Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-27981

Summary
Assigner-schneider
Assigner Org ID-076d1eb6-cfab-4401-b34d-6dfc2a413bdb
Published At-21 Mar, 2023 | 00:00
Updated At-05 Feb, 2025 | 20:05
Rejected At-
Credits

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists in Custom Reports that could cause a remote code execution when a victim tries to open a malicious report. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040 and prior), IGSS Dashboard(DashBoard.exe)(V16.0.0.23040 and prior), Custom Reports(RMS16.dll)(V16.0.0.23040 and prior).

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:schneider
Assigner Org ID:076d1eb6-cfab-4401-b34d-6dfc2a413bdb
Published At:21 Mar, 2023 | 00:00
Updated At:05 Feb, 2025 | 20:05
Rejected At:
▼CVE Numbering Authority (CNA)

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists in Custom Reports that could cause a remote code execution when a victim tries to open a malicious report. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040 and prior), IGSS Dashboard(DashBoard.exe)(V16.0.0.23040 and prior), Custom Reports(RMS16.dll)(V16.0.0.23040 and prior).

Affected Products
Vendor
Schneider Electric SESchneider Electric
Product
IGSS Data Server(IGSSdataServer.exe)
Versions
Affected
  • From V through 16.0.0.23040 (custom)
Vendor
Schneider Electric SESchneider Electric
Product
IGSS Dashboard (DashBoard.exe)
Versions
Affected
  • From V through 16.0.0.23040 (custom)
Vendor
Schneider Electric SESchneider Electric
Product
Custom Reports (RMS16.dll)
Versions
Affected
  • From V through 16.0.0.23040 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-22CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Type: CWE
CWE ID: CWE-22
Description: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Metrics
VersionBase scoreBase severityVector
3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-073-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-073-04.pdf
N/A
Hyperlink: https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-073-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-073-04.pdf
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-073-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-073-04.pdf
x_transferred
Hyperlink: https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-073-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-073-04.pdf
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cybersecurity@se.com
Published At:21 Mar, 2023 | 10:15
Updated At:24 Mar, 2023 | 17:15

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists in Custom Reports that could cause a remote code execution when a victim tries to open a malicious report. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040 and prior), IGSS Dashboard(DashBoard.exe)(V16.0.0.23040 and prior), Custom Reports(RMS16.dll)(V16.0.0.23040 and prior).

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Secondary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CPE Matches
Schneider Electric SE
schneider-electric
>>custom_reports>>Versions up to 16.0.0.23040(inclusive)
cpe:2.3:a:schneider-electric:custom_reports:*:*:*:*:*:*:*:*
Schneider Electric SE
schneider-electric
>>igss_dashboard>>Versions up to 16.0.0.23040(inclusive)
cpe:2.3:a:schneider-electric:igss_dashboard:*:*:*:*:*:*:*:*
Schneider Electric SE
schneider-electric
>>igss_data_server>>Versions up to 16.0.0.23040(inclusive)
cpe:2.3:a:schneider-electric:igss_data_server:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-22Primarycybersecurity@se.com
CWE ID: CWE-22
Type: Primary
Source: cybersecurity@se.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-073-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-073-04.pdfcybersecurity@se.com
Patch
Vendor Advisory
Hyperlink: https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-073-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-073-04.pdf
Source: cybersecurity@se.com
Resource:
Patch
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

241Records found
CVE-2020-7555
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-7.8||HIGH
EPSS-0.66% / 70.21%
||
7 Day CHG~0.00%
Published-19 Nov, 2020 | 21:08
Updated-04 Aug, 2024 | 09:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-787 Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition.

Action-Not Available
Vendor-n/a
Product-interactive_graphical_scada_systemIGSS Definition (Def.exe) version 14.0.0.20247 and prior
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-7550
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-7.8||HIGH
EPSS-0.66% / 70.21%
||
7 Day CHG~0.00%
Published-19 Nov, 2020 | 21:06
Updated-04 Aug, 2024 | 09:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 and prior that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition.

Action-Not Available
Vendor-n/a
Product-interactive_graphical_scada_systemIGSS Definition (Def.exe) version 14.0.0.20247 and prior
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2020-7474
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-7.8||HIGH
EPSS-0.15% / 36.85%
||
7 Day CHG~0.00%
Published-23 Mar, 2020 | 18:53
Updated-04 Aug, 2024 | 09:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-427: Uncontrolled Search Path Element vulnerability exists in ProSoft Configurator (v1.002 and prior), for the PMEPXM0100 (H) module, which could cause the execution of untrusted code when using double click to open a project file which may trigger execution of a malicious DLL.

