Vulnerabilidades em Schneider Electric
302 resultadosCVE-2026-6866HIGHInitialization of a Resource with an Insecure Default vulnerability on EcoStruxure™ Panel ServerEPSS 0.3%CVE-2022-34754MEDIUMA CWE-269: Improper Privilege Management vulnerability exists that could allow elevated functionality when guessing credentials. Affected PrEPSS 0.3%CVE-2024-8401MEDIUMCWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
vulnerability exists when an authenticated attaEPSS 0.3%CVE-2023-5630MEDIUM
A CWE-494: Download of Code Without Integrity Check vulnerability exists that could allow a
privileged user to install an untrusted firmwEPSS 0.3%CVE-2024-2602HIGHCWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path
Traversal') vulnerability exists that could result in remote codeEPSS 0.3%CVE-2024-8933HIGHCWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel
vulnerability exists that could cause retrEPSS 0.3%CVE-2024-12476HIGHCWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could
cause information disclosure, impacts workstaEPSS 0.3%CVE-2022-34757MEDIUMA CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists where weak cipher suites can be used for the SSH connectionEPSS 0.3%CVE-2026-2402MEDIUMCWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists that would allow an attacker to gain access to the usEPSS 0.3%CVE-2026-4832MEDIUMCWE-798 Use of Hard-coded Credentials vulnerability exists that could cause unauthorized access to sensitive device information when an unauEPSS 0.3%CVE-2025-6788MEDIUMA CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that exposes TGML diagram resources
to the wrong control sphere, providEPSS 0.3%CVE-2022-22732LOWA CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that could cause all remote domains to access the resources (data) suppEPSS 0.3%CVE-2022-32512MEDIUMA CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause remote code executiEPSS 0.3%CVE-2024-6528MEDIUMCWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site
Scripting') vulnerability exists that could cause a vulneraEPSS 0.3%CVE-2025-0813HIGHCWE-287: Improper Authentication vulnerability exists that could cause an Authentication Bypass when an
unauthorized user without permissionEPSS 0.3%CVE-2026-9716HIGHCWE-476 NULL Pointer Dereference vulnerability exists that could cause a denial-of-service condition, rendering the device’s HMI and configuEPSS 0.3%CVE-2022-34763MEDIUMA CWE-345: Insufficient Verification of Data Authenticity vulnerability exists that could cause loading of unauthorized firmware images due EPSS 0.3%CVE-2025-2222HIGHCWE-552: Files or Directories Accessible to External Parties vulnerability over https exists that could leak
information and potential priviEPSS 0.3%CVE-2022-41671HIGHA CWE-89: Improper Neutralization of Special Elements used in SQL Command (‘SQL Injection’) vulnerability exists that allows adversaries witEPSS 0.3%CVE-2026-9650HIGHCWE-522 Insufficiently Protected Credentials vulnerability that could cause unauthorized access and exposure of sensitive information when uEPSS 0.2%