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,CWE-352,

Products Affected

Vendor Product Version
schneider-electric easergy_t300_firmware *
CVE-2020-7504 MEDIUM

A CWE-20: Improper Input Validation vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to disable the webserver service on the device when specially crafted network packets are sent.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,CWE-20,

Products Affected

Vendor Product Version
schneider-electric easergy_t300_firmware *
CVE-2020-7505 HIGH

A CWE-494 Download of Code Without Integrity Check vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to inject data with dangerous content into the firmware and execute arbitrary code on the system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-494,CWE-494,

Products Affected

Vendor Product Version
schneider-electric easergy_t300_firmware *
CVE-2020-7506 MEDIUM

A CWE-200: Information Exposure vulnerability exists in Easergy T300, Firmware V1.5.2 and prior, which could allow an attacker to pack or unpack the archive with the firmware for the controller and modules using the usual tar archiver resulting in an information exposure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,CWE-200,

Products Affected

Vendor Product Version
schneider-electric easergy_t300_firmware *
CVE-2020-7507 MEDIUM

A CWE-400: Uncontrolled Resource Consumption vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to login multiple times resulting in a denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,CWE-400,

Products Affected

Vendor Product Version
schneider-electric easergy_t300_firmware *
CVE-2020-7508 MEDIUM

A CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to gain full access by brute force.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-307,CWE-307,

Products Affected

Vendor Product Version
schneider-electric easergy_t300_firmware *
CVE-2020-7509 MEDIUM

A CWE-269: Improper privilege management (write) vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to elevate their privileges and delete files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-269,CWE-269,

Products Affected

Vendor Product Version
schneider-electric easergy_t300_firmware *
CVE-2020-7510 MEDIUM

A CWE-200: Information Exposure vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow attacker to obtain private keys.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,CWE-200,

Products Affected

Vendor Product Version
schneider-electric easergy_t300_firmware *
CVE-2020-7511 MEDIUM

A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to acquire a password by brute force.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-327,CWE-327,

Products Affected

Vendor Product Version
schneider-electric easergy_t300_firmware *
CVE-2020-7512 HIGH

A CWE-1103: Use of Platform-Dependent Third Party Components with vulnerabilities vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to exploit the component.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-1103,NVD-CWE-Other,

Products Affected

Vendor Product Version
schneider-electric easergy_t300_firmware *
CVE-2020-7513 MEDIUM

A CWE-312: Cleartext Storage of Sensitive Information vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to intercept traffic and read configuration data.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-312,CWE-312,

Products Affected

Vendor Product Version
schneider-electric easergy_t300_firmware *
CVE-2020-7514 MEDIUM

A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker access to the authorization credentials for a device and gain full access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-327,CWE-327,

Products Affected

Vendor Product Version
schneider-electric easergy_builder *
CVE-2020-7515 LOW

A CWE-321: Use of hard-coded cryptographic key stored in cleartext vulnerability exists in Easergy Builder V1.4.7.2 and prior which could allow an attacker to decrypt a password.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: LOW

Problem Type: CWE-798,CWE-798,

Products Affected

Vendor Product Version
schneider-electric easergy_builder *
CVE-2020-7516 LOW

A CWE-316: Cleartext Storage of Sensitive Information in Memory vulnerability exists in Easergy Builder V1.4.7.2 and prior which could allow an attacker access to login credentials.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: LOW

Problem Type: CWE-312,CWE-312,

Products Affected

Vendor Product Version
schneider-electric easergy_builder *
CVE-2020-7517 LOW

A CWE-312: Cleartext Storage of Sensitive Information vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker to read user credentials.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-312,CWE-312,

Products Affected

Vendor Product Version
schneider-electric easergy_builder *
CVE-2020-7518 MEDIUM

A CWE-20: Improper input validation vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker to modify project configuration files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,CWE-20,

Products Affected

Vendor Product Version
schneider-electric easergy_builder *
CVE-2020-7519 MEDIUM

A CWE-521: Weak Password Requirements vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker to compromise a user account.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-521,CWE-521,

Products Affected

Vendor Product Version
schneider-electric easergy_builder *
CVE-2020-7520 MEDIUM

A CWE-601: URL Redirection to Untrusted Site ('Open Redirect') vulnerability exists in Schneider Electric Software Update (SESU), V2.4.0 and prior, which could cause execution of malicious code on the victim's machine. In order to exploit this vulnerability, an attacker requires privileged access on the engineering workstation to modify a Windows registry key which would divert all traffic updates to go through a server in the attacker's possession. A man-in-the-middle attack is then used to complete the exploit.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.7 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N 1.6 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-601,CWE-601,

Products Affected

Vendor Product Version
schneider-electric software_update_utility *
CVE-2020-7521 HIGH

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in SFAPV9601 - APC Easy UPS On-Line Software (V2.0 and earlier) when accessing a vulnerable method of `FileUploadServlet` which may lead to uploading executable files to non-specified directories.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-22,

Products Affected

Vendor Product Version
schneider-electric apc_easy_ups_online_software *
CVE-2020-7522 HIGH

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in SFAPV9601 - APC Easy UPS On-Line Software (V2.0 and earlier) when accessing a vulnerable method of `SoundUploadServlet` which may lead to uploading executable files to non-specified directories.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-22,

Products Affected

Vendor Product Version
schneider-electric apc_easy_ups_online_software *
CVE-2020-7523 MEDIUM

Improper Privilege Management vulnerability exists in Schneider Electric Modbus Serial Driver (see security notification for versions) which could cause local privilege escalation when the Modbus Serial Driver service is invoked. The driver does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H 1.1 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-269,

Products Affected

Vendor Product Version
schneider-electric modbus_driver_suite *
schneider-electric modbus_serial_driver *
CVE-2020-7524 MEDIUM

Out-of-bounds Write vulnerability exists in Modicon M218 Logic Controller (V5.0.0.7 and prior) which could cause Denial of Service when sending specific crafted IPV4 packet to the controller: Sending a specific IPv4 protocol package to Schneider Electric Modicon M218 Logic Controller can cause IPv4 devices to go down. The device does not work properly and must be powered back on to return to normal.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
schneider-electric modicon_m218_firmware *
CVE-2020-7525 MEDIUM

Improper Restriction of Excessive Authentication Attempts vulnerability exists in all hardware versions of spaceLYnk and Wiser for KNX (formerly homeLYnk) which could allow an attacker to guess a password when brute force is used.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-307,

Products Affected

Vendor Product Version
schneider-electric spacelynk_firmware *
schneider-electric wiser_for_knx_firmware *
CVE-2020-7527 MEDIUM

Incorrect Default Permission vulnerability exists in SoMove (V2.8.1) and prior which could cause elevation of privilege and provide full access control to local system users to SoMove component and services when a SoMove installer script is launched.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-276,

Products Affected

Vendor Product Version
schneider-electric somove *
CVE-2020-7528 MEDIUM

A CWE-502 Deserialization of Untrusted Data vulnerability exists in SCADAPack 7x Remote Connect (V3.6.3.574 and prior) which could allow arbitrary code execution when an attacker builds a custom .PRJ file containing a malicious serialized buffer.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-502,

Products Affected

Vendor Product Version
schneider-electric scadapack_7x_remote_connect *
CVE-2020-7529 MEDIUM

A CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Transversal') vulnerability exists in SCADAPack 7x Remote Connect (V3.6.3.574 and prior) which allows an attacker to place content in any unprotected folder on the target system using a crafted .RCZ file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
schneider-electric scadapack_7x_remote_connect *
CVE-2020-7530 MEDIUM

A CWE-285 Improper Authorization vulnerability exists in SCADAPack 7x Remote Connect (V3.6.3.574 and prior) which allows improper access to executable code folders.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-285,NVD-CWE-Other,

Products Affected

Vendor Product Version
schneider-electric scadapack_7x_remote_connect *
CVE-2020-7531 MEDIUM

A CWE-284 Improper Access Control vulnerability exists in SCADAPack 7x Remote Connect (V3.6.3.574 and prior) which allows an attacker to place executables in a specific folder and run code whenever RemoteConnect is executed by the user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-284,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
schneider-electric scadapack_7x_remote_connect *
CVE-2020-7532 MEDIUM

A CWE-502 Deserialization of Untrusted Data vulnerability exists in SCADAPack x70 Security Administrator (V1.2.0 and prior) which could allow arbitrary code execution when an attacker builds a custom .SDB file containing a malicious serialized buffer.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-502,CWE-502,

Products Affected

Vendor Product Version
schneider-electric scadapack_x70_security_administrator *
CVE-2020-7533 HIGH

CWE-287: Improper Authentication vulnerability exists which could cause the execution of commands on the webserver without authentication when sending specially crafted HTTP requests.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
schneider-electric tsxp575634_firmware *
schneider-electric 140noe77111_firmware *
schneider-electric tsxety4103_firmware *
schneider-electric bmxnoe0100_firmware *
schneider-electric tsxp574634_firmware *
schneider-electric tsxp576634_firmware *
schneider-electric 140noc77101_firmware *
schneider-electric modicon_m340_bmxp341000_firmware *
schneider-electric bmxnoe0110_firmware *
schneider-electric tsxety5103_firmware *
schneider-electric modicon_m340_bmxp3420302_firmware *
schneider-electric 140noc78000_firmware *
schneider-electric modicon_m340_bmxp342000_firmware *
schneider-electric modicon_m340_bmxp3420102_firmware *
schneider-electric bmxnoc0401_firmware *
schneider-electric 140cpu65260_firmware *
CVE-2020-7534 MEDIUM

A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists on the web server used, that could cause a leak of sensitive data or unauthorized actions on the web server during the time the user is logged in. Affected Products: Modicon M340 CPUs: BMXP34 (All Versions), Modicon Quantum CPUs with integrated Ethernet (Copro): 140CPU65 (All Versions), Modicon Premium CPUs with integrated Ethernet (Copro): TSXP57 (All Versions), Modicon M340 ethernet modules: (BMXNOC0401, BMXNOE01, BMXNOR0200H) (All Versions), Modicon Quantum and Premium factory cast communication modules: (140NOE77111, 140NOC78*00, TSXETY5103, TSXETY4103) (All Versions)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,CWE-352,

Products Affected

Vendor Product Version
schneider-electric 140noe77111_firmware *
schneider-electric bmxnoe01_firmware *
schneider-electric modicon_m340_bmxp342020_firmware *
schneider-electric tsxety4103_firmware *
schneider-electric tsxety5103_firmware *
schneider-electric tsxp57_firmware *
schneider-electric 140noc78000_firmware *
schneider-electric bmxnor0200h_firmware *
schneider-electric bmxnoc0401_firmware *
schneider-electric 140cpu65_firmware *
CVE-2020-7535 MEDIUM

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal' Vulnerability Type) vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause disclosure of information when sending a specially crafted request to the controller over HTTP.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
schneider-electric tsxp575634_firmware *
schneider-electric 140noe77111_firmware *
schneider-electric modicon_m340_bmxp3420302cl_firmware *
schneider-electric tsxety4103_firmware *
schneider-electric bmxnoe0100_firmware *
schneider-electric 140noe77101_firmware *
schneider-electric 140cpu65150_firmware *
schneider-electric modicon_m340_bmxp3420102cl_firmware *
schneider-electric tsxp574634_firmware *
schneider-electric tsxp576634_firmware *
schneider-electric 140cpu65160_firmware *
schneider-electric 140noc77101_firmware *
schneider-electric 140noc78100_firmware *
schneider-electric modicon_m340_bmxp341000_firmware *
schneider-electric modicon_m340_bmxp342020_firmware *
schneider-electric bmxnoe0110_firmware *
schneider-electric tsxety5103_firmware *
schneider-electric modicon_m340_bmxp3420302_firmware *
schneider-electric 140noc78000_firmware *
schneider-electric modicon_m340_bmxp342000_firmware *
schneider-electric modicon_m340_bmxp3420102_firmware *
CVE-2020-7536 HIGH

A CWE-754:Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M340 CPUs (BMXP34* versions prior to V3.30) Modicon M340 Communication Ethernet modules (BMXNOE0100 (H) versions prior to V3.4 BMXNOE0110 (H) versions prior to V6.6 BMXNOR0200H all versions), that could cause the device to be unreachable when modifying network parameters over SNMP.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-754,

Products Affected

Vendor Product Version
schneider-electric modicon_m340_bmxp3420102cl_firmware *
schneider-electric modicon_m340_bmxp341000_firmware *
schneider-electric modicon_m340_bmxp342020_firmware *
schneider-electric modicon_m340_bmxp3420302cl_firmware *
schneider-electric bmxnoe0110_firmware *
schneider-electric modicon_m340_bmxp3420302_firmware *
schneider-electric modicon_m340_bmxp342000_firmware *
schneider-electric bmxnor0200h_firmware *
schneider-electric bmxnoe0100_firmware *
schneider-electric modicon_m340_bmxp3420102_firmware *
CVE-2020-7537 MEDIUM

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see security notifications for affected versions), that could cause denial of service when a specially crafted Read Physical Memory request over Modbus is sent to the controller.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-754,

Products Affected

Vendor Product Version
schneider-electric tsxp575634_firmware *
schneider-electric modicon_m580_bmep583040_firmware *
schneider-electric modicon_m340_bmxp3420302cl_firmware *
schneider-electric modicon_m580_bmep581020_firmware *
schneider-electric modicon_m580_bmep585040_firmware *
schneider-electric modicon_m580_bmep584040_firmware *
schneider-electric modicon_m580_bmep584020_firmware *
schneider-electric modicon_m580_bmep582040_firmware *
schneider-electric modicon_m580_bmep583020_firmware *
schneider-electric modicon_m340_bmxp3420102cl_firmware *
schneider-electric tsxp574634_firmware *
schneider-electric tsxp576634_firmware *
schneider-electric modicon_m580_bmep586040_firmware *
schneider-electric modicon_m340_bmxp341000_firmware *
schneider-electric modicon_m340_bmxp342020_firmware *
schneider-electric modicon_m580_bmep582020_firmware *
schneider-electric modicon_m340_bmxp3420302_firmware *
schneider-electric modicon_m340_bmxp342000_firmware *
schneider-electric modicon_m340_bmxp3420102_firmware *
CVE-2020-7538 MEDIUM

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause a crash of the PLC simulator present in EcoStruxureª Control Expert software when receiving a specially crafted request over Modbus.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-754,

Products Affected

Vendor Product Version
schneider-electric ecostruxure_control_expert *
CVE-2020-7539 MEDIUM

A CWE-754 Improper Check for Unusual or Exceptional Conditions vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause a denial of service vulnerability when a specially crafted packet is sent to the controller over HTTP.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-754,

Products Affected

Vendor Product Version
schneider-electric tsxp575634_firmware *
schneider-electric 140noe77111_firmware *
schneider-electric modicon_m340_bmxp3420302cl_firmware *
schneider-electric tsxety4103_firmware *
schneider-electric bmxnoe0100_firmware *
schneider-electric 140cpu65150_firmware *
schneider-electric modicon_m340_bmxp3420102cl_firmware *
schneider-electric tsxp574634_firmware *
schneider-electric tsxp576634_firmware *
schneider-electric 140noc77101_firmware *
schneider-electric 140noc78100_firmware *
schneider-electric modicon_m340_bmxp341000_firmware *
schneider-electric modicon_m340_bmxp342020_firmware *
schneider-electric bmxnoe0110_firmware *
schneider-electric tsxety5103_firmware *
schneider-electric modicon_m340_bmxp3420302_firmware *
schneider-electric 140noc78000_firmware *
schneider-electric modicon_m340_bmxp342000_firmware *
schneider-electric modicon_m340_bmxp3420102_firmware *
schneider-electric bmxnoc0401_firmware *
CVE-2020-7540 HIGH

A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause unauthenticated command execution in the controller when sending special HTTP requests.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-306,

Products Affected

Vendor Product Version
schneider-electric bmxnor200h_firmware *
schneider-electric tsxp575634_firmware *
schneider-electric 140noe77111_firmware *
schneider-electric modicon_m340_bmxp3420302cl_firmware *
schneider-electric tsxety4103_firmware *
schneider-electric bmxnoe0100_firmware *
schneider-electric 140noe77101_firmware *
schneider-electric 140cpu65150_firmware *
schneider-electric modicon_m340_bmxp3420102cl_firmware *
schneider-electric tsxp574634_firmware *
schneider-electric tsxp576634_firmware *
schneider-electric 140cpu65160_firmware *
schneider-electric 140noc77101_firmware *
schneider-electric 140noc78100_firmware *
schneider-electric modicon_m340_bmxp341000_firmware *
schneider-electric modicon_m340_bmxp342020_firmware *
schneider-electric bmxnoe0110_firmware *
schneider-electric tsxety5103_firmware *
schneider-electric modicon_m340_bmxp3420302_firmware *
schneider-electric 140noc78000_firmware *
schneider-electric modicon_m340_bmxp342000_firmware *
schneider-electric modicon_m340_bmxp3420102_firmware *
schneider-electric bmxnoc0401_firmware *
CVE-2020-7541 MEDIUM

A CWE-425: Direct Request ('Forced Browsing') vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause disclosure of sensitive data when sending a specially crafted request to the controller over HTTP.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-425,

Products Affected

Vendor Product Version
schneider-electric tsxp575634_firmware *
schneider-electric 140noe77111_firmware *
schneider-electric modicon_m340_bmxp3420302cl_firmware *
schneider-electric tsxety4103_firmware *
schneider-electric bmxnoe0100_firmware *
schneider-electric 140cpu65150_firmware *
schneider-electric modicon_m340_bmxp3420102cl_firmware *
schneider-electric tsxp574634_firmware *
schneider-electric tsxp576634_firmware *
schneider-electric 140noc77101_firmware *
schneider-electric 140noc78100_firmware *
schneider-electric modicon_m340_bmxp341000_firmware *
schneider-electric modicon_m340_bmxp342020_firmware *
schneider-electric bmxnoe0110_firmware *
schneider-electric tsxety5103_firmware *
schneider-electric modicon_m340_bmxp3420302_firmware *
schneider-electric 140noc78000_firmware *
schneider-electric modicon_m340_bmxp342000_firmware *
schneider-electric modicon_m340_bmxp3420102_firmware *
schneider-electric bmxnoc0401_firmware *
CVE-2020-7542 MEDIUM

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see security notifications for affected versions), that could cause denial of service when a specially crafted Read Physical Memory request over Modbus is sent to the controller.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-754,

Products Affected

Vendor Product Version
schneider-electric tsxp575634_firmware *
schneider-electric modicon_m580_bmep583040_firmware *
schneider-electric modicon_m340_bmxp3420302cl_firmware *
schneider-electric modicon_m580_bmep581020_firmware *
schneider-electric modicon_m580_bmep585040_firmware *
schneider-electric modicon_m580_bmep584040_firmware *
schneider-electric modicon_m580_bmep584020_firmware *
schneider-electric modicon_m580_bmep582040_firmware *
schneider-electric modicon_m580_bmep583020_firmware *
schneider-electric 140cpu65150_firmware *
schneider-electric modicon_m340_bmxp3420102cl_firmware *
schneider-electric tsxp574634_firmware *
schneider-electric tsxp576634_firmware *
schneider-electric modicon_m580_bmep586040_firmware *
schneider-electric modicon_m340_bmxp341000_firmware *
schneider-electric modicon_m340_bmxp342020_firmware *
schneider-electric modicon_m580_bmep582020_firmware *
schneider-electric modicon_m340_bmxp3420302_firmware *
schneider-electric modicon_m340_bmxp342000_firmware *
schneider-electric modicon_m340_bmxp3420102_firmware *
CVE-2020-7543 MEDIUM

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see security notifications for affected versions), that could cause denial of service when a specially crafted Read Physical Memory request over Modbus is sent to the controller.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-754,

Products Affected

Vendor Product Version
schneider-electric modicon_m580_bmep583040_firmware *
schneider-electric modicon_m340_bmxp3420302cl_firmware *
schneider-electric modicon_m580_bmep581020_firmware *
schneider-electric modicon_m580_bmep585040_firmware *
schneider-electric modicon_m580_bmep584040_firmware *
schneider-electric modicon_m580_bmep584020_firmware *
schneider-electric modicon_m580_bmep582040_firmware *
schneider-electric modicon_m580_bmep583020_firmware *
schneider-electric modicon_m340_bmxp3420102cl_firmware *
schneider-electric modicon_m580_bmep586040_firmware *
schneider-electric modicon_m340_bmxp341000_firmware *
schneider-electric modicon_m340_bmxp342020_firmware *
schneider-electric modicon_m580_bmep582020_firmware *
schneider-electric modicon_m340_bmxp3420302_firmware *
schneider-electric modicon_m340_bmxp342000_firmware *
schneider-electric modicon_m340_bmxp3420102_firmware *
CVE-2020-7544 HIGH

A CWE-269 Improper Privilege Management vulnerability exists in EcoStruxureª Operator Terminal Expert runtime (Vijeo XD) that could cause privilege escalation on the workstation when interacting directly with a driver installed by the runtime software of EcoStruxureª Operator Terminal Expert.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-269,

Products Affected

Vendor Product Version
schneider-electric operator_terminal_expert_runtime 3.1
schneider-electric operator_terminal_expert_runtime *
CVE-2020-7545 MEDIUM

A CWE-284:Improper Access Control vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) that could allow for arbitrary code execution on the server when an authorized user access an affected webpage.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-284,NVD-CWE-Other,

Products Affected

Vendor Product Version
schneider-electric ecostruxure_power_monitoring_expert 7.0
schneider-electric power_manager 1.3
schneider-electric ecostruxure_power_monitoring_expert 9.0
schneider-electric ecostruxure_power_monitoring_expert 8.0
schneider-electric power_manager 1.2
schneider-electric ecostruxure_energy_expert 2.0
schneider-electric powerscada_expert_with_advanced_reporting_and_dashboards 8.0
schneider-electric power_manager 1.1
schneider-electric powerscada_operation_with_advanced_reporting_and_dashboards 9.0
CVE-2020-7546 LOW

A CWE-79: Improper Neutralization of Input During Web Page Generation vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) that could allow an attacker to perform actions on behalf of the authorized user when accessing an affected webpage.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
schneider-electric ecostruxure_power_monitoring_expert 7.0
schneider-electric power_manager 1.3
schneider-electric ecostruxure_power_monitoring_expert 9.0
schneider-electric ecostruxure_power_monitoring_expert 8.0
schneider-electric power_manager 1.2
schneider-electric ecostruxure_energy_expert 2.0
schneider-electric powerscada_expert_with_advanced_reporting_and_dashboards 8.0
schneider-electric power_manager 1.1
schneider-electric powerscada_operation_with_advanced_reporting_and_dashboards 9.0
CVE-2020-7547 MEDIUM

A CWE-284: Improper Access Control vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) that could allow a user the ability to perform actions via the web interface at a higher privilege level.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-284,NVD-CWE-Other,

Products Affected

Vendor Product Version
schneider-electric ecostruxure_power_monitoring_expert 7.0
schneider-electric power_manager 1.3
schneider-electric ecostruxure_power_monitoring_expert 9.0
schneider-electric ecostruxure_power_monitoring_expert 8.0
schneider-electric power_manager 1.2
schneider-electric ecostruxure_energy_expert 2.0
schneider-electric powerscada_expert_with_advanced_reporting_and_dashboards 8.0
schneider-electric power_manager 1.1
schneider-electric powerscada_operation_with_advanced_reporting_and_dashboards 9.0
CVE-2020-7548 HIGH

A CWE-330 - Use of Insufficiently Random Values vulnerability exists in Smartlink, PowerTag, and Wiser Series Gateways (see security notification for version information) that could allow unauthorized users to login.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-330,

Products Affected

Vendor Product Version
schneider-electric acti9_smartlink_si_b_firmware *
schneider-electric acti9_smartlink_si_d_firmware *
schneider-electric acti9_powertag_link_firmware *
schneider-electric acti9_smartlink_el_b_firmware *
schneider-electric wiser_link_firmware *
schneider-electric acti9_powertag_link_hd_firmware *
schneider-electric wiser_energy_firmware *
CVE-2020-7549 MEDIUM

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause denial of HTTP and FTP services when a series of specially crafted requests is sent to the controller over HTTP.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-754,

Products Affected

Vendor Product Version
schneider-electric tsxp575634_firmware *
schneider-electric 140noe77111_firmware *
schneider-electric modicon_m340_bmxp3420302cl_firmware *
schneider-electric tsxety4103_firmware *
schneider-electric bmxnoe0100_firmware *
schneider-electric 140cpu65150_firmware *
schneider-electric modicon_m340_bmxp3420102cl_firmware *
schneider-electric tsxp574634_firmware *
schneider-electric tsxp576634_firmware *
schneider-electric 140noc78100_firmware *
schneider-electric modicon_m340_bmxp341000_firmware *
schneider-electric modicon_m340_bmxp342020_firmware *
schneider-electric bmxnoe0110_firmware *
schneider-electric tsxety5103_firmware *
schneider-electric modicon_m340_bmxp3420302_firmware *
schneider-electric 140noc78000_firmware *
schneider-electric modicon_m340_bmxp342000_firmware *
schneider-electric modicon_m340_bmxp3420102_firmware *
schneider-electric bmxnoc0401_firmware *
CVE-2020-7550 MEDIUM

A CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 and prior that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,CWE-119,

Products Affected

Vendor Product Version
schneider-electric interactive_graphical_scada_system *
CVE-2020-7551 MEDIUM

A CWE-787: Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247, that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,CWE-787,

Products Affected

Vendor Product Version
schneider-electric interactive_graphical_scada_system *
CVE-2020-7552 MEDIUM

A CWE-787: Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247, that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,CWE-787,

Products Affected

Vendor Product Version
schneider-electric interactive_graphical_scada_system *
CVE-2020-7553 MEDIUM

A CWE-787 Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
schneider-electric interactive_graphical_scada_system *
CVE-2020-7554 MEDIUM

A CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
schneider-electric interactive_graphical_scada_system *
CVE-2020-7555 MEDIUM

A CWE-787 Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
schneider-electric interactive_graphical_scada_system *
CVE-2020-7556 MEDIUM

A CWE-787 Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
schneider-electric interactive_graphical_scada_system *
CVE-2020-7557 MEDIUM

A CWE-125 Out-of-bounds Read vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
schneider-electric interactive_graphical_scada_system *
CVE-2020-7558 MEDIUM

A CWE-787 Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
schneider-electric interactive_graphical_scada_system *
CVE-2020-7559 MEDIUM

A CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause a crash of the PLC simulator present in EcoStruxureª Control Expert software when receiving a specially crafted request over Modbus.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
schneider-electric ecostruxure_control_expert *
CVE-2020-7560 MEDIUM

A CWE-123: Write-what-where Condition vulnerability exists in EcoStruxure™ Control Expert (all versions) and Unity Pro (former name of EcoStruxure™ Control Expert) (all versions), that could cause a crash of the software or unexpected code execution when opening a malicious file in EcoStruxure™ Control Expert software.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.6 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H 1.8 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-123,

Products Affected

Vendor Product Version
schneider-electric ecostruxure_control_expert *
schneider-electric unity_pro *
CVE-2020-7561 HIGH

A CWE-306: Missing Authentication for Critical Function vulnerability exists in Easergy T300 (with firmware 2.7 and older) that could cause a wide range of problems, including information exposure, denial of service, and command execution when access to a resource from an attacker is not restricted or incorrectly restricted.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-284,CWE-306,

Products Affected

Vendor Product Version
schneider-electric easergy_t300_firmware *
CVE-2020-7562 MEDIUM

A CWE-125: Out-of-Bounds Read vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details) which could cause a segmentation fault or a buffer overflow when uploading a specially crafted file on the controller over FTP.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 2.8 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
schneider-electric modicon_quantum_140cpu65160_firmware *
schneider-electric modicon_m340_bmx_nor_0200h_firmware *
schneider-electric modicon_m340_bmx_noe_0110h_firmware *
schneider-electric modicon_quantum_140cpu65150c_firmware *
schneider-electric modicon_m340_bmx_noe_0100h_firmware *
schneider-electric modicon_m340_bmx_noc_0401_firmware *
schneider-electric modicon_tsxety4103_firmware *
schneider-electric modicon_tsxety5103_firmware *
schneider-electric modicon_quantum_140cpu65160c_firmware *
schneider-electric modicon_tsxp576634_firmware *
schneider-electric modicon_m340_bmx_p34-2010_firmware *
schneider-electric modicon_quantum_140noe77101_firmware *
schneider-electric modicon_quantum_140noe77111_firmware *
schneider-electric modicon_m340_bmx_p34-2030_firmware *
schneider-electric modicon_m340_bmx_noe_0110_firmware *
schneider-electric modicon_tsxp575634_firmware *
schneider-electric modicon_m340_bmx_noe_0100_firmware *
schneider-electric modicon_quantum_140cpu65150_firmware *
schneider-electric modicon_quantum_140noc78100_firmware *
schneider-electric modicon_tsxp574634_firmware *
CVE-2020-7563 MEDIUM

A CWE-787: Out-of-bounds Write vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details) which could cause corruption of data, a crash, or code execution when uploading a specially crafted file on the controller over FTP.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
schneider-electric modicon_quantum_140cpu65160_firmware *
schneider-electric modicon_m340_bmx_nor_0200h_firmware *
schneider-electric modicon_m340_bmx_noe_0110h_firmware *
schneider-electric modicon_quantum_140cpu65150c_firmware *
schneider-electric modicon_m340_bmx_noe_0100h_firmware *
schneider-electric modicon_m340_bmx_noc_0401_firmware *
schneider-electric modicon_tsxety4103_firmware *
schneider-electric modicon_tsxety5103_firmware *
schneider-electric modicon_quantum_140cpu65160c_firmware *
schneider-electric modicon_tsxp576634_firmware *
schneider-electric modicon_m340_bmx_p34-2010_firmware *
schneider-electric modicon_quantum_140noe77101_firmware *
schneider-electric modicon_quantum_140noe77111_firmware *
schneider-electric modicon_m340_bmx_p34-2030_firmware *
schneider-electric modicon_m340_bmx_noe_0110_firmware *
schneider-electric modicon_tsxp575634_firmware *
schneider-electric modicon_m340_bmx_noe_0100_firmware *
schneider-electric modicon_quantum_140cpu65150_firmware *
schneider-electric modicon_quantum_140noc78100_firmware *
schneider-electric modicon_tsxp574634_firmware *
CVE-2020-7564 MEDIUM

A CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details) which could cause write access and the execution of commands when uploading a specially crafted file on the controller over FTP.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
schneider-electric modicon_quantum_140cpu65160_firmware *
schneider-electric modicon_m340_bmx_nor_0200h_firmware *
schneider-electric modicon_m340_bmx_noe_0110h_firmware *
schneider-electric modicon_quantum_140cpu65150c_firmware *
schneider-electric modicon_m340_bmx_noe_0100h_firmware *
schneider-electric modicon_m340_bmx_noc_0401_firmware *
schneider-electric modicon_tsxety4103_firmware *
schneider-electric modicon_tsxety5103_firmware *
schneider-electric modicon_quantum_140cpu65160c_firmware *
schneider-electric modicon_tsxp576634_firmware *
schneider-electric modicon_m340_bmx_p34-2010_firmware *
schneider-electric modicon_quantum_140noe77101_firmware *
schneider-electric modicon_quantum_140noe77111_firmware *
schneider-electric modicon_m340_bmx_p34-2030_firmware *
schneider-electric modicon_m340_bmx_noe_0110_firmware *
schneider-electric modicon_tsxp575634_firmware *
schneider-electric modicon_m340_bmx_noe_0100_firmware *
schneider-electric modicon_quantum_140cpu65150_firmware *
schneider-electric modicon_quantum_140noc78100_firmware *
schneider-electric modicon_tsxp574634_firmware *
CVE-2020-7565 MEDIUM

A CWE-326: Inadequate Encryption Strength vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to break the encryption key when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.3 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N 2.1 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-326,

Products Affected

Vendor Product Version
schneider-electric modicon_m221_firmware -
CVE-2020-7566 MEDIUM

A CWE-334: Small Space of Random Values vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to break the encryption keys when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.3 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N 2.1 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-334,

Products Affected

Vendor Product Version
schneider-electric modicon_m221_firmware -
CVE-2020-7567 LOW

A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to find the password hash when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller and broke the encryption keys.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.7 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 2.1 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-311,

Products Affected

Vendor Product Version
schneider-electric modicon_m221_firmware -
CVE-2020-7568 LOW

A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Modicon M221 (all references, all versions) that could allow non sensitive information disclosure when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
schneider-electric modicon_m221_firmware -
CVE-2020-7569 MEDIUM

A CWE-434 Unrestricted Upload of File with Dangerous Type vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause an authenticated remote user being able to upload arbitrary files due to incorrect verification of user supplied files and achieve remote code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-434,

Products Affected

Vendor Product Version
schneider-electric webreports *
CVE-2020-7570 LOW

A CWE-79 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting Stored) vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause an authenticated remote user being able to inject arbitrary web script or HTML due to incorrect sanitization of user-supplied data and achieve a Cross-Site Scripting stored attack against other WebReport users.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
schneider-electric webreports *
CVE-2020-7571 LOW

A CWE-79 Multiple Improper Neutralization of Input During Web Page Generation (Cross-site Scripting Reflected) vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause a remote attacker to inject arbitrary web script or HTML due to incorrect sanitization of user supplied data and achieve a Cross-Site Scripting reflected attack against other WebReport users.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
schneider-electric webreports *
CVE-2020-7572 MEDIUM

A CWE-611 Improper Restriction of XML External Entity Reference vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause an authenticated remote user being able to inject arbitrary XML code and obtain disclosure of confidential data, denial of service, server side request forgery due to improper configuration of the XML parser.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-611,

Products Affected

Vendor Product Version
schneider-electric webreports *
CVE-2020-7573 MEDIUM

A CWE-284 Improper Access Control vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause a remote attacker being able to access a restricted web resources due to improper access control.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 3.9 2.5

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-284,NVD-CWE-Other,

Products Affected

Vendor Product Version
schneider-electric webreports *
CVE-2021-22697 MEDIUM

A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists in the EcoStruxure Power Build - Rapsody software (V2.1.13 and prior) that could allow a use-after-free condition which could result in remote code execution when a malicious SSD file is uploaded and improperly parsed.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-434,

Products Affected

Vendor Product Version
schneider-electric ecostruxure_power_build_-_rapsody *
CVE-2021-22698 MEDIUM

A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists in the EcoStruxure Power Build - Rapsody software (V2.1.13 and prior) that could allow a stack-based buffer overflow to occur which could result in remote code execution when a malicious SSD file is uploaded and improperly parsed.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-434,

Products Affected

Vendor Product Version
schneider-electric ecostruxure_power_build_-_rapsody *
CVE-2021-22699 HIGH

Improper Input Validation vulnerability exists in Modicon M241/M251 logic controllers firmware prior to V5.1.9.1 that could cause denial of service when specific crafted requests are sent to the controller over HTTP.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
schneider-electric modicon_m251_firmware *
schneider-electric modicon_m241_firmware *
CVE-2021-22701 LOW

A CWE-352: Cross-Site Request Forgery vulnerability exists in PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected versions), that could cause a user to perform an unintended action on the target device when using the HTTP web interface.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N 0.9 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-352,

Products Affected

Vendor Product Version
schneider-electric powerlogic_pm8000_firmware *
schneider-electric powerlogic_ion8800_firmware *
schneider-electric powerlogic_ion8650_firmware *
schneider-electric powerlogic_ion8300_firmware *
schneider-electric powerlogic_ion9000_firmware *
schneider-electric powerlogic_ion7650_firmware *
schneider-electric powerlogic_ion8400_firmware *
schneider-electric powerlogic_ion8600_firmware *
schneider-electric powerlogic_ion8500_firmware *
schneider-electric powerlogic_ion7400_firmware *
CVE-2021-22702 MEDIUM

A CWE-319: Cleartext transmission of sensitive information vulnerability exists in PowerLogic ION7400, ION7650, ION7700/73xx, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected versions), that could cause disclosure of user credentials when a malicious actor intercepts Telnet network traffic between a user and the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-319,

Products Affected

Vendor Product Version
schneider-electric powerlogic_pm8000_firmware *
schneider-electric powerlogic_ion8800_firmware *
schneider-electric powerlogic_ion7300_firmware *
schneider-electric powerlogic_ion9000_firmware *
schneider-electric powerlogic_ion7650_firmware *
schneider-electric powerlogic_ion8400_firmware *
schneider-electric powerlogic_ion8600_firmware *
schneider-electric powerlogic_ion8500_firmware *
schneider-electric powerlogic_ion7400_firmware *
schneider-electric powerlogic_ion8650_firmware *
schneider-electric powerlogic_ion8300_firmware *
schneider-electric powerlogic_ion7700_firmware *
CVE-2021-22703 MEDIUM

A CWE-319: Cleartext transmission of sensitive information vulnerability exists in PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected versions), that could cause disclosure of user credentials when a malicious actor intercepts HTTP network traffic between a user and the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-319,

Products Affected

Vendor Product Version
schneider-electric powerlogic_pm8000_firmware *
schneider-electric powerlogic_ion8800_firmware *
schneider-electric powerlogic_ion8650_firmware *
schneider-electric powerlogic_ion8300_firmware *
schneider-electric powerlogic_ion9000_firmware *
schneider-electric powerlogic_ion7650_firmware *
schneider-electric powerlogic_ion8400_firmware *
schneider-electric powerlogic_ion8600_firmware *
schneider-electric powerlogic_ion8500_firmware *
schneider-electric powerlogic_ion7400_firmware *
CVE-2021-22704 MEDIUM

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists in Harmony/HMI Products Configured by Vijeo Designer (all versions prior to V6.2 SP11 ), Vijeo Designer Basic (all versions prior to V1.2), or EcoStruxure Machine Expert (all versions prior to V2.0) that could cause a Denial of Service or unauthorized access to system information when connecting to the Harmony HMI over FTP.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H 3.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
schneider-electric ecostruxure_machine_expert *
schneider-electric ecostruxure_machine_expert 2.0
schneider-electric vijeo_designer *
CVE-2021-22705 MEDIUM

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause denial of service or unauthorized access to system information when interacting directly with a driver installed by Vijeo Designer or EcoStruxure Machine Expert

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
schneider-electric ecostruxure_machine_expert *
schneider-electric vijeo_designer *
CVE-2021-22706 MEDIUM

A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could allow an attacker to impersonate the user who manages the charging station or carry out actions on their behalf when crafted malicious parameters are submitted to the charging station web server.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
schneider-electric evlink_city_evc1s22p4_firmware *
schneider-electric evlink_city_evc1s7p4_firmware *
schneider-electric evlink_parking_evw2_firmware *
schneider-electric evlink_smart_wallbox_evb1a_firmware *
schneider-electric evlink_parking_evf2_firmware *
schneider-electric evlink_parking_ev.2_firmware *
CVE-2021-22707 HIGH

A CWE-798: Use of Hard-coded Credentials vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could allow an attacker to issue unauthorized commands to the charging station web server with administrative privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-798,

Products Affected

Vendor Product Version
schneider-electric evlink_city_evc1s22p4_firmware *
schneider-electric evlink_city_evc1s7p4_firmware *
schneider-electric evlink_parking_evw2_firmware *
schneider-electric evlink_smart_wallbox_evb1a_firmware *
schneider-electric evlink_parking_evf2_firmware *
schneider-electric evlink_parking_ev.2_firmware *
CVE-2021-22708 MEDIUM

A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could allow an attacker to craft a malicious firmware package and bypass the signature verification mechanism.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-347,

Products Affected

Vendor Product Version
schneider-electric evlink_city_evc1s22p4_firmware *
schneider-electric evlink_city_evc1s7p4_firmware *
schneider-electric evlink_parking_evw2_firmware *
schneider-electric evlink_smart_wallbox_evb1a_firmware *
schneider-electric evlink_parking_evf2_firmware *
schneider-electric evlink_parking_ev.2_firmware *
CVE-2021-22709 HIGH

A CWE-119:Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Interactive Graphical SCADA System (IGSS) Definition (Def.exe) V15.0.0.21041 and prior, which could result in loss of data or remote code execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
schneider-electric interactive_graphical_scada_system *
CVE-2021-22710 HIGH

A CWE-119:Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Interactive Graphical SCADA System (IGSS) Definition (Def.exe) V15.0.0.21041 and prior, which could cause remote code execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
schneider-electric interactive_graphical_scada_system *
CVE-2021-22711 HIGH

A CWE-119:Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Interactive Graphical SCADA System (IGSS) Definition (Def.exe) V15.0.0.21041 and prior, which could result in arbitrary read or write conditions when malicious CGF (Configuration Group File) file is imported to IGSS Definition due to missing validation of input data.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
schneider-electric interactive_graphical_scada_system *
CVE-2021-22712 HIGH

A CWE-119:Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Interactive Graphical SCADA System (IGSS) Definition (Def.exe) V15.0.0.21041 and prior, which could result in arbitrary read or write conditions when malicious CGF (Configuration Group File) file is imported to IGSS Definition due to an unchecked pointer address.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
schneider-electric interactive_graphical_scada_system *
CVE-2021-22713 HIGH

A CWE-119:Improper restriction of operations within the bounds of a memory buffer vulnerability exists in PowerLogic ION8650, ION8800, ION7650, ION7700/73xx, and ION83xx/84xx/85xx/8600 (see security notifcation for affected versions), which could cause the meter to reboot.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
schneider-electric powerlogic_ion8800_firmware *
schneider-electric powerlogic_ion7300_firmware *
schneider-electric powerlogic_ion8650_firmware *
schneider-electric powerlogic_ion8300_firmware *
schneider-electric powerlogic_ion7650_firmware *
schneider-electric powerlogic_ion8400_firmware *
schneider-electric powerlogic_ion8600_firmware *
schneider-electric powerlogic_ion7700_firmware *
schneider-electric powerlogic_ion8500_firmware *
schneider-electric powerlogic_ion7550_firmware *
schneider-electric ion7650_firmware *
CVE-2021-22714 HIGH

A CWE-119:Improper restriction of operations within the bounds of a memory buffer vulnerability exists in PowerLogic ION7400, PM8000 and ION9000 (All versions prior to V3.0.0), which could cause the meter to reboot or allow for remote code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
schneider-electric powerlogic_pm8000_firmware *
schneider-electric powerlogic_ion9000_firmware *
schneider-electric powerlogic_ion7400_firmware *
CVE-2021-22716 MEDIUM

A CWE-732: Incorrect Permission Assignment for Critical Resource vulnerability exists that could allow remote code execution when an unprivileged user modifies a file. Affected Product: C-Bus Toolkit (V1.15.9 and prior)

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-732,CWE-732,

Products Affected

Vendor Product Version
schneider-electric c-bus_toolkit *
CVE-2021-22717 MEDIUM

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in C-Bus Toolkit (V1.15.7 and prior) that could allow a remote code execution when processing config files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
schneider-electric c-bus_toolkit *
CVE-2021-22718 MEDIUM

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in C-Bus Toolkit (V1.15.7 and prior) that could allow a remote code execution when restoring project files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
schneider-electric c-bus_toolkit *
CVE-2021-22719 MEDIUM

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in C-Bus Toolkit (V1.15.7 and prior) that could allow a remote code execution when a file is uploaded.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
schneider-electric c-bus_toolkit *
CVE-2021-22720 MEDIUM

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in C-Bus Toolkit (V1.15.7 and prior) that could allow a remote code execution when restoring a project.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
schneider-electric c-bus_toolkit *
CVE-2021-22721 MEDIUM

A CWE-200: Information Exposure vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could allow an attacker to get limited knowledge of javascript code when crafted malicious parameters are submitted to the charging station web server.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
schneider-electric evlink_city_evc1s22p4_firmware *
schneider-electric evlink_city_evc1s7p4_firmware *
schneider-electric evlink_parking_evw2_firmware *
schneider-electric evlink_smart_wallbox_evb1a_firmware *
schneider-electric evlink_parking_evf2_firmware *
schneider-electric evlink_parking_ev.2_firmware *
CVE-2021-22722 LOW

A CWE-79: Improper Neutralization of Input During Web Page Generation ('Stored Cross-site Scripting') vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could cause code injection when importing a CSV file or changing station parameters.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
schneider-electric evlink_city_evc1s22p4_firmware *
schneider-electric evlink_city_evc1s7p4_firmware *
schneider-electric evlink_parking_evw2_firmware *
schneider-electric evlink_smart_wallbox_evb1a_firmware *
schneider-electric evlink_parking_evf2_firmware *
schneider-electric evlink_parking_ev.2_firmware *
CVE-2021-22723 MEDIUM

A CWE-79: Improper Neutralization of Input During Web Page Generation (Cross-siteScripting) through Cross-Site Request Forgery (CSRF) vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could allow an attacker to impersonate the user who manages the charging station or carry out actions on their behalf when crafted malicious parameters are submitted to the charging station web server.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
schneider-electric evlink_city_evc1s22p4_firmware *
schneider-electric evlink_city_evc1s7p4_firmware *
schneider-electric evlink_parking_evw2_firmware *
schneider-electric evlink_smart_wallbox_evb1a_firmware *
schneider-electric evlink_parking_evf2_firmware *
schneider-electric evlink_parking_ev.2_firmware *
CVE-2021-22724 MEDIUM

A CVE-352 Cross-Site Request Forgery (CSRF) vulnerability exists that could allow an attacker to impersonate the user or carry out actions on their behalf when crafted malicious parameters are submitted in POST requests sent to the charging station web server. Affected Products: EVlink City EVC1S22P4 / EVC1S7P4 (All versions prior to R8 V3.4.0.2 ), EVlink Parking EVW2 / EVF2 / EVP2PE (All versions prior to R8 V3.4.0.2), and EVlink Smart Wallbox EVB1A (All versions prior to R8 V3.4.0.2)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
schneider-electric evp2pe_firmware *
schneider-electric evc1s22p4_firmware *
schneider-electric evw2_firmware *
schneider-electric evb1a_firmware *
schneider-electric evf2_firmware *
schneider-electric evc1s7p4_firmware *
CVE-2021-22725 MEDIUM

A CVE-352 Cross-Site Request Forgery (CSRF) vulnerability exists that could allow an attacker to impersonate the user or carry out actions on their behalf when crafted malicious parameters are submitted in POST requests sent to the charging station web server. Affected Products: EVlink City EVC1S22P4 / EVC1S7P4 (All versions prior to R8 V3.4.0.2 ), EVlink Parking EVW2 / EVF2 / EVP2PE (All versions prior to R8 V3.4.0.2), and EVlink Smart Wallbox EVB1A (All versions prior to R8 V3.4.0.2)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
schneider-electric evp2pe_firmware *
schneider-electric evc1s22p4_firmware *
schneider-electric evw2_firmware *
schneider-electric evb1a_firmware *
schneider-electric evf2_firmware *
schneider-electric evc1s7p4_firmware *
CVE-2021-22726 MEDIUM

A CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could allow an attacker to perform unintended actions or access to data when crafted malicious parameters are submitted to the charging station web server.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 2.8 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-918,

Products Affected

Vendor Product Version
schneider-electric evlink_city_evc1s22p4_firmware *
schneider-electric evlink_city_evc1s7p4_firmware *
schneider-electric evlink_parking_evw2_firmware *
schneider-electric evlink_smart_wallbox_evb1a_firmware *
schneider-electric evlink_parking_evf2_firmware *
schneider-electric evlink_parking_ev.2_firmware *
CVE-2021-22727 HIGH

A CWE-331: Insufficient Entropy vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could allow an attacker to gain unauthorized access to the charging station web server

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-331,

Products Affected

Vendor Product Version
schneider-electric evlink_city_evc1s22p4_firmware *
schneider-electric evlink_city_evc1s7p4_firmware *
schneider-electric evlink_parking_evw2_firmware *
schneider-electric evlink_smart_wallbox_evb1a_firmware *
schneider-electric evlink_parking_evf2_firmware *
schneider-electric evlink_parking_ev.2_firmware *
CVE-2021-22728 MEDIUM

A CWE-200: Information Exposure vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could cause disclosure of encrypted credentials when consulting the maintenance report.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
schneider-electric evlink_city_evc1s22p4_firmware *
schneider-electric evlink_city_evc1s7p4_firmware *
schneider-electric evlink_parking_evw2_firmware *
schneider-electric evlink_smart_wallbox_evb1a_firmware *
schneider-electric evlink_parking_evf2_firmware *
schneider-electric evlink_parking_ev.2_firmware *
CVE-2021-22729 HIGH

A CWE-259: Use of Hard-coded Password vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could allow an attacker to gain unauthorized administrative privileges when accessing to the charging station web server.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-259,

Products Affected

Vendor Product Version
schneider-electric evlink_city_evc1s22p4_firmware *
schneider-electric evlink_city_evc1s7p4_firmware *
schneider-electric evlink_parking_evw2_firmware *
schneider-electric evlink_smart_wallbox_evb1a_firmware *
schneider-electric evlink_parking_evf2_firmware *
schneider-electric evlink_parking_ev.2_firmware *
CVE-2021-22730 HIGH

A CWE-798: Use of Hard-coded Credentials vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could an attacker to gain unauthorized administrative privileges when accessing to the charging station web server.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-798,

Products Affected

Vendor Product Version
schneider-electric evlink_city_evc1s22p4_firmware *
schneider-electric evlink_city_evc1s7p4_firmware *
schneider-electric evlink_parking_evw2_firmware *
schneider-electric evlink_smart_wallbox_evb1a_firmware *
schneider-electric evlink_parking_evf2_firmware *
schneider-electric evlink_parking_ev.2_firmware *
CVE-2021-22731 HIGH

Weak Password Recovery Mechanism for Forgotten Password vulnerability exists on Modicon Managed Switch MCSESM* and MCSESP* V8.21 and prior which could cause an unauthorized password change through HTTP / HTTPS when basic user information is known by a remote attacker.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-640,

Products Affected

Vendor Product Version
schneider-electric mcsesp083f23g0t_firmware *
schneider-electric mcsesm053f1cs0_firmware *
schneider-electric mcsesm083f23f0h_firmware *
schneider-electric mcsesm043f23f0_firmware *
schneider-electric mcsesp083f23g0_firmware *
schneider-electric mcsesm053f1cu0_firmware *
schneider-electric mcsesm063f2cu0_firmware *
schneider-electric mcsesm063f2cs0_firmware *
schneider-electric mcsesm103f2cu0_firmware *
schneider-electric mcsesm103f2cs0h_firmware *
schneider-electric mcsesm103f2cu0h_firmware *
schneider-electric mcsesm083f23f0_firmware *
schneider-electric mcsesm123f2lg0_firmware *
schneider-electric mcsesm093f1cs0_firmware *
schneider-electric mcsesm103f2cs0_firmware *
schneider-electric mcsesm093f1cu0_firmware *
CVE-2021-22732 MEDIUM

Improper Privilege Management vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior which could cause a code execution issue when an attacker loads unauthorized code on the web server.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-269,

Products Affected

Vendor Product Version
schneider-electric homelynk_firmware *
schneider-electric spacelynk_firmware *
CVE-2021-22733 MEDIUM

Improper Privilege Management vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior which could cause shell access when unauthorized code is loaded into the system folder.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-269,

Products Affected

Vendor Product Version
schneider-electric homelynk_firmware *
schneider-electric spacelynk_firmware *
CVE-2021-22734 MEDIUM

Improper Verification of Cryptographic Signature vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior which could cause remote code execution when an attacker loads unauthorized code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-347,

Products Affected

Vendor Product Version
schneider-electric homelynk_firmware *
schneider-electric spacelynk_firmware *
CVE-2021-22735 MEDIUM

Improper Verification of Cryptographic Signature vulnerability exists inhomeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior which could allow remote code execution when unauthorized code is copied to the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-347,

Products Affected

Vendor Product Version
schneider-electric homelynk_firmware *
schneider-electric spacelynk_firmware *
CVE-2021-22736 MEDIUM

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior which could cause a denial of service when an unauthorized file is uploaded.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
schneider-electric homelynk_firmware *
schneider-electric spacelynk_firmware *
CVE-2021-22737 MEDIUM

Insufficiently Protected Credentials vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior that could cause unauthorized access of when credentials are discovered after a brute force attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-307,CWE-307,

Products Affected

Vendor Product Version
schneider-electric homelynk_firmware *
schneider-electric spacelynk_firmware *
CVE-2021-22738 MEDIUM

Use of a Broken or Risky Cryptographic Algorithm vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior that could cause unauthorized access when credentials are discovered after a brute force attack.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-327,

Products Affected

Vendor Product Version
schneider-electric homelynk_firmware *
schneider-electric spacelynk_firmware *
CVE-2021-22739 MEDIUM

Information Exposure vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior which could cause a device to be compromised when it is first configured.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
schneider-electric homelynk_firmware *
schneider-electric spacelynk_firmware *
CVE-2021-22740 MEDIUM

Information Exposure vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior which could cause information to be exposed when an unauthorized file is uploaded.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
schneider-electric homelynk_firmware *
schneider-electric spacelynk_firmware *
CVE-2021-22741 MEDIUM

Use of Password Hash with Insufficient Computational Effort vulnerability exists in ClearSCADA (all versions), EcoStruxure Geo SCADA Expert 2019 (all versions), and EcoStruxure Geo SCADA Expert 2020 (V83.7742.1 and prior), which could cause the revealing of account credentials when server database files are available. Exposure of these files to an attacker can make the system vulnerable to password decryption attacks. Note that “.sde” configuration export files do not contain user account password hashes.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-916,

Products Affected

Vendor Product Version
schneider-electric ecostruxure_geo_scada_expert_2019 *
schneider-electric clearscada *
schneider-electric ecostruxure_geo_scada_expert_2020 *
CVE-2021-22742 LOW

Improper Check for Unusual or Exceptional Conditions vulnerability exists in Triconex Model 3009 MP installed on Tricon V11.3.x systems that could cause module reset when TCM receives malformed TriStation packets while the write-protect keyswitch is in the program position.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.9 LOW CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 0.3 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-754,CWE-754,

Products Affected

Vendor Product Version
schneider-electric triconex_model_3009_mp_firmware *
schneider-electric tcm_4351b_firmware *
schneider-electric tcm_4351b_firmware 11.7.0
CVE-2021-22743 LOW

Improper Check for Unusual or Exceptional Conditions vulnerability exists in Triconex TCM 4351B installed on Tricon V11.3.x systems that could cause module reset when TCM receives malformed TriStation packets while the write-protect keyswitch is in the program position.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.9 LOW CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 0.3 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-754,

Products Affected

Vendor Product Version
schneider-electric triconex_model_3009_mp_firmware *
schneider-electric tcm_4351b_firmware *
schneider-electric tcm_4351b_firmware 11.7.0
CVE-2021-22744 LOW

Improper Check for Unusual or Exceptional Conditions vulnerability exists in Triconex Model 3009 MP installed on Tricon V11.3.x systems that could cause module reset when TCM receives malformed TriStation packets while the write-protect keyswitch is in the program position. This CVE ID is unique from CVE-2021-22742, CVE-2021-22745, CVE-2021-22746, and CVE-2021-22747.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.9 LOW CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 0.3 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-754,

Products Affected

Vendor Product Version
schneider-electric triconex_model_3009_mp_firmware *
schneider-electric tcm_4351b_firmware *
schneider-electric tcm_4351b_firmware 11.7.0
CVE-2021-22745 LOW

Improper Check for Unusual or Exceptional Conditions vulnerability exists in Triconex Model 3009 MP installed on Tricon V11.3.x systems that could cause module reset when TCM receives malformed TriStation packets while the write-protect keyswitch is in the program position. This CVE ID is unique from CVE-2021-22742, CVE-2021-22744, CVE-2021-22746, and CVE-2021-22747.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.9 LOW CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 0.3 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-754,

Products Affected

Vendor Product Version
schneider-electric triconex_model_3009_mp_firmware *
schneider-electric tcm_4351b_firmware *
schneider-electric tcm_4351b_firmware 11.7.0
CVE-2021-22746 LOW

Improper Check for Unusual or Exceptional Conditions vulnerability exists in Triconex Model 3009 MP installed on Tricon V11.3.x systems that could cause module reset when TCM receives malformed TriStation packets while the write-protect keyswitch is in the program position. This CVE ID is unique from CVE-2021-22742, CVE-2021-22744, CVE-2021-22745, and CVE-2021-22747.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.9 LOW CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 0.3 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-754,

Products Affected

Vendor Product Version
schneider-electric triconex_model_3009_mp_firmware *
schneider-electric tcm_4351b_firmware *
schneider-electric tcm_4351b_firmware 11.7.0
CVE-2021-22747 LOW

Improper Check for Unusual or Exceptional Conditions vulnerability exists in Triconex Model 3009 MP installed on Tricon V11.3.x systems that could cause module reset when TCM receives malformed TriStation packets while the write-protect keyswitch is in the program position. This CVE ID is unique from CVE-2021-22742, CVE-2021-22744, CVE-2021-22745, and CVE-2021-22746.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.9 LOW CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 0.3 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-754,

Products Affected

Vendor Product Version
schneider-electric triconex_model_3009_mp_firmware *
schneider-electric tcm_4351b_firmware *
schneider-electric tcm_4351b_firmware 11.7.0
CVE-2021-22748 MEDIUM

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could allow a remote code execution when a file is saved. Affected Product: C-Bus Toolkit (V1.15.9 and prior), C-Gate Server (V2.11.7 and prior)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
schneider-electric c-bus_toolkit *
CVE-2021-22749 MEDIUM

A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Modicon X80 BMXNOR0200H RTU SV1.70 IR22 and prior that could cause information leak concerning the current RTU configuration including communication parameters dedicated to telemetry, when a specially crafted HTTP request is sent to the web server of the module.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
schneider-electric modicon_x80_bmxnor0200h_rtu_firmware sv1.6
schneider-electric modicon_x80_bmxnor0200h_rtu_firmware sv1.7
CVE-2021-22750 MEDIUM

A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21041 and prior that could result in loss of data or remote code execution due to missing length checks, when a malicious CGF file is imported to IGSS Definition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
schneider-electric interactive_graphical_scada_system *
CVE-2021-22751 MEDIUM

A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in disclosure of information or execution of arbitrary code due to lack of input validation, when a malicious CGF (Configuration Group File) file is imported to IGSS Definition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
schneider-electric interactive_graphical_scada_system *
CVE-2021-22752 MEDIUM

A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to missing size checks, when a malicious WSP (Workspace) file is being parsed by IGSS Definition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
schneider-electric interactive_graphical_scada_system *
CVE-2021-22753 MEDIUM

A CWE-125: Out-of-bounds read vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to missing length checks, when a malicious WSP file is being parsed by IGSS Definition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
schneider-electric interactive_graphical_scada_system *
CVE-2021-22754 MEDIUM

A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to lack of proper validation of user-supplied data, when a malicious CGF file is imported to IGSS Definition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
schneider-electric interactive_graphical_scada_system *
CVE-2021-22755 MEDIUM

A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in disclosure of information or remote code execution due to lack of sanity checks on user-supplied data, when a malicious CGF file is imported to IGSS Definition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
schneider-electric interactive_graphical_scada_system *
CVE-2021-22756 MEDIUM

A CWE-125: Out-of-bounds read vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in disclosure of information or remote code execution due to lack of user-supplied data validation, when a malicious CGF file is imported to IGSS Definition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,CWE-125,

Products Affected

Vendor Product Version
schneider-electric interactive_graphical_scada_system *
CVE-2021-22757 MEDIUM

A CWE-125: Out-of-bounds read vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in disclosure of information or remote code execution due to lack of sanity checks on user-supplied input data, when a malicious CGF file is imported to IGSS Definition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
schneider-electric interactive_graphical_scada_system *
CVE-2021-22758 MEDIUM

A CWE-824: Access of uninitialized pointer vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to lack validation of user-supplied input data, when a malicious CGF file is imported to IGSS Definition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-824,

Products Affected

Vendor Product Version
schneider-electric interactive_graphical_scada_system *
CVE-2021-22759 MEDIUM