Action-Not Available
Vendor-n/a
Product-pmepxm0100_prosoft_configuratorProSoft Configurator v1.002 and prior, for the PMEPXM0100 (H) module
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2020-7493
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-7.8||HIGH
EPSS-0.34% / 56.08%
||
7 Day CHG~0.00%
Published-16 Jun, 2020 | 19:10
Updated-04 Aug, 2024 | 09:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD) which could cause malicious code execution when opening the project file.

Action-Not Available
Vendor-n/a
Product-ecostruxure_operator_terminal_expertEcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD)
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2020-7531
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-7.8||HIGH
EPSS-0.18% / 39.34%
||
7 Day CHG~0.00%
Published-16 Sep, 2020 | 15:40
Updated-04 Aug, 2024 | 09:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-284 Improper Access Control vulnerability exists in SCADAPack 7x Remote Connect (V3.6.3.574 and prior) which allows an attacker to place executables in a specific folder and run code whenever RemoteConnect is executed by the user.

Action-Not Available
Vendor-n/a
Product-scadapack_7x_remote_connectSCADAPack 7x Remote Connect V3.6.3.574 and prior.
CWE ID-CWE-284
Improper Access Control
CVE-2020-7534
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-8.8||HIGH
EPSS-0.18% / 39.59%
||
7 Day CHG~0.00%
Published-04 Feb, 2022 | 22:29
Updated-04 Aug, 2024 | 09:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists on the web server used, that could cause a leak of sensitive data or unauthorized actions on the web server during the time the user is logged in. Affected Products: Modicon M340 CPUs: BMXP34 (All Versions), Modicon Quantum CPUs with integrated Ethernet (Copro): 140CPU65 (All Versions), Modicon Premium CPUs with integrated Ethernet (Copro): TSXP57 (All Versions), Modicon M340 ethernet modules: (BMXNOC0401, BMXNOE01, BMXNOR0200H) (All Versions), Modicon Quantum and Premium factory cast communication modules: (140NOE77111, 140NOC78*00, TSXETY5103, TSXETY4103) (All Versions)

Action-Not Available
Vendor-n/a
Product-tsxety4103tsxety5103140cpu65_firmware140noc78000_firmwarebmxnoc0401_firmware140noc78000140noe77111bmxnoe01_firmwarebmxnor0200hmodicon_m340_bmxp342020140cpu65tsxp57tsxety4103_firmwarebmxnoc0401140noe77111_firmwaremodicon_m340_bmxp342020_firmwarebmxnor0200h_firmwarebmxnoe01tsxp57_firmwaretsxety5103_firmwareModicon M340 CPUs: BMXP34 (All Versions), Modicon Quantum CPUs with integrated Ethernet (Copro): 140CPU65 (All Versions), Modicon Premium CPUs with integrated Ethernet (Copro): TSXP57 (All Versions), Modicon M340 ethernet modules: (BMXNOC0401, BMXNOE01, BMXNOR0200H) (All Versions), Modicon Quantum and Premium factory cast communication modules: (140NOE77111, 140NOC78*00, TSXETY5103, TSXETY4103)
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-7553
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-7.8||HIGH
EPSS-0.66% / 70.21%
||
7 Day CHG~0.00%
Published-19 Nov, 2020 | 21:07
Updated-04 Aug, 2024 | 09:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-787 Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition.

Action-Not Available
Vendor-n/a
Product-interactive_graphical_scada_systemIGSS Definition (Def.exe) version 14.0.0.20247 and prior
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-7532
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-7.8||HIGH
EPSS-0.43% / 61.54%
||
7 Day CHG~0.00%
Published-16 Sep, 2020 | 15:40
Updated-04 Aug, 2024 | 09:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-502 Deserialization of Untrusted Data vulnerability exists in SCADAPack x70 Security Administrator (V1.2.0 and prior) which could allow arbitrary code execution when an attacker builds a custom .SDB file containing a malicious serialized buffer.

Action-Not Available
Vendor-n/a
Product-scadapack_x70_security_administratorSCADAPack x70 Security Administrator V1.2.0 and prior.
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2020-25178
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-0.23% / 45.64%
||
7 Day CHG~0.00%
Published-18 Mar, 2022 | 18:00
Updated-16 Apr, 2025 | 17:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Rockwell Automation ISaGRAF5 Runtime Cleartext Transmission of Sensitive Information

ISaGRAF Workbench communicates with Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x using TCP/IP. This communication protocol provides various file system operations, as well as the uploading of applications. Data is transferred over this protocol unencrypted, which could allow a remote unauthenticated attacker to upload, read, and delete files.

