Filtered by vendor Schneider-electric
Subscriptions
Total
795 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-0658 | 1 Schneider-electric | 1 Accutech Manager | 2025-04-11 | N/A |
| Heap-based buffer overflow in RFManagerService.exe in Schneider Electric Accutech Manager 2.00.1 and earlier allows remote attackers to execute arbitrary code via a crafted HTTP request. | ||||
| CVE-2011-4860 | 1 Schneider-electric | 3 Quantum Ethernet Module 140noe77100, Quantum Ethernet Module 140noe77101, Quantum Ethernet Module 140noe77111 | 2025-04-11 | N/A |
| The ComputePassword function in the Schneider Electric Quantum Ethernet Module on the NOE 771 device (aka the Quantum 140NOE771* module) generates the password for the fwupgrade account by performing a calculation on the MAC address, which makes it easier for remote attackers to obtain access via a (1) ARP request message or (2) Neighbor Solicitation message. | ||||
| CVE-2011-4859 | 1 Schneider-electric | 21 M340 Ethernet Module Bmxnoe0100, M340 Ethernet Module Bmxnoe0110, M340 Ethernet Module Bmxp342020 and 18 more | 2025-04-11 | N/A |
| The Schneider Electric Quantum Ethernet Module, as used in the Quantum 140NOE771* and 140CPU65* modules, the Premium TSXETY* and TSXP57* modules, the M340 BMXNOE01* and BMXP3420* modules, and the STB DIO STBNIC2212 and STBNIP2* modules, uses hardcoded passwords for the (1) AUTCSE, (2) AUT_CSE, (3) fdrusers, (4) ftpuser, (5) loader, (6) nic2212, (7) nimrohs2212, (8) nip2212, (9) noe77111_v500, (10) ntpupdate, (11) pcfactory, (12) sysdiag, (13) target, (14) test, (15) USER, and (16) webserver accounts, which makes it easier for remote attackers to obtain access via the (a) TELNET, (b) Windriver Debug, or (c) FTP port. | ||||
| CVE-2011-4034 | 1 Schneider-electric | 3 Citecthistorian, Citectscada Reports, Vijeo Historian | 2025-04-11 | N/A |
| Buffer overflow in the Steema TeeChart ActiveX control, as used in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADAReports 4.10 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service via unspecified vectors. | ||||
| CVE-2013-2782 | 1 Schneider-electric | 2 Tburjr900, Tburjr900 Firmware | 2025-04-11 | N/A |
| Schneider Electric Trio J-Series License Free Ethernet Radio with firmware 3.6.0 through 3.6.3 uses the same AES encryption key across different customers' installations, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation. | ||||
| CVE-2011-4036 | 1 Schneider-electric | 3 Citecthistorian, Citectscada Reports, Vijeo Historian | 2025-04-11 | N/A |
| Directory traversal vulnerability in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADAReports 4.10 and earlier allows remote attackers to read arbitrary files via unspecified vectors. | ||||
| CVE-2012-1990 | 1 Schneider-electric | 2 Kerweb, Kerwin | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Schneider Electric Kerweb before 3.0.1 and Kerwin before 6.0.1 allow remote attackers to inject arbitrary web script or HTML via (1) the evtvariablename parameter in an evts.xml action to kw.dll, (2) unspecified search fields, or (3) unspecified content-display fields. | ||||
| CVE-2013-2762 | 1 Schneider-electric | 1 Magelis Xbt Hmi | 2025-04-11 | N/A |
| The Schneider Electric Magelis XBT HMI controller has a default password for authentication of configuration uploads, which makes it easier for remote attackers to bypass intended access restrictions via crafted configuration data. | ||||
| CVE-2013-0687 | 1 Schneider-electric | 1 Micom S1 Studio | 2025-04-11 | N/A |
| The installer routine in Schneider Electric MiCOM S1 Studio uses world-writable permissions for executable files, which allows local users to modify the service or the configuration files, and consequently gain privileges or trigger incorrect protective-relay operation, via a Trojan horse executable file. | ||||
| CVE-2011-3330 | 1 Schneider-electric | 6 Monitor Pro, Opc Factory Server, Pl7 Pro and 3 more | 2025-04-11 | N/A |
