cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2025-0815,https://securityvulnerability.io/vulnerability/CVE-2025-0815,Improper Input Validation in Schneider Electric Devices,"A vulnerability exists in Schneider Electric devices due to improper input validation, which may lead to a Denial-of-Service condition when malicious ICMPV6 packets are transmitted to the device. This flaw could disrupt the normal functioning of the affected products, making them susceptible to targeted attacks that exploit this weakness.",Schneider Electric,"Enerlin’x Ife Interface (lv434001),Enerlin’x Eife (lv851001)",7.1,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-13T06:39:22.828Z,0
CVE-2025-0816,https://securityvulnerability.io/vulnerability/CVE-2025-0816,Improper Input Validation in Schneider Electric Device,"An improper input validation vulnerability has been identified in Schneider Electric network devices. This flaw could be exploited by sending malicious IPV6 packets to the device, potentially resulting in a Denial-of-Service condition. Organizations using these devices should take preemptive measures to mitigate the risk associated with this vulnerability.",Schneider Electric,"Enerlin’x Ife Interface (lv434001),Enerlin’x Eife (lv851001)",7.1,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-13T06:38:12.426Z,0
CVE-2025-0327,https://securityvulnerability.io/vulnerability/CVE-2025-0327,Improper Privilege Management Vulnerability in Schneider Electric Services,"An improper privilege management vulnerability has been identified in Schneider Electric services, specifically in the services that manage audit trail data and client requests. This flaw allows an attacker with standard user privileges to modify the executable path of these Windows services. Exploiting this vulnerability requires a service restart, which can lead to significant risks involving the confidentiality, integrity, and availability of the engineering workstation involved.",Schneider Electric,"Ecostruxure Process Expert,Ecostruxure Process Expert For Aveva System Platform",8.5,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-13T06:20:26.852Z,0
CVE-2025-1070,https://securityvulnerability.io/vulnerability/CVE-2025-1070,Unrestricted File Upload Vulnerability in Schneider Electric Products,"An unrestricted file upload vulnerability exists in certain Schneider Electric products, which can be exploited by an attacker to upload malicious files. This flaw may lead to severe consequences, including the potential inoperability of affected devices. To mitigate these risks, it is crucial for users to implement security measures that restrict file types and thoroughly monitor file uploads in their systems.",Schneider Electric,"Asco 5310 Single-channel Remote Annunciator,Asco 5350 Eight Channel Remote Annunciator",7.2,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-13T05:55:55.497Z,0
CVE-2025-1060,https://securityvulnerability.io/vulnerability/CVE-2025-1060,Cleartext Transmission Vulnerability in Schneider Electric Products,"This vulnerability involves inadequate encryption measures during data transmission, leading to potential interception of sensitive information by unauthorized parties. When network traffic is unencrypted, attackers can easily capture and exploit this data, posing a significant risk to the privacy and security of users relying on Schneider Electric products for their operations. It is crucial for users to implement secure communication protocols to mitigate this risk.",Schneider Electric,"Asco 5310 Single-channel Remote Annunciator,Asco 5350 Eight Channel Remote Annunciator",8.7,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-13T05:53:14.338Z,0
CVE-2025-1059,https://securityvulnerability.io/vulnerability/CVE-2025-1059,Resource Allocation Vulnerability in Schneider Electric Webserver,"A resource allocation vulnerability exists in Schneider Electric Webserver that allows for the potential disruption of communications. This issue arises when malicious packets are sent, which can overwhelm the server and cause it to become unresponsive. Implementing proper resource limits and throttling mechanisms is essential to mitigate this risk and ensure continued device functionality.",Schneider Electric,"Asco 5310 Single-channel Remote Annunciator,Asco 5350 Eight Channel Remote Annunciator",8.7,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-13T05:49:51.234Z,0
CVE-2025-1058,https://securityvulnerability.io/vulnerability/CVE-2025-1058,Code Integrity Issue in Schneider Electric's Firmware,"A significant vulnerability exists in Schneider Electric's firmware that allows the download of malicious firmware without integrity checks. This flaw could potentially render affected devices inoperable, exposing them to risks if exploited by cybercriminals.",Schneider Electric,"Asco 5310 Single-channel Remote Annunciator,Asco 5350 Eight Channel Remote Annunciator",7.2,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-13T05:45:05.513Z,0