Action-Not Available
Vendor-xylemRockwell Automation, Inc.
Product-micro850saitel_dpmultismart_firmwareisagraf_runtimeeasergy_t300epas_gtwmicro820pacis_gtw_firmwaremicro830micro830_firmwaremicro870_firmwaremicro820_firmwaremicro870easergy_c5_firmwaresaitel_drmicro850_firmwarepacis_gtwsaitel_dr_firmwarecp-3saitel_dp_firmwareisagraf_free_runtimeepas_gtw_firmwareeasergy_c5micom_c264mc-31aadvance_controllermicom_c264_firmwarescd2200_firmwareeasergy_t300_firmwaremicro810micro810_firmwareISaGRAF Runtime
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2019-6825
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-7.8||HIGH
EPSS-0.49% / 64.59%
||
7 Day CHG~0.00%
Published-15 Jul, 2019 | 20:45
Updated-04 Aug, 2024 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-427: Uncontrolled Search Path Element vulnerability exists in ProClima (all versions prior to version 8.0.0) which could allow a malicious DLL file, with the same name of any resident DLLs inside the software installation, to execute arbitrary code in all versions of ProClima prior to version 8.0.0.

Action-Not Available
Vendor-Schneider Electric SE
Product-proclimaProClima all versions prior to version 8.0.0
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2019-6822
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-7.8||HIGH
EPSS-3.52% / 87.16%
||
7 Day CHG~0.00%
Published-15 Jul, 2019 | 20:46
Updated-04 Aug, 2024 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Use After Free: CWE-416 vulnerability exists in Zelio Soft 2, V5.2 and earlier, which could cause remote code execution when opening a specially crafted Zelio Soft 2 project file.

Action-Not Available
Vendor-
Product-zelio_soft_2Zelio Soft 2 V5.2 and prior
CWE ID-CWE-416
Use After Free
CVE-2023-27980
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-8.8||HIGH
EPSS-2.12% / 83.45%
||
7 Day CHG~0.00%
Published-21 Mar, 2023 | 00:00
Updated-05 Feb, 2025 | 20:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Data Server TCP interface that could allow the creation of a malicious report file in the IGSS project report directory, this could lead to remote code execution when a victim eventually opens the report. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040 and prior), IGSS Dashboard(DashBoard.exe)(V16.0.0.23040 and prior), Custom Reports(RMS16.dll)(V16.0.0.23040 and prior)

Action-Not Available
Vendor-Schneider Electric SE
Product-custom_reportsigss_dashboardigss_data_serverIGSS Dashboard (DashBoard.exe)IGSS Data Server(IGSSdataServer.exe)Custom Reports (RMS16.dll)
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2019-6826
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-7.8||HIGH
EPSS-0.43% / 61.77%
||
7 Day CHG~0.00%
Published-17 Sep, 2019 | 19:57
Updated-04 Aug, 2024 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-426: Untrusted Search Path vulnerability exists in SoMachine HVAC v2.4.1 and earlier versions, which could cause arbitrary code execution on the system running SoMachine HVAC when a malicious DLL library is loaded by the product.

Action-Not Available
Vendor-
Product-somachine_hvacSoMachine HVAC
CWE ID-CWE-426
Untrusted Search Path
CVE-2019-6858
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-7.8||HIGH
EPSS-0.16% / 37.59%
||
7 Day CHG~0.00%
Published-22 Jan, 2020 | 13:59
Updated-04 Aug, 2024 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-427:Uncontrolled Search Path Element vulnerability exists in MSX Configurator (Software Version prior to V1.0.8.1), which could cause privilege escalation when injecting a malicious DLL.

Action-Not Available
Vendor-n/a
Product-msx_configuratorMSX Configurator (Software Version prior to V1.0.8.1)
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2019-6834
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-7.3||HIGH
EPSS-0.28% / 51.32%
||
7 Day CHG~0.00%
Published-28 Mar, 2022 | 16:25
Updated-04 Aug, 2024 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-502: Deserialization of Untrusted Data vulnerability exists which could allow an attacker to execute arbitrary code on the targeted system with SYSTEM privileges when placing a malicious user to be authenticated for this vulnerability to be successfully exploited. Affected Product: Schneider Electric Software Update (SESU) SUT Service component (V2.1.1 to V2.3.0)

Action-Not Available
Vendor-
Product-software_updateSoftware Update (SESU) – SUT Service component
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2023-28003
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-6.7||MEDIUM
EPSS-0.25% / 47.99%
||
7 Day CHG~0.00%
Published-18 Apr, 2023 | 20:43
Updated-05 Feb, 2025 | 21:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-613: Insufficient Session Expiration vulnerability exists that could allow an attacker to maintain unauthorized access over a hijacked session in PME after the legitimate user has signed out of their account.