A CWE-416: Use after free vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to use of unchecked input data, when a malicious CGF file is imported to IGSS Definition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,

Products Affected

Vendor Product Version
schneider-electric interactive_graphical_scada_system *
CVE-2021-22760 MEDIUM

A CWE-763: Release of invalid pointer or reference vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to missing checks of user-supplied input data, when a malicious CGF file is imported to IGSS Definition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-763,

Products Affected

Vendor Product Version
schneider-electric interactive_graphical_scada_system *
CVE-2021-22761 MEDIUM

A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in disclosure of information or remote code e+F15xecution due to missing length check on user supplied data, when a malicious CGF file is imported to IGSS Definition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
schneider-electric interactive_graphical_scada_system *
CVE-2021-22762 MEDIUM

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in remote code execution, when a malicious CGF or WSP file is being parsed by IGSS Definition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
schneider-electric interactive_graphical_scada_system *
CVE-2021-22763 HIGH

A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists in PowerLogic PM55xx, PowerLogic PM8ECC, PowerLogic EGX100 and PowerLogic EGX300 (see security notification for version infromation) that could allow an attacker administrator level access to a device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-640,

Products Affected

Vendor Product Version
schneider-electric powerlogic_pm5563_firmware *
schneider-electric powerlogic_pm8ecc_firmware *
schneider-electric powerlogic_pm5562_firmware *
schneider-electric powerlogic_pm5560_firmware *
schneider-electric powerlogic_pm5561_firmware *
CVE-2021-22764 MEDIUM

A CWE-287: Improper Authentication vulnerability exists in PowerLogic PM55xx, PowerLogic PM8ECC, PowerLogic EGX100 and PowerLogic EGX300 (see security notification for version infromation) that could cause loss of connectivity to the device via Modbus TCP protocol when an attacker sends a specially crafted HTTP request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
schneider-electric powerlogic_pm5563_firmware *
schneider-electric powerlogic_pm5562_firmware *
schneider-electric powerlogic_pm5560_firmware *
schneider-electric powerlogic_pm5561_firmware *
CVE-2021-22765 HIGH

A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service or remote code execution via a specially crafted HTTP packet

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,CWE-20,

Products Affected

Vendor Product Version
schneider-electric powerlogic_egx300_firmware *
schneider-electric powerlogic_egx100_firmware *
CVE-2021-22766 MEDIUM

A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service via a specially crafted HTTP packet

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
schneider-electric powerlogic_egx300_firmware *
schneider-electric powerlogic_egx100_firmware *
CVE-2021-22767 HIGH

A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service or remote code execution via a specially crafted HTTP packet.This CVE ID is unique from CVE-2021-2276

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
schneider-electric powerlogic_egx300_firmware *
schneider-electric powerlogic_egx100_firmware *
CVE-2021-22768 HIGH

A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service or remote code execution via a specially crafted HTTP packet.This CVE ID is unique from CVE-2021-22767

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
schneider-electric powerlogic_egx300_firmware *
schneider-electric powerlogic_egx100_firmware *
CVE-2021-22769 MEDIUM

A CWE-552: Files or Directories Accessible to External Parties vulnerability exists in Easergy T300 with firmware V2.7.1 and older that could expose files or directory content when access from an attacker is not restricted or incorrectly restricted.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-552,

Products Affected

Vendor Product Version
schneider-electric easergy_t300_firmware *
CVE-2021-22770 MEDIUM

A CWE-200: Information Exposure vulnerability exists in Easergy T300 with firmware V2.7.1 and older that exposes sensitive information to an actor not explicitly authorized to have access to that information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
schneider-electric easergy_t300_firmware *
CVE-2021-22771 MEDIUM

A CWE-1236: Improper Neutralization of Formula Elements in a CSV File vulnerability exists in Easergy T300 with firmware V2.7.1 and older that would allow arbitrary command execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 1.3 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-1236,

Products Affected

Vendor Product Version
schneider-electric easergy_t300_firmware *
CVE-2021-22772 HIGH

A CWE-306: Missing Authentication for Critical Function vulnerability exists in Easergy T200 ((Modbus) SC2-04MOD-07000100 and earlier), Easergy T200 ((IEC104) SC2-04IEC-07000100 and earlier), and Easergy T200 ((DNP3) SC2-04DNP-07000102 and earlier) that could cause unauthorized operation when authentication is bypassed.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-306,CWE-306,

Products Affected

Vendor Product Version
schneider-electric t200e_firmware *
schneider-electric t200i_firmware *
schneider-electric t200p_firmware *
CVE-2021-22773 MEDIUM

A CWE-620: Unverified Password Change vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could allow an attacker connected to the charging station web server to modify the password of a user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-620,

Products Affected

Vendor Product Version
schneider-electric evlink_city_evc1s22p4_firmware *
schneider-electric evlink_city_evc1s7p4_firmware *
schneider-electric evlink_parking_evw2_firmware *
schneider-electric evlink_smart_wallbox_evb1a_firmware *
schneider-electric evlink_parking_evf2_firmware *
schneider-electric evlink_parking_ev.2_firmware *
CVE-2021-22774 MEDIUM

A CWE-759: Use of a One-Way Hash without a Salt vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could lead an attacker to get knowledge of charging station user account credentials using dictionary attacks techniques.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-916,

Products Affected

Vendor Product Version
schneider-electric evlink_city_evc1s22p4_firmware *
schneider-electric evlink_city_evc1s7p4_firmware *
schneider-electric evlink_parking_evw2_firmware *
schneider-electric evlink_smart_wallbox_evb1a_firmware *
schneider-electric evlink_parking_evf2_firmware *
schneider-electric evlink_parking_ev.2_firmware *
CVE-2021-22775 MEDIUM

A CWE-427: Uncontrolled Search Path Element vulnerability exists in GP-Pro EX,V4.09.250 and prior, that could cause local code execution with elevated privileges when installing the software.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-427,

Products Affected

Vendor Product Version
schneider-electric gp-pro_ex *
CVE-2021-22777 MEDIUM

A CWE-502: Deserialization of Untrusted Data vulnerability exists that could cause code execution by opening a malicious project file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-502,

Products Affected

Vendor Product Version
schneider-electric sosafe_configurable *
CVE-2021-22778 LOW

Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all versions, that could cause protected derived function blocks to be read or modified by unauthorized users when accessing a project file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 1.8 5.2

CVSS 2.0

Severity: LOW

Problem Type: CWE-522,

Products Affected

Vendor Product Version
schneider-electric ecostruxure_process_expert *
schneider-electric ecostruxure_control_expert *
schneider-electric remoteconnect *
schneider-electric ecostruxure_control_expert 15.0
CVE-2021-22779 MEDIUM

Authentication Bypass by Spoofing vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Control Expert V15.0 SP1, EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), SCADAPack RemoteConnect for x70 (all versions), Modicon M580 CPU (all versions - part numbers BMEP* and BMEH*), Modicon M340 CPU (all versions - part numbers BMXP34*), that could cause unauthorized access in read and write mode to the controller by spoofing the Modbus communication between the engineering software and the controller.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 3.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-290,

Products Affected

Vendor Product Version
schneider-electric modicon_m580_bmep581020h_firmware *
schneider-electric modicon_m580_bmep581020_firmware *
schneider-electric modicon_m580_bmeh586040_firmware *
schneider-electric modicon_m580_bmep582020h_firmware *
schneider-electric modicon_m340_bmxp342010_firmware *
schneider-electric remoteconnect *
schneider-electric modicon_m580_bmep582040_firmware *
schneider-electric ecostruxure_control_expert 15.0
schneider-electric modicon_m580_bmep586040_firmware *
schneider-electric modicon_m580_bmeh582040_firmware *
schneider-electric modicon_m580_bmep582020_firmware *
schneider-electric modicon_m580_bmeh582040c_firmware *
schneider-electric modicon_m580_bmep582040s_firmware *
schneider-electric modicon_m580_bmep586040c_firmware *
schneider-electric modicon_m580_bmeh584040c_firmware *
schneider-electric modicon_m580_bmep583040_firmware *
schneider-electric ecostruxure_control_expert *
schneider-electric modicon_m580_bmeh586040s_firmware *
schneider-electric modicon_m580_bmep585040_firmware *
schneider-electric modicon_m580_bmep582040h_firmware *
schneider-electric modicon_m580_bmep584040_firmware *
schneider-electric modicon_m580_bmeh582040s_firmware *
schneider-electric modicon_m580_bmeh584040s_firmware *
schneider-electric modicon_m580_bmep584020_firmware *
schneider-electric modicon_m340_bmxp342030_firmware *
schneider-electric modicon_m580_bmeh584040_firmware *
schneider-electric modicon_m580_bmep583020_firmware *
schneider-electric modicon_m580_bmeh586040c_firmware *
schneider-electric ecostruxure_process_expert *
schneider-electric modicon_m340_bmxp341000_firmware *
schneider-electric modicon_m340_bmxp342020_firmware *
schneider-electric modicon_m580_bmep585040c_firmware *
schneider-electric modicon_m580_bmep584040s_firmware *
CVE-2021-22780 LOW

Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all versions, that could cause unauthorized access to a project file protected by a password when this file is shared with untrusted sources. An attacker may bypass the password protection and be able to view and modify a project file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 1.8 5.2

CVSS 2.0

Severity: LOW

Problem Type: CWE-522,

Products Affected

Vendor Product Version
schneider-electric ecostruxure_process_expert *
schneider-electric ecostruxure_control_expert *
schneider-electric remoteconnect *
schneider-electric ecostruxure_control_expert 15.0
CVE-2021-22781 LOW

Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all versions, that could cause a leak of SMTP credential used for mailbox authentication when an attacker can access a project file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-522,CWE-522,

Products Affected

Vendor Product Version
schneider-electric ecostruxure_process_expert *
schneider-electric ecostruxure_control_expert *
schneider-electric remoteconnect *
schneider-electric ecostruxure_control_expert 15.0
CVE-2021-22782 LOW

Missing Encryption of Sensitive Data vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all versions, that could cause an information leak allowing disclosure of network and process information, credentials or intellectual property when an attacker can access a project file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-311,

Products Affected

Vendor Product Version
schneider-electric ecostruxure_process_expert *
schneider-electric ecostruxure_control_expert *
schneider-electric remoteconnect *
schneider-electric ecostruxure_control_expert 15.0
CVE-2021-22783 MEDIUM

A CWE-200: Information Exposure vulnerability exists which could allow a session hijack when the door panel is communicating with the door. Affected Product: Ritto Wiser Door (All versions)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.6 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H 2.8 4.7
cybersecurity@se.com 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
schneider-electric ritto_wiser_door *
CVE-2021-22784 LOW

A CWE-306: Missing Authentication for Critical Function vulnerability exists in C-Bus Toolkit v1.15.8 and prior that could allow an attacker to use a crafted webpage to obtain remote access to the system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.7 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N 2.1 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-306,

Products Affected

Vendor Product Version
schneider-electric c-bus_toolkit *
CVE-2021-22785 MEDIUM

A CWE-200: Information Exposure vulnerability exists that could cause sensitive information of files located in the web root directory to leak when an attacker sends a HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (All Versions), Modicon Premium Processors with integrated Ethernet (Copro): TSXP574634, TSXP575634, TSXP576634 (All Versions), Modicon Quantum Processors with Integrated Ethernet (Copro): 140CPU65xxxxx (All Versions), Modicon Quantum Communication Modules: 140NOE771x1, 140NOC78x00, 140NOC77101 (All Versions), Modicon Premium Communication Modules: TSXETY4103, TSXETY5103 (All Versions)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,CWE-200,

Products Affected

Vendor Product Version
schneider-electric 140noc78x00_firmware *
schneider-electric tsxp575634_firmware *
schneider-electric tsxety4103_firmware *
schneider-electric bmxnoe0100_firmware *
schneider-electric 140cpu65150_firmware *
schneider-electric bmxnor0200h_rtu_firmware *
schneider-electric tsxp574634_firmware *
schneider-electric tsxp576634_firmware *
schneider-electric 140noe771x1_firmware *
schneider-electric 140noc77101_firmware *
schneider-electric modicon_m340_bmxp342020_firmware *
schneider-electric bmxnoe0110_firmware *
schneider-electric tsxety5103_firmware *
schneider-electric bmxnoc0401_firmware *
CVE-2021-22786

A CWE-200: Information Exposure vulnerability exists that could cause the exposure of sensitive information stored on the memory of the controller when communicating over the Modbus TCP protocol. Affected Products: Modicon M340 CPU (part numbers BMXP34*) (Versions prior to V3.30), Modicon M580 CPU (part numbers BMEP* and BMEH*) (Versions prior to SV3.20), Modicon MC80 (BMKC80) (Versions prior to V1.6), Modicon M580 CPU Safety (part numbers BMEP58*S and BMEH58*S) (All Versions), Modicon Momentum MDI (171CBU*) (Versions prior to V2.3), Legacy Modicon Quantum (All Versions)

Products Affected

Vendor Product Version
schneider-electric modicon_m580_bmep581020h_firmware *
schneider-electric modicon_mc80_bmkc8030311_firmware *
schneider-electric modicon_m580_bmep581020_firmware *
schneider-electric modicon_momentum_171cbu98091_firmware *
schneider-electric modicon_m580_bmeh586040_firmware *
schneider-electric modicon_m580_bmep582020h_firmware *
schneider-electric modicon_m340_bmxp342010_firmware *
schneider-electric modicon_mc80_bmkc8020310_firmware *
schneider-electric modicon_m580_bmep582040_firmware *
schneider-electric modicon_m340_bmxp3420302h_firmware *
schneider-electric modicon_m580_bmep586040_firmware *
schneider-electric modicon_m580_bmeh582040_firmware *
schneider-electric modicon_momentum_171cbu78090_firmware *
schneider-electric modicon_m580_bmep582020_firmware *
schneider-electric modicon_momentum_171cbu98090_firmware *
schneider-electric modicon_mc80_bmkc8020301_firmware *
schneider-electric modicon_m340_bmxp342020h_firmware *
schneider-electric modicon_m580_bmeh582040c_firmware *
schneider-electric modicon_m580_bmep582040s_firmware *
schneider-electric modicon_m580_bmep586040c_firmware *
schneider-electric modicon_m580_bmeh584040c_firmware *
schneider-electric modicon_m580_bmep583040_firmware *
schneider-electric modicon_m580_bmeh586040s_firmware *
schneider-electric modicon_m580_bmep585040_firmware *
schneider-electric modicon_m580_bmep582040h_firmware *
schneider-electric modicon_m580_bmep584040_firmware *
schneider-electric modicon_m580_bmeh582040s_firmware *
schneider-electric modicon_m580_bmeh584040s_firmware *
schneider-electric modicon_m580_bmep584020_firmware *
schneider-electric modicon_m340_bmxp342030_firmware *
schneider-electric modicon_m340_bmxp342030h_firmware *
schneider-electric modicon_m580_bmeh584040_firmware *
schneider-electric modicon_m580_bmep583020_firmware *
schneider-electric modicon_m580_bmeh586040c_firmware *
schneider-electric modicon_m340_bmxp341000_firmware *
schneider-electric modicon_m340_bmxp342020_firmware *
schneider-electric modicon_m580_bmep585040c_firmware *
schneider-electric modicon_m580_bmep584040s_firmware *
schneider-electric modicon_m340_bmxp3420302_firmware *
schneider-electric modicon_m340_bmxp342000_firmware *
schneider-electric modicon_m340_bmxp3420102_firmware *
CVE-2021-22787 MEDIUM

A CWE-20: Improper Input Validation vulnerability exists that could cause denial of service of the device when an attacker sends a specially crafted HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (All Versions), Modicon Premium Processors with integrated Ethernet (Copro): TSXP574634, TSXP575634, TSXP576634 (All Versions), Modicon Quantum Processors with Integrated Ethernet (Copro): 140CPU65xxxxx (All Versions), Modicon Quantum Communication Modules: 140NOE771x1, 140NOC78x00, 140NOC77101 (All Versions), Modicon Premium Communication Modules: TSXETY4103, TSXETY5103 (All Versions)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,CWE-20,

Products Affected

Vendor Product Version
schneider-electric 140noc78x00_firmware *
schneider-electric tsxp575634_firmware *
schneider-electric tsxety4103_firmware *
schneider-electric bmxnoe0100_firmware *
schneider-electric 140cpu65150_firmware *
schneider-electric bmxnor0200h_rtu_firmware *
schneider-electric tsxp574634_firmware *
schneider-electric tsxp576634_firmware *
schneider-electric 140noe771x1_firmware *
schneider-electric 140noc77101_firmware *
schneider-electric modicon_m340_bmxp342020_firmware *
schneider-electric bmxnoe0110_firmware *
schneider-electric tsxety5103_firmware *
schneider-electric bmxnoc0401_firmware *
CVE-2021-22788 MEDIUM

A CWE-787: Out-of-bounds Write vulnerability exists that could cause denial of service when an attacker sends a specially crafted HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (All Versions), Modicon Premium Processors with integrated Ethernet (Copro): TSXP574634, TSXP575634, TSXP576634 (All Versions), Modicon Quantum Processors with Integrated Ethernet (Copro): 140CPU65xxxxx (All Versions), Modicon Quantum Communication Modules: 140NOE771x1, 140NOC78x00, 140NOC77101 (All Versions), Modicon Premium Communication Modules: TSXETY4103, TSXETY5103 (All Versions)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,CWE-787,

Products Affected

Vendor Product Version
schneider-electric 140noc78x00_firmware *
schneider-electric tsxp575634_firmware *
schneider-electric tsxety4103_firmware *
schneider-electric bmxnoe0100_firmware *
schneider-electric 140cpu65150_firmware *
schneider-electric bmxnor0200h_rtu_firmware *
schneider-electric tsxp574634_firmware *
schneider-electric tsxp576634_firmware *
schneider-electric 140noe771x1_firmware *
schneider-electric 140noc77101_firmware *
schneider-electric modicon_m340_bmxp342020_firmware *
schneider-electric bmxnoe0110_firmware *
schneider-electric tsxety5103_firmware *
schneider-electric bmxnoc0401_firmware *
CVE-2021-22789 MEDIUM

A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxureª Control Expert, including all Unity Pro versions (former name of EcoStruxureª Control Expert, all versions), PLC Simulator for EcoStruxureª Process Expert including all HDCS versions (former name of EcoStruxureª Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
schneider-electric modicon_m580_bmeh582040s -
schneider-electric modicon_m580_bmep586040 -
schneider-electric modicon_premium_tsxp57_2834m -
schneider-electric modicon_m580_bmep582040s -
schneider-electric modicon_momentum_171cbu98090 -
schneider-electric modicon_m580_bmeh584040c -
schneider-electric modicon_m580_bmeh586040c -
schneider-electric modicon_quantum_140cpu65150c -
schneider-electric modicon_premium_tsxp57_454m -
schneider-electric plc_simulator_for_ecostruxure_process_expert -
schneider-electric modicon_m580_bmep581020h -
schneider-electric modicon_quantum_140cpu65160 -
schneider-electric modicon_m580_bmeh584040 -
schneider-electric modicon_m580_bmep581020 -
schneider-electric modicon_m340_bmxp342030 -
schneider-electric modicon_m580_bmep584040 -
schneider-electric modicon_m580_bmep583020 -
schneider-electric modicon_m580_bmep585040 -
schneider-electric modicon_premium_tsxp57_554m -
schneider-electric modicon_m580_bmep582020h -
schneider-electric modicon_m340_bmxp342020 -
schneider-electric modicon_mc80_bmkc8020310 -
schneider-electric modicon_m580_bmep584020 -
schneider-electric modicon_m580_bmeh582040 -
schneider-electric modicon_m580_bmeh586040 -
schneider-electric modicon_quantum_140cpu65160c -
schneider-electric modicon_momentum_171cbu98091 -
schneider-electric modicon_m580_bmep582040 -
schneider-electric modicon_m580_bmeh586040s -
schneider-electric plc_simulator_for_ecostruxure_control_expert -
schneider-electric modicon_m580_bmep582040h -
schneider-electric modicon_m580_bmep586040c -
schneider-electric modicon_m580_bmep585040c -
schneider-electric modicon_m580_bmep584040s -
schneider-electric modicon_m580_bmeh584040s -
schneider-electric modicon_premium_tsxp57_5634m -
schneider-electric modicon_m580_bmep582020 -
schneider-electric modicon_mc80_bmkc8020301 -
schneider-electric modicon_premium_tsxp57_1634m -
schneider-electric modicon_premium_tsxp57_6634m -
schneider-electric modicon_m340_bmxp341000 -
schneider-electric modicon_m580_bmeh582040c -
schneider-electric modicon_momentum_171cbu78090 -
schneider-electric modicon_m580_bmep583040 -
schneider-electric modicon_m340_bmxp342010 -
schneider-electric modicon_premium_tsxp57_2634m -
schneider-electric modicon_mc80_bmkc8030311 -
schneider-electric modicon_quantum_140cpu65150 -
schneider-electric modicon_premium_tsxp57_4634m -
CVE-2021-22790 MEDIUM

A CWE-125: Out-of-bounds Read vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxureª Control Expert, including all Unity Pro versions (former name of EcoStruxureª Control Expert, all versions), PLC Simulator for EcoStruxureª Process Expert including all HDCS versions (former name of EcoStruxureª Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,CWE-125,

Products Affected

Vendor Product Version
schneider-electric modicon_m580_bmeh582040s -
schneider-electric modicon_m580_bmep586040 -
schneider-electric modicon_premium_tsxp57_2834m -
schneider-electric modicon_m580_bmep582040s -
schneider-electric modicon_momentum_171cbu98090 -
schneider-electric modicon_m580_bmeh584040c -
schneider-electric modicon_m580_bmeh586040c -
schneider-electric modicon_quantum_140cpu65150c -
schneider-electric modicon_premium_tsxp57_454m -
schneider-electric plc_simulator_for_ecostruxure_process_expert -
schneider-electric modicon_m580_bmep581020h -
schneider-electric modicon_quantum_140cpu65160 -
schneider-electric modicon_m580_bmeh584040 -
schneider-electric modicon_m580_bmep581020 -
schneider-electric modicon_m340_bmxp342030 -
schneider-electric modicon_m580_bmep584040 -
schneider-electric modicon_m580_bmep583020 -
schneider-electric modicon_m580_bmep585040 -
schneider-electric modicon_premium_tsxp57_554m -
schneider-electric modicon_m580_bmep582020h -
schneider-electric modicon_m340_bmxp342020 -
schneider-electric modicon_mc80_bmkc8020310 -
schneider-electric modicon_m580_bmep584020 -
schneider-electric modicon_m580_bmeh582040 -
schneider-electric modicon_m580_bmeh586040 -
schneider-electric modicon_quantum_140cpu65160c -
schneider-electric modicon_momentum_171cbu98091 -
schneider-electric modicon_m580_bmep582040 -
schneider-electric modicon_m580_bmeh586040s -
schneider-electric plc_simulator_for_ecostruxure_control_expert -
schneider-electric modicon_m580_bmep582040h -
schneider-electric modicon_m580_bmep586040c -
schneider-electric modicon_m580_bmep585040c -
schneider-electric modicon_m580_bmep584040s -
schneider-electric modicon_m580_bmeh584040s -
schneider-electric modicon_premium_tsxp57_5634m -
schneider-electric modicon_m580_bmep582020 -
schneider-electric modicon_mc80_bmkc8020301 -
schneider-electric modicon_premium_tsxp57_1634m -
schneider-electric modicon_premium_tsxp57_6634m -
schneider-electric modicon_m340_bmxp341000 -
schneider-electric modicon_m580_bmeh582040c -
schneider-electric modicon_momentum_171cbu78090 -
schneider-electric modicon_m580_bmep583040 -
schneider-electric modicon_m340_bmxp342010 -
schneider-electric modicon_premium_tsxp57_2634m -
schneider-electric modicon_mc80_bmkc8030311 -
schneider-electric modicon_quantum_140cpu65150 -
schneider-electric modicon_premium_tsxp57_4634m -
CVE-2021-22791 MEDIUM

A CWE-787: Out-of-bounds Write vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxureª Control Expert, including all Unity Pro versions (former name of EcoStruxureª Control Expert, all versions), PLC Simulator for EcoStruxureª Process Expert including all HDCS versions (former name of EcoStruxureª Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
schneider-electric modicon_m580_bmeh582040s -
schneider-electric modicon_m580_bmep586040 -
schneider-electric modicon_premium_tsxp57_2834m -
schneider-electric modicon_m580_bmep582040s -
schneider-electric modicon_momentum_171cbu98090 -
schneider-electric modicon_m580_bmeh584040c -
schneider-electric modicon_m580_bmeh586040c -
schneider-electric modicon_quantum_140cpu65150c -
schneider-electric modicon_premium_tsxp57_454m -
schneider-electric plc_simulator_for_ecostruxure_process_expert -
schneider-electric modicon_m580_bmep581020h -
schneider-electric modicon_quantum_140cpu65160 -
schneider-electric modicon_m580_bmeh584040 -
schneider-electric modicon_m580_bmep581020 -
schneider-electric modicon_m340_bmxp342030 -
schneider-electric modicon_m580_bmep584040 -
schneider-electric modicon_m580_bmep583020 -
schneider-electric modicon_m580_bmep585040 -
schneider-electric modicon_premium_tsxp57_554m -
schneider-electric modicon_m580_bmep582020h -
schneider-electric modicon_m340_bmxp342020 -
schneider-electric modicon_mc80_bmkc8020310 -
schneider-electric modicon_m580_bmep584020 -
schneider-electric modicon_m580_bmeh582040 -
schneider-electric modicon_m580_bmeh586040 -
schneider-electric modicon_quantum_140cpu65160c -
schneider-electric modicon_momentum_171cbu98091 -
schneider-electric modicon_m580_bmep582040 -
schneider-electric modicon_m580_bmeh586040s -
schneider-electric plc_simulator_for_ecostruxure_control_expert -
schneider-electric modicon_m580_bmep582040h -
schneider-electric modicon_m580_bmep586040c -
schneider-electric modicon_m580_bmep585040c -
schneider-electric modicon_m580_bmep584040s -
schneider-electric modicon_m580_bmeh584040s -
schneider-electric modicon_premium_tsxp57_5634m -
schneider-electric modicon_m580_bmep582020 -
schneider-electric modicon_mc80_bmkc8020301 -
schneider-electric modicon_premium_tsxp57_1634m -
schneider-electric modicon_premium_tsxp57_6634m -
schneider-electric modicon_m340_bmxp341000 -
schneider-electric modicon_m580_bmeh582040c -
schneider-electric modicon_momentum_171cbu78090 -
schneider-electric modicon_m580_bmep583040 -
schneider-electric modicon_m340_bmxp342010 -
schneider-electric modicon_premium_tsxp57_2634m -
schneider-electric modicon_mc80_bmkc8030311 -
schneider-electric modicon_quantum_140cpu65150 -
schneider-electric modicon_premium_tsxp57_4634m -
CVE-2021-22792 MEDIUM

A CWE-476: NULL Pointer Dereference vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxureª Control Expert, including all Unity Pro versions (former name of EcoStruxureª Control Expert, all versions), PLC Simulator for EcoStruxureª Process Expert including all HDCS versions (former name of EcoStruxureª Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
schneider-electric modicon_m580_bmeh582040s -
schneider-electric modicon_m580_bmep586040 -
schneider-electric modicon_premium_tsxp57_2834m -
schneider-electric modicon_m580_bmep582040s -
schneider-electric modicon_momentum_171cbu98090 -
schneider-electric modicon_m580_bmeh584040c -
schneider-electric modicon_m580_bmeh586040c -
schneider-electric modicon_quantum_140cpu65150c -
schneider-electric modicon_premium_tsxp57_454m -
schneider-electric plc_simulator_for_ecostruxure_process_expert -
schneider-electric modicon_m580_bmep581020h -
schneider-electric modicon_quantum_140cpu65160 -
schneider-electric modicon_m580_bmeh584040 -
schneider-electric modicon_m580_bmep581020 -
schneider-electric modicon_m340_bmxp342030 -
schneider-electric modicon_m580_bmep584040 -
schneider-electric modicon_m580_bmep583020 -
schneider-electric modicon_m580_bmep585040 -
schneider-electric modicon_premium_tsxp57_554m -
schneider-electric modicon_m580_bmep582020h -
schneider-electric modicon_m340_bmxp342020 -
schneider-electric modicon_mc80_bmkc8020310 -
schneider-electric modicon_m580_bmep584020 -
schneider-electric modicon_m580_bmeh582040 -
schneider-electric modicon_m580_bmeh586040 -
schneider-electric modicon_quantum_140cpu65160c -
schneider-electric modicon_momentum_171cbu98091 -
schneider-electric modicon_m580_bmep582040 -
schneider-electric modicon_m580_bmeh586040s -
schneider-electric plc_simulator_for_ecostruxure_control_expert -
schneider-electric modicon_m580_bmep582040h -
schneider-electric modicon_m580_bmep586040c -
schneider-electric modicon_m580_bmep585040c -
schneider-electric modicon_m580_bmep584040s -
schneider-electric modicon_m580_bmeh584040s -
schneider-electric modicon_premium_tsxp57_5634m -
schneider-electric modicon_m580_bmep582020 -
schneider-electric modicon_mc80_bmkc8020301 -
schneider-electric modicon_premium_tsxp57_1634m -
schneider-electric modicon_premium_tsxp57_6634m -
schneider-electric modicon_m340_bmxp341000 -
schneider-electric modicon_m580_bmeh582040c -
schneider-electric modicon_momentum_171cbu78090 -
schneider-electric modicon_m580_bmep583040 -
schneider-electric modicon_m340_bmxp342010 -
schneider-electric modicon_premium_tsxp57_2634m -
schneider-electric modicon_mc80_bmkc8030311 -
schneider-electric modicon_quantum_140cpu65150 -
schneider-electric modicon_premium_tsxp57_4634m -
CVE-2021-22793 MEDIUM

