S

Schneider-Electric Security Vulnerabilities (CVE)

Explore vulnerabilities and security advisories affecting Schneider-Electric products.

55 known CVE vulnerabilities tracked

Critical
12
High
29
Medium
14
Low
0
None
0

Vulnerabilities By Year

1
2014
4
2017
6
2018
6
2019
18
2020
15
2021
5
2022

Products Affected

Modicon M221 Firmware 9 Modicon M580 Firmware 5 Powerlogic Egx100 Firmware 4 Modicon M340 Bmxp341000 4 Modicon M340 Bmxp342020 Firmware 4 Powerlogic Pm5560 Firmware 3 Modicon Tsxety4103 Firmware 3 Powerlogic Ion7400 Firmware 3 Ecostruxure Machine Expert 2 Modicon Tm221Ce16R Firmware 2 Somachine Basic 2 Floating License Manager 1 Modbus Firmware 1 Modicon M100 Firmware 1 Bmx P34X Firmware 1 140Noe77101 Firmware 1 Ecostruxure Building Operation 1 Enterprise Server Installer 1 Modicon M258 Firmware 1 Modicon M241 Firmware 1 Modicon M340 Firmware 1 Modicon M340 Bmxp341000 Firmware 1 Powerlogic Ion8650 Firmware 1 Ecostruxure Control Expert 1 Smt Series 1015 Ups Firmware 1

All Schneider-Electric CVEs

Recent Highest Score Oldest
CVE-2022-0715
9.1 critical

A CWE-287: Improper Authentication vulnerability exists that could cause an attacker to arbitrarily change the behavior of the UPS when a key is leaked and used to upload malicious firmware. Affected Product: APC Smart-UPS Family: SMT Series (SMT Series ID=18: UPS 09.8 and prior / SMT Series ID=1040

Smt Series 1015 Ups Firmware Mar 9, 2022
CVE-2021-22788
7.5 high

A CWE-787: Out-of-bounds Write vulnerability exists that could cause denial of service when an attacker sends a specially crafted HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXN

Modicon M340 Bmxp342020 Firmware Feb 11, 2022
CVE-2021-22787
7.5 high

A CWE-20: Improper Input Validation vulnerability exists that could cause denial of service of the device when an attacker sends a specially crafted HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communic

Modicon M340 Bmxp342020 Firmware Feb 11, 2022
CVE-2021-22785
7.5 high

A CWE-200: Information Exposure vulnerability exists that could cause sensitive information of files located in the web root directory to leak when an attacker sends a HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X8

Modicon M340 Bmxp342020 Firmware Feb 11, 2022
CVE-2020-7534
8.8 high

A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists on the web server used, that could cause a leak of sensitive data or unauthorized actions on the web server during the time the user is logged in. Affected Products: Modicon M340 CPUs: BMXP34 (All Versions), Modicon Quantum CPUs with

Modicon M340 Bmxp342020 Firmware Feb 4, 2022
CVE-2021-22792
7.5 high

A CWE-476: NULL Pointer Dereference vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (p

Modicon M340 Bmxp341000 Sep 2, 2021
CVE-2021-22791
6.5 medium

A CWE-787: Out-of-bounds Write vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part n

Modicon M340 Bmxp341000 Sep 2, 2021
CVE-2021-22790
6.5 medium

A CWE-125: Out-of-bounds Read vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part nu

Modicon M340 Bmxp341000 Sep 2, 2021
CVE-2021-22789
6.5 medium

A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU (part numbers BMEP

Modicon M340 Bmxp341000 Sep 2, 2021
CVE-2021-22779
9.1 critical

Authentication Bypass by Spoofing vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Control Expert V15.0 SP1, EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), SCADAPack Re

Ecostruxure Control Expert Jul 14, 2021
CVE-2021-22768
9.8 critical

A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service or remote code execution via a specially crafted HTTP packet.This CVE ID is unique from CVE-2021-22767

Powerlogic Egx100 Firmware Jun 11, 2021
CVE-2021-22767
9.8 critical

A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service or remote code execution via a specially crafted HTTP packet.This CVE ID is unique from CVE-2021-2276

Powerlogic Egx100 Firmware Jun 11, 2021
CVE-2021-22766
7.5 high

A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service via a specially crafted HTTP packet

Powerlogic Egx100 Firmware Jun 11, 2021
CVE-2021-22765
9.8 critical

A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service or remote code execution via a specially crafted HTTP packet

Powerlogic Egx100 Firmware Jun 11, 2021
CVE-2021-22764
5.3 medium

A CWE-287: Improper Authentication vulnerability exists in PowerLogic PM55xx, PowerLogic PM8ECC, PowerLogic EGX100 and PowerLogic EGX300 (see security notification for version infromation) that could cause loss of connectivity to the device via Modbus TCP protocol when an attacker sends a specially

Powerlogic Pm5560 Firmware Jun 11, 2021
CVE-2021-22763
9.8 critical

A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists in PowerLogic PM55xx, PowerLogic PM8ECC, PowerLogic EGX100 and PowerLogic EGX300 (see security notification for version infromation) that could allow an attacker administrator level access to a device.

Powerlogic Pm5560 Firmware Jun 11, 2021
CVE-2021-22713
7.5 high

A CWE-119:Improper restriction of operations within the bounds of a memory buffer vulnerability exists in PowerLogic ION8650, ION8800, ION7650, ION7700/73xx, and ION83xx/84xx/85xx/8600 (see security notifcation for affected versions), which could cause the meter to reboot.

Powerlogic Ion8650 Firmware Mar 11, 2021
CVE-2021-22703
7.5 high

A CWE-319: Cleartext transmission of sensitive information vulnerability exists in PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected versions), that could cause disclosure of user credentials when a malicious actor intercepts HTTP

Powerlogic Ion7400 Firmware Feb 19, 2021
CVE-2021-22702
7.5 high

A CWE-319: Cleartext transmission of sensitive information vulnerability exists in PowerLogic ION7400, ION7650, ION7700/73xx, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected versions), that could cause disclosure of user credentials when a malicious actor i

Powerlogic Ion7400 Firmware Feb 19, 2021
CVE-2021-22701
4.5 medium

A CWE-352: Cross-Site Request Forgery vulnerability exists in PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected versions), that could cause a user to perform an unintended action on the target device when using the HTTP web interf

Powerlogic Ion7400 Firmware Feb 19, 2021
CVE-2020-7549
5.3 medium

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause denial of HTTP and FTP se

Modicon M340 Bmxp341000 Firmware Dec 11, 2020
CVE-2020-28220
6.8 medium

A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Modicon M258 Firmware (All versions prior to V5.0.4.11) and SoMachine/SoMachine Motion software (All versions), that could cause a buffer overflow when the length of a file transferred to the w

Modicon M258 Firmware Dec 11, 2020
CVE-2020-28214
5.5 medium

A CWE-760: Use of a One-Way Hash with a Predictable Salt vulnerability exists in Modicon M221 (all references, all versions), that could allow an attacker to pre-compute the hash value using dictionary attack technique such as rainbow tables, effectively disabling the protection that an unpredictabl

Modicon M221 Firmware Dec 11, 2020
CVE-2020-7568
4.3 medium

A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Modicon M221 (all references, all versions) that could allow non sensitive information disclosure when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 con

Modicon M221 Firmware Nov 19, 2020