Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2020-7521

Summary
Assigner-schneider
Assigner Org ID-076d1eb6-cfab-4401-b34d-6dfc2a413bdb
Published At-31 Aug, 2020 | 16:10
Updated At-04 Aug, 2024 | 09:33
Rejected At-
Credits

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in SFAPV9601 - APC Easy UPS On-Line Software (V2.0 and earlier) when accessing a vulnerable method of `FileUploadServlet` which may lead to uploading executable files to non-specified directories.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:schneider
Assigner Org ID:076d1eb6-cfab-4401-b34d-6dfc2a413bdb
Published At:31 Aug, 2020 | 16:10
Updated At:04 Aug, 2024 | 09:33
Rejected At:
▼CVE Numbering Authority (CNA)

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in SFAPV9601 - APC Easy UPS On-Line Software (V2.0 and earlier) when accessing a vulnerable method of `FileUploadServlet` which may lead to uploading executable files to non-specified directories.

Affected Products
Vendor
n/a
Product
SFAPV9601 - APC Easy UPS On-Line Software V2.0 and earlier
Versions
Affected
  • SFAPV9601 - APC Easy UPS On-Line Software V2.0 and earlier
Problem Types
TypeCWE IDDescription
CWECWE-22CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Type: CWE
CWE ID: CWE-22
Description: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.se.com/ww/en/download/document/SEVD-2020-224-04/
x_refsource_MISC
Hyperlink: https://www.se.com/ww/en/download/document/SEVD-2020-224-04/
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.se.com/ww/en/download/document/SEVD-2020-224-04/
x_refsource_MISC
x_transferred
Hyperlink: https://www.se.com/ww/en/download/document/SEVD-2020-224-04/
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cybersecurity@se.com
Published At:31 Aug, 2020 | 17:15
Updated At:04 Sep, 2020 | 18:20

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in SFAPV9601 - APC Easy UPS On-Line Software (V2.0 and earlier) when accessing a vulnerable method of `FileUploadServlet` which may lead to uploading executable files to non-specified directories.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary2.07.5HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 7.5
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
Schneider Electric SE
schneider-electric
>>apc_easy_ups_online_software>>Versions up to 2.0(inclusive)
cpe:2.3:o:schneider-electric:apc_easy_ups_online_software:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-22Primarycybersecurity@se.com
CWE ID: CWE-22
Type: Primary
Source: cybersecurity@se.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.se.com/ww/en/download/document/SEVD-2020-224-04/cybersecurity@se.com
Vendor Advisory
Hyperlink: https://www.se.com/ww/en/download/document/SEVD-2020-224-04/
Source: cybersecurity@se.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

1065Records found
CVE-2018-7841
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-9.8||CRITICAL
EPSS-59.14% / 98.15%
||
7 Day CHG+20.04%
Published-22 May, 2019 | 19:20
Updated-30 Jul, 2025 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-05-06||The impacted product is end-of-life and should be disconnected if still in use.

A SQL Injection (CWE-89) vulnerability exists in U.motion Builder software version 1.3.4 which could cause unwanted code execution when an improper set of characters is entered.

Action-Not Available
Vendor-U.motionSchneider Electric SE
Product-u.motion_builderU.motion Builder software version 1.3.4U.motion Builder
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2018-7847
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-9.8||CRITICAL
EPSS-1.22% / 78.28%
||
7 Day CHG~0.00%
Published-22 May, 2019 | 20:00
Updated-05 Aug, 2024 | 06:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-284: Improper Access Control vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service or potential code execution by overwriting configuration settings of the controller over Modbus.

Action-Not Available
Vendor-n/a
Product-modicon_quantummodicon_quantum_firmwaremodicon_m580_firmwaremodicon_premium_firmwaremodicon_premiummodicon_m340modicon_m340_firmwaremodicon_m580Modicon M580 Modicon M340 Modicon Quantum Modicon Premium
CWE ID-CWE-287
Improper Authentication
CVE-2018-7229
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-9.8||CRITICAL
EPSS-0.54% / 66.57%
||
7 Day CHG~0.00%
Published-09 Mar, 2018 | 23:00
Updated-16 Sep, 2024 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow an unauthenticated, remote attacker to bypass authentication and gain administrator privileges because the use of hardcoded credentials.

Action-Not Available
Vendor-
Product-imp519-1er_firmwareibp319-1erimp319-1erimps110-1eibp519-1er_firmwareimp1110-1er_firmwareimps110-1eribp1110-1erimp519-1_firmwareimp519-1ibps110-1er_firmwareimp219-1_firmwareimp319-1_firmwareimps110-1er_firmwareimp219-1erimp319-1mps110-1ibp319-1er_firmwareimp319-1er_firmwareimps110-1e_firmwareimp219-1e_firmwareimp219-1eibp219-1erimp1110-1e_firmwareimp1110-1_firmwareimp519-1eimp319-1e_firmwareimp1110-1erimp219-1ibp219-1er_firmwareimp519-1erimp1110-1eimp319-1eibp1110-1er_firmwareibps110-1erimp219-1er_firmwareimp519-1e_firmwareimp1110-1ibp519-1ermps110-1_firmwarePelco Sarix Professional
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2018-7791
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-9.8||CRITICAL
EPSS-0.34% / 55.64%
||
7 Day CHG~0.00%
Published-29 Aug, 2018 | 21:00
Updated-17 Sep, 2024 | 04:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to overwrite the original password with their password. If an attacker exploits this vulnerability and overwrite the password, the attacker can upload the original program from the PLC.

