Search Results (810 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-4529 1 Schneider-electric 3 M171, M172, Somachine Hvac Firmware 2025-04-12 7.3 High
An unspecified ActiveX control in Schneider Electric SoMachine HVAC Programming Software for M171/M172 Controllers before 2.1.0 allows remote attackers to execute arbitrary code via unknown vectors, related to the INTERFACESAFE_FOR_UNTRUSTED_CALLER (aka safe for scripting) flag.
CVE-2014-9206 1 Schneider-electric 1 Device Type Manager 2025-04-12 N/A
Stack-based buffer overflow in Device Type Manager (DTM) 3.1.6 and earlier for Schneider Electric Invensys SRD Control Valve Positioner devices 960 and 991 allows local users to gain privileges via a malformed DLL file.
CVE-2015-0998 2 Aveva, Schneider-electric 2 Aveva Edge, Wonderware Intouch 2014 2025-04-12 N/A
Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 transmit cleartext credentials, which allows remote attackers to obtain sensitive information by sniffing the network.
CVE-2015-0997 2 Aveva, Schneider-electric 2 Aveva Edge, Wonderware Intouch 2014 2025-04-12 N/A
Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 provide an HMI user interface that lists all valid usernames, which makes it easier for remote attackers to obtain access via a brute-force password-guessing attack.
CVE-2015-7918 1 Schneider-electric 1 Proclima 2025-04-12 N/A
Multiple buffer overflows in the F1BookView ActiveX control in F1 Bookview in Schneider Electric ProClima before 6.2 allow remote attackers to execute arbitrary code via the (1) Attach, (2) DefinedName, (3) DefinedNameLocal, (4) ODBCPrepareEx, (5) ObjCreatePolygon, (6) SetTabbedTextEx, or (7) SetValidationRule method, a different vulnerability than CVE-2015-8561.
CVE-2016-4513 1 Schneider-electric 2 Powerlogic Pm8ecc, Powerlogic Pm8ecc Firmware 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Schneider Electric PowerLogic PM8ECC module before 2.651 for PowerMeter 800 devices allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-7937 1 Schneider-electric 13 Bmxnoc0401, Bmxnoe0100, Bmxnoe0100h and 10 more 2025-04-12 N/A
Stack-based buffer overflow in the GoAhead Web Server on Schneider Electric Modicon M340 PLC BMXNOx and BMXPx devices allows remote attackers to execute arbitrary code via a long password in HTTP Basic Authentication data.
CVE-2013-0657 1 Schneider-electric 1 Interactive Graphical Scada System 2025-04-11 N/A
Stack-based buffer overflow in Schneider Electric Interactive Graphical SCADA System (IGSS) 10 and earlier allows remote attackers to execute arbitrary code by sending TCP port-12397 data that does not comply with a protocol.
CVE-2012-0930 1 Schneider-electric 1 Modicon Quantum Plc 2025-04-11 6.1 Medium
Cross-site scripting (XSS) vulnerability in Schneider Electric Modicon Quantum PLC allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2011-4035 1 Schneider-electric 3 Citecthistorian, Citectscada Reports, Vijeo Historian 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADAReports 4.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-2761 1 Schneider-electric 1 Modicon M340 2025-04-11 N/A
The Schneider Electric M340 BMXNOE01xx and BMXP3420xx PLC modules allow remote authenticated users to cause a denial of service (module crash) via crafted FTP traffic, as demonstrated by the FileZilla FTP client.
CVE-2013-2796 1 Schneider-electric 3 Citectscada, Powerlogic Scada, Vijeo Citect 2025-04-11 N/A
Schneider Electric Vijeo Citect 7.20 and earlier, CitectSCADA 7.20 and earlier, and PowerLogic SCADA 7.20 and earlier allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
CVE-2013-6143 1 Schneider-electric 1 Telvent Sage 3030 Firmware 2025-04-11 N/A
The Schneider Electric Telvent SAGE 3030 RTU with firmware C3413-500-001D3_P4 and C3413-500-001F0_PB allows remote attackers to cause a denial of service (temporary outage and CPU consumption) via malformed DNP3 traffic.
CVE-2013-0663 1 Schneider-electric 3 Modicon M340, Modicon Premium, Modicon Quantum Plc 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability on the Schneider Electric Quantum 140NOE77111, 140NOE77101, and 140NWM10000; M340 BMXNOC0401, BMXNOE0100x, and BMXNOE011xx; and Premium TSXETY4103, TSXETY5103, and TSXWMY100 PLC modules allows remote attackers to hijack the authentication of arbitrary users for requests that execute commands, as demonstrated by modifying HTTP credentials.
CVE-2013-2782 1 Schneider-electric 2 Tburjr900, Tburjr900 Firmware 2025-04-11 N/A
Schneider Electric Trio J-Series License Free Ethernet Radio with firmware 3.6.0 through 3.6.3 uses the same AES encryption key across different customers' installations, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation.
CVE-2012-1990 1 Schneider-electric 2 Kerweb, Kerwin 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Schneider Electric Kerweb before 3.0.1 and Kerwin before 6.0.1 allow remote attackers to inject arbitrary web script or HTML via (1) the evtvariablename parameter in an evts.xml action to kw.dll, (2) unspecified search fields, or (3) unspecified content-display fields.
CVE-2013-0655 1 Schneider-electric 1 Software Update Utility 2025-04-11 N/A
The client in Schneider Electric Software Update (SESU) Utility 1.0.x and 1.1.x does not ensure that updates have a valid origin, which allows man-in-the-middle attackers to spoof updates, and consequently execute arbitrary code, by modifying the data stream on TCP port 80.
CVE-2011-5163 2 Mitsubishi-automation, Schneider-electric 2 Mx4 Scada, Citectscada 2025-04-11 N/A
Buffer overflow in an unspecified third-party component in the Batch module for Schneider Electric CitectSCADA before 7.20 and Mitsubishi MX4 SCADA before 7.20 allows local users to execute arbitrary code via a long string in a login sequence.
CVE-2011-4036 1 Schneider-electric 3 Citecthistorian, Citectscada Reports, Vijeo Historian 2025-04-11 N/A
Directory traversal vulnerability in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADAReports 4.10 and earlier allows remote attackers to read arbitrary files via unspecified vectors.
CVE-2013-0687 1 Schneider-electric 1 Micom S1 Studio 2025-04-11 N/A
The installer routine in Schneider Electric MiCOM S1 Studio uses world-writable permissions for executable files, which allows local users to modify the service or the configuration files, and consequently gain privileges or trigger incorrect protective-relay operation, via a Trojan horse executable file.