A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exist in AccuSine PCS+ / PFV+ (Versions prior to V1.6.7) and AccuSine PCSn (Versions prior to V2.2.4) that could allow an authenticated attacker to access the device via FTP protocol.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
schneider-electric accusine_pcsp_pfvp_firmware *
schneider-electric accusine_pcsn_active_harmonic_filter_firmware *
CVE-2021-22794 HIGH

A CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause remote code execution. Affected Product: StruxureWare Data Center Expert (V7.8.1 and prior)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
cybersecurity@se.com 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 2.3 6.0

CVSS 2.0

Severity: HIGH

Problem Type: CWE-22,

Products Affected

Vendor Product Version
schneider-electric struxureware_data_center_expert *
CVE-2021-22795 HIGH

A CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause remote code execution when performed over the network. Affected Product: StruxureWare Data Center Expert (V7.8.1 and prior)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@se.com 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 2.3 6.0
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
schneider-electric struxureware_data_center_expert *
CVE-2021-22796 MEDIUM

A CWE-287: Improper Authentication vulnerability exists that could allow remote code execution when a malicious file is uploaded. Affected Product: C-Bus Toolkit (V1.15.9 and prior), C-Gate Server (V2.11.7 and prior)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
schneider-electric c-gate_server *
CVE-2021-22797 HIGH

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal) vulnerability exists that could cause malicious script to be deployed in an unauthorized location and may result in code execution on the engineering workstation when a malicious project file is loaded in the engineering software. Affected Product: EcoStruxure Control Expert (V15.0 SP1 and prior, including former Unity Pro), EcoStruxure Process Expert (2020 and prior, including former HDCS), SCADAPack RemoteConnect for x70 (All versions)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
cybersecurity@se.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-22,

Products Affected

Vendor Product Version
schneider-electric ecostruxure_process_expert *
schneider-electric ecostruxure_control_expert *
schneider-electric remoteconnect -
CVE-2021-22798 MEDIUM

A CWE-522: Insufficiently Protected Credentials vulnerability exists that could cause Sensitive data such as login credentials being exposed when a Network is sniffed. Affected Product: Conext� ComBox (All Versions)

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-522,

Products Affected

Vendor Product Version
schneider-electric conext_combox_firmware *
CVE-2021-22799 LOW

A CWE-331: Insufficient Entropy vulnerability exists that could cause unintended connection from an internal network to an external network when an attacker manages to decrypt the SESU proxy password from the registry. Affected Product: Schneider Electric Software Update, V2.3.0 through V2.5.1

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.8 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N 2.0 1.4

CVSS 2.0

Severity: LOW

Problem Type: CWE-331,

Products Affected

Vendor Product Version
schneider-electric software_update *
CVE-2021-22800 MEDIUM

A CWE-20: Improper Input Validation vulnerability exists that could cause a Denial of Service when a crafted packet is sent to the controller over network port 1105/TCP. Affected Product: Modicon M218 Logic Controller (V5.1.0.6 and prior)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
schneider-electric modicon_m218_firmware *
CVE-2021-22801 HIGH

A CWE-269: Improper Privilege Management vulnerability exists that could cause an arbitrary command execution when the software is configured with specially crafted event actions. Affected Product: ConneXium Network Manager Software (All Versions)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-269,

Products Affected

Vendor Product Version
schneider-electric connexium_network_manager *
CVE-2021-22802 HIGH

A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in remote code execution due to missing length check on user supplied data, when a constructed message is received on the network. Affected Product: Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21243 and prior)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,

Products Affected

Vendor Product Version
schneider-electric interactive_graphical_scada_system_data_collector *
CVE-2021-22803 HIGH

A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could lead to remote code execution through a number of paths, when an attacker, writes arbitrary files to folders in context of the DC module, by sending constructed messages on the network. Affected Product: Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21243 and prior)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-434,

Products Affected

Vendor Product Version
schneider-electric interactive_graphical_scada_system_data_collector *
CVE-2021-22804 MEDIUM

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists that could cause disclosure of arbitrary files being read in the context of the user running IGSS, due to missing validation of user supplied data in network messages. Affected Product: Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21243 and prior)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
schneider-electric interactive_graphical_scada_system_data_collector *
CVE-2021-22805 MEDIUM

A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause deletion of arbitrary files in the context of the user running IGSS due to lack of validation of network messages. Affected Product: Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21243 and prior)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H 3.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-306,

Products Affected

Vendor Product Version
schneider-electric interactive_graphical_scada_system_data_collector *
CVE-2021-22806 MEDIUM

A CWE-669: Incorrect Resource Transfer Between Spheres vulnerability exists that could cause data exfiltration and unauthorized access when accessing a malicious website. Affected Product: spaceLYnk (V2.6.1 and prior), Wiser for KNX (V2.6.1 and prior), fellerLYnk (V2.6.1 and prior)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-669,

Products Affected

Vendor Product Version
schneider-electric fellerlynk_firmware *
schneider-electric spacelynk_firmware *
schneider-electric wiser_for_knx_firmware *
CVE-2021-22807 MEDIUM

A CWE-787: Out-of-bounds Write vulnerability exists that could cause arbitrary code execution when a malicious *.gd1 configuration file is loaded into the GUIcon tool. Affected Product: Eurotherm by Schneider Electric GUIcon Version 2.0 (Build 683.003) and prior

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
schneider-electric guicon *
CVE-2021-22808 MEDIUM

A CWE-416: Use After Free vulnerability exists that could cause arbitrary code execution when a malicious *.gd1 configuration file is loaded into the GUIcon tool. Affected Product: Eurotherm by Schneider Electric GUIcon Version 2.0 (Build 683.003) and prior

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,

Products Affected

Vendor Product Version
schneider-electric guicon *
CVE-2021-22809 MEDIUM

A CWE-125:Out-of-Bounds Read vulnerability exists that could cause unintended data disclosure when a malicious *.gd1 configuration file is loaded into the GUIcon tool. Affected Product: Eurotherm by Schneider Electric GUIcon Version 2.0 (Build 683.003) and prior

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
schneider-electric guicon *
CVE-2021-22810 MEDIUM

A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause arbritrary script execution when a privileged account clicks on a malicious URL specifically crafted for the NMC pointing to a delete policy file. Affected Products: 1-Phase Uninterruptible Power Supply (UPS) using NMC2 including Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS V6.9.8 and earlier), 3-Phase Uninterruptible Power Supply (UPS) using NMC2 including Symmetra PX 250/500 (SYPX) Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS V6.9.6 and earlier), 3-Phase Uninterruptible Power Supply (UPS) using NMC2 including Symmetra PX 48/96/100/160 kW UPS (PX2), Symmetra PX 20/40 kW UPS (SY3P), Gutor (SXW, GVX), and Galaxy (GVMTS, GVMSA, GVXTS, GVXSA, G7K, GFC, G9KCHU): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635CH (NMC2 AOS V6.9.6 and earlier), 1-Phase Uninterruptible Power Supply (UPS) using NMC3 including Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 3 (NMC3): AP9640/AP9640J, AP9641/AP9641J, AP9643/AP9643J (NMC3 AOS V1.4.2.1 and earlier), APC Rack Power Distribution Units (PDU) using NMC2 2G Metered/Switched Rack PDUs with embedded NMC2: AP84XX, AP86XX, AP88XX, AP89XX (NMC2 AOS V6.9.6 and earlier), APC Rack Power Distribution Units (PDU) using NMC3 2G Metered/Switched Rack PDUs with embedded NMC3: APDU99xx (NMC3 AOS V1.4.0 and earlier), APC 3-Phase Power Distribution Products using NMC2 Galaxy RPP: GRPPIP2X84 (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 (NMC2) for InfraStruxure 150 kVA PDU with 84 Poles (X84P): PDPB150G6F (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for InfraStruxure 40/60kVA PDU (XPDU) PD40G6FK1-M, PD40F6FK1-M, PD40L6FK1-M, PDRPPNX10 M,PD60G6FK1, PD60F6FK1, PD60L6FK1, PDRPPNX10, PD40E5EK20-M, PD40H5EK20-M (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for Modular 150/175kVA PDU (XRDP): PDPM150G6F, PDPM150L6F, PDPM175G6H (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for 400 and 500 kVA (PMM): PMM400-ALA, PMM400-ALAX, PMM400-CUB, PMM500-ALA, PMM500-ALAX, PMM500-CUB (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for Modular PDU (XRDP2G): PDPM72F-5U, PDPM138H-5U, PDPM144F, PDPM138H-R, PDPM277H, PDPM288G6H (NMC2 AOS V6.9.6 and earlier), Rack Automatic Transfer Switches (ATS) Embedded NMC2: Rack Automatic Transfer Switches - AP44XX (ATS4G) (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 (NMC2) Cooling Products: InRow Cooling for series ACRP5xx, ACRP1xx, ACRD5xx, and ACRC5xx SKUs (ACRP2G), InRow Cooling for series ACRC10x SKUs (RC10X2G), InRow Cooling for series ACRD6xx and ACRC6xx SKUs (ACRD2G), InRow Cooling Display for series ACRD3xx (ACRC2G), InRow Cooling for series ACSC1xx SKUs (SC2G), InRow Cooling for series ACRD1xx and ACRD2xx (ACRPTK2G), Ecoflair IAEC25/50 Air Economizer Display (EB2G), Uniflair SP UCF0481I, UCF0341I (UNFLRSP), Uniflair LE DX Perimeter Cooling Display for SKUs: IDAV, IDEV, IDWV, IUAV, IUEV, IUWV, IXAV, IXEV, IXWV, LDAV, LDEV, and LDWV (LEDX2G), Refrigerant Distribution Unit: ACDA9xx (RDU) (NMC2 AOS V6.9.6 and earlier), Environmental Monitoring Unit with embedded NMC2 (NB250): NetBotz NBRK0250 (NMC2 AOS V6.9.6 and earlier), and Network Management Card 2 (NMC2): AP9922 Battery Management System (BM4) (NMC2 AOS V6.9.6 and earlier)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
schneider-electric network_management_card_2_firmware *
schneider-electric network_management_card_3_firmware *
CVE-2021-22811 MEDIUM

A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause script execution when the request of a privileged account accessing the vulnerable web page is intercepted. Affected Products: 1-Phase Uninterruptible Power Supply (UPS) using NMC2 including Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS V6.9.8 and earlier), 3-Phase Uninterruptible Power Supply (UPS) using NMC2 including Symmetra PX 250/500 (SYPX) Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS V6.9.6 and earlier), 3-Phase Uninterruptible Power Supply (UPS) using NMC2 including Symmetra PX 48/96/100/160 kW UPS (PX2), Symmetra PX 20/40 kW UPS (SY3P), Gutor (SXW, GVX), and Galaxy (GVMTS, GVMSA, GVXTS, GVXSA, G7K, GFC, G9KCHU): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635CH (NMC2 AOS V6.9.6 and earlier), 1-Phase Uninterruptible Power Supply (UPS) using NMC3 including Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 3 (NMC3): AP9640/AP9640J, AP9641/AP9641J, AP9643/AP9643J (NMC3 AOS V1.4.2.1 and earlier), APC Rack Power Distribution Units (PDU) using NMC2 2G Metered/Switched Rack PDUs with embedded NMC2: AP84XX, AP86XX, AP88XX, AP89XX (NMC2 AOS V6.9.6 and earlier), APC Rack Power Distribution Units (PDU) using NMC3 2G Metered/Switched Rack PDUs with embedded NMC3: APDU99xx (NMC3 AOS V1.4.0 and earlier), APC 3-Phase Power Distribution Products using NMC2 Galaxy RPP: GRPPIP2X84 (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 (NMC2) for InfraStruxure 150 kVA PDU with 84 Poles (X84P): PDPB150G6F (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for InfraStruxure 40/60kVA PDU (XPDU) PD40G6FK1-M, PD40F6FK1-M, PD40L6FK1-M, PDRPPNX10 M,PD60G6FK1, PD60F6FK1, PD60L6FK1, PDRPPNX10, PD40E5EK20-M, PD40H5EK20-M (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for Modular 150/175kVA PDU (XRDP): PDPM150G6F, PDPM150L6F, PDPM175G6H (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for 400 and 500 kVA (PMM): PMM400-ALA, PMM400-ALAX, PMM400-CUB, PMM500-ALA, PMM500-ALAX, PMM500-CUB (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for Modular PDU (XRDP2G): PDPM72F-5U, PDPM138H-5U, PDPM144F, PDPM138H-R, PDPM277H, PDPM288G6H (NMC2 AOS V6.9.6 and earlier), Rack Automatic Transfer Switches (ATS) Embedded NMC2: Rack Automatic Transfer Switches - AP44XX (ATS4G) (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 (NMC2) Cooling Products: InRow Cooling for series ACRP5xx, ACRP1xx, ACRD5xx, and ACRC5xx SKUs (ACRP2G), InRow Cooling for series ACRC10x SKUs (RC10X2G), InRow Cooling for series ACRD6xx and ACRC6xx SKUs (ACRD2G), InRow Cooling Display for series ACRD3xx (ACRC2G), InRow Cooling for series ACSC1xx SKUs (SC2G), InRow Cooling for series ACRD1xx and ACRD2xx (ACRPTK2G), Ecoflair IAEC25/50 Air Economizer Display (EB2G), Uniflair SP UCF0481I, UCF0341I (UNFLRSP), Uniflair LE DX Perimeter Cooling Display for SKUs: IDAV, IDEV, IDWV, IUAV, IUEV, IUWV, IXAV, IXEV, IXWV, LDAV, LDEV, and LDWV (LEDX2G), Refrigerant Distribution Unit: ACDA9xx (RDU) (NMC2 AOS V6.9.6 and earlier), Environmental Monitoring Unit with embedded NMC2 (NB250): NetBotz NBRK0250 (NMC2 AOS V6.9.6 and earlier), and Network Management Card 2 (NMC2): AP9922 Battery Management System (BM4) (NMC2 AOS V6.9.6 and earlier)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
schneider-electric network_management_card_2_firmware *
schneider-electric network_management_card_3_firmware *
CVE-2021-22812 MEDIUM

A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause arbritrary script execution when a privileged account clicks on a malicious URL specifically crafted for the NMC. Affected Products: 1-Phase Uninterruptible Power Supply (UPS) using NMC2 including Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS V6.9.8 and earlier), 3-Phase Uninterruptible Power Supply (UPS) using NMC2 including Symmetra PX 250/500 (SYPX) Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS V6.9.6 and earlier), 3-Phase Uninterruptible Power Supply (UPS) using NMC2 including Symmetra PX 48/96/100/160 kW UPS (PX2), Symmetra PX 20/40 kW UPS (SY3P), Gutor (SXW, GVX), and Galaxy (GVMTS, GVMSA, GVXTS, GVXSA, G7K, GFC, G9KCHU): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635CH (NMC2 AOS V6.9.6 and earlier), 1-Phase Uninterruptible Power Supply (UPS) using NMC3 including Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 3 (NMC3): AP9640/AP9640J, AP9641/AP9641J, AP9643/AP9643J (NMC3 AOS V1.4.2.1 and earlier), APC Rack Power Distribution Units (PDU) using NMC2 2G Metered/Switched Rack PDUs with embedded NMC2: AP84XX, AP86XX, AP88XX, AP89XX (NMC2 AOS V6.9.6 and earlier), APC Rack Power Distribution Units (PDU) using NMC3 2G Metered/Switched Rack PDUs with embedded NMC3: APDU99xx (NMC3 AOS V1.4.0 and earlier), APC 3-Phase Power Distribution Products using NMC2 Galaxy RPP: GRPPIP2X84 (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 (NMC2) for InfraStruxure 150 kVA PDU with 84 Poles (X84P): PDPB150G6F (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for InfraStruxure 40/60kVA PDU (XPDU) PD40G6FK1-M, PD40F6FK1-M, PD40L6FK1-M, PDRPPNX10 M,PD60G6FK1, PD60F6FK1, PD60L6FK1, PDRPPNX10, PD40E5EK20-M, PD40H5EK20-M (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for Modular 150/175kVA PDU (XRDP): PDPM150G6F, PDPM150L6F, PDPM175G6H (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for 400 and 500 kVA (PMM): PMM400-ALA, PMM400-ALAX, PMM400-CUB, PMM500-ALA, PMM500-ALAX, PMM500-CUB (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for Modular PDU (XRDP2G): PDPM72F-5U, PDPM138H-5U, PDPM144F, PDPM138H-R, PDPM277H, PDPM288G6H (NMC2 AOS V6.9.6 and earlier), Rack Automatic Transfer Switches (ATS) Embedded NMC2: Rack Automatic Transfer Switches - AP44XX (ATS4G) (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 (NMC2) Cooling Products: InRow Cooling for series ACRP5xx, ACRP1xx, ACRD5xx, and ACRC5xx SKUs (ACRP2G), InRow Cooling for series ACRC10x SKUs (RC10X2G), InRow Cooling for series ACRD6xx and ACRC6xx SKUs (ACRD2G), InRow Cooling Display for series ACRD3xx (ACRC2G), InRow Cooling for series ACSC1xx SKUs (SC2G), InRow Cooling for series ACRD1xx and ACRD2xx (ACRPTK2G), Ecoflair IAEC25/50 Air Economizer Display (EB2G), Uniflair SP UCF0481I, UCF0341I (UNFLRSP), Uniflair LE DX Perimeter Cooling Display for SKUs: IDAV, IDEV, IDWV, IUAV, IUEV, IUWV, IXAV, IXEV, IXWV, LDAV, LDEV, and LDWV (LEDX2G), Refrigerant Distribution Unit: ACDA9xx (RDU) (NMC2 AOS V6.9.6 and earlier), Environmental Monitoring Unit with embedded NMC2 (NB250): NetBotz NBRK0250 (NMC2 AOS V6.9.6 and earlier), and Network Management Card 2 (NMC2): AP9922 Battery Management System (BM4) (NMC2 AOS V6.9.6 and earlier)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
schneider-electric network_management_card_2_firmware *
schneider-electric network_management_card_3_firmware *
CVE-2021-22813 MEDIUM

A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause arbritrary script execution when a privileged account clicks on a malicious URL specifically crafted for the NMC pointing to an edit policy file. Affected Products: 1-Phase Uninterruptible Power Supply (UPS) using NMC2 including Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS V6.9.8 and earlier), 3-Phase Uninterruptible Power Supply (UPS) using NMC2 including Symmetra PX 250/500 (SYPX) Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS V6.9.6 and earlier), 3-Phase Uninterruptible Power Supply (UPS) using NMC2 including Symmetra PX 48/96/100/160 kW UPS (PX2), Symmetra PX 20/40 kW UPS (SY3P), Gutor (SXW, GVX), and Galaxy (GVMTS, GVMSA, GVXTS, GVXSA, G7K, GFC, G9KCHU): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635CH (NMC2 AOS V6.9.6 and earlier), 1-Phase Uninterruptible Power Supply (UPS) using NMC3 including Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 3 (NMC3): AP9640/AP9640J, AP9641/AP9641J, AP9643/AP9643J (NMC3 AOS V1.4.2.1 and earlier), APC Rack Power Distribution Units (PDU) using NMC2 2G Metered/Switched Rack PDUs with embedded NMC2: AP84XX, AP86XX, AP88XX, AP89XX (NMC2 AOS V6.9.6 and earlier), APC Rack Power Distribution Units (PDU) using NMC3 2G Metered/Switched Rack PDUs with embedded NMC3: APDU99xx (NMC3 AOS V1.4.0 and earlier), APC 3-Phase Power Distribution Products using NMC2 Galaxy RPP: GRPPIP2X84 (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 (NMC2) for InfraStruxure 150 kVA PDU with 84 Poles (X84P): PDPB150G6F (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for InfraStruxure 40/60kVA PDU (XPDU) PD40G6FK1-M, PD40F6FK1-M, PD40L6FK1-M, PDRPPNX10 M,PD60G6FK1, PD60F6FK1, PD60L6FK1, PDRPPNX10, PD40E5EK20-M, PD40H5EK20-M (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for Modular 150/175kVA PDU (XRDP): PDPM150G6F, PDPM150L6F, PDPM175G6H (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for 400 and 500 kVA (PMM): PMM400-ALA, PMM400-ALAX, PMM400-CUB, PMM500-ALA, PMM500-ALAX, PMM500-CUB (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for Modular PDU (XRDP2G): PDPM72F-5U, PDPM138H-5U, PDPM144F, PDPM138H-R, PDPM277H, PDPM288G6H (NMC2 AOS V6.9.6 and earlier), Rack Automatic Transfer Switches (ATS) Embedded NMC2: Rack Automatic Transfer Switches - AP44XX (ATS4G) (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 (NMC2) Cooling Products: InRow Cooling for series ACRP5xx, ACRP1xx, ACRD5xx, and ACRC5xx SKUs (ACRP2G), InRow Cooling for series ACRC10x SKUs (RC10X2G), InRow Cooling for series ACRD6xx and ACRC6xx SKUs (ACRD2G), InRow Cooling Display for series ACRD3xx (ACRC2G), InRow Cooling for series ACSC1xx SKUs (SC2G), InRow Cooling for series ACRD1xx and ACRD2xx (ACRPTK2G), Ecoflair IAEC25/50 Air Economizer Display (EB2G), Uniflair SP UCF0481I, UCF0341I (UNFLRSP), Uniflair LE DX Perimeter Cooling Display for SKUs: IDAV, IDEV, IDWV, IUAV, IUEV, IUWV, IXAV, IXEV, IXWV, LDAV, LDEV, and LDWV (LEDX2G), Refrigerant Distribution Unit: ACDA9xx (RDU) (NMC2 AOS V6.9.6 and earlier), Environmental Monitoring Unit with embedded NMC2 (NB250): NetBotz NBRK0250 (NMC2 AOS V6.9.6 and earlier), and Network Management Card 2 (NMC2): AP9922 Battery Management System (BM4) (NMC2 AOS V6.9.6 and earlier)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
schneider-electric network_management_card_2_firmware *
schneider-electric network_management_card_3_firmware *
CVE-2021-22814 MEDIUM

A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists which could cause arbritrary script execution when a malicious file is read and displayed. Affected Products: 1-Phase Uninterruptible Power Supply (UPS) using NMC2 including Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS V6.9.8 and earlier), 3-Phase Uninterruptible Power Supply (UPS) using NMC2 including Symmetra PX 250/500 (SYPX) Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS V6.9.6 and earlier), 3-Phase Uninterruptible Power Supply (UPS) using NMC2 including Symmetra PX 48/96/100/160 kW UPS (PX2), Symmetra PX 20/40 kW UPS (SY3P), Gutor (SXW, GVX), and Galaxy (GVMTS, GVMSA, GVXTS, GVXSA, G7K, GFC, G9KCHU): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635CH (NMC2 AOS V6.9.6 and earlier), 1-Phase Uninterruptible Power Supply (UPS) using NMC3 including Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 3 (NMC3): AP9640/AP9640J, AP9641/AP9641J, AP9643/AP9643J (NMC3 AOS V1.4.2.1 and earlier), APC Rack Power Distribution Units (PDU) using NMC2 2G Metered/Switched Rack PDUs with embedded NMC2: AP84XX, AP86XX, AP88XX, AP89XX (NMC2 AOS V6.9.6 and earlier), APC Rack Power Distribution Units (PDU) using NMC3 2G Metered/Switched Rack PDUs with embedded NMC3: APDU99xx (NMC3 AOS V1.4.0 and earlier), APC 3-Phase Power Distribution Products using NMC2 Galaxy RPP: GRPPIP2X84 (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 (NMC2) for InfraStruxure 150 kVA PDU with 84 Poles (X84P): PDPB150G6F (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for InfraStruxure 40/60kVA PDU (XPDU) PD40G6FK1-M, PD40F6FK1-M, PD40L6FK1-M, PDRPPNX10 M,PD60G6FK1, PD60F6FK1, PD60L6FK1, PDRPPNX10, PD40E5EK20-M, PD40H5EK20-M (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for Modular 150/175kVA PDU (XRDP): PDPM150G6F, PDPM150L6F, PDPM175G6H (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for 400 and 500 kVA (PMM): PMM400-ALA, PMM400-ALAX, PMM400-CUB, PMM500-ALA, PMM500-ALAX, PMM500-CUB (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for Modular PDU (XRDP2G): PDPM72F-5U, PDPM138H-5U, PDPM144F, PDPM138H-R, PDPM277H, PDPM288G6H (NMC2 AOS V6.9.6 and earlier), Rack Automatic Transfer Switches (ATS) Embedded NMC2: Rack Automatic Transfer Switches - AP44XX (ATS4G) (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 (NMC2) Cooling Products: InRow Cooling for series ACRP5xx, ACRP1xx, ACRD5xx, and ACRC5xx SKUs (ACRP2G), InRow Cooling for series ACRC10x SKUs (RC10X2G), InRow Cooling for series ACRD6xx and ACRC6xx SKUs (ACRD2G), InRow Cooling Display for series ACRD3xx (ACRC2G), InRow Cooling for series ACSC1xx SKUs (SC2G), InRow Cooling for series ACRD1xx and ACRD2xx (ACRPTK2G), Ecoflair IAEC25/50 Air Economizer Display (EB2G), Uniflair SP UCF0481I, UCF0341I (UNFLRSP), Uniflair LE DX Perimeter Cooling Display for SKUs: IDAV, IDEV, IDWV, IUAV, IUEV, IUWV, IXAV, IXEV, IXWV, LDAV, LDEV, and LDWV (LEDX2G), Refrigerant Distribution Unit: ACDA9xx (RDU) (NMC2 AOS V6.9.6 and earlier), Environmental Monitoring Unit with embedded NMC2 (NB250): NetBotz NBRK0250 (NMC2 AOS V6.9.6 and earlier), and Network Management Card 2 (NMC2): AP9922 Battery Management System (BM4) (NMC2 AOS V6.9.6 and earlier)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
schneider-electric network_management_card_2_firmware *
schneider-electric network_management_card_3_firmware *
CVE-2021-22815 MEDIUM

A CWE-200: Information Exposure vulnerability exists which could cause the troubleshooting archive to be accessed. Affected Products: 1-Phase Uninterruptible Power Supply (UPS) using NMC2 including Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS V6.9.8 and earlier), 3-Phase Uninterruptible Power Supply (UPS) using NMC2 including Symmetra PX 250/500 (SYPX) Network Management Card 2 (NMC2): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635J (NMC2 AOS V6.9.6 and earlier), 3-Phase Uninterruptible Power Supply (UPS) using NMC2 including Symmetra PX 48/96/100/160 kW UPS (PX2), Symmetra PX 20/40 kW UPS (SY3P), Gutor (SXW, GVX), and Galaxy (GVMTS, GVMSA, GVXTS, GVXSA, G7K, GFC, G9KCHU): AP9630/AP9630CH/AP9630J, AP9631/AP9631CH/AP9631J, AP9635/AP9635CH (NMC2 AOS V6.9.6 and earlier), 1-Phase Uninterruptible Power Supply (UPS) using NMC3 including Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 3 (NMC3): AP9640/AP9640J, AP9641/AP9641J, AP9643/AP9643J (NMC3 AOS V1.4.2.1 and earlier), APC Rack Power Distribution Units (PDU) using NMC2 2G Metered/Switched Rack PDUs with embedded NMC2: AP84XX, AP86XX, AP88XX, AP89XX (NMC2 AOS V6.9.6 and earlier), APC Rack Power Distribution Units (PDU) using NMC3 2G Metered/Switched Rack PDUs with embedded NMC3: APDU99xx (NMC3 AOS V1.4.0 and earlier), APC 3-Phase Power Distribution Products using NMC2 Galaxy RPP: GRPPIP2X84 (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 (NMC2) for InfraStruxure 150 kVA PDU with 84 Poles (X84P): PDPB150G6F (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for InfraStruxure 40/60kVA PDU (XPDU) PD40G6FK1-M, PD40F6FK1-M, PD40L6FK1-M, PDRPPNX10 M,PD60G6FK1, PD60F6FK1, PD60L6FK1, PDRPPNX10, PD40E5EK20-M, PD40H5EK20-M (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for Modular 150/175kVA PDU (XRDP): PDPM150G6F, PDPM150L6F, PDPM175G6H (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for 400 and 500 kVA (PMM): PMM400-ALA, PMM400-ALAX, PMM400-CUB, PMM500-ALA, PMM500-ALAX, PMM500-CUB (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 for Modular PDU (XRDP2G): PDPM72F-5U, PDPM138H-5U, PDPM144F, PDPM138H-R, PDPM277H, PDPM288G6H (NMC2 AOS V6.9.6 and earlier), Rack Automatic Transfer Switches (ATS) Embedded NMC2: Rack Automatic Transfer Switches - AP44XX (ATS4G) (NMC2 AOS V6.9.6 and earlier), Network Management Card 2 (NMC2) Cooling Products: InRow Cooling for series ACRP5xx, ACRP1xx, ACRD5xx, and ACRC5xx SKUs (ACRP2G), InRow Cooling for series ACRC10x SKUs (RC10X2G), InRow Cooling for series ACRD6xx and ACRC6xx SKUs (ACRD2G), InRow Cooling Display for series ACRD3xx (ACRC2G), InRow Cooling for series ACSC1xx SKUs (SC2G), InRow Cooling for series ACRD1xx and ACRD2xx (ACRPTK2G), Ecoflair IAEC25/50 Air Economizer Display (EB2G), Uniflair SP UCF0481I, UCF0341I (UNFLRSP), Uniflair LE DX Perimeter Cooling Display for SKUs: IDAV, IDEV, IDWV, IUAV, IUEV, IUWV, IXAV, IXEV, IXWV, LDAV, LDEV, and LDWV (LEDX2G), Refrigerant Distribution Unit: ACDA9xx (RDU) (NMC2 AOS V6.9.6 and earlier), Environmental Monitoring Unit with embedded NMC2 (NB250): NetBotz NBRK0250 (NMC2 AOS V6.9.6 and earlier), and Network Management Card 2 (NMC2): AP9922 Battery Management System (BM4) (NMC2 AOS V6.9.6 and earlier)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
schneider-electric network_management_card_2_firmware *
schneider-electric network_management_card_3_firmware *
CVE-2021-22816 HIGH

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause a Denial of Service of the RTU when receiving a specially crafted request over Modbus, and the RTU is configured as a Modbus server. Affected Products: SCADAPack 312E, 313E, 314E, 330E, 333E, 334E, 337E, 350E and 357E RTUs with firmware V8.18.1 and prior