Action-Not Available
Vendor-
Product-modicon_m221_firmwaremodicon_m221Modicon M221, all references, all versions prior to firmware V1.6.2.0
CWE ID-CWE-287
Improper Authentication
CVE-2023-25550
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-7.2||HIGH
EPSS-2.76% / 85.43%
||
7 Day CHG~0.00%
Published-18 Apr, 2023 | 20:36
Updated-12 Feb, 2025 | 16:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that allows remote code execution via the “hostname” parameter when maliciously crafted hostname syntax is entered. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)

Action-Not Available
Vendor-Schneider Electric SE
Product-struxureware_data_center_expertStruxureWare Data Center Expert
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-25549
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-7.2||HIGH
EPSS-2.76% / 85.43%
||
7 Day CHG~0.00%
Published-18 Apr, 2023 | 20:35
Updated-03 Mar, 2025 | 19:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that allows for remote code execution when using a parameter of the DCE network settings endpoint. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)

Action-Not Available
Vendor-Schneider Electric SE
Product-struxureware_data_center_expertStruxureWare Data Center Expert
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2016-8352
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-10||CRITICAL
EPSS-2.50% / 84.72%
||
7 Day CHG~0.00%
Published-13 Feb, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Schneider Electric ConneXium firewalls TCSEFEC23F3F20 all versions, TCSEFEC23F3F21 all versions, TCSEFEC23FCF20 all versions, TCSEFEC23FCF21 all versions, and TCSEFEC2CF3F20 all versions. A stack-based buffer overflow can be triggered during the SNMP login authentication process that may allow an attacker to remotely execute code.

Action-Not Available
Vendor-n/aSchneider Electric SE
Product-connexium_firmwaretcsefec23f3f21tcsefec23fcf20tcsefec23f3f20tcsefec23fcf21tcsefec2cf3f20Schneider Electric ConneXium TCSEFEC2*
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-22768
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-9.8||CRITICAL
EPSS-0.59% / 68.18%
||
7 Day CHG~0.00%
Published-11 Jun, 2021 | 15:40
Updated-03 Aug, 2024 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service or remote code execution via a specially crafted HTTP packet.This CVE ID is unique from CVE-2021-22767

Action-Not Available
Vendor-n/a
Product-powerlogic_egx300_firmwarepowerlogic_egx100powerlogic_egx100_firmwarepowerlogic_egx300PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions)
CWE ID-CWE-20
Improper Input Validation
CVE-2021-22765
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-9.8||CRITICAL
EPSS-0.45% / 62.59%
||
7 Day CHG~0.00%
Published-11 Jun, 2021 | 15:40
Updated-03 Aug, 2024 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service or remote code execution via a specially crafted HTTP packet

Action-Not Available
Vendor-n/a
Product-powerlogic_egx300_firmwarepowerlogic_egx100powerlogic_egx100_firmwarepowerlogic_egx300PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions)
CWE ID-CWE-20
Improper Input Validation
CVE-2021-22802
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-9.8||CRITICAL
EPSS-7.12% / 91.17%
||
7 Day CHG~0.00%
Published-11 Feb, 2022 | 17:40
Updated-03 Aug, 2024 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in remote code execution due to missing length check on user supplied data, when a constructed message is received on the network. Affected Product: Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21243 and prior)

Action-Not Available
Vendor-n/a
Product-interactive_graphical_scada_system_data_collectorInteractive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21243 and prior)
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-22737
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-9.8||CRITICAL
EPSS-0.30% / 53.11%
||
7 Day CHG~0.00%
Published-26 May, 2021 | 00:00
Updated-03 Aug, 2024 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficiently Protected Credentials vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior that could cause unauthorized access of when credentials are discovered after a brute force attack.

Action-Not Available
Vendor-n/a
Product-homelynkspacelynk_firmwarehomelynk_firmwarespacelynkhomeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior
CWE ID-CWE-307
Improper Restriction of Excessive Authentication Attempts
CVE-2021-22727
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-9.8||CRITICAL
EPSS-0.60% / 68.49%
||
7 Day CHG~0.00%
Published-21 Jul, 2021 | 10:43
Updated-03 Aug, 2024 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-331: Insufficient Entropy vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could allow an attacker to gain unauthorized access to the charging station web server

Action-Not Available
Vendor-n/a
Product-evlink_city_evc1s22p4evlink_parking_evf2evlink_parking_evf2_firmwareevlink_parking_ev.2_firmwareevlink_parking_evw2evlink_city_evc1s22p4_firmwareevlink_city_evc1s7p4_firmwareevlink_smart_wallbox_evb1a_firmwareevlink_smart_wallbox_evb1aevlink_parking_evw2_firmwareevlink_parking_ev.2evlink_city_evc1s7p4EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 )
CWE ID-CWE-331
Insufficient Entropy
CVE-2021-22801
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-9.8||CRITICAL
EPSS-0.84% / 73.85%
||
7 Day CHG~0.00%
Published-11 Feb, 2022 | 17:40
Updated-03 Aug, 2024 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-269: Improper Privilege Management vulnerability exists that could cause an arbitrary command execution when the software is configured with specially crafted event actions. Affected Product: ConneXium Network Manager Software (All Versions)

Action-Not Available
Vendor-n/a
Product-connexium_network_managerConneXium Network Manager Software (All Versions)
CWE ID-CWE-269
Improper Privilege Management
CVE-2020-7487
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-9.8||CRITICAL
EPSS-0.22% / 44.64%
||
7 Day CHG~0.00%
Published-22 Apr, 2020 | 18:50
Updated-04 Aug, 2024 | 09:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists which could allow the attacker to execute malicious code on the Modicon M218, M241, M251, and M258 controllers.

Action-Not Available
Vendor-n/a
Product-modicon_m241_firmwaremodicon_m218ecostruxure_machine_expertsomachine_motionmodicon_m218_firmwaremodicon_m241somachinemodicon_m258modicon_m258_firmwaremodicon_m251_firmwaremodicon_m251EcoStruxure Machine Expert (all versions)SoMachine, SoMachine Motion (all versions)Modicon M218 Logic Controller (all versions)Modicon M241 Logic Controller (all versions)Modicon M251 Logic Controller (all versions)Modicon M258 Logic Controller (all versions)
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CVE-2020-7508
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-9.8||CRITICAL
EPSS-0.26% / 48.83%
||
7 Day CHG~0.00%
Published-16 Jun, 2020 | 19:44
Updated-04 Aug, 2024 | 09:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to gain full access by brute force.

