cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-5985,https://securityvulnerability.io/vulnerability/CVE-2023-5985,Improper Input Neutralization in Schneider Electric's Web System,"A vulnerability categorized as CWE-79 arises from improper neutralization of user input during the generation of web pages in Schneider Electric's products. This flaw can be exploited by an attacker who holds admin privileges, leading to potential browser compromise for users due to the manipulation of system values. This situation emphasizes the importance of proper input handling and validation mechanisms in web applications to safeguard user sessions and data integrity.",Schneider Electric,"Ion8650,Ion8800",4.8,MEDIUM,0.0005300000193528831,false,,false,false,false,,,false,false,,2023-11-15T04:15:00.000Z,0
CVE-2023-5984,https://securityvulnerability.io/vulnerability/CVE-2023-5984,Download of Code Without Integrity Check Vulnerability in Schneider Electric Products,"A vulnerability exists in Schneider Electric's firmware update process, which allows for the possibility of modified firmware being uploaded due to a lack of integrity checks. This flaw could be exploited during an authorized admin's firmware update procedure, potentially leading to unauthorized modifications and security risks. Users of Schneider Electric products should ensure they follow best practices for firmware updates to mitigate potential threats.",Schneider Electric,"ION8650,ION8800 ",4.9,MEDIUM,0.0005300000193528831,false,,false,false,false,,,false,false,,2023-11-15T04:15:00.000Z,0
CVE-2022-46680,https://securityvulnerability.io/vulnerability/CVE-2022-46680,Cleartext Transmission Vulnerability in Schneider Electric Products,"A vulnerability exists in Schneider Electric Network Products that allows sensitive information to be transmitted in cleartext. This issue potentially enables an attacker to intercept network traffic, leading to the exposure of confidential data, unauthorized modification of data, or even denial of service conditions. Organizations using affected products should take immediate steps to secure their network communications to mitigate these risks.",Schneider Electric,"Powerlogic Ion9000,Powerlogic Ion7400,Powerlogic Pm8000,Powerlogic Ion8650,Powerlogic Ion8800,Legacy Ion Products",8.8,HIGH,0.0013299999991431832,false,,false,false,false,,,false,false,,2023-05-22T13:25:40.615Z,0
CVE-2021-22713,https://securityvulnerability.io/vulnerability/CVE-2021-22713,Improper Restriction of Operations in PowerLogic Meters by Schneider Electric,"A vulnerability has been identified in Schneider Electric's PowerLogic meters, where improper restrictions on memory buffer operations can lead to unintended behavior, including potential system reboots. This issue arises from inadequate checks on memory boundaries, which could be exploited to disrupt normal meter operations. Users of affected models should take necessary precautions as detailed in the security notification.",Schneider Electric,"Powerlogic Ion8650, Ion8800, Ion7650, Ion7700/73xx, And Ion83xx/84xx/85xx/8600 (see Security Notifcation For Affected Versions)",7.5,HIGH,0.0008299999753944576,false,,false,false,false,,,false,false,,2021-03-11T20:15:27.000Z,0
CVE-2021-22701,https://securityvulnerability.io/vulnerability/CVE-2021-22701,Cross-Site Request Forgery in PowerLogic Devices from Schneider Electric,"A Cross-Site Request Forgery (CSRF) vulnerability exists in Schneider Electric's PowerLogic devices, including ION7400, ION7650, and several ION series models. This flaw allows an attacker to trick a user into executing unintended actions through the device's HTTP web interface, potentially compromising device integrity and operations. Users accessing the affected PowerLogic models without proper safeguards may unknowingly execute harmful commands.",Schneider Electric,"Powerlogic Ion7400, Ion7650, Ion83xx/84xx/85xx/8600, Ion8650, Ion8800, Ion9000 And Pm800 (see Notification For Affected Versions)",4.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2021-02-19T15:15:16.000Z,0
CVE-2021-22703,https://securityvulnerability.io/vulnerability/CVE-2021-22703,Cleartext Transmission Vulnerability in PowerLogic Devices by Schneider Electric,"A vulnerability in Schneider Electric's PowerLogic ION series exposes sensitive user credentials during HTTP communication. Malicious actors can exploit this flaw by intercepting network traffic, potentially allowing unauthorized access to critical system information. Organizations using affected models should prioritize mitigating this risk to protect sensitive data from interception.",Schneider Electric,"Powerlogic Ion7400, Ion7650, Ion83xx/84xx/85xx/8600, Ion8650, Ion8800, Ion9000 And Pm800 (see Notification For Affected Versions)",7.5,HIGH,0.0011500000255182385,false,,false,false,false,,,false,false,,2021-02-19T15:14:25.000Z,0
CVE-2021-22702,https://securityvulnerability.io/vulnerability/CVE-2021-22702,Cleartext Transmission Vulnerability in PowerLogic Devices by Schneider Electric,"A vulnerability in Schneider Electric's PowerLogic devices permits the transmission of sensitive information, including user credentials, in cleartext over Telnet. This issue allows attackers to intercept network traffic between users and the device, posing significant risks of unauthorized access and exposure of sensitive data. Promptly addressing this vulnerability is essential to prevent potential breaches and ensure secure communications in industrial environments.",Schneider Electric,"Powerlogic Ion7400, Ion7650, Ion7700/73xx, Ion83xx/84xx/85xx/8600, Ion8650, Ion8800, Ion9000 And Pm800 (see Notification For Affected Versions)",7.5,HIGH,0.0011500000255182385,false,,false,false,false,,,false,false,,2021-02-19T15:13:31.000Z,0