Action-Not Available
Vendor-Schneider Electric SE
Product-ecostruxure_power_monitoring_expertEcoStruxure Power Monitoring Expert
CWE ID-CWE-613
Insufficient Session Expiration
CVE-2022-32530
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-4.8||MEDIUM
EPSS-0.14% / 34.95%
||
7 Day CHG~0.00%
Published-24 Jun, 2022 | 13:00
Updated-03 Aug, 2024 | 07:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-668 Exposure of Resource to Wrong Sphere vulnerability exists that could cause users to be misled, hiding alarms, showing the wrong server connection option or the wrong control request when a mobile device has been compromised by a malicious application. Affected Product: Geo SCADA Mobile (Build 222 and prior)

Action-Not Available
Vendor-
Product-geo_scada_mobileGeo SCADA Mobile
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2025-2222
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-8.2||HIGH
EPSS-0.04% / 12.99%
||
7 Day CHG~0.00%
Published-09 Apr, 2025 | 10:12
Updated-09 Apr, 2025 | 14:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CWE-552: Files or Directories Accessible to External Parties vulnerability over https exists that could leak information and potential privilege escalation following man in the middle attack.

Action-Not Available
Vendor-Schneider Electric SE
Product-ConneXium Network Manager
CWE ID-CWE-552
Files or Directories Accessible to External Parties
CVE-2025-2223
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-8.4||HIGH
EPSS-0.04% / 9.70%
||
7 Day CHG~0.00%
Published-09 Apr, 2025 | 10:16
Updated-09 Apr, 2025 | 14:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CWE-20: Improper Input Validation vulnerability exists that could cause a loss of Confidentiality, Integrity and Availability of engineering workstation when a malicious project file is loaded by a user from the local system.

Action-Not Available
Vendor-Schneider Electric SE
Product-ConneXium Network Manager
CWE ID-CWE-20
Improper Input Validation
CVE-2024-8422
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.85%
||
7 Day CHG~0.00%
Published-08 Oct, 2024 | 10:09
Updated-16 Oct, 2024 | 18:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CWE-416: Use After Free vulnerability exists that could cause arbitrary code execution, denial of service and loss of confidentiality & integrity when application user opens a malicious Zelio Soft 2 project file.

Action-Not Available
Vendor-
Product-zelio_soft_2Zelio Soft 2zelio_soft_2
CWE ID-CWE-416
Use After Free
CVE-2018-7801
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-8.8||HIGH
EPSS-16.84% / 94.69%
||
7 Day CHG-4.45%
Published-24 Dec, 2018 | 16:00
Updated-05 Aug, 2024 | 06:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Code Injection vulnerability exists in EVLink Parking, v3.2.0-12_v1 and earlier, which could enable access with maximum privileges when a remote code execution is performed.

Action-Not Available
Vendor-
Product-evlink_parkingevlink_parking_firmwareEVLink Parking v3.2.0-12_v1 and earlier
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2022-22727
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-8.8||HIGH
EPSS-0.84% / 73.79%
||
7 Day CHG~0.00%
Published-04 Feb, 2022 | 22:29
Updated-03 Aug, 2024 | 03:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-20: Improper Input Validation vulnerability exists that could allow an unauthenticated attacker to view data, change settings, impact availability of the software, or potentially impact a user�s local machine when the user clicks a specially crafted link. Affected Product: EcoStruxure Power Monitoring Expert (Versions 2020 and prior)

Action-Not Available
Vendor-n/a
Product-ecostruxure_power_monitoring_expertEcoStruxure Power Monitoring Expert (Versions 2020 and prior)
CWE ID-CWE-20
Improper Input Validation
CVE-2021-22827
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-8.8||HIGH
EPSS-0.41% / 60.60%
||
7 Day CHG~0.00%
Published-28 Jan, 2022 | 19:09
Updated-03 Aug, 2024 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-20: Improper Input Validation vulnerability exists that could cause arbitrary code execution when the user visits a page containing the injected payload. This CVE is unique from CVE-2021-22826. Affected Product: EcoStruxure� Power Monitoring Expert 9.0 and prior versions

Action-Not Available
Vendor-n/a
Product-ecostruxure_power_monitoring_expertn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-22724
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-8.8||HIGH
EPSS-0.18% / 39.73%
||
7 Day CHG~0.00%
Published-28 Jan, 2022 | 19:09
Updated-03 Aug, 2024 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CVE-352 Cross-Site Request Forgery (CSRF) vulnerability exists that could allow an attacker to impersonate the user or carry out actions on their behalf when crafted malicious parameters are submitted in POST requests sent to the charging station web server. Affected Products: EVlink City EVC1S22P4 / EVC1S7P4 (All versions prior to R8 V3.4.0.2 ), EVlink Parking EVW2 / EVF2 / EVP2PE (All versions prior to R8 V3.4.0.2), and EVlink Smart Wallbox EVB1A (All versions prior to R8 V3.4.0.2)

Action-Not Available
Vendor-n/a
Product-evb1a_firmwareevb1aevp2peevc1s7p4evc1s22p4evc1s7p4_firmwareevf2_firmwareevw2_firmwareevp2pe_firmwareevc1s22p4_firmwareevf2evw2n/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-7490
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-7.8||HIGH
EPSS-0.14% / 33.90%
||
7 Day CHG~0.00%
Published-22 Apr, 2020 | 18:48
Updated-04 Aug, 2024 | 09:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-426: Untrusted Search Path vulnerability exists in Vijeo Designer Basic (V1.1 HotFix 15 and prior) and Vijeo Designer (V6.9 SP9 and prior), which could cause arbitrary code execution on the system running Vijeo Basic when a malicious DLL library is loaded by the Product.