Action-Not Available
Vendor-n/a
Product-easergy_t300easergy_t300_firmwareEasergy T300 (Firmware version 1.5.2 and older)
CWE ID-CWE-307
Improper Restriction of Excessive Authentication Attempts
CVE-2020-7489
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-9.8||CRITICAL
EPSS-0.47% / 63.73%
||
7 Day CHG~0.00%
Published-22 Apr, 2020 | 18:15
Updated-04 Aug, 2024 | 09:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability exists on EcoStruxure Machine Expert – Basic or SoMachine Basic programming software (versions in security notification). The result of this vulnerability, DLL substitution, could allow the transference of malicious code to the controller.

Action-Not Available
Vendor-n/a
Product-modicon_m200modicon_m100_firmwaremodicon_m221ecostruxure_machine_expertmodicon_m200_firmwaresomachine_basicmodicon_m221_firmwaremodicon_m100SoMachine Basic (all versions)EcoStruxure Machine Expert – Basic (all versions)Modicon M100 Logic Controller (all versions)Modicon M200 Logic Controller (all versions)Modicon M221 Logic Controller (all versions)
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2022-46680
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-8.8||HIGH
EPSS-0.12% / 31.11%
||
7 Day CHG~0.00%
Published-22 May, 2023 | 13:25
Updated-21 Jan, 2025 | 15:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-319: Cleartext transmission of sensitive information vulnerability exists that could cause disclosure of sensitive information, denial of service, or modification of data if an attacker is able to intercept network traffic.

Action-Not Available
Vendor-Schneider Electric SE
Product-powerlogic_ion8650powerlogic_ion9000_firmwarepowerlogic_ion9000powerlogic_pm8000powerlogic_pm8000_firmwarepowerlogic_ion7400_firmwarepowerlogic_ion8800_firmwarepowerlogic_ion8800powerlogic_ion7400powerlogic_ion8650_firmwarePowerLogic ION9000PowerLogic ION8800Legacy ION products PowerLogic PM8000PowerLogic ION7400PowerLogic ION8650
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2022-45788
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-7.5||HIGH
EPSS-0.29% / 52.23%
||
7 Day CHG~0.00%
Published-30 Jan, 2023 | 00:00
Updated-05 Feb, 2025 | 20:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause arbitrary code execution, denial of service and loss of confidentiality & integrity when a malicious project file is loaded onto the controller. Affected Products: EcoStruxure Control Expert (All Versions), EcoStruxure Process Expert (All Versions), Modicon M340 CPU - part numbers BMXP34* (All Versions), Modicon M580 CPU - part numbers BMEP* and BMEH* (All Versions), Modicon M580 CPU Safety - part numbers BMEP58*S and BMEH58*S (All Versions), Modicon Momentum Unity M1E Processor - 171CBU* (All Versions), Modicon MC80 - BMKC80 (All Versions), Legacy Modicon Quantum - 140CPU65* and Premium CPUs - TSXP57* (All Versions)

Action-Not Available
Vendor-Schneider Electric SE
Product-modicon_m340_bmxp342030_firmwaremodicon_premium_tsxp57_454mmodicon_m340_bmxp3420302h_firmwaremodicon_premium_tsxp57_2834m_firmwaremodicon_premium_tsxp57_6634m_firmwaremodicon_m340_bmxp342020h_firmwaremodicon_m580_bmep583040_firmwaremodicon_m580_bmeh582040smodicon_quantum_140cpu65160_firmwaremodicon_m340_bmxp3420302_firmwaremodicon_m340_bmxp342010modicon_m580_bmeh584040smodicon_m580_bmep582020h_firmwaremodicon_m580_bmep584040s_firmwaremodicon_m580_bmep584040modicon_m340_bmxp342010_firmwaremodicon_m340_bmxp342020_firmwaremodicon_mc80_bmkc8020310_firmwaremodicon_m340_bmxp3420102_firmwaremodicon_m580_bmep585040_firmwaremodicon_m580_bmep582040h_firmwaremodicon_premium_tsxp57_454m_firmwaremodicon_quantum_140cpu65150modicon_m580_bmep584040_firmwaremodicon_momentum_171cbu78090_firmwaremodicon_m580_bmep584040smodicon_m580_bmeh582040cmodicon_m580_bmep583040ecostruxure_control_expertmodicon_m580_bmep582040modicon_m580_bmep585040modicon_premium_tsxp57_4634mmodicon_m580_bmep584020_firmwaremodicon_m580_bmeh584040modicon_m580_bmep585040c_firmwaremodicon_premium_tsxp57_2634m_firmwaremodicon_m580_bmeh584040_firmwaremodicon_momentum_171cbu78090modicon_premium_tsxp57_5634mmodicon_m580_bmep581020h_firmwaremodicon_m580_bmep584020modicon_mc80_bmkc8020301modicon_m580_bmeh584040s_firmwaremodicon_momentum_171cbu98090_firmwaremodicon_m580_bmep582040smodicon_premium_tsxp57_1634m_firmwaremodicon_m340_bmxp342020modicon_m340_bmxp342030hmodicon_m340_bmxp342020hmodicon_m580_bmeh586040cmodicon_m580_bmep582020_firmwaremodicon_momentum_171cbu98091modicon_m340_bmxp342000_firmwaremodicon_m580_bmep581020hmodicon_m580_bmeh586040_firmwaremodicon_m580_bmeh584040cmodicon_m340_bmxp342030modicon_m580_bmeh586040c_firmwaremodicon_m580_bmep586040_firmwaremodicon_m580_bmeh582040_firmwaremodicon_quantum_140cpu65150c_firmwaremodicon_m580_bmep582040_firmwaremodicon_m580_bmeh582040modicon_quantum_140cpu65160c_firmwaremodicon_mc80_bmkc8030311modicon_quantum_140cpu65160modicon_momentum_171cbu98090modicon_premium_tsxp57_1634mmodicon_m580_bmeh582040c_firmwaremodicon_m580_bmep583020modicon_m580_bmeh586040s_firmwaremodicon_m580_bmeh586040smodicon_m580_bmep586040modicon_premium_tsxp57_2634mmodicon_m340_bmxp342000modicon_m580_bmeh586040modicon_m580_bmep583020_firmwaremodicon_premium_tsxp57_5634m_firmwaremodicon_premium_tsxp57_554m_firmwaremodicon_m340_bmxp341000modicon_mc80_bmkc8020310modicon_m580_bmep582020modicon_quantum_140cpu65160cmodicon_m580_bmeh584040c_firmwaremodicon_quantum_140cpu65150_firmwaremodicon_momentum_171cbu98091_firmwaremodicon_quantum_140cpu65150cmodicon_m340_bmxp3420302hmodicon_m580_bmep585040cmodicon_mc80_bmkc8030311_firmwaremodicon_m580_bmep582040hmodicon_m340_bmxp3420302modicon_premium_tsxp57_554mmodicon_m580_bmep582040s_firmwaremodicon_premium_tsxp57_2834mmodicon_m340_bmxp341000_firmwaremodicon_m580_bmep581020_firmwaremodicon_mc80_bmkc8020301_firmwareecostruxure_process_expertmodicon_m580_bmep581020modicon_m580_bmep586040cmodicon_premium_tsxp57_4634m_firmwaremodicon_m340_bmxp342030h_firmwaremodicon_m580_bmep582020hmodicon_m580_bmep586040c_firmwaremodicon_m340_bmxp3420102modicon_m580_bmeh582040s_firmwaremodicon_premium_tsxp57_6634mModicon MC80 (BMKC80)Legacy Modicon Quantum (140CPU65*) and Premium CPUs (TSXP57*)Modicon M580 CPU Safety (part numbers BMEP58*S and BMEH58*S)Modicon M340 CPU (part numbers BMXP34*)Modicon Momentum Unity M1E Processor (171CBU*)EcoStruxure Control Expert Modicon M580 CPU (part numbers BMEP* and BMEH*) EcoStruxure Process Expert
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2016-5818
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.8||CRITICAL
EPSS-0.38% / 58.53%
||
7 Day CHG~0.00%
Published-13 Feb, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Schneider Electric PowerLogic PM8ECC device 2.651 and older. Undocumented hard-coded credentials allow access to the device.