CVE-2024-10497,https://securityvulnerability.io/vulnerability/CVE-2024-10497,Authorization Bypass Vulnerability in Schneider Electric Products,"A vulnerability exists in certain Schneider Electric devices that allows an attacker with authorized access to exploit an authorization bypass due to a user-controlled key. This flaw enables the alteration of values outside the defined user privileges by sending crafted HTTPS requests to the device, which could potentially lead to unauthorized actions or increased access rights.",Schneider Electric,Powerlogic Hdpm6000,8.7,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-17T10:27:52.954Z,0
CVE-2024-12703,https://securityvulnerability.io/vulnerability/CVE-2024-12703,Deserialization Vulnerability in Schneider Electric Products,"A deserialization vulnerability exists in Schneider Electric products that could allow an authenticated non-admin user to inadvertently execute malicious code. This occurs when the user opens a compromised project file, potentially resulting in exposure to confidential data and integrity risks. Attackers can exploit this vulnerability to manipulate the execution flow, leading to unauthorized access and control over the affected workstation systems.",Schneider Electric,Remoteconnect And Scadapack X70 Utilities,8.5,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-17T10:23:52.108Z,0
CVE-2024-12142,https://securityvulnerability.io/vulnerability/CVE-2024-12142,Sensitive Information Exposure in Schneider Electric Web Products,"A vulnerability exists within Schneider Electric’s web products that allows unauthorized users to access sensitive information. This exposure could lead to information disclosure of restricted web pages, and potentially allow modifications to such pages. In certain scenarios, the vulnerability may also result in denial of service if restricted functions are improperly invoked. It is crucial for organizations using Schneider Electric's web products to assess their security measures and address any potential risks associated with this vulnerability.",Schneider Electric,"Modicon M340 Processors (part Numbers Bmxp34*),Bmxnoe0100,Bmxnoe0110,Bmxnor0200h",8.8,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-17T10:19:11.768Z,0
CVE-2024-12476,https://securityvulnerability.io/vulnerability/CVE-2024-12476,Improper XML External Entity Handling in Schneider Electric's Web Designer Tool,"A vulnerability related to improper handling of XML external entities exists within Schneider Electric's Web Designer configuration tool. This issue arises when a specially crafted XML file is imported, potentially leading to information disclosure. The flaw could compromise workstation integrity and may allow an attacker to execute remote code on affected systems, highlighting the significance of secure XML parsing practices.",Schneider Electric,"Web Designer For Bmxnor0200h,Web Designer For Bmxnoe0110(h),Web Designer For Bmenoc0311(c),Web Designer For Bmenoc0321(c)",8.4,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-17T09:42:47.616Z,0
CVE-2024-11425,https://securityvulnerability.io/vulnerability/CVE-2024-11425,Incorrect Buffer Size Calculation in Schneider Electric's Webserver Product,"A vulnerability exists in Schneider Electric's webserver that allows an unauthenticated user to send a specially crafted HTTPS packet, which can lead to a Denial-of-Service condition. This issue highlights improper buffer size calculations, enabling attackers to exploit the webserver, potentially rendering it inoperable. It is crucial for users to evaluate their systems and apply appropriate mitigations to safeguard against such vulnerabilities.",Schneider Electric,"Modicon M580 Cpu (part Numbers Bmep* And Bmeh*, Excluding M580 Cpu Safety),Modicon M580 Cpu Safety (part Numbers Bmep58*s And Bmeh58*s),Bmenor2200h,Evlink Pro Ac",8.7,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-17T09:00:32.335Z,0
CVE-2024-11999,https://securityvulnerability.io/vulnerability/CVE-2024-11999,Third-Party Component Vulnerability in Schneider Electric HMI Products,"CVE-2024-11999 is a critical vulnerability categorized as CWE-1104, related to the use of unmaintained third-party components in Schneider Electric's HMI products. This issue allows authenticated users to execute malicious code, potentially granting them complete control over the device. If successfully exploited, attackers could manipulate device functions, leading to unauthorized access and severe operational risks. Organizations using affected versions must take preventive action to secure their HMI systems against this risk. Comprehensive patching and adopting stringent security measures are essential to mitigate potential outcomes.",Schneider Electric,"Harmony (formerly Magelis) Hmist6, Hmistm6, Hmig3u, Hmig3x, Hmisto7 Series With Ecostruxure Operator Terminal Expert Runtime,Pfxst6000, Pfxstm6000, Pfxsp5000, Pfxgp4100 Series With Pro-face Blue Runtime",8.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-17T06:13:00.636Z,0