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-754,

Products Affected

Vendor Product Version
schneider-electric scadapack_357e_firmware *
schneider-electric scadapack_330e_firmware *
schneider-electric scadapack_350e_firmware *
schneider-electric scadapack_333e_firmware *
schneider-electric scadapack_334e_firmware *
schneider-electric scadapack_313e_firmware *
schneider-electric scadapack_312e_firmware *
schneider-electric scadapack_314e_firmware *
schneider-electric scadapack_337e_firmware *
CVE-2021-22817 MEDIUM

A CWE-276: Incorrect Default Permissions vulnerability exists that could cause unauthorized access to the base installation directory leading to local privilege escalation. Affected Product: Harmony/Magelis iPC Series (All Versions), Vijeo Designer (All Versions prior to V6.2 SP11 Multiple HotFix 4), Vijeo Designer Basic (All Versions prior to V1.2.1)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-276,CWE-276,

Products Affected

Vendor Product Version
schneider-electric hmibmo0a5dd1001_firmware *
schneider-electric hmibmuhi29d4801_firmware *
schneider-electric hmibmpsi74d4801_firmware *
schneider-electric hmibmuci29d2w01_firmware *
schneider-electric hmibmpsi74d2801_firmware *
schneider-electric hmibmiea5dd1101_firmware *
schneider-electric hmibmp0i74di00a_firmware *
schneider-electric hmibmu0i29di00a_firmware *
schneider-electric hmibmuhi29d2801_firmware *
schneider-electric hmibmiea5dd1001_firmware *
schneider-electric hmibscea53d1l0a_firmware *
schneider-electric hmibmp0i74de00a_firmware *
schneider-electric vijeo_designer 6.2
schneider-electric hmibmoma5ddf10l_firmware *
schneider-electric hmibmp0i74d2001_firmware *
schneider-electric hmibmo0a5ddf10a_firmware *
schneider-electric hmibmu0i29d400a_firmware *
schneider-electric hmibmusi29d4801_firmware *
schneider-electric hmibscea53d1l01_firmware *
schneider-electric hmibscea53d1l0t_firmware *
schneider-electric hmibmu0i29d2001_firmware *
schneider-electric hmibmp0i74d200a_firmware *
schneider-electric hmibmp0i74d400a_firmware *
schneider-electric vijeo_designer *
schneider-electric hmibmiea5dd1e01_firmware *
schneider-electric hmibmu0i29d4001_firmware *
schneider-electric hmibmiea5dd100a_firmware *
schneider-electric hmibmuci29d4w01_firmware *
schneider-electric hmibmusi29d2801_firmware *
schneider-electric hmibmphi74d4801_firmware *
schneider-electric hmibmoma5dd1101_firmware *
schneider-electric hmibmu0i29de00a_firmware *
schneider-electric hmibmoma5dd1e01_firmware *
schneider-electric hmibmo0a5ddf101_firmware *
schneider-electric hmibmu0i29d200a_firmware *
schneider-electric hmibmp0i74d4001_firmware *
schneider-electric hmibmphi74d2801_firmware *
schneider-electric hmibmiea5dd110l_firmware *
CVE-2021-22818 MEDIUM

A CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists that could allow an attacker to gain unauthorized access to the charging station web interface by performing brute force attacks. Affected Products: EVlink City EVC1S22P4 / EVC1S7P4 (All versions prior to R8 V3.4.0.2 ), EVlink Parking EVW2 / EVF2 / EVP2PE (All versions prior to R8 V3.4.0.2), and EVlink Smart Wallbox EVB1A (All versions prior to R8 V3.4.0.2)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-307,

Products Affected

Vendor Product Version
schneider-electric evlink_city_evc1s22p4_firmware *
schneider-electric evlink_city_evc1s7p4_firmware *
schneider-electric evlink_parking_evp2pe_firmware *
schneider-electric evlink_parking_evw2_firmware *
schneider-electric evlink_smart_wallbox_evb1a_firmware *
schneider-electric evlink_parking_evf2_firmware *
CVE-2021-22819 MEDIUM

A CWE-1021 Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause unintended modifications of the product settings or user accounts when deceiving the user to use the web interface rendered within iframes. Affected Products: EVlink City EVC1S22P4 / EVC1S7P4 (All versions prior to R8 V3.4.0.2 ), EVlink Parking EVW2 / EVF2 / EVP2PE (All versions prior to R8 V3.4.0.2), and EVlink Smart Wallbox EVB1A (All versions prior to R8 V3.4.0.2)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N 2.8 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-1021,

Products Affected

Vendor Product Version
schneider-electric evlink_city_evc1s22p4_firmware *
schneider-electric evlink_city_evc1s7p4_firmware *
schneider-electric evlink_parking_evp2pe_firmware *
schneider-electric evlink_parking_evw2_firmware *
schneider-electric evlink_smart_wallbox_evb1a_firmware *
schneider-electric evlink_parking_evf2_firmware *
CVE-2021-22820 HIGH

A CWE-614 Insufficient Session Expiration vulnerability exists that could allow an attacker to maintain an unauthorized access over a hijacked session to the charger station web server even after the legitimate user account holder has changed his password. Affected Products: EVlink City EVC1S22P4 / EVC1S7P4 (All versions prior to R8 V3.4.0.2 ), EVlink Parking EVW2 / EVF2 / EVP2PE (All versions prior to R8 V3.4.0.2), and EVlink Smart Wallbox EVB1A (All versions prior to R8 V3.4.0.2)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-613,

Products Affected

Vendor Product Version
schneider-electric evlink_city_evc1s22p4_firmware *
schneider-electric evlink_city_evc1s7p4_firmware *
schneider-electric evlink_parking_evp2pe_firmware *
schneider-electric evlink_parking_evw2_firmware *
schneider-electric evlink_smart_wallbox_evb1a_firmware *
schneider-electric evlink_parking_evf2_firmware *
CVE-2021-22821 MEDIUM

A CWE-918 Server-Side Request Forgery (SSRF) vulnerability exists that could cause the station web server to forward requests to unintended network targets when crafted malicious parameters are submitted to the charging station web server. Affected Products: EVlink City EVC1S22P4 / EVC1S7P4 (All versions prior to R8 V3.4.0.2 ), EVlink Parking EVW2 / EVF2 / EVP2PE (All versions prior to R8 V3.4.0.2), and EVlink Smart Wallbox EVB1A (All versions prior to R8 V3.4.0.2)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.6 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N 3.9 4.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-918,

Products Affected

Vendor Product Version
schneider-electric evlink_city_evc1s22p4_firmware *
schneider-electric evlink_city_evc1s7p4_firmware *
schneider-electric evlink_parking_evp2pe_firmware *
schneider-electric evlink_parking_evw2_firmware *
schneider-electric evlink_smart_wallbox_evb1a_firmware *
schneider-electric evlink_parking_evf2_firmware *
CVE-2021-22822 MEDIUM

A CWE-79 Improper Neutralization of Input During Web Page Generation (�Cross-site Scripting�) vulnerability exists that could allow an attacker to impersonate the user who manages the charging station or carry out actions on their behalf when crafted malicious parameters are submitted to the charging station web server. Affected Products: EVlink City EVC1S22P4 / EVC1S7P4 (All versions prior to R8 V3.4.0.2 ), EVlink Parking EVW2 / EVF2 / EVP2PE (All versions prior to R8 V3.4.0.2), and EVlink Smart Wallbox EVB1A (All versions prior to R8 V3.4.0.2)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
schneider-electric evlink_city_evc1s22p4_firmware *
schneider-electric evlink_city_evc1s7p4_firmware *
schneider-electric evlink_parking_evp2pe_firmware *
schneider-electric evlink_parking_evw2_firmware *
schneider-electric evlink_smart_wallbox_evb1a_firmware *
schneider-electric evlink_parking_evf2_firmware *
CVE-2021-22823 MEDIUM

A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause deletion of arbitrary files in the context of the user running IGSS due to lack of validation of network messages. Affected Product: Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21320 and prior)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H 3.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-306,

Products Affected

Vendor Product Version
schneider-electric interactive_graphical_scada_system_data_collector *
CVE-2021-22824 MEDIUM

A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in denial of service, due to missing length check on user-supplied data from a constructed message received on the network. Affected Product: Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21320 and prior)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,CWE-120,

Products Affected

Vendor Product Version
schneider-electric interactive_graphical_scada_system_data_collector *
CVE-2021-22825 MEDIUM

A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could allow an attacker to access the system with elevated privileges when a privileged account clicks on a malicious URL that compromises the security token. Affected Products: AP7xxxx and AP8xxx with NMC2 (V6.9.6 or earlier), AP7xxx and AP8xxx with NMC3 (V1.1.0.3 or earlier), and APDU9xxx with NMC3 (V1.0.0.28 or earlier)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.0 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 2.1 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,CWE-200,

Products Affected

Vendor Product Version
schneider-electric rack_power_distribution_unit_with_network_management_card_2_firmware *
schneider-electric rack_power_distribution_unit_with_network_management_card_3_firmware *
CVE-2021-22826 MEDIUM

A CWE-20: Improper Input Validation vulnerability exists that could cause arbitrary code execution when the user visits a page containing the injected payload. This CVE is unique from CVE-2021-22827. Affected Product: EcoStruxure� Power Monitoring Expert 9.0 and prior versions

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
schneider-electric ecostruxure_power_monitoring_expert *
CVE-2021-22827 MEDIUM

A CWE-20: Improper Input Validation vulnerability exists that could cause arbitrary code execution when the user visits a page containing the injected payload. This CVE is unique from CVE-2021-22826. Affected Product: EcoStruxure� Power Monitoring Expert 9.0 and prior versions

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
schneider-electric ecostruxure_power_monitoring_expert *
CVE-2021-30061 HIGH

On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, physically proximate attackers can execute code via a crafted file on a USB stick.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
belden tofino_argon_fa-tsa-100-tx/tx_firmware -
schneider-electric tcsefea23f3f22_firmware *
belden eagle_20_tofino_943_987-501-tx/tx_firmware -
schneider-electric tcsefea23f3f20_firmware -
belden tofino_argon_fa-tsa-220-mm/tx_firmware -
belden tofino_xenon_security_appliance_firmware *
belden tofino_argon_fa-tsa-220-tx/tx_firmware -
belden tofino_argon_fa-tsa-220-tx/mm_firmware -
schneider-electric tcsefea23f3f21_firmware -
belden eagle_20_tofino_943_987-505-mm/mm_firmware -
belden eagle_20_tofino_943_987-504-mm/tx_firmware -
belden tofino_argon_fa-tsa-220-mm/mm_firmware -
belden eagle_20_tofino_943_987-502_-tx/mm_firmware -
CVE-2021-30062 MEDIUM

On Schneider Electric ConneXium Tofino OPCLSM TCSEFM0000 before 03.23 and Belden Tofino Xenon Security Appliance, crafted OPC packets can bypass the OPC enforcer.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
belden tofino_argon_fa-tsa-220-tx/tx_firmware -
belden tofino_argon_fa-tsa-220-tx/mm_firmware -
belden tofino_argon_fa-tsa-100-tx/tx_firmware -
belden eagle_20_tofino_943_987-501-tx/tx_firmware -
schneider-electric tcsefm0000_firmware *
belden tofino_argon_fa-tsa-220-mm/tx_firmware -
belden eagle_20_tofino_943_987-505-mm/mm_firmware -
belden eagle_20_tofino_943_987-504-mm/tx_firmware -
belden tofino_xenon_security_appliance_firmware *
belden tofino_argon_fa-tsa-220-mm/mm_firmware -
belden eagle_20_tofino_943_987-502_-tx/mm_firmware -
CVE-2021-30063 MEDIUM

On Schneider Electric ConneXium Tofino OPCLSM TCSEFM0000 before 03.23 and Belden Tofino Xenon Security Appliance, crafted OPC packets can cause an OPC enforcer denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
belden tofino_argon_fa-tsa-220-tx/tx_firmware -
belden tofino_argon_fa-tsa-220-tx/mm_firmware -
belden tofino_argon_fa-tsa-100-tx/tx_firmware -
belden eagle_20_tofino_943_987-501-tx/tx_firmware -
schneider-electric tcsefm0000_firmware *
belden tofino_argon_fa-tsa-220-mm/tx_firmware -
belden eagle_20_tofino_943_987-505-mm/mm_firmware -
belden eagle_20_tofino_943_987-504-mm/tx_firmware -
belden tofino_xenon_security_appliance_firmware *
belden tofino_argon_fa-tsa-220-mm/mm_firmware -
belden eagle_20_tofino_943_987-502_-tx/mm_firmware -
CVE-2021-30064 MEDIUM

On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, an SSH login can succeed with hardcoded default credentials (if the device is in the uncommissioned state).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-798,

Products Affected

Vendor Product Version
belden tofino_argon_fa-tsa-100-tx/tx_firmware -
schneider-electric tcsefea23f3f22_firmware *
belden eagle_20_tofino_943_987-501-tx/tx_firmware -
schneider-electric tcsefea23f3f20_firmware -
belden tofino_argon_fa-tsa-220-mm/tx_firmware -
belden tofino_xenon_security_appliance_firmware *
belden tofino_argon_fa-tsa-220-tx/tx_firmware -
belden tofino_argon_fa-tsa-220-tx/mm_firmware -
schneider-electric tcsefea23f3f21_firmware -
belden eagle_20_tofino_943_987-505-mm/mm_firmware -
belden eagle_20_tofino_943_987-504-mm/tx_firmware -
belden tofino_argon_fa-tsa-220-mm/mm_firmware -
belden eagle_20_tofino_943_987-502_-tx/mm_firmware -
CVE-2021-30065 MEDIUM

On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, crafted ModBus packets can bypass the ModBus enforcer. NOTE: this issue exists because of an incomplete fix of CVE-2017-11401.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6
cve@mitre.org 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
belden tofino_argon_fa-tsa-100-tx/tx_firmware -
schneider-electric tcsefea23f3f22_firmware *
belden eagle_20_tofino_943_987-501-tx/tx_firmware -
schneider-electric tcsefea23f3f20_firmware -
belden tofino_argon_fa-tsa-220-mm/tx_firmware -
belden tofino_xenon_security_appliance_firmware *
belden tofino_argon_fa-tsa-220-tx/tx_firmware -
belden tofino_argon_fa-tsa-220-tx/mm_firmware -
schneider-electric tcsefea23f3f21_firmware -
belden eagle_20_tofino_943_987-505-mm/mm_firmware -
belden eagle_20_tofino_943_987-504-mm/tx_firmware -
belden tofino_argon_fa-tsa-220-mm/mm_firmware -
belden eagle_20_tofino_943_987-502_-tx/mm_firmware -
CVE-2021-30066 HIGH

On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, an arbitrary firmware image can be loaded because firmware signature verification (for a USB stick) can be bypassed. NOTE: this issue exists because of an incomplete fix of CVE-2017-11400.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-347,

Products Affected

Vendor Product Version
belden tofino_argon_fa-tsa-100-tx/tx_firmware -
schneider-electric tcsefea23f3f22_firmware *
belden eagle_20_tofino_943_987-501-tx/tx_firmware -
schneider-electric tcsefea23f3f20_firmware -
belden tofino_argon_fa-tsa-220-mm/tx_firmware -
belden tofino_xenon_security_appliance_firmware *
belden tofino_argon_fa-tsa-220-tx/tx_firmware -
belden tofino_argon_fa-tsa-220-tx/mm_firmware -
schneider-electric tcsefea23f3f21_firmware -
belden eagle_20_tofino_943_987-505-mm/mm_firmware -
belden eagle_20_tofino_943_987-504-mm/tx_firmware -
belden tofino_argon_fa-tsa-220-mm/mm_firmware -
belden eagle_20_tofino_943_987-502_-tx/mm_firmware -
CVE-2022-0221 MEDIUM

A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could result in information disclosure when opening a malicious solution file provided by an attacker with SCADAPack Workbench. This could be exploited to pass data from local files to a remote system controlled by an attacker. Affected Product: SCADAPack Workbench (6.6.8a and prior)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 1.8 3.6
cybersecurity@se.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-611,CWE-611,

Products Affected

Vendor Product Version
schneider-electric scadapack_workbench *
CVE-2022-0222

A CWE-269: Improper Privilege Management vulnerability exists that could cause a denial of service of the Ethernet communication of the controller when sending a specific request over SNMP. Affected products: Modicon M340 CPUs(BMXP34* versions prior to V3.40), Modicon M340 X80 Ethernet Communication modules:BMXNOE0100 (H), BMXNOE0110 (H), BMXNOR0200H RTU(BMXNOE* all versions)(BMXNOR* versions prior to v1.7 IR24)

Products Affected

Vendor Product Version
schneider-electric modicon_m340_bmxp342010_firmware *
schneider-electric modicon_m340_bmxp342030_firmware *
schneider-electric modicon_m340_bmxp342030h_firmware *
schneider-electric modicon_m340_bmxp3420302h_firmware *
schneider-electric modicon_m340_bmxp341000_firmware *
schneider-electric modicon_m340_bmxp342020_firmware *
schneider-electric modicon_m340_bmxnoe0100_firmware -
schneider-electric modicon_m340_bmxnoe0110_firmware -
schneider-electric modicon_m340_bmxp3420302_firmware *
schneider-electric modicon_m340_bmxnoe0110h_firmware -
schneider-electric modicon_m340_bmxp342000_firmware *
schneider-electric modicon_m340_bmxp3420102_firmware *
schneider-electric modicon_m340_bmxnor0200h_firmware -
schneider-electric modicon_m340_bmxp342020h_firmware *
CVE-2022-0223

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could allow an attacker to create or overwrite critical files that are used to execute code, such as programs or libraries and cause unauthenticated code execution. Affected Products: EcoStruxure Power Commission (Versions prior to V2.22)

Products Affected

Vendor Product Version
schneider-electric ecostruxure_power_commission *
CVE-2022-0715 MEDIUM

A CWE-287: Improper Authentication vulnerability exists that could cause an attacker to arbitrarily change the behavior of the UPS when a key is leaked and used to upload malicious firmware. Affected Product: APC Smart-UPS Family: SMT Series (SMT Series ID=18: UPS 09.8 and prior / SMT Series ID=1040: UPS 01.2 and prior / SMT Series ID=1031: UPS 03.1 and prior), SMC Series (SMC Series ID=1005: UPS 14.1 and prior / SMC Series ID=1007: UPS 11.0 and prior / SMC Series ID=1041: UPS 01.1 and prior), SCL Series (SCL Series ID=1030: UPS 02.5 and prior / SCL Series ID=1036: UPS 02.5 and prior), SMX Series (SMX Series ID=20: UPS 10.2 and prior / SMX Series ID=23: UPS 07.0 and prior), SRT Series (SRT Series ID=1010/1019/1025: UPS 08.3 and prior / SRT Series ID=1024: UPS 01.0 and prior / SRT Series ID=1020: UPS 10.4 and prior / SRT Series ID=1021: UPS 12.2 and prior / SRT Series ID=1001/1013: UPS 05.1 and prior / SRT Series ID=1002/1014: UPSa05.2 and prior), APC SmartConnect Family: SMT Series (SMT Series ID=1015: UPS 04.5 and prior), SMC Series (SMC Series ID=1018: UPS 04.2 and prior), SMTL Series (SMTL Series ID=1026: UPS 02.9 and prior), SCL Series (SCL Series ID=1029: UPS 02.5 and prior / SCL Series ID=1030: UPS 02.5 and prior / SCL Series ID=1036: UPS 02.5 and prior / SCL Series ID=1037: UPS 03.1 and prior), SMX Series (SMX Series ID=1031: UPS 03.1 and prior)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H 3.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,CWE-345,

Products Affected

Vendor Product Version
schneider-electric smx_series_20_ups_firmware *
schneider-electric smc_series_1018_ups_firmware *
schneider-electric smc_series_1041_ups_firmware *
schneider-electric srtl2200rmxli-nc_firmware *
schneider-electric srt_series_1014_ups_firmware *
schneider-electric smt_series_1031_ups_firmware *
schneider-electric srtl1500rmxli_firmware *
schneider-electric srt_series_1010_ups_firmware *
schneider-electric srt_series_1013_ups_firmware *
schneider-electric smx_series_23_ups_firmware *
schneider-electric srtl3000rmxli-nc_firmware *
schneider-electric srtl1000rmxli_firmware *
schneider-electric smt_series_1040_ups_firmware *
schneider-electric srtl1500rmxli-nc_firmware *
schneider-electric smx_series_1031_ups_firmware *
schneider-electric smc_series_1005_ups_firmware *
schneider-electric srtl2200rmxli_firmware *
schneider-electric smc_series_1007_ups_firmware *
schneider-electric smtl_series_1026_ups_firmware *
schneider-electric srt_series_1020_ups_firmware *
schneider-electric srt_series_1019_ups_firmware *
schneider-electric srtl1000rmxli-nc_firmware *
schneider-electric smt_series_1015_ups_firmware *
schneider-electric scl_series_1036_ups_firmware *
schneider-electric srt_series_1025_ups_firmware *
schneider-electric srtl3000rmxli_firmware *
schneider-electric scl_series_1037_ups_firmware *
schneider-electric smt_series_18_ups_firmware *
schneider-electric scl_series_1030_ups_firmware *
schneider-electric srt_series_1001_ups_firmware *
schneider-electric scl_series_1029_ups_firmware *
schneider-electric srt_series_1021_ups_firmware *
schneider-electric srt_series_1002_ups_firmware *
CVE-2022-22722 MEDIUM

A CWE-798: Use of Hard-coded Credentials vulnerability exists that could result in information disclosure. If an attacker were to obtain the SSH cryptographic key for the device and take active control of the local operational network connected to the product they could potentially observe and manipulate traffic associated with product configuration. Affected Product: Easergy P5 (All firmware versions prior to V01.401.101)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 1.6 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-798,

Products Affected

Vendor Product Version
schneider-electric easergy_p5_firmware *
CVE-2022-22723 HIGH

A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could lead to a buffer overflow causing program crashes and arbitrary code execution when specially crafted packets are sent to the device over the network. Protection functions and tripping function via GOOSE can be impacted. Affected Product: Easergy P5 (All firmware versions prior to V01.401.101)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,

Products Affected

Vendor Product Version
schneider-electric easergy_p5_firmware *
CVE-2022-22724 MEDIUM

A CWE-400: Uncontrolled Resource Consumption vulnerability exists that could cause a denial of service on ports 80 (HTTP) and 502 (Modbus), when sending a large number of TCP RST or FIN packets to any open TCP port of the PLC. Affected Product: Modicon M340 CPUs: BMXP34 (All Versions)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,

Products Affected

Vendor Product Version
schneider-electric modicon_m340_bmxp342030_firmware -
schneider-electric modicon_m340_bmxp342010_firmware -
schneider-electric modicon_m340_bmxp342000_firmware -
schneider-electric modicon_m340_bmxp3420302_firmware -
schneider-electric modicon_m340_bmxp341000_firmware -
schneider-electric modicon_m340_bmxp3420102_firmware -
CVE-2022-22725 HIGH

A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could lead to a buffer overflow causing program crashes and arbitrary code execution when specially crafted packets are sent to the device over the network. Protection functions and tripping function via GOOSE can be impacted. Affected Product: Easergy P3 (All versions prior to V30.205)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,

Products Affected

Vendor Product Version
schneider-electric easergy_p3_firmware *
CVE-2022-22726 MEDIUM

A CWE-20: Improper Input Validation vulnerability exists that could allow arbitrary files on the server to be read by authenticated users through a limited operating system service account. Affected Product: EcoStruxure Power Monitoring Expert (Versions 2020 and prior)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
schneider-electric ecostruxure_power_monitoring_expert *
CVE-2022-22727 HIGH

A CWE-20: Improper Input Validation vulnerability exists that could allow an unauthenticated attacker to view data, change settings, impact availability of the software, or potentially impact a user�s local machine when the user clicks a specially crafted link. Affected Product: EcoStruxure Power Monitoring Expert (Versions 2020 and prior)

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,CWE-20,

Products Affected

Vendor Product Version
schneider-electric ecostruxure_power_monitoring_expert *
CVE-2022-22731

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in a function that could allow an attacker to create or overwrite critical files that are used to execute code, such as programs or libraries and cause path traversal attacks. Affected Products: EcoStruxure Power Commission (Versions prior to V2.22)

Products Affected

Vendor Product Version
schneider-electric ecostruxure_power_commission *
CVE-2022-22732

A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that could cause all remote domains to access the resources (data) supplied by the server when an attacker sends a fetch request from third-party site or malicious site. Affected Products: EcoStruxure Power Commission (Versions prior to V2.22)

Products Affected

Vendor Product Version
schneider-electric ecostruxure_power_commission *
CVE-2022-22804 LOW

A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could allow an authenticated attacker to view data, change settings, or impact availability of the software when the user visits a page containing the injected payload. Affected Product: EcoStruxure Power Monitoring Expert (Versions 2020 and prior)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
schneider-electric ecostruxure_power_monitoring_expert *
CVE-2022-22805 HIGH

A CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability exists that could cause remote code execution when an improperly handled TLS packet is reassembled. Affected Product: SmartConnect Family: SMT Series (SMT Series ID=1015: UPS 04.5 and prior), SMC Series (SMC Series ID=1018: UPS 04.2 and prior), SMTL Series (SMTL Series ID=1026: UPS 02.9 and prior), SCL Series (SCL Series ID=1029: UPS 02.5 and prior / SCL Series ID=1030: UPS 02.5 and prior / SCL Series ID=1036: UPS 02.5 and prior / SCL Series ID=1037: UPS 03.1 and prior), SMX Series (SMX Series ID=1031: UPS 03.1 and prior)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,CWE-120,

Products Affected

Vendor Product Version
schneider-electric smtl_series_1026_ups_firmware *
schneider-electric smt_series_1015_ups_firmware *
schneider-electric smc_series_1018_ups_firmware *
schneider-electric scl_series_1036_ups_firmware *
schneider-electric scl_series_1037_ups_firmware *
schneider-electric smx_series_1031_ups_firmware *
schneider-electric scl_series_1030_ups_firmware *
schneider-electric scl_series_1029_ups_firmware *
CVE-2022-22806 HIGH

A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause an unauthenticated connection to the UPS when a malformed connection is sent. Affected Product: SmartConnect Family: SMT Series (SMT Series ID=1015: UPS 04.5 and prior), SMC Series (SMC Series ID=1018: UPS 04.2 and prior), SMTL Series (SMTL Series ID=1026: UPS 02.9 and prior), SCL Series (SCL Series ID=1029: UPS 02.5 and prior / SCL Series ID=1030: UPS 02.5 and prior / SCL Series ID=1036: UPS 02.5 and prior / SCL Series ID=1037: UPS 03.1 and prior), SMX Series (SMX Series ID=1031: UPS 03.1 and prior)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-294,CWE-294,

Products Affected

Vendor Product Version
schneider-electric smtl_series_1026_ups_firmware *
schneider-electric smt_series_1015_ups_firmware *
schneider-electric smc_series_1018_ups_firmware *
schneider-electric scl_series_1036_ups_firmware *
schneider-electric scl_series_1037_ups_firmware *
schneider-electric smx_series_1031_ups_firmware *
schneider-electric scl_series_1030_ups_firmware *
schneider-electric scl_series_1029_ups_firmware *
CVE-2022-22807 MEDIUM

A CWE-1021 Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause unintended modifications of the product settings or user accounts when deceiving the user to use the web interface rendered within iframes. Affected Product: EcoStruxure EV Charging Expert (formerly known as EVlink Load Management System): (HMIBSCEA53D1EDB, HMIBSCEA53D1EDS, HMIBSCEA53D1EDM, HMIBSCEA53D1EDL, HMIBSCEA53D1ESS, HMIBSCEA53D1ESM, HMIBSCEA53D1EML) (All Versions prior to SP8 (Version 01) V4.0.0.13)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.4 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N 2.8 4.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-1021,CWE-1021,

Products Affected

Vendor Product Version
schneider-electric hmibscea53d1eml_firmware *
schneider-electric hmibscea53d1edb_firmware *
schneider-electric hmibscea53d1esm_firmware *
schneider-electric hmibscea53d1ess_firmware *
schneider-electric hmibscea53d1edm_firmware *
schneider-electric hmibscea53d1edl_firmware *
schneider-electric hmibscea53d1eds_firmware *
CVE-2022-22808 MEDIUM

A CWE-352: Cross-Site Request Forgery (CSRF) exists that could cause a remote attacker to gain unauthorized access to the product when conducting cross-domain attacks based on same-origin policy or cross-site request forgery protections bypass. Affected Product: EcoStruxure EV Charging Expert (formerly known as EVlink Load Management System): (HMIBSCEA53D1EDB, HMIBSCEA53D1EDS, HMIBSCEA53D1EDM, HMIBSCEA53D1EDL, HMIBSCEA53D1ESS, HMIBSCEA53D1ESM, HMIBSCEA53D1EML) (All Versions prior to SP8 (Version 01) V4.0.0.13)

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,CWE-352,

Products Affected

Vendor Product Version
schneider-electric hmibscea53d1eml_firmware *
schneider-electric hmibscea53d1edb_firmware *
schneider-electric hmibscea53d1esm_firmware *
schneider-electric hmibscea53d1ess_firmware *
schneider-electric hmibscea53d1edm_firmware *
schneider-electric hmibscea53d1edl_firmware *
schneider-electric hmibscea53d1eds_firmware *
CVE-2022-22809 MEDIUM

A CWE-306: Missing Authentication for Critical Function vulnerability exists that could allow modifications of the touch configurations in an unauthorized manner when an attacker attempts to modify the touch configurations. Affected Product: spaceLYnk (V2.6.2 and prior), Wiser for KNX (formerly homeLYnk) (V2.6.2 and prior), fellerLYnk (V2.6.2 and prior)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-306,CWE-306,

Products Affected

Vendor Product Version
schneider-electric fellerlynk_firmware *
schneider-electric spacelynk_firmware *
schneider-electric wiser_for_knx_firmware *
CVE-2022-22810 MEDIUM