Action-Not Available
Vendor-n/aSchneider Electric SE
Product-powerlogic_pm8eccpowerlogic_pm8ecc_firmwareSchneider Electric PowerLogic 2.651 and older
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2016-5815
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.8||CRITICAL
EPSS-1.19% / 77.92%
||
7 Day CHG~0.00%
Published-13 Feb, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. No authentication is configured by default. An unauthorized user can access the device management portal and make configuration changes.

Action-Not Available
Vendor-n/aSchneider Electric SE
Product-ion7300ion7600ion7500ion5000ion8650ion8800Schneider Electric IONXXXX Series Power Meter Vulnerabilities
CWE ID-CWE-284
Improper Access Control
CVE-2022-45789
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-8.1||HIGH
EPSS-0.06% / 17.56%
||
7 Day CHG~0.00%
Published-31 Jan, 2023 | 00:00
Updated-05 Feb, 2025 | 20:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause execution of unauthorized Modbus functions on the controller when hijacking an authenticated Modbus session. Affected Products: EcoStruxure Control Expert (All Versions), EcoStruxure Process Expert (All Versions), Modicon M340 CPU - part numbers BMXP34* (All Versions), Modicon M580 CPU - part numbers BMEP* and BMEH* (All Versions), Modicon M580 CPU Safety - part numbers BMEP58*S and BMEH58*S (All Versions)

Action-Not Available
Vendor-Schneider Electric SE
Product-modicon_m340_bmxp342030_firmwaremodicon_m340_bmxp3420302h_firmwaremodicon_m340_bmxp342020h_firmwaremodicon_m580_bmep583040_firmwaremodicon_m580_bmeh582040smodicon_m340_bmxp3420302_firmwaremodicon_m340_bmxp342010modicon_m580_bmeh584040smodicon_m580_bmep582020h_firmwaremodicon_m580_bmep584040s_firmwaremodicon_m580_bmep584040modicon_m340_bmxp342010_firmwaremodicon_m340_bmxp342020_firmwaremodicon_m340_bmxp3420102_firmwaremodicon_m580_bmep585040_firmwaremodicon_m580_bmep582040h_firmwaremodicon_m580_bmep584040_firmwaremodicon_m580_bmep584040smodicon_m580_bmeh582040cmodicon_m580_bmep583040ecostruxure_control_expertmodicon_m580_bmep582040modicon_m580_bmep584020_firmwaremodicon_m580_bmep585040modicon_m580_bmep585040c_firmwaremodicon_m580_bmeh584040modicon_m580_bmeh584040_firmwaremodicon_m580_bmep581020h_firmwaremodicon_m580_bmep584020modicon_m580_bmeh584040s_firmwaremodicon_m340_bmxp342020modicon_m580_bmep582040smodicon_m340_bmxp342030hmodicon_m340_bmxp342020hmodicon_m580_bmep582020_firmwaremodicon_m580_bmeh586040cmodicon_m340_bmxp342000_firmwaremodicon_m580_bmep581020hmodicon_m580_bmeh586040_firmwaremodicon_m580_bmeh584040cmodicon_m340_bmxp342030modicon_m580_bmeh586040c_firmwaremodicon_m580_bmeh582040_firmwaremodicon_m580_bmep586040_firmwaremodicon_m580_bmep582040_firmwaremodicon_m580_bmeh582040modicon_m580_bmeh582040c_firmwaremodicon_m580_bmep583020modicon_m580_bmeh586040s_firmwaremodicon_m580_bmeh586040smodicon_m580_bmep586040modicon_m340_bmxp342000modicon_m580_bmeh586040modicon_m580_bmep582020modicon_m580_bmep583020_firmwaremodicon_m340_bmxp341000modicon_m580_bmeh584040c_firmwaremodicon_m340_bmxp3420302hmodicon_m580_bmep585040cmodicon_m580_bmep582040hmodicon_m340_bmxp3420302modicon_m580_bmep582040s_firmwaremodicon_m340_bmxp341000_firmwaremodicon_m580_bmep581020_firmwareecostruxure_process_expertmodicon_m580_bmep581020modicon_m580_bmep586040cmodicon_m340_bmxp342030h_firmwaremodicon_m580_bmep582020hmodicon_m580_bmep586040c_firmwaremodicon_m340_bmxp3420102modicon_m580_bmeh582040s_firmwareModicon M580 CPU Safety (part numbers BMEP58*S and BMEH58*S)Modicon M340 CPU (part numbers BMXP34*)EcoStruxure Control Expert Modicon M580 CPU (part numbers BMEP* and BMEH*) EcoStruxure Process Expert
CWE ID-CWE-294
Authentication Bypass by Capture-replay
CVE-2016-4529
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.3||HIGH
EPSS-2.86% / 85.72%
||
7 Day CHG~0.00%
Published-15 Jul, 2016 | 16:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An unspecified ActiveX control in Schneider Electric SoMachine HVAC Programming Software for M171/M172 Controllers before 2.1.0 allows remote attackers to execute arbitrary code via unknown vectors, related to the INTERFACESAFE_FOR_UNTRUSTED_CALLER (aka safe for scripting) flag.

