Vulnerabilidades en Schneider ELectric
302 resultadosCVE-2023-27980HIGHA CWE-306: Missing Authentication for Critical Function vulnerability exists in the Data Server TCP interface that could allow the creation EPSS 0.9%CVE-2023-25555MEDIUM
A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS
Command Injection') vulnerability exists thaEPSS 0.9%CVE-2025-54926HIGHCWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause remote code exeEPSS 0.8%CVE-2022-24323MEDIUMA CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause a disruption of communication between EPSS 0.8%CVE-2023-27976HIGH
A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that could cause
remote code execution when a valid user visits a maliEPSS 0.8%CVE-2023-5391CRITICAL
A CWE-502: Deserialization of untrusted data vulnerability exists that could allow an attacker to
execute arbitrary code on the targeted EPSS 0.8%CVE-2024-37039MEDIUMCWE-252: Unchecked Return Value vulnerability exists that could cause denial of service of the
device when an attacker sends a specially craEPSS 0.8%CVE-2022-22731MEDIUMA CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in a function that could allowEPSS 0.8%CVE-2022-32514CRITICALA CWE-287: Improper Authentication vulnerability exists that could allow an attacker to gain control of the device when logging into a web pEPSS 0.8%CVE-2024-9409HIGHCWE-400: An Uncontrolled Resource Consumption vulnerability exists that could cause the device to become
unresponsive resulting in communicaEPSS 0.8%CVE-2022-0223MEDIUMA CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could allow an attacker tEPSS 0.8%CVE-2021-22716HIGHA CWE-732: Incorrect Permission Assignment for Critical Resource vulnerability exists that could allow remote code execution when an unpriviEPSS 0.8%CVE-2022-34761HIGHA CWE-476: NULL Pointer Dereference vulnerability exists that could cause a denial of service of the webserver when parsing JSON content typEPSS 0.8%CVE-2024-2051CRITICAL
CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that
could cause account takeover and unauthorized EPSS 0.8%CVE-2014-2380—Schneider Electric Wonderware Inadequate Encryption StrengthEPSS 0.8%CVE-2023-37199MEDIUM
A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that
could cause remote code execution when an admEPSS 0.8%CVE-2023-37198MEDIUM
A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that
could cause remote code execution when anEPSS 0.8%CVE-2022-30236HIGHA CWE-669: Incorrect Resource Transfer Between Spheres vulnerability exists that could allow unauthorized access when an attacker uses crossEPSS 0.7%CVE-2023-27981HIGHA CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists in Custom Reports that could cause a remote code EPSS 0.7%CVE-2022-42970CRITICALA CWE-306: Missing Authentication for Critical Function The software does not perform any authentication for functionality that requires a pEPSS 0.7%