Action-Not Available
Vendor-n/a
Product-vijeo_designerVijeo Designer Basic (V1.1 HotFix 15 and prior) and Vijeo Designer (V6.9 SP9 and prior)
CWE ID-CWE-426
Untrusted Search Path
CVE-2020-7556
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-7.8||HIGH
EPSS-0.66% / 70.21%
||
7 Day CHG~0.00%
Published-19 Nov, 2020 | 21:08
Updated-04 Aug, 2024 | 09:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-787 Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition.

Action-Not Available
Vendor-n/a
Product-interactive_graphical_scada_systemIGSS Definition (Def.exe) version 14.0.0.20247 and prior
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-7528
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-7.8||HIGH
EPSS-0.41% / 60.27%
||
7 Day CHG~0.00%
Published-16 Sep, 2020 | 15:39
Updated-04 Aug, 2024 | 09:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-502 Deserialization of Untrusted Data vulnerability exists in SCADAPack 7x Remote Connect (V3.6.3.574 and prior) which could allow arbitrary code execution when an attacker builds a custom .PRJ file containing a malicious serialized buffer.

Action-Not Available
Vendor-n/a
Product-scadapack_7x_remote_connectSCADAPack 7x Remote Connect V3.6.3.574 and prior.
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2020-7503
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-8.8||HIGH
EPSS-0.17% / 38.31%
||
7 Day CHG~0.00%
Published-16 Jun, 2020 | 19:42
Updated-04 Aug, 2024 | 09:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to execute malicious commands on behalf of a legitimate user when xsrf-token data is intercepted.

Action-Not Available
Vendor-n/a
Product-easergy_t300easergy_t300_firmwareEasergy T300 (Firmware version 1.5.2 and older)
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-7476
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-7.8||HIGH
EPSS-0.15% / 35.58%
||
7 Day CHG~0.00%
Published-23 Mar, 2020 | 19:01
Updated-04 Aug, 2024 | 09:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-426: Untrusted Search Path vulnerability exists in ZigBee Installation Kit (Versions prior to 1.0.1), which could cause execution of malicious code when a malicious file is put in the search path.

Action-Not Available
Vendor-n/a
Product-ulti_zigbee_installation_toolkitZigBee Installation Toolkit (Versions prior to 1.0.1)
CWE ID-CWE-426
Untrusted Search Path
CVE-2019-6827
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-7.8||HIGH
EPSS-0.31% / 53.42%
||
7 Day CHG~0.00%
Published-15 Jul, 2019 | 20:47
Updated-04 Aug, 2024 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-787: Out-of-bounds Write vulnerability exists in Interactive Graphical SCADA System (IGSS), Version 14 and prior, which could cause a software crash when data in the mdb database is manipulated.

Action-Not Available
Vendor-n/a
Product-interactive_graphical_scada_systemInteractive Graphical SCADA System (IGSS) Version 14 and prior
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-24311
Matching Score-6
Assigner-Schneider Electric
ShareView Details
Matching Score-6
Assigner-Schneider Electric
CVSS Score-9.8||CRITICAL
EPSS-3.70% / 87.48%
||
7 Day CHG~0.00%
Published-09 Feb, 2022 | 22:04
Updated-03 Aug, 2024 | 04:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists that could cause modification of an existing file by inserting at beginning of file or create a new file in the context of the Data Server potentially leading to remote code execution when an attacker sends a specially crafted message. Affected Product: Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior)

Action-Not Available
Vendor-n/a
Product-interactive_graphical_scada_system_data_serverInteractive Graphical SCADA System Data Server (V15.0.0.22020 and prior)
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-24312
Matching Score-6
Assigner-Schneider Electric
ShareView Details
Matching Score-6
Assigner-Schneider Electric
CVSS Score-9.8||CRITICAL
EPSS-1.75% / 81.81%
||
7 Day CHG~0.00%
Published-09 Feb, 2022 | 22:04
Updated-03 Aug, 2024 | 04:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists that could cause modification of an existing file by adding at end of file or create a new file in the context of the Data Server potentially leading to remote code execution when an attacker sends a specially crafted message. Affected Product: Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior)

Action-Not Available
Vendor-n/a
Product-interactive_graphical_scada_system_data_serverInteractive Graphical SCADA System Data Server (V15.0.0.22020 and prior)
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-22719
Matching Score-6
Assigner-Schneider Electric
ShareView Details
Matching Score-6
Assigner-Schneider Electric
CVSS Score-8.8||HIGH
EPSS-15.63% / 94.44%
||
7 Day CHG~0.00%
Published-13 Apr, 2021 | 18:32
Updated-03 Aug, 2024 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in C-Bus Toolkit (V1.15.7 and prior) that could allow a remote code execution when a file is uploaded.