Action-Not Available
Vendor-n/aSchneider Electric SE
Product-somachine_hvac_firmwarem171m172n/a
CVE-2022-42970
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-9.8||CRITICAL
EPSS-0.23% / 45.82%
||
7 Day CHG~0.00%
Published-01 Feb, 2023 | 00:00
Updated-05 Feb, 2025 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-306: Missing Authentication for Critical Function The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GA), APC Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GA-01-22261), Schneider Electric Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GS), Schneider Electric Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GS-01-22261)

Action-Not Available
Vendor-Microsoft CorporationSchneider Electric SE
Product-windows_server_2016apc_easy_ups_online_monitoring_softwareeasy_ups_online_monitoring_softwarewindows_7windows_11windows_10windows_server_2022windows_server_2019Schneider Electric Easy UPS Online Monitoring SoftwareAPC Easy UPS Online Monitoring Software
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2022-42971
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-9.8||CRITICAL
EPSS-3.22% / 86.55%
||
7 Day CHG~0.00%
Published-01 Feb, 2023 | 00:00
Updated-05 Feb, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could cause remote code execution when the attacker uploads a malicious JSP file. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GA), APC Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GA-01-22261), Schneider Electric Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GS), Schneider Electric Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GS-01-22261)

Action-Not Available
Vendor-Microsoft CorporationSchneider Electric SE
Product-windows_server_2016apc_easy_ups_online_monitoring_softwareeasy_ups_online_monitoring_softwarewindows_7windows_11windows_10windows_server_2022windows_server_2019Schneider Electric Easy UPS Online Monitoring SoftwareAPC Easy UPS Online Monitoring Software
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2020-28212
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-9.8||CRITICAL
EPSS-1.40% / 79.63%
||
7 Day CHG~0.00%
Published-19 Nov, 2020 | 21:03
Updated-04 Aug, 2024 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause unauthorized command execution when a brute force attack is done over Modbus.

Action-Not Available
Vendor-n/a
Product-ecostruxure_control_expertPLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions)
CWE ID-CWE-307
Improper Restriction of Excessive Authentication Attempts
CVE-2022-37300
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-9.8||CRITICAL
EPSS-0.29% / 51.86%
||
7 Day CHG~0.00%
Published-12 Sep, 2022 | 17:40
Updated-03 Aug, 2024 | 10:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could cause unauthorized access in read and write mode to the controller when communicating over Modbus. Affected Products: EcoStruxure Control Expert Including all Unity Pro versions (former name of EcoStruxure Control Expert) (V15.0 SP1 and prior), EcoStruxure Process Expert, Including all versions of EcoStruxure Hybrid DCS (former name of EcoStruxure Process Expert) (V2021 and prior), Modicon M340 CPU (part numbers BMXP34*) (V3.40 and prior), Modicon M580 CPU (part numbers BMEP* and BMEH*) (V3.20 and prior).