CVE-2024-11737,https://securityvulnerability.io/vulnerability/CVE-2024-11737,Unauthorized Modbus Packet Could Lead to Denial of Service and Loss of Confidentiality and Integrity,"An improper input validation vulnerability affects Schneider Electric's Modicon Series Controllers, enabling the potential for denial of service and jeopardizing the confidentiality and integrity of the controller when an unauthenticated, crafted Modbus packet is received. This security flaw highlights the necessity for robust input validation measures to safeguard against unauthorized manipulation and ensure device reliability in industrial environments.",Schneider Electric,"Modicon Controllers M241 / M251,Modicon Controllers M258 / Lmc058",9.8,CRITICAL,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-11T09:36:29.282Z,0
CVE-2024-10575,https://securityvulnerability.io/vulnerability/CVE-2024-10575,Unauthorized Access Vulnerability in Network Devices,"A vulnerability exists that allows unauthorized access due to missing authorization mechanisms within Schneider Electric network infrastructure products. When this vulnerability is exploited, it can lead to unauthorized interaction with affected devices, compromising the security of networks and potentially endangering connected systems. Effective security practices must be adopted to mitigate this risk and protect sensitive data.",Schneider Electric,Ecostruxure It Gateway,9.8,CRITICAL,0.000910000002477318,false,,false,false,false,,,false,false,,2024-11-13T04:35:44.556Z,0
CVE-2024-8070,https://securityvulnerability.io/vulnerability/CVE-2024-8070,Firmware Binary Leaks Test Credentials,"A vulnerability exists within Schneider Electric's firmware due to the cleartext storage of sensitive information. This issue particularly affects the handling of test credentials, which can be exposed within the firmware binary. Adversaries exploiting this vulnerability may gain unauthorized access to these credentials, leading to potential security breaches and unauthorized control over affected devices. Addressing this security flaw is essential to enhance the overall security posture of Schneider Electric's products and mitigate the associated risks.",Schneider Electric,"Evlink Home Smart,Schneider Charge",8.5,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-10-13T19:50:34.117Z,0
CVE-2024-8531,https://securityvulnerability.io/vulnerability/CVE-2024-8531,Manipulation of Upgrade Bundles Could Compromise Root Access,"A vulnerability exists within Schneider Electric's Data Center Expert software that pertains to improper verification of cryptographic signatures. This issue arises when upgrade bundles are manipulated to contain arbitrary bash scripts, which can then be executed with root privileges. Such a flaw raises significant security concerns, as it potentially allows unauthorized code execution, leading to system compromise and data integrity issues. Organizations utilizing this software should assess their security posture and implement necessary measures to mitigate risks associated with this vulnerability.",Schneider Electric,Data Center Expert,7.2,HIGH,0.0006500000017695129,false,,false,false,false,,,false,false,,2024-10-11T13:50:31.474Z,0
CVE-2024-9002,https://securityvulnerability.io/vulnerability/CVE-2024-9002,Unauthorized Access Risk Due to Privilege Escalation Tampering,"A vulnerability characterized by improper privilege management has been identified in Schneider Electric's workstation software. This flaw may allow non-admin authenticated users to escalate privileges through binary tampering, potentially leading to unauthorized access and compromising the confidentiality, integrity, and availability of sensitive data. Remediation is critical to mitigate risks associated with this vulnerability in the affected versions.",Schneider Electric,Easergy Studio,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-10-11T13:43:25.391Z,0
CVE-2024-8884,https://securityvulnerability.io/vulnerability/CVE-2024-8884,Exposure of Sensitive Information to an Unauthorized Actor,A vulnerability identified as CWE-200 allows for the exposure of sensitive credentials to unauthorized actors when they gain access to the Schneider Electric application over an unsecured HTTP connection. This could lead to unauthorized access and exploitation of sensitive user data. It is essential for users and system administrators to address this vulnerability to safeguard their applications against potential security threats.,Schneider Electric,"System Monitor Application In Harmony Industrial Pc HmIBMo/hmIBMi/hmipso/hmIBMp/hmIBMu/hmipsp/hmipep Series,System Monitor Application In Pro-face Industrial Pc Ps5000 Series",9.8,CRITICAL,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-10-08T10:32:24.555Z,0