Action-Not Available
Vendor-n/a
Product-c-bus_toolkitC-Bus Toolkit V1.15.7 and prior
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-22731
Matching Score-6
Assigner-Schneider Electric
ShareView Details
Matching Score-6
Assigner-Schneider Electric
CVSS Score-6.5||MEDIUM
EPSS-0.23% / 45.63%
||
7 Day CHG~0.00%
Published-30 Jan, 2023 | 00:00
Updated-05 Feb, 2025 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in a function that could allow an attacker to create or overwrite critical files that are used to execute code, such as programs or libraries and cause path traversal attacks. Affected Products: EcoStruxure Power Commission (Versions prior to V2.22)

Action-Not Available
Vendor-Schneider Electric SE
Product-ecostruxure_power_commissionEcoStruxure Power Commission
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-22736
Matching Score-6
Assigner-Schneider Electric
ShareView Details
Matching Score-6
Assigner-Schneider Electric
CVSS Score-7.5||HIGH
EPSS-0.39% / 59.35%
||
7 Day CHG~0.00%
Published-26 May, 2021 | 19:19
Updated-03 Aug, 2024 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior which could cause a denial of service when an unauthorized file is uploaded.

Action-Not Available
Vendor-n/a
Product-homelynkspacelynk_firmwarehomelynk_firmwarespacelynkhomeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-37037
Matching Score-6
Assigner-Schneider Electric
ShareView Details
Matching Score-6
Assigner-Schneider Electric
CVSS Score-8.1||HIGH
EPSS-1.18% / 77.87%
||
7 Day CHG~0.00%
Published-12 Jun, 2024 | 16:50
Updated-02 Aug, 2024 | 03:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability exists that could allow an authenticated user with access to the device’s web interface to corrupt files and impact device functionality when sending a crafted HTTP request.

Action-Not Available
Vendor-
Product-sage_4400sage_1410sage_3030_magnumsage_2400sage_rtu_firmwaresage_1450sage_1430Sage 4400Sage 1450Sage 1410Sage 3030 MagnumSage 1430Sage 2400sage_4400
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-41667
Matching Score-6
Assigner-Schneider Electric
ShareView Details
Matching Score-6
Assigner-Schneider Electric
CVSS Score-7||HIGH
EPSS-0.06% / 17.84%
||
7 Day CHG~0.00%
Published-04 Nov, 2022 | 00:00
Updated-02 May, 2025 | 18:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that allows adversaries with local user privileges to load a malicious DLL which could lead to execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior).

Action-Not Available
Vendor-Schneider Electric SE
Product-ecostruxure_operator_terminal_expertpro-face_bluePro-face BLUEEcoStruxure Operator Terminal Expert
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-41670
Matching Score-6
Assigner-Schneider Electric
ShareView Details
Matching Score-6
Assigner-Schneider Electric
CVSS Score-7||HIGH
EPSS-0.06% / 17.84%
||
7 Day CHG~0.00%
Published-04 Nov, 2022 | 00:00
Updated-30 Apr, 2025 | 20:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load malicious DLL which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior).

Action-Not Available
Vendor-Schneider Electric SE
Product-ecostruxure_operator_terminal_expertpro-face_blueEcoStruxure Operator Terminal ExpertPro-face BLUE
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-34762
Matching Score-6
Assigner-Schneider Electric
ShareView Details
Matching Score-6
Assigner-Schneider Electric
CVSS Score-5.9||MEDIUM
EPSS-0.40% / 60.05%
||
7 Day CHG~0.00%
Published-13 Jul, 2022 | 21:10
Updated-16 Sep, 2024 | 16:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause unauthorized firmware image loading when unsigned images are added to the firmware image path. Affected Products: X80 advanced RTU Communication Module (BMENOR2200H) (V2.01 and later), OPC UA Modicon Communication Module (BMENUA0100) (V1.10 and prior)