Action-Not Available
Vendor-
Product-modicon_m340_bmxp342030_firmwaremodicon_m340_bmxp3420302h_firmwaremodicon_m340_bmxp342020h_firmwaremodicon_m580_bmep583040_firmwaremodicon_m580_bmeh582040smodicon_m340_bmxp3420302_firmwaremodicon_m340_bmxp342010modicon_m580_bmeh584040smodicon_m580_bmep582020h_firmwaremodicon_m580_bmep584040s_firmwaremodicon_m580_bmep584040modicon_m340_bmxp342010_firmwaremodicon_m340_bmxp342020_firmwaremodicon_m340_bmxp3420102_firmwaremodicon_m580_bmep585040_firmwaremodicon_m580_bmep582040h_firmwaremodicon_m580_bmep584040_firmwaremodicon_m580_bmep584040smodicon_m580_bmeh582040cmodicon_m580_bmep583040ecostruxure_control_expertmodicon_m580_bmep582040modicon_m580_bmep584020_firmwaremodicon_m580_bmeh584040modicon_m580_bmep585040modicon_m580_bmep585040c_firmwaremodicon_m580_bmeh584040_firmwaremodicon_m580_bmep581020h_firmwaremodicon_m580_bmep584020modicon_m580_bmeh584040s_firmwaremodicon_m340_bmxp342020modicon_m340_bmxp342030hmodicon_m340_bmxp342020hmodicon_m580_bmeh586040cmodicon_m580_bmep582020_firmwaremodicon_m340_bmxp342000_firmwaremodicon_m580_bmeh586040_firmwaremodicon_m580_bmep581020hmodicon_m580_bmeh584040cmodicon_m340_bmxp342030modicon_m580_bmeh586040c_firmwaremodicon_m580_bmep586040_firmwaremodicon_m580_bmeh582040_firmwaremodicon_m580_bmep582040_firmwaremodicon_m580_bmeh582040modicon_m580_bmeh582040c_firmwaremodicon_m580_bmep583020modicon_m580_bmeh586040s_firmwaremodicon_m580_bmeh586040smodicon_m580_bmep586040modicon_m340_bmxp342000modicon_m580_bmeh586040modicon_m580_bmep582020modicon_m580_bmep583020_firmwaremodicon_m340_bmxp341000modicon_m580_bmeh584040c_firmwaremodicon_m340_bmxp3420302hmodicon_m580_bmep585040cmodicon_m580_bmep582040hmodicon_m340_bmxp3420302modicon_m340_bmxp341000_firmwaremodicon_m580_bmep581020_firmwareecostruxure_process_expertmodicon_m580_bmep581020modicon_m580_bmep586040cmodicon_m340_bmxp342030h_firmwaremodicon_m580_bmep582020hmodicon_m580_bmep586040c_firmwaremodicon_m340_bmxp3420102modicon_m580_bmeh582040s_firmwareEcoStruxure Control ExpertEcoStruxure Process ExpertModicon M340 CPUModicon M580 CPU
CWE ID-CWE-640
Weak Password Recovery Mechanism for Forgotten Password
CVE-2022-22810
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-9.8||CRITICAL
EPSS-0.30% / 52.94%
||
7 Day CHG~0.00%
Published-09 Feb, 2022 | 22:05
Updated-03 Aug, 2024 | 03:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could allow an attacker to manipulate the admin after numerous attempts at guessing credentials. Affected Product: spaceLYnk (V2.6.2 and prior), Wiser for KNX (formerly homeLYnk) (V2.6.2 and prior), fellerLYnk (V2.6.2 and prior)

Action-Not Available
Vendor-n/a
Product-fellerlynkwiser_for_knxspacelynkwiser_for_knx_firmwarefellerlynk_firmwarespacelynk_firmwarespaceLYnk (V2.6.2 and prior), Wiser for KNX (formerly homeLYnk) (V2.6.2 and prior), fellerLYnk (V2.6.2 and prior)
CWE ID-CWE-307
Improper Restriction of Excessive Authentication Attempts
CVE-2022-34756
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-8.8||HIGH
EPSS-1.87% / 82.34%
||
7 Day CHG~0.00%
Published-13 Jul, 2022 | 21:10
Updated-17 Sep, 2024 | 04:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in remote code execution or the crash of HTTPs stack which is used for the device Web HMI. Affected Products: Easergy P5 (V01.401.102 and prior)

Action-Not Available
Vendor-
Product-easergy_p5_firmwareeasergy_p5Easergy P5
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-10575
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-10||CRITICAL
EPSS-0.26% / 48.92%
||
7 Day CHG~0.00%
Published-13 Nov, 2024 | 04:35
Updated-19 Nov, 2024 | 17:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CWE-862: Missing Authorization vulnerability exists that could cause unauthorized access when enabled on the network and potentially impacting connected devices.

Action-Not Available
Vendor-
Product-ecostruxure_it_gatewayEcoStruxure IT Gatewayecostruxure_it_gateway
CWE ID-CWE-862
Missing Authorization
CVE-2022-32513
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-9.8||CRITICAL
EPSS-0.18% / 40.21%
||
7 Day CHG~0.00%
Published-30 Jan, 2023 | 00:00
Updated-05 Feb, 2025 | 20:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-521: Weak Password Requirements vulnerability exists that could allow an attacker to gain control of the device when the attacker brute forces the password. Affected Products: C-Bus Network Automation Controller - LSS5500NAC (Versions prior to V1.10.0), Wiser for C-Bus Automation Controller - LSS5500SHAC (Versions prior to V1.10.0), Clipsal C-Bus Network Automation Controller - 5500NAC (Versions prior to V1.10.0), Clipsal Wiser for C-Bus Automation Controller - 5500SHAC (Versions prior to V1.10.0), SpaceLogic C-Bus Network Automation Controller - 5500NAC2 (Versions prior to V1.10.0), SpaceLogic C-Bus Application Controller - 5500AC2 (Versions prior to V1.10.0)

Action-Not Available
Vendor-Schneider Electric SE
Product-5500ac2_firmware5500shaclss5500nac5500ac2lss5500shaclss5500nac_firmwarelss5500shac_firmware5500nac_firmware5500nac5500nac25500shac_firmware5500nac2_firmwareClipsal C-Bus Network Automation Controller, 5500NACSpaceLogic C-Bus Network Automation Controller, 5500NAC2Clipsal Wiser for C-Bus Automation Controller, 5500SHACWiser for C-Bus Automation Controller, LSS5500SHACSpaceLogic C-Bus Application Controller, 5500AC2C-Bus Network Automation Controller, LSS5500NAC
CWE ID-CWE-521
Weak Password Requirements
CVE-2022-32523
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-9.8||CRITICAL
EPSS-4.42% / 88.59%
||
7 Day CHG~0.00%
Published-30 Jan, 2023 | 00:00
Updated-05 Feb, 2025 | 20:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted online data request messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170)

Action-Not Available
Vendor-Schneider Electric SE
Product-interactive_graphical_scada_systemIGSS Data Server (IGSSdataServer.exe)
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-32522
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-9.8||CRITICAL
EPSS-3.78% / 87.60%
||
7 Day CHG~0.00%
Published-30 Jan, 2023 | 00:00
Updated-05 Feb, 2025 | 20:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted mathematically reduced data request messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170)

Action-Not Available
Vendor-Schneider Electric SE
Product-interactive_graphical_scada_systemIGSS Data Server (IGSSdataServer.exe)
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-32526
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-9.8||CRITICAL
EPSS-3.61% / 87.32%
||
7 Day CHG~0.00%
Published-30 Jan, 2023 | 00:00
Updated-05 Feb, 2025 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted setting value messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170)