CVE-2024-9005,https://securityvulnerability.io/vulnerability/CVE-2024-9005,Remote Code Execution Vulnerability,"A vulnerability exists in Schneider Electric's web server products that allows an attacker to remotely execute code on the server. This issue arises when unsafely deserialized data is posted to the server, creating a pathway for exploitation. An attacker could craft a malicious payload to take advantage of this flaw, leading to potential unauthorized access and control over the affected system. It is crucial for users of these products to assess their security posture and implement appropriate mitigations to safeguard against such threats.",Schneider Electric,Ecostruxure Power Monitoring Expert (pme),7.1,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-10-08T10:22:06.939Z,0
CVE-2024-8422,https://securityvulnerability.io/vulnerability/CVE-2024-8422,"Malicious File Could Lead to Code Execution, DoS, and Loss of Confidentiality & Integrity","A Use After Free vulnerability exists in Schneider Electric's Zelio Soft 2 software. When a user opens a malicious Zelio Soft 2 project file, it may result in arbitrary code execution, denial of service, and potential loss of confidentiality and integrity. This vulnerability poses significant risks to users who may unknowingly open compromised files, highlighting the critical need for security measures and timely updates.",Schneider Electric,Zelio Soft 2,7.8,HIGH,0.0006699999794363976,false,,false,false,false,,,false,false,,2024-10-08T10:09:34.543Z,0
CVE-2024-35293,https://securityvulnerability.io/vulnerability/CVE-2024-35293,Reboot or ERASE Devices at Risk of Data Loss and DoS,"A vulnerability in Schneider Electric devices allows unauthenticated remote attackers to exploit missing authentication in critical functions. This security gap can enable attackers to reboot or erase devices, leading to significant data loss and resulting in denial of service. Organizations using these devices face potential operational disruptions and security breaches. Implementing stringent security measures and monitoring device access is essential to mitigate the risks associated with this vulnerability.",Schneider Electric,Series 700,9.1,CRITICAL,0.0004799999878741801,false,,false,false,false,,,false,false,,2024-10-02T09:51:01.799Z,0
CVE-2024-8306,https://securityvulnerability.io/vulnerability/CVE-2024-8306,Unauthorized Access to Workstation via Tampering with Binaries,"An improper privilege management vulnerability has been identified in Schneider Electric's workstation software. This flaw allows non-admin authenticated users to escalate privileges by tampering with binaries. If exploited, this vulnerability may result in unauthorized access, potentially compromising the confidentiality, integrity, and availability of the workstation. Businesses using affected versions of Schneider Electric’s software should be aware of these risks and take recommended security measures to mitigate potential threats.",Schneider Electric,"Vijeo Designer,Vijeo Designer Embedded In Ecostruxure™ Machine Expert",7.8,HIGH,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-09-11T15:05:31.560Z,0
CVE-2024-6918,https://securityvulnerability.io/vulnerability/CVE-2024-6918,Classic Buffer Overflow Vulnerability Could Cause Crash of Accutech Manager,"A buffer overflow vulnerability exists within the Accutech Manager software that may lead to application crashes. This vulnerability occurs when the software processes specially crafted requests sent over TCP port 2536. By not adequately checking the size of the input data, the software may overwrite memory buffers, potentially destabilizing the application. Users and administrators of Accutech Manager should be aware of this vulnerability's implications and ensure they take appropriate actions to mitigate the risks associated with untrusted or malicious input.",Schneider Electric,Accutech Manager,7.5,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-08-20T12:11:23.899Z,0
CVE-2024-2602,https://securityvulnerability.io/vulnerability/CVE-2024-2602,Malicious File Tampering Risk,"A vulnerability related to improper restriction of a pathname allows for path traversal attacks in Schneider Electric software. This flaw potentially enables remote code execution if an authenticated user interacts with a project file that has been maliciously altered. Attackers can exploit this vulnerability, leading to significant security risks for affected users who may inadvertently execute compromised project files.",Schneider Electric,Foxrtu Station,7.8,HIGH,0.0005499999970197678,false,,false,false,false,,,false,false,,2024-07-11T08:46:13.920Z,0