Action-Not Available
Vendor-
Product-opc_ua_module_for_m580opc_ua_module_for_m580_firmwarex80_advanced_rtu_module_firmwarex80_advanced_rtu_moduleOPC UA Modicon Communication ModuleX80 advanced RTU Communication Module
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2023-6407
Matching Score-6
Assigner-Schneider Electric
ShareView Details
Matching Score-6
Assigner-Schneider Electric
CVSS Score-5.3||MEDIUM
EPSS-0.06% / 17.06%
||
7 Day CHG~0.00%
Published-14 Dec, 2023 | 05:02
Updated-02 Aug, 2024 | 08:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause arbitrary file deletion upon service restart when accessed by a local and low-privileged attacker.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_10_1507easy_ups_online_monitoring_softwarewindows_11_21h2windows_server_2022windows_server_2019Easy UPS Online Monitoring Software
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2023-6032
Matching Score-6
Assigner-Schneider Electric
ShareView Details
Matching Score-6
Assigner-Schneider Electric
CVSS Score-5.3||MEDIUM
EPSS-0.19% / 40.85%
||
7 Day CHG~0.00%
Published-15 Nov, 2023 | 03:54
Updated-02 Aug, 2024 | 08:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause a file system enumeration and file download when an attacker navigates to the Network Management Card via HTTPS.

Action-Not Available
Vendor-
Product-galaxy_vl_firmwaregalaxy_vsgalaxy_vs_firmwaregalaxy_vlGalaxy VSGalaxy VL
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2015-3940
Matching Score-6
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-6
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-6.9||MEDIUM
EPSS-0.05% / 14.52%
||
7 Day CHG~0.00%
Published-04 Aug, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in Schneider Electric Wonderware System Platform before 2014 R2 Patch 01 allows local users to gain privileges via a Trojan horse DLL in an unspecified directory.

Action-Not Available
Vendor-n/aSchneider Electric SE
Product-wonderware_system_platform_2014n/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2023-5399
Matching Score-6
Assigner-Schneider Electric
ShareView Details
Matching Score-6
Assigner-Schneider Electric
CVSS Score-9.8||CRITICAL
EPSS-25.06% / 95.96%
||
7 Day CHG~0.00%
Published-04 Oct, 2023 | 18:07
Updated-27 Feb, 2025 | 20:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause tampering of files on the personal computer running C-Bus when using the File Command.

Action-Not Available
Vendor-Schneider Electric SE
Product-spacelogic_c-bus_toolkitC-Bus Toolkit
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-22804
Matching Score-6
Assigner-Schneider Electric
ShareView Details
Matching Score-6
Assigner-Schneider Electric
CVSS Score-7.5||HIGH
EPSS-0.49% / 64.57%
||
7 Day CHG~0.00%
Published-11 Feb, 2022 | 17:40
Updated-03 Aug, 2024 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists that could cause disclosure of arbitrary files being read in the context of the user running IGSS, due to missing validation of user supplied data in network messages. Affected Product: Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21243 and prior)

Action-Not Available
Vendor-n/a
Product-interactive_graphical_scada_system_data_collectorInteractive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21243 and prior)
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-22717
Matching Score-6
Assigner-Schneider Electric
ShareView Details
Matching Score-6
Assigner-Schneider Electric
CVSS Score-8.8||HIGH
EPSS-17.68% / 94.85%
||
7 Day CHG~0.00%
Published-13 Apr, 2021 | 18:31
Updated-03 Aug, 2024 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in C-Bus Toolkit (V1.15.7 and prior) that could allow a remote code execution when processing config files.

Action-Not Available
Vendor-n/a
Product-c-bus_toolkitC-Bus Toolkit V1.15.7 and prior
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-22720
Matching Score-6
Assigner-Schneider Electric
ShareView Details
Matching Score-6
Assigner-Schneider Electric
CVSS Score-7.2||HIGH
EPSS-12.00% / 93.51%
||
7 Day CHG~0.00%
Published-13 Apr, 2021 | 18:32
Updated-03 Aug, 2024 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in C-Bus Toolkit (V1.15.7 and prior) that could allow a remote code execution when restoring a project.

Action-Not Available
Vendor-n/a
Product-c-bus_toolkitC-Bus Toolkit V1.15.7 and prior
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-22794
Matching Score-6
Assigner-Schneider Electric
ShareView Details
Matching Score-6
Assigner-Schneider Electric
CVSS Score-9.1||CRITICAL
EPSS-3.73% / 87.53%
||
7 Day CHG~0.00%
Published-28 Mar, 2022 | 16:25
Updated-03 Aug, 2024 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause remote code execution. Affected Product: StruxureWare Data Center Expert (V7.8.1 and prior)

Action-Not Available
Vendor-
Product-struxureware_data_center_expertStruxureWare Data Center Expert
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-22704
Matching Score-6
Assigner-Schneider Electric
ShareView Details
Matching Score-6
Assigner-Schneider Electric
CVSS Score-9.1||CRITICAL
EPSS-0.60% / 68.51%
||
7 Day CHG~0.00%
Published-02 Sep, 2021 | 16:53
Updated-03 Aug, 2024 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists in Harmony/HMI Products Configured by Vijeo Designer (all versions prior to V6.2 SP11 ), Vijeo Designer Basic (all versions prior to V1.2), or EcoStruxure Machine Expert (all versions prior to V2.0) that could cause a Denial of Service or unauthorized access to system information when connecting to the Harmony HMI over FTP.