Action-Not Available
Vendor-Schneider Electric SE
Product-interactive_graphical_scada_systemIGSS Data Server (IGSSdataServer.exe)
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-32519
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-8||HIGH
EPSS-0.19% / 41.33%
||
7 Day CHG~0.00%
Published-30 Jan, 2023 | 00:00
Updated-05 Feb, 2025 | 20:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-257: Storing Passwords in a Recoverable Format vulnerability exists that could result in unwanted access to a DCE instance when performed over a network by a malicious third-party. Affected Products: Data Center Expert (Versions prior to V7.9.0)

Action-Not Available
Vendor-Schneider Electric SE
Product-data_center_expertData Center Expert
CWE ID-CWE-257
Storing Passwords in a Recoverable Format
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2022-32527
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-9.8||CRITICAL
EPSS-3.61% / 87.32%
||
7 Day CHG~0.00%
Published-30 Jan, 2023 | 00:00
Updated-05 Feb, 2025 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted alarm cache data messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170)

Action-Not Available
Vendor-Schneider Electric SE
Product-interactive_graphical_scada_systemIGSS Data Server (IGSSdataServer.exe)
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-32525
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-9.8||CRITICAL
EPSS-3.61% / 87.32%
||
7 Day CHG~0.00%
Published-30 Jan, 2023 | 00:00
Updated-05 Feb, 2025 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted alarm data messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170)

Action-Not Available
Vendor-Schneider Electric SE
Product-interactive_graphical_scada_systemIGSS Data Server (IGSSdataServer.exe)
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-32524
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-9.8||CRITICAL
EPSS-4.42% / 88.59%
||
7 Day CHG~0.00%
Published-30 Jan, 2023 | 00:00
Updated-05 Feb, 2025 | 20:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted time reduced data messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170)

Action-Not Available
Vendor-Schneider Electric SE
Product-interactive_graphical_scada_systemIGSS Data Server (IGSSdataServer.exe)
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-32529
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-9.8||CRITICAL
EPSS-4.42% / 88.59%
||
7 Day CHG~0.00%
Published-30 Jan, 2023 | 00:00
Updated-05 Feb, 2025 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted log data request messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170)

Action-Not Available
Vendor-Schneider Electric SE
Product-interactive_graphical_scada_systemIGSS Data Server (IGSSdataServer.exe)
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-32520
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-8||HIGH
EPSS-0.16% / 37.70%
||
7 Day CHG~0.00%
Published-30 Jan, 2023 | 00:00
Updated-05 Feb, 2025 | 20:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-522: Insufficiently Protected Credentials vulnerability exists that could result in unwanted access to a DCE instance when performed over a network by a malicious third-party. This CVE is unique from CVE-2022-32518. Affected Products: Data Center Expert (Versions prior to V7.9.0)

Action-Not Available
Vendor-Schneider Electric SE
Product-data_center_expertData Center Expert
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2022-32518
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-8||HIGH
EPSS-0.16% / 37.70%
||
7 Day CHG~0.00%
Published-30 Jan, 2023 | 00:00
Updated-05 Feb, 2025 | 20:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-522: Insufficiently Protected Credentials vulnerability exists that could result in unwanted access to a DCE instance when performed over a network by a malicious third-party. This CVE is unique from CVE-2022-32520. Affected Products: Data Center Expert (Versions prior to V7.9.0)

Action-Not Available
Vendor-Schneider Electric SE
Product-data_center_expertData Center Expert
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2018-1126
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-4.8||MEDIUM
EPSS-0.30% / 52.96%
||
7 Day CHG~0.00%
Published-23 May, 2018 | 13:00
Updated-05 Aug, 2024 | 03:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading to truncation/integer overflow issues. This flaw is related to CVE-2018-1124.

Action-Not Available
Vendor-procps-ng_project[UNKNOWN]Canonical Ltd.Red Hat, Inc.Debian GNU/Linux
Product-enterprise_linux_serverubuntu_linuxdebian_linuxprocps-ngenterprise_linux_server_ausenterprise_linux_workstationenterprise_linuxenterprise_linux_server_tusenterprise_linux_desktopstruxureware_data_center_expertprocps-ng, procps
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2020-28215
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-9.8||CRITICAL
EPSS-0.99% / 75.92%
||
7 Day CHG~0.00%
Published-11 Dec, 2020 | 00:51
Updated-04 Aug, 2024 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-862: Missing Authorization vulnerability exists in Easergy T300 (firmware 2.7 and older), that could cause a wide range of problems, including information exposures, denial of service, and arbitrary code execution when access control checks are not applied consistently.

Action-Not Available
Vendor-n/a
Product-easergy_t300easergy_t300_firmwareEasergy T300 (firmware 2.7 and older)
CWE ID-CWE-862
Missing Authorization
CVE-2020-28221
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-9.8||CRITICAL
EPSS-0.92% / 75.07%
||
7 Day CHG~0.00%
Published-25 Jan, 2021 | 17:08
Updated-04 Aug, 2024 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-20: Improper Input Validation vulnerability exists in EcoStruxure™ Operator Terminal Expert and Pro-face BLUE (version details in the notification) that could cause arbitrary code execution when the Ethernet Download feature is enable on the HMI.

Action-Not Available
Vendor-n/a
Product-st-6400wasp-5600tpsp-5700wcst-6700wahmist6400pro-face_bluehmi_sto_501hmist6200hmi_sto_512st-6500wahmig3xsp-5800wcst-6200wast-6600wasp-5b10hmi_sto_511hmi_sto_531hmist6700hmist6500gp-4105gsp-5600wagp-4106ghmig5u2ecostruxure_operator_terminal_expertgp-4106wsp-5660tphmig5usp-5400wagp-4105whmi_sto_532gp-4107wgp-4104gsp-5b00sp-5500tphmist6600sp-5500wahmig3usp-5700tpsp-5b41gp-4107gsp-5600tagp-4104wEcoStruxure™ Operator Terminal Expert 3.1 Service Pack 1A and prior running on Harmony HMIs HMIST6 Series, HMIG3U in HMIGTU Series, HMISTO Series and Pro-face BLUE 3.1 Service Pack 1A and prior running on Pro-face HMIs: ST6000 Series, SP-5B41 in SP5000 Series, GP4100 Series
CWE ID-CWE-20
Improper Input Validation
CVE-2017-9957
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-9.8||CRITICAL
EPSS-0.44% / 62.42%
||
7 Day CHG~0.00%
Published-25 Sep, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the web service contains a hidden system account with a hardcoded password. An attacker can use this information to log into the system with high-privilege credentials.

