| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Schneider Electric Struxureware Building Operations Automation Server AS 1.7 and earlier and AS-P 1.7 and earlier allows remote authenticated administrators to execute arbitrary OS commands by defeating an msh (aka Minimal Shell) protection mechanism. |
| Untrusted search path vulnerability in Schneider Electric Wonderware System Platform before 2014 R2 Patch 01 allows local users to gain privileges via a Trojan horse DLL in an unspecified directory. |
| Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 provide an HMI user interface that lists all valid usernames, which makes it easier for remote attackers to obtain access via a brute-force password-guessing attack. |
| Stack-based buffer overflow in Device Type Manager (DTM) 3.1.6 and earlier for Schneider Electric Invensys SRD Control Valve Positioner devices 960 and 991 allows local users to gain privileges via a malformed DLL file. |
| Buffer overflow in an ActiveX control in Atx45.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8512. NOTE: this may be clarified later based on details provided by researchers. |
| Multiple buffer overflows in Schneider Electric VAMPSET before 2.2.168 allow local users to gain privileges via malformed disturbance-recording data in a (1) CFG or (2) DAT file. |
| Stack-based buffer overflow in Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before 4.05.000, PFXEXEDLS before 4.05.000, and PFXEXGRPLS before 4.05.000 allows remote attackers to execute arbitrary code via unspecified vectors. |
| Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 transmit cleartext credentials, which allows remote attackers to obtain sensitive information by sniffing the network. |
| Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before 4.05.000, PFXEXEDLS before 4.05.000, and PFXEXGRPLS before 4.05.000 allow remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors. |
| Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 store cleartext OPC User credentials in a configuration file, which allows local users to obtain sensitive information by reading this file. |
| Buffer overflow in Schneider Electric IMT25 Magnetic Flow DTM before 1.500.004 for the HART Protocol allows remote authenticated users to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HART reply. |
| Buffer overflow in an unspecified DLL in Schneider Electric Pelco DS-NVs before 7.8.90 allows remote attackers to execute arbitrary code via unspecified vectors. |
| Cross-site scripting (XSS) vulnerability in the Schneider Electric PowerLogic PM8ECC module before 2.651 for PowerMeter 800 devices allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| The F1BookView ActiveX control in F1 Bookview in Schneider Electric ProClima before 6.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted integer value to the (1) AttachToSS, (2) CopyAll, (3) CopyRange, (4) CopyRangeEx, or (5) SwapTable method, a different vulnerability than CVE-2015-7918. |
| Heap-based buffer overflow in Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before 4.05.000, PFXEXEDLS before 4.05.000, and PFXEXGRPLS before 4.05.000 allows remote attackers to execute arbitrary code via unspecified vectors. |
| Stack-based buffer overflow in the GoAhead Web Server on Schneider Electric Modicon M340 PLC BMXNOx and BMXPx devices allows remote attackers to execute arbitrary code via a long password in HTTP Basic Authentication data. |
| An unspecified ActiveX control in Schneider Electric SoMachine HVAC Programming Software for M171/M172 Controllers before 2.1.0 allows remote attackers to execute arbitrary code via unknown vectors, related to the INTERFACESAFE_FOR_UNTRUSTED_CALLER (aka safe for scripting) flag. |
| Schneider Electric Pelco Digital Sentry Video Management System with firmware before 7.14 has hardcoded credentials, which allows remote attackers to obtain access, and consequently execute arbitrary code, via unspecified vectors. |
| Stack-based buffer overflow in Schneider Electric Interactive Graphical SCADA System (IGSS) 10 and earlier allows remote attackers to execute arbitrary code by sending TCP port-12397 data that does not comply with a protocol. |
| Buffer overflow in the Steema TeeChart ActiveX control, as used in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADAReports 4.10 and earlier, allows remote attackers to cause a denial of service via unspecified vectors. |