Action-Not Available
Vendor-n/a
Product-harmony_gkvijeo_designerharmony_scuecostruxure_machine_expertharmony_stuharmony_gtuharmony_gxuharmony_gtoharmony_stoharmony_gtuxHarmony/HMI Products Configured by Vijeo Designer (all versions prior to V6.2 SP11 ), Vijeo Designer Basic (all versions prior to V1.2), or EcoStruxure Machine Expert (all versions prior to V2.0)
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-22748
Matching Score-6
Assigner-Schneider Electric
ShareView Details
Matching Score-6
Assigner-Schneider Electric
CVSS Score-8.8||HIGH
EPSS-3.80% / 87.63%
||
7 Day CHG~0.00%
Published-11 Feb, 2022 | 17:40
Updated-03 Aug, 2024 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could allow a remote code execution when a file is saved. Affected Product: C-Bus Toolkit (V1.15.9 and prior), C-Gate Server (V2.11.7 and prior)

Action-Not Available
Vendor-n/a
Product-c-bus_toolkitC-Bus Toolkit (V1.15.9 and prior), C-Gate Server (V2.11.7 and prior)
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2014-0754
Matching Score-6
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-6
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-10||HIGH
EPSS-2.25% / 83.92%
||
7 Day CHG-3.15%
Published-03 Oct, 2014 | 18:00
Updated-26 Aug, 2025 | 00:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Schneider Electric

Directory traversal vulnerability in SchneiderWEB on Schneider Electric Modicon PLC Ethernet modules 140CPU65x Exec before 5.5, 140NOC78x Exec before 1.62, 140NOE77x Exec before 6.2, BMXNOC0401 before 2.05, BMXNOE0100 before 2.9, BMXNOE0110x Exec before 6.0, TSXETC101 Exec before 2.04, TSXETY4103x Exec before 5.7, TSXETY5103x Exec before 5.9, TSXP57x ETYPort Exec before 5.7, and TSXP57x Ethernet Copro Exec before 5.5 allows remote attackers to visit arbitrary resources via a crafted HTTP request.

Action-Not Available
Vendor-Schneider Electric SE
Product-tsxety4103_firmwaretsxp572634mtsxp573623mctsxety5103_firmwaretsxp575634mtsxety110wsc171ccc96020c171ccc96020_firmwaretsxety4103cstbnip2212_firmwaremodicon_m340_bmxp3420302tsxwmy100c_firmwaremodicon_m340_bmxnoe0110h_firmware171ccc96020modicon_m340_bmxnor0200hmodicon_m340_bmxp342030htsxety5103ctsxetz410tsxp571634m_firmwaretsxp573623mc_firmware171ccc98030_firmwaretsxp576634m_firmwaremodicon_m340_bmxnoc0401tsxety110wstsxp574823mc_firmware171ccc96030tsxety5103c_firmwarestbnic2212171ccc96020c_firmwaretsxetz510_firmwaremodicon_m340_bmxp342030_firmwaremodicon_m340_bmxnoe0110tsxp572634m_firmwaremodicon_m580_bmxnoc0402tsxetc0101_firmwaremodicon_m340_bmxp3420302_firmwaremodicon_m340_bmxnoe0110htsxetc100tsxp574823am_firmwarestbnip2212tsxetz510tsxntp100tsxp576634mtsxety4103c_firmwaretsxp571634m171ccc96030_firmwaretsxp574823mctsxetz410_firmwaretsxety110wsc_firmwaretsxety4103171ccc96030ctsxp574823ammodicon_m340_bmxnoe0100_firmware171ccc96030c_firmwaretsxp574823m_firmwaretsxntp100_firmwaremodicon_m340_bmxnoc0401_firmware171ccc98020_firmwaretsxwmy100_firmwaremodicon_m340_bmxp3420302h_firmwaretsxety5103modicon_m340_bmxnor0200h_firmwaremodicon_m340_bmxp342020h_firmware171ccc98020modicon_m580_bmxnoc0402_firmwarestbnic2212_firmwaremodicon_m340_bmxp342020tsxp574634mtsxetc100_firmwaretsxp574823mtsxp573634mtsxwmy100modicon_m340_bmxp342030h_firmwaretsxwmy100cmodicon_m340_bmxp342020_firmwaremodicon_m340_bmxnoe0110_firmwaremodicon_m340_bmxnoe0100modicon_m340_bmxp3420302htsxety110ws_firmwaretsxp574634m_firmwaretsxetc0101tsxp575634m_firmwaremodicon_m340_bmxp342020htsxp573634m_firmwaremodicon_m340_bmxp342030171ccc98030Ethernet modules for M340, Quantum and Premium PLC ranges
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next
Details not found