A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could allow an attacker to manipulate the admin after numerous attempts at guessing credentials. Affected Product: spaceLYnk (V2.6.2 and prior), Wiser for KNX (formerly homeLYnk) (V2.6.2 and prior), fellerLYnk (V2.6.2 and prior)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-307,

Products Affected

Vendor Product Version
schneider-electric fellerlynk_firmware *
schneider-electric spacelynk_firmware *
schneider-electric wiser_for_knx_firmware *
CVE-2022-22811 HIGH

A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists that could induce users to perform unintended actions, leading to the override of the system�s configurations when an attacker persuades a user to visit a rogue website. Affected Product: spaceLYnk (V2.6.2 and prior), Wiser for KNX (formerly homeLYnk) (V2.6.2 and prior), fellerLYnk (V2.6.2 and prior)

CVSS 2.0

Severity: HIGH

Problem Type: CWE-352,

Products Affected

Vendor Product Version
schneider-electric fellerlynk_firmware *
schneider-electric spacelynk_firmware *
schneider-electric wiser_for_knx_firmware *
CVE-2022-22812 MEDIUM

A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause a web session compromise when an attacker injects and then executes arbitrary malicious JavaScript code inside the target browser. Affected Product: spaceLYnk (V2.6.2 and prior), Wiser for KNX (formerly homeLYnk) (V2.6.2 and prior), fellerLYnk (V2.6.2 and prior)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
schneider-electric fellerlynk_firmware *
schneider-electric spacelynk_firmware *
schneider-electric wiser_for_knx_firmware *
CVE-2022-22813 HIGH

A CWE-798: Use of Hard-coded Credentials vulnerability exists. If an attacker were to obtain the TLS cryptographic key and take active control of the Courier tunneling communication network, they could potentially observe and manipulate traffic associated with product configuration.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-798,

Products Affected

Vendor Product Version
schneider-electric easergy_p443_firmware -
schneider-electric easergy_p242_firmware -
schneider-electric easergy_p445_firmware -
schneider-electric easergy_p645_firmware -
schneider-electric easergy_p141_firmware -
schneider-electric easergy_p446_firmware -
schneider-electric easergy_p442_firmware -
schneider-electric easergy_p841_firmware -
schneider-electric easergy_p145_firmware -
schneider-electric easergy_p543_firmware -
schneider-electric easergy_p143_firmware -
schneider-electric easergy_p241_firmware -
schneider-electric easergy_p741_firmware -
schneider-electric easergy_p243_firmware -
schneider-electric easergy_p544_firmware -
schneider-electric easergy_p746_firmware -
schneider-electric easergy_p344_firmware -
schneider-electric easergy_p541_firmware -
schneider-electric easergy_p142_firmware -
schneider-electric easergy_p345_firmware -
schneider-electric easergy_p546_firmware -
schneider-electric easergy_p444_firmware -
schneider-electric easergy_p742_firmware -
schneider-electric easergy_p643_firmware -
schneider-electric easergy_p545_firmware -
schneider-electric easergy_p342_firmware -
schneider-electric easergy_p849_firmware -
schneider-electric easergy_p642_firmware -
schneider-electric easergy_p743_firmware -
schneider-electric easergy_p441_firmware -
schneider-electric easergy_p341_firmware -
schneider-electric easergy_p542_firmware -
schneider-electric easergy_p343_firmware -
CVE-2022-2329

A CWE-190: Integer Overflow or Wraparound vulnerability exists that could cause heap-based buffer overflow, leading to denial of service and potentially remote code execution when an attacker sends multiple specially crafted messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22073)

Products Affected

Vendor Product Version
schneider-electric interactive_graphical_scada_system *
CVE-2022-24310 HIGH

A CWE-190: Integer Overflow or Wraparound vulnerability exists that could cause heap-based buffer overflow, leading to denial of service and potentially remote code execution when an attacker sends multiple specially crafted messages. Affected Product: Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-190,

Products Affected

Vendor Product Version
schneider-electric interactive_graphical_scada_system_data_server *
CVE-2022-24311 HIGH

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists that could cause modification of an existing file by inserting at beginning of file or create a new file in the context of the Data Server potentially leading to remote code execution when an attacker sends a specially crafted message. Affected Product: Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-22,

Products Affected

Vendor Product Version
schneider-electric interactive_graphical_scada_system_data_server *
CVE-2022-24312 HIGH

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists that could cause modification of an existing file by adding at end of file or create a new file in the context of the Data Server potentially leading to remote code execution when an attacker sends a specially crafted message. Affected Product: Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-22,

Products Affected

Vendor Product Version
schneider-electric interactive_graphical_scada_system_data_server *
CVE-2022-24313 HIGH

A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow potentially leading to remote code execution when an attacker sends a specially crafted message. Affected Product: Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,

Products Affected

Vendor Product Version
schneider-electric interactive_graphical_scada_system_data_server *
CVE-2022-24314 MEDIUM

A CWE-125: Out-of-bounds Read vulnerability exists that could cause memory leaks potentially resulting in denial of service when an attacker repeatedly sends a specially crafted message. Affected Product: Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
schneider-electric interactive_graphical_scada_system_data_server *
CVE-2022-24315 MEDIUM

A CWE-125: Out-of-bounds Read vulnerability exists that could cause denial of service when an attacker repeatedly sends a specially crafted message. Affected Product: Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
schneider-electric interactive_graphical_scada_system_data_server *
CVE-2022-24316 MEDIUM

A CWE-665: Improper Initialization vulnerability exists that could cause information exposure when an attacker sends a specially crafted message. Affected Product: Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-665,

Products Affected

Vendor Product Version
schneider-electric interactive_graphical_scada_system_data_server *
CVE-2022-24317 MEDIUM

A CWE-862: Missing Authorization vulnerability exists that could cause information exposure when an attacker sends a specific message. Affected Product: Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-862,

Products Affected

Vendor Product Version
schneider-electric interactive_graphical_scada_system_data_server *
CVE-2022-24318 MEDIUM

A CWE-326: Inadequate Encryption Strength vulnerability exists that could cause non-encrypted communication with the server when outdated versions of the ViewX client are used. Affected Product: ClearSCADA (All Versions), EcoStruxure Geo SCADA Expert 2019 (All Versions), EcoStruxure Geo SCADA Expert 2020 (All Versions)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-326,CWE-326,

Products Affected

Vendor Product Version
schneider-electric ecostruxure_geo_scada_expert_2019 *
schneider-electric clearscada *
schneider-electric ecostruxure_geo_scada_expert_2020 *
CVE-2022-24319 MEDIUM

A CWE-295: Improper Certificate Validation vulnerability exists that could allow a Man-in-theMiddle attack when communications between the client and Geo SCADA web server are intercepted. Affected Product: ClearSCADA (All Versions), EcoStruxure Geo SCADA Expert 2019 (All Versions), EcoStruxure Geo SCADA Expert 2020 (All Versions)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,CWE-295,

Products Affected

Vendor Product Version
schneider-electric ecostruxure_geo_scada_expert_2019 *
schneider-electric ecostruxure_geo_scada_expert_2020 *
schneider-electric clearscada -
CVE-2022-24320 MEDIUM

A CWE-295: Improper Certificate Validation vulnerability exists that could allow a Man-in-theMiddle attack when communications between the client and Geo SCADA database server are intercepted. Affected Product: ClearSCADA (All Versions), EcoStruxure Geo SCADA Expert 2019 (All Versions), EcoStruxure Geo SCADA Expert 2020 (All Versions)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,CWE-295,

Products Affected

Vendor Product Version
schneider-electric ecostruxure_geo_scada_expert_2019 *
schneider-electric ecostruxure_geo_scada_expert_2020 *
schneider-electric clearscada -
CVE-2022-24321 MEDIUM

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause Denial of Service against the Geo SCADA server when receiving a malformed HTTP request. Affected Product: ClearSCADA (All Versions), EcoStruxure Geo SCADA Expert 2019 (All Versions), EcoStruxure Geo SCADA Expert 2020 (All Versions)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-754,

Products Affected

Vendor Product Version
schneider-electric ecostruxure_geo_scada_expert_2019 *
schneider-electric clearscada *
schneider-electric ecostruxure_geo_scada_expert_2020 *
CVE-2022-24322 MEDIUM

A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause a disruption of communication between the Modicon controller and the engineering software when an attacker is able to intercept and manipulate specific Modbus response data. Affected Product: EcoStruxure Control Expert (V15.0 SP1 and prior)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@se.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H 1.6 3.6
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,CWE-119,

Products Affected

Vendor Product Version
schneider-electric ecostruxure_control_expert *
schneider-electric ecostruxure_control_expert 15.0
CVE-2022-24323 MEDIUM

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause a disruption of communication between the Modicon controller and the engineering software, when an attacker is able to intercept and manipulate specific Modbus response data. Affected Product: EcoStruxure Process Expert (V2021 and prior), EcoStruxure Control Expert (V15.0 SP1 and prior)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N 2.2 3.6
cybersecurity@se.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H 1.6 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-754,CWE-754,

Products Affected

Vendor Product Version
schneider-electric ecostruxure_process_expert *
schneider-electric ecostruxure_control_expert *
schneider-electric ecostruxure_control_expert 15.0
CVE-2022-24324

A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow potentially leading to remote code execution when an attacker sends a specially crafted message. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22073)

Products Affected

Vendor Product Version
schneider-electric interactive_graphical_scada_system *
CVE-2022-26507 HIGH

A heap-based buffer overflow exists in XML Decompression DecodeTreeBlock in AT&T Labs Xmill 0.7. A crafted input file can lead to remote code execution. This is not the same as any of: CVE-2021-21810, CVE-2021-21811, CVE-2021-21812, CVE-2021-21815, CVE-2021-21825, CVE-2021-21826, CVE-2021-21828, CVE-2021-21829, or CVE-2021-21830. NOTE: This vulnerability only affects products that are no longer supported by the maintainer

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
schneider-electric ecostruxure_process_expert *
att xmill 0.7
schneider-electric ecostruxure_control_expert *
schneider-electric ecostruxure_control_expert 15.1
schneider-electric remoteconnect -
CVE-2022-2988

A CWE-787: Out-of-bounds Write vulnerability exists that could cause sensitive information leakage when accessing a malicious web page from the commissioning software. Affected Products: SoMachine HVAC (Versions prior to V2.1.0), EcoStruxure Machine Expert – HVAC (Versions prior to V1.4.0)

Products Affected

Vendor Product Version
schneider-electric somachine_hvac *
schneider-electric ecostruxure_machine_expert_-_hvac *
CVE-2022-30232 MEDIUM

A CWE-20: Improper Input Validation vulnerability exists that could cause potential remote code execution when an attacker is able to intercept and modify a request on the same network or has configuration access to an ION device on the network. Affected Products: Wiser Smart, EER21000 & EER21001 (V4.5 and prior)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@se.com 8.0 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 2.1 5.9
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
schneider-electric powerlogic_ion_setup_firmware *
CVE-2022-30233 MEDIUM

A CWE-20: Improper Input Validation vulnerability exists that could allow the product to be maliciously manipulated when the user is tricked into performing certain actions on a webpage. Affected Products: Wiser Smart, EER21000 & EER21001 (V4.5 and prior)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@se.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N 2.8 3.6
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
schneider-electric wiser_smart_eer21001_firmware *
schneider-electric wiser_smart_eer21000_firmware *
CVE-2022-30234 HIGH

A CWE-798: Use of Hard-coded Credentials vulnerability exists that could allow arbitrary code to be executed when root level access is obtained. Affected Products: Wiser Smart, EER21000 & EER21001 (V4.5 and prior)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@se.com 9.4 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L 3.9 5.5
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-798,

Products Affected

Vendor Product Version
schneider-electric wiser_smart_eer21001_firmware *
schneider-electric wiser_smart_eer21000_firmware *
CVE-2022-30235 MEDIUM

A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could allow unauthorized access when an attacker uses brute force. Affected Products: Wiser Smart, EER21000 & EER21001 (V4.5 and prior)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
cybersecurity@se.com 8.6 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N 3.9 4.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-307,

Products Affected

Vendor Product Version
schneider-electric wiser_smart_eer21001_firmware *
schneider-electric wiser_smart_eer21000_firmware *
CVE-2022-30236 MEDIUM

A CWE-669: Incorrect Resource Transfer Between Spheres vulnerability exists that could allow unauthorized access when an attacker uses cross-domain attacks. Affected Products: Wiser Smart, EER21000 & EER21001 (V4.5 and prior)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.2 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N 3.9 4.2
cybersecurity@se.com 8.2 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N 3.9 4.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-669,

Products Affected

Vendor Product Version
schneider-electric wiser_smart_eer21001_firmware *
schneider-electric wiser_smart_eer21000_firmware *
CVE-2022-30237 MEDIUM

A CWE-311: Missing Encryption of Sensitive Data vulnerability exists that could allow authentication credentials to be recovered when an attacker breaks the encoding. Affected Products: Wiser Smart, EER21000 & EER21001 (V4.5 and prior)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@se.com 8.2 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N 3.9 4.2
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-311,

Products Affected

Vendor Product Version
schneider-electric wiser_smart_eer21001_firmware *
schneider-electric wiser_smart_eer21000_firmware *
CVE-2022-30238 HIGH

A CWE-287: Improper Authentication vulnerability exists that could allow an attacker to take over the admin account when an attacker hijacks a session. Affected Products: Wiser Smart, EER21000 & EER21001 (V4.5 and prior)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
cybersecurity@se.com 8.3 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L 2.8 5.5

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
schneider-electric wiser_smart_eer21001_firmware *
schneider-electric wiser_smart_eer21000_firmware *
CVE-2022-32512

A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause remote code execution when a command which exploits this vulnerability is utilized. Affected Products: CanBRASS (Versions prior to V7.5.1)

Products Affected

Vendor Product Version
schneider-electric canbrass *
CVE-2022-32513

A CWE-521: Weak Password Requirements vulnerability exists that could allow an attacker to gain control of the device when the attacker brute forces the password. Affected Products: C-Bus Network Automation Controller - LSS5500NAC (Versions prior to V1.10.0), Wiser for C-Bus Automation Controller - LSS5500SHAC (Versions prior to V1.10.0), Clipsal C-Bus Network Automation Controller - 5500NAC (Versions prior to V1.10.0), Clipsal Wiser for C-Bus Automation Controller - 5500SHAC (Versions prior to V1.10.0), SpaceLogic C-Bus Network Automation Controller - 5500NAC2 (Versions prior to V1.10.0), SpaceLogic C-Bus Application Controller - 5500AC2 (Versions prior to V1.10.0)

Products Affected

Vendor Product Version
schneider-electric 5500ac2_firmware *
schneider-electric 5500nac_firmware *
schneider-electric 5500nac2_firmware *
schneider-electric 5500shac_firmware *
schneider-electric lss5500nac_firmware *
schneider-electric lss5500shac_firmware *
CVE-2022-32514

A CWE-287: Improper Authentication vulnerability exists that could allow an attacker to gain control of the device when logging into a web page. Affected Products: C-Bus Network Automation Controller - LSS5500NAC (Versions prior to V1.10.0), Wiser for C-Bus Automation Controller - LSS5500SHAC (Versions prior to V1.10.0), Clipsal C-Bus Network Automation Controller - 5500NAC (Versions prior to V1.10.0), Clipsal Wiser for C-Bus Automation Controller - 5500SHAC (Versions prior to V1.10.0), SpaceLogic C-Bus Network Automation Controller - 5500NAC2 (Versions prior to V1.10.0), SpaceLogic C-Bus Application Controller - 5500AC2 (Versions prior to V1.10.0)

Products Affected

Vendor Product Version
schneider-electric 5500ac2_firmware *
schneider-electric 5500nac_firmware *
schneider-electric 5500nac2_firmware *
schneider-electric 5500shac_firmware *
schneider-electric lss5500nac_firmware *
schneider-electric lss5500shac_firmware *
CVE-2022-32515

A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could cause brute force attacks to take over the admin account when the product does not implement a rate limit mechanism on the admin authentication form. Affected Products: Conext™ ComBox (All Versions)

Products Affected

Vendor Product Version
schneider-electric conext_combox_firmware -
CVE-2022-32516

A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists that could cause system’s configurations override and cause a reboot loop when the product suffers from POST-Based Cross-Site Request Forgery (CSRF). Affected Products: Conext™ ComBox (All Versions)

Products Affected

Vendor Product Version
schneider-electric conext_combox_firmware *
CVE-2022-32517

A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause an adversary to trick the interface user/admin into interacting with the application in an unintended way when the product does not implement restrictions on the ability to render within frames on external addresses. Affected Products: Conext™ ComBox (All Versions)

Products Affected

Vendor Product Version
schneider-electric conext_combox_firmware *
CVE-2022-32518

A CWE-522: Insufficiently Protected Credentials vulnerability exists that could result in unwanted access to a DCE instance when performed over a network by a malicious third-party. This CVE is unique from CVE-2022-32520. Affected Products: Data Center Expert (Versions prior to V7.9.0)

Products Affected

Vendor Product Version
schneider-electric data_center_expert *
CVE-2022-32519

A CWE-257: Storing Passwords in a Recoverable Format vulnerability exists that could result in unwanted access to a DCE instance when performed over a network by a malicious third-party. Affected Products: Data Center Expert (Versions prior to V7.9.0)

Products Affected

Vendor Product Version
schneider-electric data_center_expert *
CVE-2022-32520

A CWE-522: Insufficiently Protected Credentials vulnerability exists that could result in unwanted access to a DCE instance when performed over a network by a malicious third-party. This CVE is unique from CVE-2022-32518. Affected Products: Data Center Expert (Versions prior to V7.9.0)

Products Affected

Vendor Product Version
schneider-electric data_center_expert *
CVE-2022-32521

A CWE 502: Deserialization of Untrusted Data vulnerability exists that could allow code to be remotely executed on the server when unsafely deserialized data is posted to the web server. Affected Products: Data Center Expert (Versions prior to V7.9.0)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
cybersecurity@se.com 7.1 HIGH CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
schneider-electric data_center_expert *
CVE-2022-32522

A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted mathematically reduced data request messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170)

Products Affected

Vendor Product Version
schneider-electric interactive_graphical_scada_system *
CVE-2022-32523

A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted online data request messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170)

Products Affected

Vendor Product Version
schneider-electric interactive_graphical_scada_system *
CVE-2022-32524

A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted time reduced data messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170)

Products Affected

Vendor Product Version
schneider-electric interactive_graphical_scada_system *
CVE-2022-32525

A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted alarm data messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170)

Products Affected

Vendor Product Version
schneider-electric interactive_graphical_scada_system *
CVE-2022-32526

A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted setting value messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170)

Products Affected

Vendor Product Version
schneider-electric interactive_graphical_scada_system *
CVE-2022-32527

A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted alarm cache data messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170)

Products Affected

Vendor Product Version
schneider-electric interactive_graphical_scada_system *
CVE-2022-32528

A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause access to manipulate and read specific files in the IGSS project report directory, potentially leading to a denial-of-service condition when an attacker sends specific messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170)

Products Affected

Vendor Product Version
schneider-electric interactive_graphical_scada_system *
CVE-2022-32529

A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted log data request messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170)

Products Affected

Vendor Product Version
schneider-electric interactive_graphical_scada_system *
CVE-2022-32530 MEDIUM

A CWE-668 Exposure of Resource to Wrong Sphere vulnerability exists that could cause users to be misled, hiding alarms, showing the wrong server connection option or the wrong control request when a mobile device has been compromised by a malicious application. Affected Product: Geo SCADA Mobile (Build 222 and prior)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
cybersecurity@se.com 4.8 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L 1.3 3.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-668,

Products Affected

Vendor Product Version
schneider-electric geo_scada_mobile 2020
schneider-electric geo_scada_mobile *
CVE-2022-32747

A CWE-290: Authentication Bypass by Spoofing vulnerability exists that could cause legitimate users to be locked out of devices or facilitate backdoor account creation by spoofing a device on the local network. Affected Products: EcoStruxure™ Cybersecurity Admin Expert (CAE) (Versions prior to 2.2)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H 2.8 5.2
cybersecurity@se.com 8.0 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.1 5.9

Products Affected

Vendor Product Version
schneider-electric ecostruxure_cybersecurity_admin_expert *
CVE-2022-32748

A CWE-295: Improper Certificate Validation vulnerability exists that could cause the CAE software to give wrong data to end users when using CAE to configure devices. Additionally, credentials could leak which would enable an attacker the ability to log into the configuration tool and compromise other devices in the network. Affected Products: EcoStruxure™ Cybersecurity Admin Expert (CAE) (Versions prior to 2.2)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@se.com 7.9 HIGH CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H 1.2 6.0
nvd@nist.gov 8.3 HIGH CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H 1.6 6.0

Products Affected

Vendor Product Version
schneider-electric ecostruxure_cybersecurity_admin_expert *
CVE-2022-34753

A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause remote root exploit when the command is compromised. Affected Products: SpaceLogic C-Bus Home Controller (5200WHC2), formerly known as C-Bus Wiser Homer Controller MK2 (V1.31.460 and prior)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
cybersecurity@se.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
schneider-electric spacelogic_c-bus_home_controller_firmware *
CVE-2022-34754

A CWE-269: Improper Privilege Management vulnerability exists that could allow elevated functionality when guessing credentials. Affected Products: Acti9 PowerTag Link C (A9XELC10-A) (V1.7.5 and prior), Acti9 PowerTag Link C (A9XELC10-B) (V2.12.0 and prior)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.9 5.9
cybersecurity@se.com 6.8 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

Products Affected

Vendor Product Version
schneider-electric acti9_powertag_link_c_(a9xelc10-b)_firmware *
schneider-electric acti9_powertag_link_c_(a9xelc10-a)_firmware *
CVE-2022-34755

A CWE-427 - Uncontrolled Search Path Element vulnerability exists that could allow an attacker with a local privileged account to place a specially crafted file on the target machine, which may give the attacker the ability to execute arbitrary code during the installation process initiated by a valid user. Affected Products: Easergy Builder Installer (1.7.23 and prior)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@se.com 6.3 MEDIUM CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H 0.3 5.9

Products Affected

Vendor Product Version
schneider-electric easergy_builder_installer *
CVE-2022-34756

A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in remote code execution or the crash of HTTPs stack which is used for the device Web HMI. Affected Products: Easergy P5 (V01.401.102 and prior)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@se.com 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
schneider-electric easergy_p5_firmware *
CVE-2022-34757

A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists where weak cipher suites can be used for the SSH connection between Easergy Pro software and the device, which may allow an attacker to observe protected communication details. Affected Products: Easergy P5 (V01.401.102 and prior)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4
cybersecurity@se.com 6.7 MEDIUM CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H 1.2 5.5

Products Affected

Vendor Product Version
schneider-electric easergy_p5_firmware *
CVE-2022-34758

A CWE-20: Improper Input Validation vulnerability exists that could cause the device watchdog function to be disabled if the attacker had access to privileged user credentials. Affected Products: Easergy P5 (V01.401.102 and prior)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N 1.2 3.6
cybersecurity@se.com 5.1 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L 0.8 4.2

Products Affected

Vendor Product Version
schneider-electric easergy_p5_firmware *
CVE-2022-34759

A CWE-787: Out-of-bounds Write vulnerability exists that could cause a denial of service of the webserver due to improper parsing of the HTTP Headers. Affected Products: X80 advanced RTU Communication Module (BMENOR2200H) (V1.0), OPC UA Modicon Communication Module (BMENUA0100) (V1.10 and prior)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@se.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
schneider-electric x80_advanced_rtu_module_firmware 1.0
schneider-electric opc_ua_module_for_m580_firmware *
CVE-2022-34760

A CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability exists that could cause a denial of service of the webserver due to improper handling of the cookies. Affected Products: X80 advanced RTU Communication Module (BMENOR2200H) (V1.0), OPC UA Modicon Communication Module (BMENUA0100) (V1.10 and prior)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@se.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
schneider-electric x80_advanced_rtu_module_firmware 1.0
schneider-electric opc_ua_module_for_m580_firmware *
CVE-2022-34761

A CWE-476: NULL Pointer Dereference vulnerability exists that could cause a denial of service of the webserver when parsing JSON content type. Affected Products: X80 advanced RTU Communication Module (BMENOR2200H) (V2.01 and later), OPC UA Modicon Communication Module (BMENUA0100) (V1.10 and prior)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
cybersecurity@se.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
schneider-electric x80_advanced_rtu_module_firmware *
schneider-electric opc_ua_module_for_m580_firmware *
CVE-2022-34762

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause unauthorized firmware image loading when unsigned images are added to the firmware image path. Affected Products: X80 advanced RTU Communication Module (BMENOR2200H) (V2.01 and later), OPC UA Modicon Communication Module (BMENUA0100) (V1.10 and prior)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6
cybersecurity@se.com 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H 0.7 5.2

Products Affected

Vendor Product Version
schneider-electric x80_advanced_rtu_module_firmware *
schneider-electric opc_ua_module_for_m580_firmware *
CVE-2022-34763

A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists that could cause loading of unauthorized firmware images due to improper verification of the firmware signature. Affected Products: X80 advanced RTU Communication Module (BMENOR2200H) (V2.01 and later), OPC UA Modicon Communication Module (BMENUA0100) (V1.10 and prior)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6
cybersecurity@se.com 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H 0.7 5.2

Products Affected

Vendor Product Version
schneider-electric x80_advanced_rtu_module_firmware *
schneider-electric opc_ua_module_for_m580_firmware *
CVE-2022-34764

A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause denial of service when parsing the URL. Affected Products: X80 advanced RTU Communication Module (BMENOR2200H) (V1.0), OPC UA Modicon Communication Module (BMENUA0100) (V1.10 and prior)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
cybersecurity@se.com 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 2.2 3.6

Products Affected

Vendor Product Version
schneider-electric x80_advanced_rtu_module_firmware 1.0
schneider-electric opc_ua_module_for_m580_firmware *
CVE-2022-34765

A CWE-73: External Control of File Name or Path vulnerability exists that could cause loading of unauthorized firmware images when user-controlled data is written to the file path. Affected Products: X80 advanced RTU Communication Module (BMENOR2200H) (V2.01 and later), OPC UA Modicon Communication Module (BMENUA0100) (V1.10 and prior)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@se.com 5.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H 1.2 4.2
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 3.9 1.4

Products Affected

Vendor Product Version
schneider-electric x80_advanced_rtu_module_firmware *
schneider-electric opc_ua_module_for_m580_firmware *
CVE-2022-37300

A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could cause unauthorized access in read and write mode to the controller when communicating over Modbus. Affected Products: EcoStruxure Control Expert Including all Unity Pro versions (former name of EcoStruxure Control Expert) (V15.0 SP1 and prior), EcoStruxure Process Expert, Including all versions of EcoStruxure Hybrid DCS (former name of EcoStruxure Process Expert) (V2021 and prior), Modicon M340 CPU (part numbers BMXP34*) (V3.40 and prior), Modicon M580 CPU (part numbers BMEP* and BMEH*) (V3.20 and prior).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@se.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
schneider-electric modicon_m580_bmep581020h_firmware *
schneider-electric modicon_m580_bmep581020_firmware *
schneider-electric modicon_m580_bmeh586040_firmware *
schneider-electric modicon_m580_bmep582020h_firmware *
schneider-electric modicon_m340_bmxp342010_firmware *
schneider-electric modicon_m580_bmep582040_firmware *
schneider-electric modicon_m340_bmxp3420302h_firmware *
schneider-electric modicon_m580_bmep586040_firmware *
schneider-electric modicon_m580_bmeh582040_firmware *
schneider-electric modicon_m580_bmep582020_firmware *
schneider-electric modicon_m340_bmxp342020h_firmware *
schneider-electric modicon_m580_bmeh582040c_firmware *
schneider-electric modicon_m580_bmep586040c_firmware *
schneider-electric modicon_m580_bmeh584040c_firmware *
schneider-electric modicon_m580_bmep583040_firmware *
schneider-electric ecostruxure_control_expert *
schneider-electric modicon_m580_bmeh586040s_firmware *
schneider-electric modicon_m580_bmep585040_firmware *
schneider-electric modicon_m580_bmep582040h_firmware *
schneider-electric modicon_m580_bmep584040_firmware *
schneider-electric modicon_m580_bmeh582040s_firmware *
schneider-electric modicon_m580_bmeh584040s_firmware *
schneider-electric modicon_m580_bmep584020_firmware *
schneider-electric modicon_m340_bmxp342030_firmware *
schneider-electric modicon_m340_bmxp342030h_firmware *
schneider-electric modicon_m580_bmeh584040_firmware *
schneider-electric modicon_m580_bmep583020_firmware *
schneider-electric modicon_m580_bmeh586040c_firmware *
schneider-electric ecostruxure_process_expert *
schneider-electric modicon_m340_bmxp341000_firmware *
schneider-electric modicon_m340_bmxp342020_firmware *
schneider-electric modicon_m580_bmep585040c_firmware *
schneider-electric modicon_m580_bmep584040s_firmware *
schneider-electric modicon_m340_bmxp3420302_firmware *
schneider-electric modicon_m340_bmxp342000_firmware *
schneider-electric modicon_m340_bmxp3420102_firmware *
CVE-2022-37301

A CWE-191: Integer Underflow (Wrap or Wraparound) vulnerability exists that could cause a denial of service of the controller due to memory access violations when using the Modbus TCP protocol. Affected products: Modicon M340 CPU (part numbers BMXP34*)(V3.40 and prior), Modicon M580 CPU (part numbers BMEP* and BMEH*)(V3.22 and prior), Legacy Modicon Quantum/Premium(All Versions), Modicon Momentum MDI (171CBU*)(All Versions), Modicon MC80 (BMKC80)(V1.7 and prior)