Action-Not Available
Vendor-Schneider Electric SE
Product-u.motion_builderU.Motion
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2017-9956
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-7.3||HIGH
EPSS-0.49% / 64.37%
||
7 Day CHG~0.00%
Published-25 Sep, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An authentication bypass vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the system contains a hard-coded valid session. An attacker can use that session ID as part of the HTTP cookie of a web request, resulting in authentication bypass

Action-Not Available
Vendor-Schneider Electric SE
Product-u.motion_builderU.Motion
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2022-30234
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-9.4||CRITICAL
EPSS-0.47% / 63.58%
||
7 Day CHG~0.00%
Published-02 Jun, 2022 | 22:45
Updated-16 Sep, 2024 | 19:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-798: Use of Hard-coded Credentials vulnerability exists that could allow arbitrary code to be executed when root level access is obtained. Affected Products: Wiser Smart, EER21000 & EER21001 (V4.5 and prior)

Action-Not Available
Vendor-
Product-wiser_smart_eer21000wiser_smart_eer21001_firmwarewiser_smart_eer21000_firmwarewiser_smart_eer21001Wiser Smart
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2022-30238
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-8.3||HIGH
EPSS-0.26% / 48.89%
||
7 Day CHG~0.00%
Published-02 Jun, 2022 | 22:45
Updated-17 Sep, 2024 | 03:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-287: Improper Authentication vulnerability exists that could allow an attacker to take over the admin account when an attacker hijacks a session. Affected Products: Wiser Smart, EER21000 & EER21001 (V4.5 and prior)

Action-Not Available
Vendor-
Product-wiser_smart_eer21000wiser_smart_eer21001_firmwarewiser_smart_eer21000_firmwarewiser_smart_eer21001Wiser Smart
CWE ID-CWE-287
Improper Authentication
CVE-2022-30235
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-8.6||HIGH
EPSS-0.34% / 55.82%
||
7 Day CHG~0.00%
Published-02 Jun, 2022 | 22:45
Updated-16 Sep, 2024 | 17:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could allow unauthorized access when an attacker uses brute force. Affected Products: Wiser Smart, EER21000 & EER21001 (V4.5 and prior)

Action-Not Available
Vendor-
Product-wiser_smart_eer21000wiser_smart_eer21001_firmwarewiser_smart_eer21000_firmwarewiser_smart_eer21001Wiser Smart
CWE ID-CWE-307
Improper Restriction of Excessive Authentication Attempts
CVE-2022-32514
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-9.8||CRITICAL
EPSS-0.20% / 41.73%
||
7 Day CHG~0.00%
Published-30 Jan, 2023 | 00:00
Updated-05 Feb, 2025 | 20:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-287: Improper Authentication vulnerability exists that could allow an attacker to gain control of the device when logging into a web page. Affected Products: C-Bus Network Automation Controller - LSS5500NAC (Versions prior to V1.10.0), Wiser for C-Bus Automation Controller - LSS5500SHAC (Versions prior to V1.10.0), Clipsal C-Bus Network Automation Controller - 5500NAC (Versions prior to V1.10.0), Clipsal Wiser for C-Bus Automation Controller - 5500SHAC (Versions prior to V1.10.0), SpaceLogic C-Bus Network Automation Controller - 5500NAC2 (Versions prior to V1.10.0), SpaceLogic C-Bus Application Controller - 5500AC2 (Versions prior to V1.10.0)

Action-Not Available
Vendor-Schneider Electric SE
Product-5500ac2_firmware5500shaclss5500nac5500ac2lss5500shaclss5500nac_firmwarelss5500shac_firmware5500nac_firmware5500nac5500nac25500shac_firmware5500nac2_firmwareClipsal C-Bus Network Automation Controller, 5500NACSpaceLogic C-Bus Network Automation Controller, 5500NAC2Clipsal Wiser for C-Bus Automation Controller, 5500SHACWiser for C-Bus Automation Controller, LSS5500SHACSpaceLogic C-Bus Application Controller, 5500AC2C-Bus Network Automation Controller, LSS5500NAC
CWE ID-CWE-287
Improper Authentication
CVE-2018-7238
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-9.8||CRITICAL
EPSS-2.73% / 85.38%
||
7 Day CHG~0.00%
Published-09 Mar, 2018 | 23:00
Updated-16 Sep, 2024 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow vulnerability exist in the web-based GUI of Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow an unauthenticated, remote attacker to execute arbitrary code.

Action-Not Available
Vendor-
Product-imp519-1er_firmwareibp319-1erimp319-1erimps110-1eibp519-1er_firmwareimp1110-1er_firmwareimps110-1eribp1110-1erimp519-1_firmwareimp519-1ibps110-1er_firmwareimp219-1_firmwareimp319-1_firmwareimps110-1er_firmwareimp219-1erimp319-1mps110-1ibp319-1er_firmwareimp319-1er_firmwareimps110-1e_firmwareimp219-1e_firmwareimp219-1eibp219-1erimp1110-1e_firmwareimp1110-1_firmwareimp519-1eimp319-1e_firmwareimp1110-1erimp219-1ibp219-1er_firmwareimp519-1erimp1110-1eimp319-1eibp1110-1er_firmwareibps110-1erimp219-1er_firmwareimp519-1e_firmwareimp1110-1ibp519-1ermps110-1_firmwarePelco Sarix Professional
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 21
  • 22
  • Next
Details not found