MidnightBSD

Advisories for schneider_electric

CVE-2013-0662 HIGH

Multiple stack-based buffer overflows in ModbusDrv.exe in Schneider Electric Modbus Serial Driver 1.10 through 3.2 allow remote attackers to execute arbitrary code via a large buffer-size value in a Modbus Application Header.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
schneider-electric somachine 3.0
schneider-electric sft2841 13.1
schneider-electric opc_factory_server 3.34
schneider_electric somachine 3.0
schneider-electric opc_factory_server 3.35
schneider-electric somachine 2.0
schneider-electric opc_factory_server *
schneider-electric powersuite *
schneider-electric concept *
schneider-electric sft2841 *
schneider-electric somove *
schneider-electric modbus_serial_driver 2.2
schneider-electric pl7 *
schneider-electric modbus_serial_driver 1.10
schneider-electric modbuscommdtm_sl *
schneider-electric modbus_serial_driver 3.2
schneider-electric twidosuite *
schneider-electric unity_pro *
schneider-electric somachine *
schneider-electric unity_pro 6.0
schneider-electric unityloader *
CVE-2014-8512 HIGH

Buffer overflow in an ActiveX control in Atx45.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8511. NOTE: this may be clarified later based on details provided by researchers.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
schneider_electric proclima *
CVE-2014-8513 HIGH

Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8514 and CVE-2014-9188. NOTE: this may be clarified later based on details provided by researchers.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
schneider_electric proclima *
CVE-2014-8514 HIGH

Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8513 and CVE-2014-9188. NOTE: this may be clarified later based on details provided by researchers.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
schneider_electric proclima *
CVE-2014-9188 HIGH

Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8513 and CVE-2014-8514. NOTE: this may be clarified later based on details provided by researchers.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-77,CWE-119,

Products Affected

Vendor Product Version
schneider_electric proclima *
CVE-2017-5157 MEDIUM

An issue was discovered in Schneider Electric homeLYnk Controller, LSS100100, all versions prior to V1.5.0. The homeLYnk controller is susceptible to a cross-site scripting attack. User inputs can be manipulated to cause execution of JavaScript code.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
schneider_electric homelynk_controller_lss100100_firmware 1.3.0