Vulnerabilities in Schneider Electric
302 resultsCVE-2025-1058HIGHCWE-494: Download of Code Without Integrity Check vulnerability exists that could render the device
inoperable when malicious firmware is doEPSS 0.2%CVE-2025-5742MEDIUMCWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
vulnerability exists when an authenticated userEPSS 0.2%CVE-2022-41667HIGHA CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that allows adversaries with lEPSS 0.2%CVE-2024-8422HIGHCWE-416: Use After Free vulnerability exists that could cause arbitrary code execution, denial
of service and loss of confidentiality & inteEPSS 0.2%CVE-2024-8306HIGHCWE-269: Improper Privilege Management vulnerability exists that could cause unauthorized
access, loss of confidentiality, integrity and avaEPSS 0.2%CVE-2025-2442MEDIUMCWE-1188: Initialization of a Resource with an Insecure Default vulnerability exists that could potentially lead to
unauthorized access whicEPSS 0.2%CVE-2026-2399MEDIUMCWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause critical files oEPSS 0.2%CVE-2025-5296HIGHCWE-59: Improper Link Resolution Before File Access ('Link Following') vulnerability exists that could cause
arbitrary data to be written tEPSS 0.2%CVE-2022-41668HIGHA CWE-704: Incorrect Project Conversion vulnerability exists that allows adversaries with local user privileges to load a project file from EPSS 0.2%CVE-2025-50122HIGHA CWE-331: Insufficient Entropy vulnerability exists that could cause root password discovery when the
password generation algorithm is reveEPSS 0.2%CVE-2023-37200MEDIUM
A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that
could cause loss of confidentiality when replaciEPSS 0.2%CVE-2023-2569HIGH
A CWE-787: Out-of-Bounds Write vulnerability exists that could cause local denial-of-service,
elevation of privilege, and potentially kerneEPSS 0.2%CVE-2022-37302MEDIUMA CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause a crash of the ContEPSS 0.2%CVE-2022-34755MEDIUM
A CWE-427 - Uncontrolled Search Path Element vulnerability exists that could allow an attacker
with a local privileged account to place a sEPSS 0.2%CVE-2025-3117MEDIUMCWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability
exists impacting configuration fiEPSS 0.2%CVE-2022-41670HIGHA CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in the SGIUtility component thEPSS 0.2%CVE-2025-11739HIGHCWE‑502: Deserialization of Untrusted Data vulnerability exists that could cause arbitrary code execution with administrative privileges wheEPSS 0.2%CVE-2026-2404MEDIUMCWE-116 Improper Encoding or Escaping of Output vulnerability exists that could cause log injection and forged log when an attacker alters tEPSS 0.2%CVE-2025-2441MEDIUMCWE-1188: Initialization of a Resource with an Insecure Default vulnerability exists that could lead to loss of
confidentiality when a malicEPSS 0.2%CVE-2025-50124HIGHA
CWE-269: Improper Privilege Management vulnerability exists that could cause privilege escalation when the
server is accessed by a prEPSS 0.2%