cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-2052,https://securityvulnerability.io/vulnerability/CVE-2024-2052,UnAuthenticated File and Log Exfiltration,"A vulnerability exists within Schneider Electric's software that allows for unauthorized access to files and directories. This misconfiguration may result in unauthenticated users being able to exfiltrate sensitive files and logs by simply altering the URL to direct downloadable content to unintended locations. Such exposure could lead to significant security risks, especially in environments where sensitive data is processed or stored.",Schneider Electric,"Easergy T200 (modbus) Models: T200i, T200e, T200p, T200s, T200h,Easergy T200 (iec104) Models: T200i, T200e, T200p, T200s, T200h,Easergy T200 (dnp3) Models: T200i, T200e, T200p, T200s, T200h",7.5,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-03-18T16:05:47.722Z,0
CVE-2024-2050,https://securityvulnerability.io/vulnerability/CVE-2024-2050,Arbitrary Malicious JavaScript Code Injection Vulnerability,"A Cross-site Scripting (XSS) vulnerability arises in certain Schneider Electric products due to improper neutralization of user-supplied input during web page generation. This flaw permits attackers to inject malicious JavaScript code into web applications. Upon execution, this code can lead to unauthorized actions, data exfiltration, and compromise of user sessions, making it crucial for users to apply necessary security patches and follow best practices for mitigating XSS risks.",Schneider Electric,"Easergy T200 (modbus) Models: T200i, T200e, T200p, T200s, T200h,Easergy T200 (iec104) Models: T200i, T200e, T200p, T200s, T200h,Easergy T200 (dnp3) Models: T200i, T200e, T200p, T200s, T200h",8.2,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-03-18T16:04:57.375Z,0
CVE-2024-2051,https://securityvulnerability.io/vulnerability/CVE-2024-2051,Account Takeover and Unauthorized Access Vulnerability,"A vulnerability exists within Schneider Electric's product due to improper restriction of excessive authentication attempts, categorized by CWE-307. Attackers are able to exploit this weakness through brute-force attacks on the login interface, which could lead to unauthorized account access and potential compromise of sensitive information. It is crucial for users of the affected products to implement additional security measures to mitigate the risks associated with this vulnerability.",Schneider Electric,"Easergy T200 (modbus) Models: T200i, T200e, T200p, T200s, T200h,Easergy T200 (iec104) Models: T200i, T200e, T200p, T200s, T200h,Easergy T200 (dnp3) Models: T200i, T200e, T200p, T200s, T200h",9.8,CRITICAL,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-03-18T16:03:44.987Z,0