Products Affected

Vendor Product Version
schneider-electric modicon_premium_tsxp57_1634m_firmware -
schneider-electric modicon_momentum_171cbu78090_firmware -
schneider-electric modicon_m580_bmep581020_firmware *
schneider-electric modicon_premium_tsxp57_5634m_firmware -
schneider-electric modicon_quantum_140cpu65160c_firmware -
schneider-electric modicon_m580_bmep582040_firmware *
schneider-electric modicon_momentum_171cbu98091_firmware -
schneider-electric modicon_premium_tsxp57_454m_firmware -
schneider-electric modicon_m580_bmep582040s_firmware *
schneider-electric modicon_m580_bmep583040_firmware *
schneider-electric modicon_quantum_140noe77101_firmware -
schneider-electric modicon_m580_bmeh586040s_firmware *
schneider-electric modicon_m580_bmep584040_firmware *
schneider-electric modicon_premium_tsxp57_554m_firmware -
schneider-electric modicon_quantum_140cpu65150c_firmware -
schneider-electric modicon_m580_bmep584020_firmware *
schneider-electric modicon_m340_bmx_p34-2030_firmware *
schneider-electric modicon_m580_bmeh584040_firmware *
schneider-electric modicon_m580_bmep583020_firmware *
schneider-electric modicon_premium_tsxp57_4634m_firmware -
schneider-electric modicon_quantum_140cpu65150_firmware -
schneider-electric modicon_m580_bmep585040c_firmware *
schneider-electric modicon_quantum_140noc78100_firmware -
schneider-electric modicon_momentum_171cbu98090_firmware -
schneider-electric modicon_m580_bmep581020h_firmware *
schneider-electric modicon_mc80_bmkc8030311_firmware *
schneider-electric modicon_m580_bmeh586040_firmware *
schneider-electric modicon_m580_bmep582020h_firmware *
schneider-electric modicon_mc80_bmkc8020310_firmware *
schneider-electric modicon_quantum_140cpu65160_firmware -
schneider-electric modicon_m580_bmep586040_firmware *
schneider-electric modicon_m580_bmeh582040_firmware *
schneider-electric modicon_m580_bmep582020_firmware *
schneider-electric modicon_mc80_bmkc8020301_firmware *
schneider-electric modicon_m580_bmeh582040c_firmware *
schneider-electric modicon_m580_bmep586040c_firmware *
schneider-electric modicon_m580_bmeh584040c_firmware *
schneider-electric modicon_premium_tsxp57_6634m_firmware -
schneider-electric modicon_m580_bmep585040_firmware *
schneider-electric modicon_m580_bmep582040h_firmware *
schneider-electric modicon_m340_bmx_p34-2010_firmware *
schneider-electric modicon_m580_bmeh582040s_firmware *
schneider-electric modicon_m580_bmeh584040s_firmware *
schneider-electric modicon_premium_tsxp57_2634m_firmware -
schneider-electric modicon_m580_bmeh586040c_firmware *
schneider-electric modicon_quantum_140noe77111_firmware -
schneider-electric modicon_m580_bmep584040s_firmware *
schneider-electric modicon_premium_tsxp57_2834m_firmware -
CVE-2022-37302

A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause a crash of the Control Expert software when an incorrect project file is opened. Affected Products: EcoStruxure Control Expert(V15.1 HF001 and prior).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@se.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
schneider-electric ecostruxure_control_expert *
schneider-electric ecostruxure_control_expert 15.1
CVE-2022-4062

A CWE-285: Improper Authorization vulnerability exists that could cause unauthorized access to certain software functions when an attacker gets access to localhost interface of the EcoStruxure Power Commission application. Affected Products: EcoStruxure Power Commission (Versions prior to V2.25)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@se.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
schneider-electric ecostruxure_power_commission *
CVE-2022-41666

A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists that allows adversaries with local user privileges to load a malicious DLL which could lead to execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
cybersecurity@se.com 7.0 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.0 5.9

Products Affected

Vendor Product Version
schneider-electric ecostruxure_operator_terminal_expert *
schneider-electric pro-face_blue 3.3
schneider-electric ecostruxure_operator_terminal_expert 3.3
schneider-electric pro-face_blue *
CVE-2022-41667

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that allows adversaries with local user privileges to load a malicious DLL which could lead to execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@se.com 7.0 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.0 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
schneider-electric ecostruxure_operator_terminal_expert *
schneider-electric pro-face_blue 3.3
schneider-electric ecostruxure_operator_terminal_expert 3.3
schneider-electric pro-face_blue *
CVE-2022-41668

A CWE-704: Incorrect Project Conversion vulnerability exists that allows adversaries with local user privileges to load a project file from an adversary-controlled network share which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
cybersecurity@se.com 7.0 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.0 5.9

Products Affected

Vendor Product Version
schneider-electric ecostruxure_operator_terminal_expert *
schneider-electric pro-face_blue 3.3
schneider-electric ecostruxure_operator_terminal_expert 3.3
schneider-electric pro-face_blue *
CVE-2022-41669

A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load a malicious DLL which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
cybersecurity@se.com 7.0 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.0 5.9

Products Affected

Vendor Product Version
schneider-electric ecostruxure_operator_terminal_expert *
schneider-electric pro-face_blue 3.3
schneider-electric ecostruxure_operator_terminal_expert 3.3
schneider-electric pro-face_blue *
CVE-2022-41670

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load malicious DLL which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@se.com 7.0 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.0 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
schneider-electric ecostruxure_operator_terminal_expert *
schneider-electric pro-face_blue 3.3
schneider-electric ecostruxure_operator_terminal_expert 3.3
schneider-electric pro-face_blue *
CVE-2022-41671

A CWE-89: Improper Neutralization of Special Elements used in SQL Command (‘SQL Injection’) vulnerability exists that allows adversaries with local user privileges to craft a malicious SQL query and execute as part of project migration which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@se.com 7.0 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.0 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
schneider-electric ecostruxure_operator_terminal_expert *
schneider-electric pro-face_blue 3.3
schneider-electric ecostruxure_operator_terminal_expert 3.3
schneider-electric pro-face_blue *
CVE-2022-42970

A CWE-306: Missing Authentication for Critical Function The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GA), APC Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GA-01-22261), Schneider Electric Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GS), Schneider Electric Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GS-01-22261)

Products Affected

Vendor Product Version
schneider-electric easy_ups_online_monitoring_software *
schneider-electric apc_easy_ups_online_monitoring_software *
CVE-2022-42971

A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could cause remote code execution when the attacker uploads a malicious JSP file. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GA), APC Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GA-01-22261), Schneider Electric Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GS), Schneider Electric Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GS-01-22261)

Products Affected

Vendor Product Version
schneider-electric easy_ups_online_monitoring_software *
schneider-electric apc_easy_ups_online_monitoring_software *
CVE-2022-42972

A CWE-732: Incorrect Permission Assignment for Critical Resource vulnerability exists that could cause local privilege escalation when a local attacker modifies the webroot directory. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GA), APC Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GA-01-22261), Schneider Electric Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GS), Schneider Electric Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GS-01-22261)

Products Affected

Vendor Product Version
schneider-electric easy_ups_online_monitoring_software *
schneider-electric apc_easy_ups_online_monitoring_software *
CVE-2022-42973

A CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause local privilege escalation when local attacker connects to the database. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GA), APC Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GA-01-22261), Schneider Electric Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GS), Schneider Electric Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GS-01-22261)

Products Affected

Vendor Product Version
schneider-electric easy_ups_online_monitoring_software *
schneider-electric apc_easy_ups_online_monitoring_software *
CVE-2022-43376

A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause code and session manipulation when malicious code is inserted into the browser. Affected Products: NetBotz 4 - 355/450/455/550/570 (V4.7.0 and prior)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@se.com 7.6 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L 2.8 4.7

Products Affected

Vendor Product Version
schneider-electric netbotz_550_firmware *
schneider-electric netbotz_570_firmware *
schneider-electric netbotz_455_firmware *
schneider-electric netbotz_355_firmware *
schneider-electric netbotz_450_firmware *
CVE-2022-43377

A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could cause account takeover when a brute force attack is performed on the account. Affected Products: NetBotz 4 - 355/450/455/550/570 (V4.7.0 and prior)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@se.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
schneider-electric netbotz_550_firmware *
schneider-electric netbotz_570_firmware *
schneider-electric netbotz_455_firmware *
schneider-electric netbotz_355_firmware *
schneider-electric netbotz_450_firmware *
CVE-2022-43378

A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause the user to be tricked into performing unintended actions when external address frames are not properly restricted. Affected Products: NetBotz 4 - 355/450/455/550/570 (V4.7.0 and prior)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@se.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N 2.8 3.6

Products Affected

Vendor Product Version
schneider-electric netbotz_550_firmware *
schneider-electric netbotz_570_firmware *
schneider-electric netbotz_455_firmware *
schneider-electric netbotz_355_firmware *
schneider-electric netbotz_450_firmware *
CVE-2022-45788

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause arbitrary code execution, denial of service and loss of confidentiality & integrity when a malicious project file is loaded onto the controller. Affected Products: EcoStruxure Control Expert (All Versions), EcoStruxure Process Expert (All Versions), Modicon M340 CPU - part numbers BMXP34* (All Versions), Modicon M580 CPU - part numbers BMEP* and BMEH* (All Versions), Modicon M580 CPU Safety - part numbers BMEP58*S and BMEH58*S (All Versions), Modicon Momentum Unity M1E Processor - 171CBU* (All Versions), Modicon MC80 - BMKC80 (All Versions), Legacy Modicon Quantum - 140CPU65* and Premium CPUs - TSXP57* (All Versions)

Products Affected

Vendor Product Version
schneider-electric modicon_m340_bmxp342030_firmware -
schneider-electric modicon_m580_bmep586040_firmware -
schneider-electric modicon_premium_tsxp57_1634m_firmware -
schneider-electric modicon_momentum_171cbu78090_firmware -
schneider-electric modicon_m580_bmep583040_firmware -
schneider-electric modicon_premium_tsxp57_5634m_firmware -
schneider-electric modicon_quantum_140cpu65160c_firmware -
schneider-electric modicon_m340_bmxp342030h_firmware -
schneider-electric modicon_m580_bmeh582040_firmware -
schneider-electric modicon_mc80_bmkc8020310_firmware -
schneider-electric modicon_m340_bmxp3420302h_firmware -
schneider-electric modicon_m580_bmep582040s_firmware -
schneider-electric modicon_momentum_171cbu98091_firmware -
schneider-electric modicon_m580_bmep585040_firmware -
schneider-electric modicon_m580_bmep582020_firmware -
schneider-electric modicon_m580_bmep582020h_firmware -
schneider-electric modicon_premium_tsxp57_454m_firmware -
schneider-electric modicon_m580_bmep582040_firmware -
schneider-electric modicon_m580_bmeh584040c_firmware -
schneider-electric modicon_m580_bmeh584040_firmware -
schneider-electric modicon_m580_bmeh586040s_firmware -
schneider-electric modicon_m580_bmep584020_firmware -
schneider-electric modicon_premium_tsxp57_554m_firmware -
schneider-electric modicon_quantum_140cpu65150c_firmware -
schneider-electric modicon_premium_tsxp57_4634m_firmware -
schneider-electric modicon_m580_bmeh582040s_firmware -
schneider-electric modicon_quantum_140cpu65150_firmware -
schneider-electric ecostruxure_process_expert *
schneider-electric modicon_m580_bmep582040h_firmware -
schneider-electric modicon_mc80_bmkc8030311_firmware -
schneider-electric modicon_m340_bmxp3420102_firmware -
schneider-electric modicon_m580_bmeh586040_firmware -
schneider-electric modicon_momentum_171cbu98090_firmware -
schneider-electric modicon_m340_bmxp342010_firmware -
schneider-electric modicon_m340_bmxp3420302_firmware -
schneider-electric modicon_m340_bmxp341000_firmware -
schneider-electric modicon_mc80_bmkc8020301_firmware -
schneider-electric modicon_m580_bmep581020_firmware -
schneider-electric modicon_quantum_140cpu65160_firmware -
schneider-electric modicon_m580_bmep583020_firmware -
schneider-electric modicon_m580_bmep584040_firmware -
schneider-electric modicon_m580_bmeh582040c_firmware -
schneider-electric modicon_m580_bmeh586040c_firmware -
schneider-electric modicon_m340_bmxp342020h_firmware -
schneider-electric modicon_premium_tsxp57_6634m_firmware -
schneider-electric ecostruxure_control_expert *
schneider-electric modicon_m580_bmep581020h_firmware -
schneider-electric modicon_m580_bmep585040c_firmware -
schneider-electric modicon_m340_bmxp342020_firmware -
schneider-electric modicon_premium_tsxp57_2634m_firmware -
schneider-electric modicon_m580_bmep584040s_firmware -
schneider-electric modicon_m340_bmxp342000_firmware -
schneider-electric modicon_m580_bmeh584040s_firmware -
schneider-electric modicon_m580_bmep586040c_firmware -
schneider-electric modicon_premium_tsxp57_2834m_firmware -
CVE-2022-45789

A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause execution of unauthorized Modbus functions on the controller when hijacking an authenticated Modbus session. Affected Products: EcoStruxure Control Expert (All Versions), EcoStruxure Process Expert (All Versions), Modicon M340 CPU - part numbers BMXP34* (All Versions), Modicon M580 CPU - part numbers BMEP* and BMEH* (All Versions), Modicon M580 CPU Safety - part numbers BMEP58*S and BMEH58*S (All Versions)

Products Affected

Vendor Product Version
schneider-electric modicon_m580_bmep581020h_firmware *
schneider-electric modicon_m340_bmxp342010_firmware -
schneider-electric modicon_m580_bmep581020_firmware *
schneider-electric modicon_m580_bmeh586040_firmware *
schneider-electric modicon_m580_bmep582020h_firmware *
schneider-electric modicon_m580_bmep582040_firmware *
schneider-electric modicon_m340_bmxp3420302h_firmware *
schneider-electric modicon_m580_bmep586040_firmware *
schneider-electric modicon_m580_bmeh582040_firmware *
schneider-electric modicon_m580_bmep582020_firmware *
schneider-electric modicon_m340_bmxp342020h_firmware *
schneider-electric modicon_m580_bmeh582040c_firmware *
schneider-electric modicon_m580_bmep582040s_firmware *
schneider-electric modicon_m580_bmep586040c_firmware *
schneider-electric modicon_m580_bmeh584040c_firmware *
schneider-electric modicon_m580_bmep583040_firmware *
schneider-electric ecostruxure_control_expert *
schneider-electric modicon_m580_bmeh586040s_firmware *
schneider-electric modicon_m580_bmep585040_firmware *
schneider-electric modicon_m580_bmep582040h_firmware *
schneider-electric modicon_m580_bmep584040_firmware *
schneider-electric modicon_m580_bmeh582040s_firmware *
schneider-electric modicon_m580_bmeh584040s_firmware *
schneider-electric modicon_m580_bmep584020_firmware *
schneider-electric modicon_m340_bmxp342030_firmware *
schneider-electric modicon_m340_bmxp342030h_firmware *
schneider-electric modicon_m580_bmeh584040_firmware *
schneider-electric modicon_m580_bmep583020_firmware *
schneider-electric modicon_m580_bmeh586040c_firmware *
schneider-electric ecostruxure_process_expert *
schneider-electric modicon_m340_bmxp341000_firmware *
schneider-electric modicon_m340_bmxp342020_firmware *
schneider-electric modicon_m580_bmep585040c_firmware *
schneider-electric modicon_m580_bmep584040s_firmware *
schneider-electric modicon_m340_bmxp3420302_firmware *
schneider-electric modicon_m340_bmxp342000_firmware *
schneider-electric modicon_m340_bmxp3420102_firmware *
CVE-2022-46680

A CWE-319: Cleartext transmission of sensitive information vulnerability exists that could cause disclosure of sensitive information, denial of service, or modification of data if an attacker is able to intercept network traffic.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@se.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
schneider-electric powerlogic_pm8000_firmware *
schneider-electric powerlogic_ion9000_firmware *
schneider-electric powerlogic_ion8800_firmware -
schneider-electric powerlogic_ion8650_firmware -
schneider-electric powerlogic_ion7400_firmware *
CVE-2023-0595

A CWE-117: Improper Output Neutralization for Logs vulnerability exists that could cause the misinterpretation of log files when malicious packets are sent to the Geo SCADA server's database web port (default 443). Affected products: EcoStruxure Geo SCADA Expert 2019, EcoStruxure Geo SCADA Expert 2020, EcoStruxure Geo SCADA Expert 2021(All Versions prior to October 2022), ClearSCADA (All Versions)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 3.9 1.4
cybersecurity@se.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 3.9 1.4

Products Affected

Vendor Product Version
schneider-electric ecostruxure_geo_scada_expert_2019 81.7690.1
schneider-electric ecostruxure_geo_scada_expert_2019 81.7322.1
schneider-electric ecostruxure_geo_scada_expert_2019 81.7429.2
schneider-electric ecostruxure_geo_scada_expert_2020 83.7840.1
schneider-electric ecostruxure_geo_scada_expert_2020 83.7717.1
schneider-electric ecostruxure_geo_scada_expert_2020 83.7613.1
schneider-electric ecostruxure_geo_scada_expert_2020 83.7980.2
schneider-electric ecostruxure_geo_scada_expert_2019 81.8015.1
schneider-electric ecostruxure_geo_scada_expert_2020 83.8122.2
schneider-electric ecostruxure_geo_scada_expert_2021 84.8269.1
schneider-electric ecostruxure_geo_scada_expert_2019 81.7777.1
schneider-electric ecostruxure_geo_scada_expert_2019 81.7808.2
schneider-electric ecostruxure_geo_scada_expert_2019 81.7936.1
schneider-electric clearscada *
schneider-electric ecostruxure_geo_scada_expert_2019 81.8267.1
schneider-electric ecostruxure_geo_scada_expert_2020 83.7551.1
schneider-electric ecostruxure_geo_scada_expert_2020 83.7809.1
schneider-electric ecostruxure_geo_scada_expert_2019 81.8155.1
schneider-electric ecostruxure_geo_scada_expert_2019 81.7840.1
schneider-electric ecostruxure_geo_scada_expert_2019 -
schneider-electric ecostruxure_geo_scada_expert_2021 84.8027.1
schneider-electric ecostruxure_geo_scada_expert_2019 81.7457.1
schneider-electric ecostruxure_geo_scada_expert_2021 84.8182.1
schneider-electric ecostruxure_geo_scada_expert_2020 83.7936.2
schneider-electric ecostruxure_geo_scada_expert_2020 83.8155.1
schneider-electric ecostruxure_geo_scada_expert_2020 83.8181.1
schneider-electric ecostruxure_geo_scada_expert_2020 83.8221.1
schneider-electric ecostruxure_geo_scada_expert_2019 81.7742.1
schneider-electric ecostruxure_geo_scada_expert_2021 84.8120.1
schneider-electric ecostruxure_geo_scada_expert_2020 83.8017.1
schneider-electric ecostruxure_geo_scada_expert_2019 81.7522.1
schneider-electric ecostruxure_geo_scada_expert_2019 81.8122.1
schneider-electric ecostruxure_geo_scada_expert_2020 83.7875.1
schneider-electric ecostruxure_geo_scada_expert_2019 81.7488.1
schneider-electric ecostruxure_geo_scada_expert_2019 81.8172.1
schneider-electric ecostruxure_geo_scada_expert_2019 81.7268.1
schneider-electric ecostruxure_geo_scada_expert_2019 81.7896.1
schneider-electric ecostruxure_geo_scada_expert_2019 81.7980.1
schneider-electric ecostruxure_geo_scada_expert_2021 84.8197.1
schneider-electric ecostruxure_geo_scada_expert_2020 83.8267.1
schneider-electric ecostruxure_geo_scada_expert_2019 81.7578.1
schneider-electric ecostruxure_geo_scada_expert_2020 83.7641.1
schneider-electric ecostruxure_geo_scada_expert_2021 -
schneider-electric ecostruxure_geo_scada_expert_2020 83.7578.1
schneider-electric ecostruxure_geo_scada_expert_2019 81.7714.1
schneider-electric ecostruxure_geo_scada_expert_2019 81.7641.1
schneider-electric ecostruxure_geo_scada_expert_2020 83.8108.1
schneider-electric ecostruxure_geo_scada_expert_2020 83.7692.1
schneider-electric ecostruxure_geo_scada_expert_2019 81.7875.1
schneider-electric ecostruxure_geo_scada_expert_2021 84.8108.1
schneider-electric ecostruxure_geo_scada_expert_2019 81.8220.1
schneider-electric ecostruxure_geo_scada_expert_2019 81.8108.2
schneider-electric ecostruxure_geo_scada_expert_2020 -
schneider-electric ecostruxure_geo_scada_expert_2020 83.7742.1
schneider-electric ecostruxure_geo_scada_expert_2021 84.8218.1
schneider-electric ecostruxure_geo_scada_expert_2021 84.8158.1
schneider-electric ecostruxure_geo_scada_expert_2019 81.7613.1
schneider-electric ecostruxure_geo_scada_expert_2020 83.7913.1
schneider-electric ecostruxure_geo_scada_expert_2019 81.8197.1
schneider-electric ecostruxure_geo_scada_expert_2019 81.7545.1
schneider-electric ecostruxure_geo_scada_expert_2020 83.7787.1
schneider-electric ecostruxure_geo_scada_expert_2020 83.8197.1
CVE-2023-1049

A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause execution of malicious code when an unsuspicious user loads a project file from the local filesystem into the HMI.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@se.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
schneider-electric ecostruxure_operator_terminal_expert *
schneider-electric pro-face_blue 3.3
schneider-electric ecostruxure_operator_terminal_expert 3.3
schneider-electric pro-face_blue *
CVE-2023-1548

A CWE-269: Improper Privilege Management vulnerability exists that could cause a local user to perform a denial of service through the console server service that is part of EcoStruxure Control Expert. Affected Products: EcoStruxure Control Expert (V15.1 and above)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@se.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
schneider-electric ecostruxure_control_expert *
CVE-2023-2161

A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause unauthorized read access to the file system when a malicious configuration file is loaded on to the software by a local user. 

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@se.com 5.0 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N 1.3 3.6

Products Affected

Vendor Product Version
schneider-electric opc_factory_server 3.63
schneider-electric opc_factory_server *
CVE-2023-22610

A CWE-863: Incorrect Authorization vulnerability exists that could cause Denial of Service against the Geo SCADA server when specific messages are sent to the server over the database server TCP port.

Products Affected

Vendor Product Version
schneider-electric ecostruxure_geo_scada_expert_2019 81.7690.1
schneider-electric ecostruxure_geo_scada_expert_2019 81.7322.1
schneider-electric ecostruxure_geo_scada_expert_2019 81.7429.2
schneider-electric ecostruxure_geo_scada_expert_2020 83.7840.1
schneider-electric ecostruxure_geo_scada_expert_2020 83.7717.1
schneider-electric ecostruxure_geo_scada_expert_2020 83.7613.1
schneider-electric ecostruxure_geo_scada_expert_2020 83.7980.2
schneider-electric ecostruxure_geo_scada_expert_2019 81.8015.1
schneider-electric ecostruxure_geo_scada_expert_2020 83.8122.2
schneider-electric ecostruxure_geo_scada_expert_2021 84.8269.1
schneider-electric ecostruxure_geo_scada_expert_2019 81.7777.1
schneider-electric ecostruxure_geo_scada_expert_2019 81.7808.2
schneider-electric ecostruxure_geo_scada_expert_2019 81.7936.1
schneider-electric ecostruxure_geo_scada_expert_2019 81.8267.1
schneider-electric ecostruxure_geo_scada_expert_2020 83.7551.1
schneider-electric ecostruxure_geo_scada_expert_2020 83.7809.1
schneider-electric ecostruxure_geo_scada_expert_2019 81.8155.1
schneider-electric ecostruxure_geo_scada_expert_2019 81.7840.1
schneider-electric ecostruxure_geo_scada_expert_2019 -
schneider-electric ecostruxure_geo_scada_expert_2021 84.8027.1
schneider-electric ecostruxure_geo_scada_expert_2019 81.7457.1
schneider-electric ecostruxure_geo_scada_expert_2021 84.8182.1
schneider-electric ecostruxure_geo_scada_expert_2020 83.7936.2
schneider-electric ecostruxure_geo_scada_expert_2020 83.8155.1
schneider-electric ecostruxure_geo_scada_expert_2020 83.8181.1
schneider-electric ecostruxure_geo_scada_expert_2020 83.8221.1
schneider-electric ecostruxure_geo_scada_expert_2019 81.7742.1
schneider-electric ecostruxure_geo_scada_expert_2021 84.8120.1
schneider-electric ecostruxure_geo_scada_expert_2020 83.8017.1
schneider-electric ecostruxure_geo_scada_expert_2019 81.7522.1
schneider-electric ecostruxure_geo_scada_expert_2019 81.8122.1
schneider-electric ecostruxure_geo_scada_expert_2020 83.7875.1
schneider-electric ecostruxure_geo_scada_expert_2019 81.7488.1
schneider-electric ecostruxure_geo_scada_expert_2019 81.8172.1
schneider-electric ecostruxure_geo_scada_expert_2019 81.7268.1
schneider-electric ecostruxure_geo_scada_expert_2019 81.7896.1
schneider-electric ecostruxure_geo_scada_expert_2019 81.7980.1
schneider-electric ecostruxure_geo_scada_expert_2021 84.8197.1
schneider-electric ecostruxure_geo_scada_expert_2020 83.8267.1
schneider-electric ecostruxure_geo_scada_expert_2019 81.7578.1
schneider-electric ecostruxure_geo_scada_expert_2020 83.7641.1
schneider-electric ecostruxure_geo_scada_expert_2021 -
schneider-electric ecostruxure_geo_scada_expert_2020 83.7578.1
schneider-electric ecostruxure_geo_scada_expert_2019 81.7714.1
schneider-electric ecostruxure_geo_scada_expert_2019 81.7641.1
schneider-electric ecostruxure_geo_scada_expert_2020 83.8108.1
schneider-electric ecostruxure_geo_scada_expert_2020 83.7692.1
schneider-electric ecostruxure_geo_scada_expert_2019 81.7875.1
schneider-electric ecostruxure_geo_scada_expert_2021 84.8108.1
schneider-electric ecostruxure_geo_scada_expert_2019 81.8220.1
schneider-electric ecostruxure_geo_scada_expert_2019 81.8108.2
schneider-electric ecostruxure_geo_scada_expert_2020 -
schneider-electric ecostruxure_geo_scada_expert_2020 83.7742.1
schneider-electric ecostruxure_geo_scada_expert_2021 84.8218.1
schneider-electric ecostruxure_geo_scada_expert_2021 84.8158.1
schneider-electric ecostruxure_geo_scada_expert_2019 81.7613.1
schneider-electric ecostruxure_geo_scada_expert_2020 83.7913.1
schneider-electric ecostruxure_geo_scada_expert_2019 81.8197.1
schneider-electric ecostruxure_geo_scada_expert_2019 81.7545.1
schneider-electric ecostruxure_geo_scada_expert_2020 83.7787.1
schneider-electric ecostruxure_geo_scada_expert_2020 83.8197.1
CVE-2023-22611

A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could cause information disclosure when specific messages are sent to the server over the database server TCP port. Affected Products: EcoStruxure Geo SCADA Expert 2019 - 2021 (formerly known as ClearSCADA) (Versions prior to October 2022)

Products Affected

Vendor Product Version
schneider-electric ecostruxure_geo_scada_expert_2019 81.7690.1
schneider-electric ecostruxure_geo_scada_expert_2019 81.7322.1
schneider-electric ecostruxure_geo_scada_expert_2019 81.7429.2
schneider-electric ecostruxure_geo_scada_expert_2020 83.7840.1
schneider-electric ecostruxure_geo_scada_expert_2020 83.7717.1
schneider-electric ecostruxure_geo_scada_expert_2020 83.7613.1
schneider-electric ecostruxure_geo_scada_expert_2020 83.7980.2
schneider-electric ecostruxure_geo_scada_expert_2019 81.8015.1
schneider-electric ecostruxure_geo_scada_expert_2020 83.8122.2
schneider-electric ecostruxure_geo_scada_expert_2021 84.8269.1
schneider-electric ecostruxure_geo_scada_expert_2019 81.7777.1
schneider-electric ecostruxure_geo_scada_expert_2019 81.7808.2
schneider-electric ecostruxure_geo_scada_expert_2019 81.7936.1
schneider-electric ecostruxure_geo_scada_expert_2019 81.8267.1
schneider-electric ecostruxure_geo_scada_expert_2020 83.7551.1
schneider-electric ecostruxure_geo_scada_expert_2020 83.7809.1
schneider-electric ecostruxure_geo_scada_expert_2019 81.8155.1
schneider-electric ecostruxure_geo_scada_expert_2019 81.7840.1
schneider-electric ecostruxure_geo_scada_expert_2019 -
schneider-electric ecostruxure_geo_scada_expert_2021 84.8027.1
schneider-electric ecostruxure_geo_scada_expert_2019 81.7457.1
schneider-electric ecostruxure_geo_scada_expert_2021 84.8182.1
schneider-electric ecostruxure_geo_scada_expert_2020 83.7936.2
schneider-electric ecostruxure_geo_scada_expert_2020 83.8155.1
schneider-electric ecostruxure_geo_scada_expert_2020 83.8181.1
schneider-electric ecostruxure_geo_scada_expert_2020 83.8221.1
schneider-electric ecostruxure_geo_scada_expert_2019 81.7742.1
schneider-electric ecostruxure_geo_scada_expert_2021 84.8120.1
schneider-electric ecostruxure_geo_scada_expert_2020 83.8017.1
schneider-electric ecostruxure_geo_scada_expert_2019 81.7522.1
schneider-electric ecostruxure_geo_scada_expert_2019 81.8122.1
schneider-electric ecostruxure_geo_scada_expert_2020 83.7875.1
schneider-electric ecostruxure_geo_scada_expert_2019 81.7488.1
schneider-electric ecostruxure_geo_scada_expert_2019 81.8172.1
schneider-electric ecostruxure_geo_scada_expert_2019 81.7268.1
schneider-electric ecostruxure_geo_scada_expert_2019 81.7896.1
schneider-electric ecostruxure_geo_scada_expert_2019 81.7980.1
schneider-electric ecostruxure_geo_scada_expert_2021 84.8197.1
schneider-electric ecostruxure_geo_scada_expert_2020 83.8267.1
schneider-electric ecostruxure_geo_scada_expert_2019 81.7578.1
schneider-electric ecostruxure_geo_scada_expert_2020 83.7641.1
schneider-electric ecostruxure_geo_scada_expert_2021 -
schneider-electric ecostruxure_geo_scada_expert_2020 83.7578.1
schneider-electric ecostruxure_geo_scada_expert_2019 81.7714.1
schneider-electric ecostruxure_geo_scada_expert_2019 81.7641.1
schneider-electric ecostruxure_geo_scada_expert_2020 83.8108.1
schneider-electric ecostruxure_geo_scada_expert_2020 83.7692.1
schneider-electric ecostruxure_geo_scada_expert_2019 81.7875.1
schneider-electric ecostruxure_geo_scada_expert_2021 84.8108.1
schneider-electric ecostruxure_geo_scada_expert_2019 81.8220.1
schneider-electric ecostruxure_geo_scada_expert_2019 81.8108.2
schneider-electric ecostruxure_geo_scada_expert_2020 -
schneider-electric ecostruxure_geo_scada_expert_2020 83.7742.1
schneider-electric ecostruxure_geo_scada_expert_2021 84.8218.1
schneider-electric ecostruxure_geo_scada_expert_2021 84.8158.1
schneider-electric ecostruxure_geo_scada_expert_2019 81.7613.1
schneider-electric ecostruxure_geo_scada_expert_2020 83.7913.1
schneider-electric ecostruxure_geo_scada_expert_2019 81.8197.1
schneider-electric ecostruxure_geo_scada_expert_2019 81.7545.1
schneider-electric ecostruxure_geo_scada_expert_2020 83.7787.1
schneider-electric ecostruxure_geo_scada_expert_2020 83.8197.1
CVE-2023-25547