| Buffer overflow in the UnitelWay Windows Device Driver, as used in Schneider Electric Unity Pro 6 and earlier, OPC Factory Server 3.34, Vijeo Citect 7.20 and earlier, Telemecanique Driver Pack 2.6 and earlier, Monitor Pro 7.6 and earlier, and PL7 Pro 4.5 and earlier, allows local users, and possibly remote attackers, to execute arbitrary code via an unspecified system parameter. | ||||
| CVE-2013-0663 | 1 Schneider-electric | 3 Modicon M340, Modicon Premium, Modicon Quantum Plc | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability on the Schneider Electric Quantum 140NOE77111, 140NOE77101, and 140NWM10000; M340 BMXNOC0401, BMXNOE0100x, and BMXNOE011xx; and Premium TSXETY4103, TSXETY5103, and TSXWMY100 PLC modules allows remote attackers to hijack the authentication of arbitrary users for requests that execute commands, as demonstrated by modifying HTTP credentials. | ||||
| CVE-2013-0657 | 1 Schneider-electric | 1 Interactive Graphical Scada System | 2025-04-11 | N/A |
| Stack-based buffer overflow in Schneider Electric Interactive Graphical SCADA System (IGSS) 10 and earlier allows remote attackers to execute arbitrary code by sending TCP port-12397 data that does not comply with a protocol. | ||||
| CVE-2012-0930 | 1 Schneider-electric | 1 Modicon Quantum Plc | 2025-04-11 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in Schneider Electric Modicon Quantum PLC allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2011-3143 | 2 Aveva, Schneider-electric | 3 Clearscada, Scx 67, Scx 68 | 2025-04-11 | N/A |
| Use-after-free vulnerability in Control Microsystems ClearSCADA 2005, 2007, and 2009 before R2.3 and R1.4, as used in SCX before 67 R4.5 and 68 R3.9, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified long strings that trigger heap memory corruption. | ||||
| CVE-2012-0929 | 1 Schneider-electric | 1 Modicon Quantum Plc | 2025-04-11 | 7.5 High |
| Multiple buffer overflows in Schneider Electric Modicon Quantum PLC allow remote attackers to cause a denial of service via malformed requests to the (1) FTP server or (2) HTTP server. | ||||
| CVE-2011-5163 | 2 Mitsubishi-automation, Schneider-electric | 2 Mx4 Scada, Citectscada | 2025-04-11 | N/A |
| Buffer overflow in an unspecified third-party component in the Batch module for Schneider Electric CitectSCADA before 7.20 and Mitsubishi MX4 SCADA before 7.20 allows local users to execute arbitrary code via a long string in a login sequence. | ||||
| CVE-2011-4861 | 1 Schneider-electric | 3 Quantum Ethernet Module 140noe77100, Quantum Ethernet Module 140noe77101, Quantum Ethernet Module 140noe77111 | 2025-04-11 | N/A |
| The modbus_125_handler function in the Schneider Electric Quantum Ethernet Module on the NOE 771 device (aka the Quantum 140NOE771* module) allows remote attackers to install arbitrary firmware updates via a MODBUS 125 function code to TCP port 502. | ||||
| CVE-2011-4035 | 1 Schneider-electric | 3 Citecthistorian, Citectscada Reports, Vijeo Historian | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADAReports 4.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2011-4033 | 1 Schneider-electric | 3 Citecthistorian, Citectscada Reports, Vijeo Historian | 2025-04-11 | N/A |
| Buffer overflow in the Steema TeeChart ActiveX control, as used in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADAReports 4.10 and earlier, allows remote attackers to cause a denial of service via unspecified vectors. | ||||
| CVE-2013-3075 | 2 Mitsubishi-automation, Schneider-electric | 3 Mitsubishi Mx Component, Citectfacilities, Citectscada | 2025-04-11 | N/A |
| Multiple buffer overflows in ActUWzd.dll 1.0.0.1 in Mitsubishi MX Component 3, as distributed in Citect CitectFacilities 7.10 and CitectScada 7.10r1, allow remote attackers to execute arbitrary code via a long string, as demonstrated by a long WzTitle property value to a certain ActiveX control. | ||||