A CWE-863: Incorrect Authorization vulnerability exists that could allow remote code execution on upload and install packages when a hacker is using a low privileged user account. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@se.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
schneider-electric struxureware_data_center_expert *
CVE-2023-25548

A CWE-863: Incorrect Authorization vulnerability exists that could allow access to device credentials on specific DCE endpoints not being properly secured when a hacker is using a low privileged user. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@se.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
schneider-electric struxureware_data_center_expert *
CVE-2023-25549

A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that allows for remote code execution when using a parameter of the DCE network settings endpoint. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@se.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
schneider-electric struxureware_data_center_expert *
CVE-2023-25550

A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that allows remote code execution via the “hostname” parameter when maliciously crafted hostname syntax is entered. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@se.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
schneider-electric struxureware_data_center_expert *
CVE-2023-25551

A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists on a DCE file upload endpoint when tampering with parameters over HTTP. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@se.com 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N 0.9 5.2

Products Affected

Vendor Product Version
schneider-electric struxureware_data_center_expert *
CVE-2023-25552

A CWE-862: Missing Authorization vulnerability exists that could allow viewing of unauthorized content, changes or deleting of content, or performing unauthorized functions when tampering the Device File Transfer settings on DCE endpoints. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@se.com 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 2.8 5.2

Products Affected

Vendor Product Version
schneider-electric struxureware_data_center_expert *
CVE-2023-25553

A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists on a DCE endpoint through the logging capabilities of the webserver. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@se.com 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N 0.9 5.2

Products Affected

Vendor Product Version
schneider-electric struxureware_data_center_expert *
CVE-2023-25554

A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that allows a local privilege escalation on the appliance when a maliciously crafted Operating System command is entered on the device. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@se.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
schneider-electric struxureware_data_center_expert *
CVE-2023-25555

A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could allow a user that knows the credentials to execute unprivileged shell commands on the appliance over SSH. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@se.com 5.6 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L 2.2 3.4

Products Affected

Vendor Product Version
schneider-electric struxureware_data_center_expert *
CVE-2023-25556

A CWE-287: Improper Authentication vulnerability exists that could allow a device to be compromised when a key of less than seven digits is entered and the attacker has access to the KNX installation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@se.com 8.3 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H 2.8 5.5

Products Affected

Vendor Product Version
schneider-electric merten_tasterschnittstelle_4fach_plus_firmware 1.2
schneider-electric merten_instabus_tastermodul_2fach_system_m_firmware 1.0
schneider-electric merten_knx_schaltakt.2x6a_up_m.2_eing._firmware 0.1
schneider-electric merten_knx_uni-dimmaktor_ll_reg-k/2x230/300_w_firmware 1.0
schneider-electric merten_tasterschnittstelle_4fach_plus_firmware 1.0
schneider-electric merten_knx_argus_180/2,20m_up_system_firmware 1.0
schneider-electric merten_instabus_tastermodul_1fach_system_m_firmware 1.0
schneider-electric merten_knx_uni-dimmaktor_ll_reg-k/2x230/300_w_firmware 1.1
schneider-electric merten_jalousie-/schaltaktor_reg-k/8x/16x/10_m._hb_firmware 1.0
CVE-2023-25619

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause denial of service of the controller when communicating over the Modbus TCP protocol.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@se.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
schneider-electric bmep58s_firmware *
schneider-electric modicon_m580_firmware *
schneider-electric tsxp57_firmware *
schneider-electric modicon_mc80_firmware *
schneider-electric modicon_m340_firmware *
schneider-electric modicon_momentum_unity_m1e_processor_firmware *
schneider-electric bmeh58s_firmware *
CVE-2023-25620

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause denial of service of the controller when a malicious project file is loaded onto the controller by an authenticated user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@se.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
schneider-electric bmep58s_firmware *
schneider-electric modicon_m580_firmware *
schneider-electric tsxp57_firmware *
schneider-electric modicon_mc80_firmware *
schneider-electric modicon_m340_firmware *
schneider-electric modicon_momentum_unity_m1e_processor_firmware *
schneider-electric 140cpu65_firmware *
schneider-electric bmeh58s_firmware *
CVE-2023-2569

A CWE-787: Out-of-Bounds Write vulnerability exists that could cause local denial-of-service, elevation of privilege, and potentially kernel execution when a malicious actor with local user access crafts a script/program using an IOCTL call in the Foxboro.sys driver.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@se.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
schneider-electric ecostruxure_foxboro_dcs_control_core_services -
CVE-2023-2570

A CWE-129: Improper Validation of Array Index vulnerability exists that could cause local denial-of-service, and potentially kernel execution when a malicious actor with local user access crafts a script/program using an unpredictable index to an IOCTL call in the Foxboro.sys driver.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@se.com 7.0 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.0 5.9

Products Affected

Vendor Product Version
schneider-electric ecostruxure_foxboro_dcs_control_core_services -
CVE-2023-27975

CWE-522: Insufficiently Protected Credentials vulnerability exists that could cause unauthorized access to the project file in EcoStruxure Control Expert when a local user tampers with the memory of the engineering workstation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@se.com 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 1.8 5.2

Products Affected

Vendor Product Version
schneider-electric ecostruxure_process_expert *
schneider-electric ecostruxure_control_expert *
CVE-2023-27976

A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that could cause remote code execution when a valid user visits a malicious link provided through the web endpoints. Affected Products: EcoStruxure Control Expert (V15.1 and above)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@se.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
schneider-electric ecostruxure_control_expert *
CVE-2023-27977

A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server that could cause access to delete files in the IGSS project report directory, this could lead to loss of data when an attacker sends specific crafted messages to the Data Server TCP port. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040 and prior), IGSS Dashboard(DashBoard.exe)(V16.0.0.23040 and prior), Custom Reports(RMS16.dll)(V16.0.0.23040 and prior).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
cybersecurity@se.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L 3.9 2.5

Products Affected

Vendor Product Version
schneider-electric custom_reports *
schneider-electric igss_data_server *
schneider-electric igss_dashboard *
CVE-2023-27978

A CWE-502: Deserialization of Untrusted Data vulnerability exists in the Dashboard module that could cause an interpretation of malicious payload data, potentially leading to remote code execution when an attacker gets the user to open a malicious file. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040 and prior), IGSS Dashboard(DashBoard.exe)(V16.0.0.23040 and prior), Custom Reports(RMS16.dll)(V16.0.0.23040 and prior).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@se.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
schneider-electric custom_reports *
schneider-electric igss_data_server *
schneider-electric igss_dashboard *
CVE-2023-27979

A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server that could allow the renaming of files in the IGSS project report directory, this could lead to denial of service when an attacker sends specific crafted messages to the Data Server TCP port. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040 and prior), IGSS Dashboard(DashBoard.exe)(V16.0.0.23040 and prior), Custom Reports(RMS16.dll)(V16.0.0.23040 and prior).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@se.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L 3.9 2.5
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
schneider-electric custom_reports *
schneider-electric igss_data_server *
schneider-electric igss_dashboard *
CVE-2023-27980

A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Data Server TCP interface that could allow the creation of a malicious report file in the IGSS project report directory, this could lead to remote code execution when a victim eventually opens the report. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040 and prior), IGSS Dashboard(DashBoard.exe)(V16.0.0.23040 and prior), Custom Reports(RMS16.dll)(V16.0.0.23040 and prior)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@se.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
schneider-electric custom_reports *
schneider-electric igss_data_server *
schneider-electric igss_dashboard *
CVE-2023-27981

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists in Custom Reports that could cause a remote code execution when a victim tries to open a malicious report. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040 and prior), IGSS Dashboard(DashBoard.exe)(V16.0.0.23040 and prior), Custom Reports(RMS16.dll)(V16.0.0.23040 and prior).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9
cybersecurity@se.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
schneider-electric custom_reports *
schneider-electric igss_data_server *
schneider-electric igss_dashboard *
CVE-2023-27982

A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server that could cause manipulation of dashboard files in the IGSS project report directory, when an attacker sends specific crafted messages to the Data Server TCP port, this could lead to remote code execution when a victim eventually opens a malicious dashboard file. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040 and prior), IGSS Dashboard(DashBoard.exe)(V16.0.0.23040 and prior), Custom Reports(RMS16.dll)(V16.0.0.23040 and prior).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@se.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
schneider-electric custom_reports *
schneider-electric igss_data_server *
schneider-electric igss_dashboard *
CVE-2023-27983

A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Data Server TCP interface that could allow deletion of reports from the IGSS project report directory, this would lead to loss of data when an attacker abuses this functionality. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040 and prior), IGSS Dashboard(DashBoard.exe)(V16.0.0.23040 and prior), Custom Reports(RMS16.dll)(V16.0.0.23040 and prior).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@se.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L 3.9 2.5
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 3.9 1.4

Products Affected

Vendor Product Version
schneider-electric custom_reports *
schneider-electric igss_data_server *
schneider-electric igss_dashboard *
CVE-2023-27984

A CWE-20: Improper Input Validation vulnerability exists in Custom Reports that could cause a macro to be executed, potentially leading to remote code execution when a user opens a malicious report file planted by an attacker. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040 and prior), IGSS Dashboard(DashBoard.exe)(V16.0.0.23040 and prior), Custom Reports(RMS16.dll)(V16.0.0.23040 and prior).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@se.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
schneider-electric custom_reports *
schneider-electric igss_data_server *
schneider-electric igss_dashboard *
CVE-2023-28003

A CWE-613: Insufficient Session Expiration vulnerability exists that could allow an attacker to maintain unauthorized access over a hijacked session in PME after the legitimate user has signed out of their account.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@se.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
schneider-electric ecostruxure_power_monitoring_expert *
CVE-2023-28004

A CWE-129: Improper validation of an array index vulnerability exists where a specially crafted Ethernet request could result in denial of service or remote code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@se.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
schneider-electric powerlogic_hdpm6000_firmware *
CVE-2023-29410

A CWE-20: Improper Input Validation vulnerability exists that could allow an authenticated attacker to gain the same privilege as the application on the server when a malicious payload is provided over HTTP for the server to execute.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@se.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
schneider-electric insighthome_firmware 1.16
schneider-electric conext_gateway_firmware *
schneider-electric insightfacility_firmware 1.16
schneider-electric insighthome_firmware *
schneider-electric insightfacility_firmware *
schneider-electric conext_gateway_firmware 1.16
CVE-2023-29411

A CWE-306: Missing Authentication for Critical Function vulnerability exists that could allow changes to administrative credentials, leading to potential remote code execution without requiring prior authentication on the Java RMI interface.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@se.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
schneider-electric easy_ups_online_monitoring_software *
schneider-electric apc_easy_ups_online_monitoring_software *
CVE-2023-29412

CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause remote code execution when manipulating internal methods through Java RMI interface.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@se.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
schneider-electric easy_ups_online_monitoring_software *
schneider-electric apc_easy_ups_online_monitoring_software *
CVE-2023-29413

A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause Denial-of-Service when accessed by an unauthenticated user on the Schneider UPS Monitor service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@se.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
schneider-electric easy_ups_online_monitoring_software *
schneider-electric apc_easy_ups_online_monitoring_software *
CVE-2023-29414

A CWE-120: Buffer Copy without Checking Size of Input (Classic Buffer Overflow) vulnerability exists that could cause user privilege escalation if a local user sends specific string input to a local function call.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@se.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
schneider-electric accutech_manager *
CVE-2023-3001

A CWE-502: Deserialization of Untrusted Data vulnerability exists in the Dashboard module that could cause an interpretation of malicious payload data, potentially leading to remote code execution when an attacker gets the user to open a malicious file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@se.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
schneider-electric igss_dashboard *
CVE-2023-37196

A CWE-89: Improper Neutralization of Special Elements vulnerability used in an SQL Command ('SQL Injection') vulnerability exists that could allow a user already authenticated on DCE to access unauthorized content, change, or delete content, or perform unauthorized actions when tampering with the alert settings of endpoints on DCE.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@se.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
schneider-electric struxureware_data_center_expert *
CVE-2023-37197

A CWE-89: Improper Neutralization of Special Elements vulnerability used in an SQL Command ('SQL Injection') vulnerability exists that could allow a user already authenticated on DCE to access unauthorized content, change, or delete content, or perform unauthorized actions when tampering with the mass configuration settings of endpoints on DCE.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@se.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
schneider-electric struxureware_data_center_expert *
CVE-2023-37198

A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause remote code execution when an admin user on DCE uploads or tampers with install packages.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@se.com 6.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H 0.9 5.9

Products Affected

Vendor Product Version
schneider-electric struxureware_data_center_expert *
CVE-2023-37199

A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause remote code execution when an admin user on DCE tampers with backups which are then manually restored.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@se.com 6.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H 0.9 5.9

Products Affected

Vendor Product Version
schneider-electric struxureware_data_center_expert *
CVE-2023-3953

A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause memory corruption when an authenticated user opens a tampered log file from GP-Pro EX.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@se.com 5.3 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L 1.8 3.4

Products Affected

Vendor Product Version
schneider-electric pro-face_gp-pro_ex *
CVE-2023-4516

A CWE-306: Missing Authentication for Critical Function vulnerability exists in the IGSS Update Service that could allow a local attacker to change update source, potentially leading to remote code execution when the attacker force an update containing malicious content.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
cybersecurity@se.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
schneider-electric interactive_graphical_scada_system *
CVE-2023-5391

A CWE-502: Deserialization of untrusted data vulnerability exists that could allow an attacker to execute arbitrary code on the targeted system by sending a specifically crafted packet to the application.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@se.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
schneider-electric ecostruxure_power_operation_with_advanced_reports *
schneider-electric ecostruxure_power_scada_operation_with_advanced_reports *
schneider-electric ecostruxure_power_monitoring_expert *
CVE-2023-5399

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause tampering of files on the personal computer running C-Bus when using the File Command.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
cybersecurity@se.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
schneider-electric spacelogic_c-bus_toolkit *
CVE-2023-5402

A CWE-269: Improper Privilege Management vulnerability exists that could cause a remote code execution when the transfer command is used over the network.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
cybersecurity@se.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
schneider-electric c-bus_toolkit *
CVE-2023-5629

A CWE-601:URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability exists that could cause disclosure of information through phishing attempts over HTTP.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@se.com 8.2 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N 2.8 4.7
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

Products Affected

Vendor Product Version
schneider-electric qr450_firmware *
schneider-electric jr240_firmware -
schneider-electric er450_firmware -
schneider-electric qb150_firmware *
schneider-electric qp150_firmware *
schneider-electric qh150_firmware *
schneider-electric er45e_firmware -
schneider-electric eb450_firmware -
schneider-electric qr150_firmware *
schneider-electric qh450_firmware *
schneider-electric eh450_firmware -
schneider-electric qb450_firmware *
schneider-electric eb45e_firmware -
schneider-electric jr900_firmware -
schneider-electric qp450_firmware *
schneider-electric eh45e_firmware -
CVE-2023-5630

A CWE-494: Download of Code Without Integrity Check vulnerability exists that could allow a privileged user to install an untrusted firmware.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@se.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H 1.2 5.2
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N 1.2 3.6

Products Affected

Vendor Product Version
schneider-electric qr450_firmware *
schneider-electric jr240_firmware -
schneider-electric er450_firmware -
schneider-electric qb150_firmware *
schneider-electric qp150_firmware *
schneider-electric qh150_firmware *
schneider-electric er45e_firmware -
schneider-electric eb450_firmware -
schneider-electric qr150_firmware *
schneider-electric qh450_firmware *
schneider-electric eh450_firmware -
schneider-electric qb450_firmware *
schneider-electric eb45e_firmware -
schneider-electric jr900_firmware -
schneider-electric qp450_firmware *
schneider-electric eh45e_firmware -
CVE-2023-5984

A CWE-494 Download of Code Without Integrity Check vulnerability exists that could allow modified firmware to be uploaded when an authorized admin user begins a firmware update procedure which could result in full control over the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@se.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N 1.2 3.6

Products Affected

Vendor Product Version
schneider-electric ion8800_firmware *
schneider-electric ion8650_firmware *
CVE-2023-5985

A CWE-79 Improper Neutralization of Input During Web Page Generation vulnerability exists that could cause compromise of a user’s browser when an attacker with admin privileges has modified system values.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@se.com 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

Products Affected

Vendor Product Version
schneider-electric ion8800_firmware *
schneider-electric ion8650_firmware *
CVE-2023-5986

A CWE-601 URL Redirection to Untrusted Site vulnerability exists that could cause an openredirect vulnerability leading to a cross site scripting attack. By providing a URL-encoded input attackers can cause the software’s web application to redirect to the chosen domain after a successful login is performed.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@se.com 8.2 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N 2.8 4.7
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

Products Affected

Vendor Product Version
schneider-electric ecostruxure_power_monitoring_expert 2020
schneider-electric ecostruxure_power_monitoring_expert 2021
CVE-2023-5987

A CWE-79 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) vulnerability that could cause a vulnerability leading to a cross site scripting condition where attackers can have a victim’s browser run arbitrary JavaScript when they visit a page containing the injected payload.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7
cybersecurity@se.com 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

Products Affected

Vendor Product Version
schneider-electric ecostruxure_power_monitoring_expert 2020
schneider-electric ecostruxure_power_monitoring_expert 2021
CVE-2023-6032

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause a file system enumeration and file download when an attacker navigates to the Network Management Card via HTTPS.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4
cybersecurity@se.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

Products Affected

Vendor Product Version
schneider-electric galaxy_vl_firmware 12.21
schneider-electric galaxy_vs_firmware 6.82
CVE-2023-6407

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause arbitrary file deletion upon service restart when accessed by a local and low-privileged attacker.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 1.8 5.2
cybersecurity@se.com 5.3 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H 1.0 4.2

Products Affected

Vendor Product Version
schneider-electric easy_ups_online_monitoring_software *
CVE-2023-6408

CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability exists that could cause a denial of service and loss of confidentiality, integrity of controllers when conducting a Man in the Middle attack.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@se.com 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

Products Affected

Vendor Product Version
schneider-electric modicon_m580_bmep581020h_firmware *
schneider-electric modicon_m340_bmxp3420302cl_firmware *
schneider-electric modicon_m580_bmep581020_firmware *
schneider-electric modicon_momentum_171cbu98091_firmware *
schneider-electric modicon_m580_bmeh586040_firmware *
schneider-electric modicon_m580_bmep582020h_firmware *
schneider-electric modicon_m340_bmxp342010_firmware *
schneider-electric modicon_mc80_bmkc8020310_firmware *
schneider-electric modicon_m580_bmep582040_firmware *
schneider-electric modicon_m340_bmxp3420302h_firmware *
schneider-electric modicon_m580_bmep586040_firmware *
schneider-electric modicon_m580_bmeh582040_firmware *
schneider-electric modicon_momentum_171cbu78090_firmware *
schneider-electric modicon_m580_bmep582020_firmware *
schneider-electric modicon_momentum_171cbu98090_firmware *
schneider-electric modicon_mc80_bmkc8020301_firmware *
schneider-electric modicon_m340_bmxp342020h_firmware *
schneider-electric modicon_m580_bmeh582040c_firmware *
schneider-electric modicon_m580_bmep582040s_firmware *
schneider-electric modicon_m580_bmep586040c_firmware *
schneider-electric modicon_m580_bmeh584040c_firmware *
schneider-electric modicon_m580_bmep583040_firmware *
schneider-electric ecostruxure_control_expert *
schneider-electric modicon_m580_bmeh586040s_firmware *
schneider-electric modicon_m580_bmep585040_firmware *
schneider-electric modicon_m580_bmep582040h_firmware *
schneider-electric modicon_m580_bmep584040_firmware *
schneider-electric modicon_m580_bmeh582040s_firmware *
schneider-electric modicon_m580_bmeh584040s_firmware *
schneider-electric modicon_m580_bmep584020_firmware *
schneider-electric modicon_m340_bmxp342030_firmware *
schneider-electric modicon_m340_bmxp342030h_firmware *
schneider-electric modicon_m580_bmeh584040_firmware *
schneider-electric modicon_m580_bmep583020_firmware *
schneider-electric modicon_m340_bmxp3420102cl_firmware *
schneider-electric modicon_m580_bmeh586040c_firmware *
schneider-electric ecostruxure_process_expert *
schneider-electric modicon_m340_bmxp341000_firmware *
schneider-electric modicon_m340_bmxp342020_firmware *
schneider-electric modicon_mc80_bmkc8030311 *
schneider-electric modicon_m580_bmep585040c_firmware *
schneider-electric modicon_m580_bmep584040s_firmware *
schneider-electric modicon_m340_bmxp341000h_firmware *
schneider-electric modicon_m340_bmxp3420302_firmware *
schneider-electric modicon_m340_bmxp342000_firmware *
schneider-electric modicon_m340_bmxp3420102_firmware *
CVE-2023-6409

CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause unauthorized access to a project file protected with application password when opening the file with EcoStruxure Control Expert.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@se.com 7.7 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 2.5 5.2

Products Affected

Vendor Product Version
schneider-electric ecostruxure_process_expert *
schneider-electric ecostruxure_control_expert *
CVE-2023-7032

A CWE-502: Deserialization of untrusted data vulnerability exists that could allow an attacker logged in with a user level account to gain higher privileges by providing a harmful serialized object.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
cybersecurity@se.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
schneider-electric easergy_studio *
CVE-2024-0865

CWE-798: Use of hard-coded credentials vulnerability exists that could cause local privilege escalation when logged in as a non-administrative user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@se.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
schneider-electric ecostruxure_it_gateway *
CVE-2024-10575

CWE-862: Missing Authorization vulnerability exists that could cause unauthorized access when enabled on the network and potentially impacting connected devices.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@se.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
schneider-electric ecostruxure_it_gateway 1.22.1.5
schneider-electric ecostruxure_it_gateway 1.23.0.4
schneider-electric ecostruxure_it_gateway 1.22.0.3
schneider-electric ecostruxure_it_gateway 1.21.0.6
CVE-2024-2602

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could result in remote code execution when an authenticated user executes a saved project file that has been tampered by a malicious actor.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@se.com 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 1.3 5.9

Products Affected

Vendor Product Version
schneider-electric foxrtu_station *
CVE-2024-2747

CWE-428: Unquoted search path or element vulnerability exists in Easergy Studio, which could cause privilege escalation when a valid user replaces a trusted file name on the system and reboots the machine.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@se.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
schneider-electric easergy_studio *
CVE-2024-37036

CWE-787: Out-of-bounds Write vulnerability exists that could result in an authentication bypass when sending a malformed POST request and particular configuration parameters are set.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@se.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
schneider-electric sage_rtu_firmware *
CVE-2024-37037

CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability exists that could allow an authenticated user with access to the device’s web interface to corrupt files and impact device functionality when sending a crafted HTTP request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@se.com 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 2.8 5.2

Products Affected

Vendor Product Version
schneider-electric sage_rtu_firmware *
CVE-2024-37038

CWE-276: Incorrect Default Permissions vulnerability exists that could allow an authenticated user with access to the device’s web interface to perform unauthorized file and firmware uploads when crafting custom web requests.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@se.com 7.5 HIGH CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.6 5.9

Products Affected

Vendor Product Version
schneider-electric sage_rtu_firmware *
CVE-2024-37039

CWE-252: Unchecked Return Value vulnerability exists that could cause denial of service of the device when an attacker sends a specially crafted HTTP request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@se.com 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 2.2 3.6

Products Affected

Vendor Product Version
schneider-electric sage_rtu_firmware *
CVE-2024-37040

CWE-120: Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’) vulnerability exists that could allow a user with access to the device’s web interface to cause a fault on the device when sending a malformed HTTP request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@se.com 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L 2.8 2.5

Products Affected

Vendor Product Version
schneider-electric sage_rtu_firmware *
CVE-2024-5056

CWE-552: Files or Directories Accessible to External Parties vulnerability exists which may prevent user to update the device firmware and prevent proper behavior of the webserver when specific files or directories are removed from the filesystem.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@se.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L 3.9 2.5

Products Affected

Vendor Product Version
schneider-electric bmxnoe0110_firmware *
schneider-electric modicon_m340_firmware *
schneider-electric bmxnoe0100_firmware *
CVE-2024-5313

CWE-668: Exposure of the Resource Wrong Sphere vulnerability exists that exposes a SSH interface over the product network interface. This does not allow to directly exploit the product or make any unintended operation as the SSH interface access is protected by an authentication mechanism. Impacts are limited to port scanning and fingerprinting activities as well as attempts to perform a potential denial of service attack on the exposed SSH interface.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@se.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L 3.9 2.5

Products Affected

Vendor Product Version
schneider-electric evlink_home_firmware 2.0.3.8.2_128
schneider-electric evlink_home_firmware 2.0.4.1.2_131
CVE-2024-5557

CWE-532: Insertion of Sensitive Information into Log File vulnerability exists that could cause exposure of SNMP credentials when an attacker has access to the controller logs.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@se.com 4.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 0.9 3.6

Products Affected

Vendor Product Version
schneider-electric spacelogic_as-p_firmware *
schneider-electric spacelogic_as-b_firmware *
CVE-2024-5558

CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability exists that could cause escalation of privileges when an attacker abuses a limited admin account.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@se.com 6.4 MEDIUM CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H 0.5 5.9

Products Affected

Vendor Product Version
schneider-electric spacelogic_as-p_firmware *
schneider-electric spacelogic_as-b_firmware *
CVE-2024-5559

CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists that could cause denial of service, device reboot, or an attacker gaining full control of the relay when a specially crafted reset token is entered into the front panel of the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@se.com 6.1 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H 0.9 5.2

Products Affected

Vendor Product Version
schneider-electric powerlogic_p5_firmware *
CVE-2024-5560

CWE-125: Out-of-bounds Read vulnerability exists that could cause denial of service of the device’s web interface when an attacker sends a specially crafted HTTP request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@se.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

Products Affected

Vendor Product Version
schneider-electric sage_rtu_firmware *
CVE-2024-5679

CWE-787: Out-of-Bounds Write vulnerability exists that could cause local denial-of-service, or kernel memory leak when a malicious actor with local user access crafts a script/program using an IOCTL call in the Foxboro.sys driver.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@se.com 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 1.8 5.2

Products Affected

Vendor Product Version
schneider-electric ecostruxure_foxboro_dcs_control_core_services *
CVE-2024-5680

CWE-129: Improper Validation of Array Index vulnerability exists that could cause local denial-of-service when a malicious actor with local user access crafts a script/program using an IOCTL call in the Foxboro.sys driver.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@se.com 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 1.8 5.2

Products Affected

Vendor Product Version
schneider-electric ecostruxure_foxboro_dcs_control_core_services *
CVE-2024-5681

CWE-20: Improper Input Validation vulnerability exists that could cause local denial-of-service, privilege escalation, and potentially kernel execution when a malicious actor with local user access crafts a script/program using an IOCTL call in the Foxboro.sys driver.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
cybersecurity@se.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
schneider-electric ecostruxure_foxboro_dcs_control_core_services *
CVE-2024-6407

CWE-200: Information Exposure vulnerability exists that could cause disclosure of credentials when a specially crafted message is sent to the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@se.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
schneider-electric whc-5918a_firmware *
CVE-2024-6528

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause a vulnerability leading to a cross-site scripting condition where attackers can have a victim’s browser run arbitrary JavaScript when they visit a page containing the injected payload.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@se.com 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

Products Affected

Vendor Product Version
schneider-electric modicon_m251_firmware *
schneider-electric modicon_m258_firmware *
schneider-electric modicon_lmc058_firmware *
schneider-electric modicon_m241_firmware *
schneider-electric modicon_m262_firmware *
CVE-2024-9409

CWE-400: An Uncontrolled Resource Consumption vulnerability exists that could cause the device to become unresponsive resulting in communication loss when a large amount of IGMP packets is present in the network.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@se.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
schneider-electric powerlogic_pm5341_firmware *
schneider-electric powerlogic_pm5320_firmware *
schneider-electric powerlogic_pm5340_firmware *
CVE-2025-13844

CWE-415: Double Free vulnerability exists that could cause heap memory corruption when the end user imports a malicious project file (SSD file) shared by the attacker into Rapsody.

Products Affected

Vendor Product Version
schneider-electric ecostruxure_power_build_-_rapsody *
CVE-2025-13845

CWE-416: Use After Free vulnerability that could cause remote code execution when the end user imports the malicious project file (SSD file) into Rapsody.

Products Affected

Vendor Product Version
schneider-electric ecostruxure_power_build_-_rapsody *