cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-2988,https://securityvulnerability.io/vulnerability/CVE-2022-2988,Out-of-bounds Write Vulnerability in EcoStruxure Machine Expert and SoMachine HVAC by Schneider Electric,"An out-of-bounds write vulnerability can be exploited when users access a malicious webpage through the commissioning software. This may lead to the leakage of sensitive information, posing a significant risk to the security of the system. Affected versions include SoMachine HVAC prior to V2.1.0 and EcoStruxure Machine Expert – HVAC prior to V1.4.0. It is crucial for users to update their software to mitigate these risks.",Schneider Electric,"Somachine Hvac,Ecostruxure Machine Expert – Hvac",4.3,MEDIUM,0.0014100000262260437,false,,false,false,false,,,false,false,,2023-01-30T00:00:00.000Z,0
CVE-2020-7488,https://securityvulnerability.io/vulnerability/CVE-2020-7488,Cleartext Transmission Vulnerability in Modicon Controllers by Schneider Electric,"A vulnerability in Modicon Controllers manufactured by Schneider Electric allows for the transmission of sensitive information in cleartext. This could potentially lead to unauthorized disclosure of critical data exchanged between the software and the controllers. Affected devices include the Modicon M218, M241, M251, and M258. Mitigating this risk involves using secure communication protocols to ensure the protection of sensitive information.",Schneider Electric,"Ecostruxure Machine Expert (all Versions)somachine, Somachine Motion (all Versions)modicon M218 Logic Controller (all Versions)modicon M241 Logic Controller (all Versions)modicon M251 Logic Controller (all Versions)modicon M258 Logic Controller (all Versions)",7.5,HIGH,0.0016799999866634607,false,,false,false,false,,,false,false,,2020-04-22T18:51:26.000Z,0
CVE-2020-7487,https://securityvulnerability.io/vulnerability/CVE-2020-7487,Insufficient Verification of Data Authenticity in Modicon Controllers by Schneider Electric,"A vulnerability exists in Schneider Electric's Modicon M218, M241, M251, and M258 controllers due to insufficient verification of data authenticity. This flaw could potentially enable an attacker to execute malicious code on these devices, posing significant security risks in industrial control environments. Users are advised to apply appropriate security measures to mitigate potential threats.",Schneider Electric,"Ecostruxure Machine Expert (all Versions)somachine, Somachine Motion (all Versions)modicon M218 Logic Controller (all Versions)modicon M241 Logic Controller (all Versions)modicon M251 Logic Controller (all Versions)modicon M258 Logic Controller (all Versions)",9.8,CRITICAL,0.002219999907538295,false,,false,false,false,,,false,false,,2020-04-22T18:50:25.000Z,0
CVE-2020-7489,https://securityvulnerability.io/vulnerability/CVE-2020-7489,Injection Vulnerability in EcoStruxure Machine Expert and SoMachine Basic Software by Schneider Electric,"A vulnerability exists in EcoStruxure Machine Expert and SoMachine Basic programming software due to improper handling of special output elements. This flaw could allow an attacker to perform DLL substitution, enabling the transfer of malicious code to the controller. This risk emphasizes the importance of ensuring safe coding practices and robust security measures within software implementations.",Schneider Electric,Somachine Basic (all Versions)ecostruxure Machine Expert – Basic (all Versions)modicon M100 Logic Controller (all Versions)modicon M200 Logic Controller (all Versions)modicon M221 Logic Controller (all Versions),9.8,CRITICAL,0.0025500000920146704,false,,false,false,false,,,false,false,,2020-04-22T18:15:57.000Z,0
CVE-2019-6826,https://securityvulnerability.io/vulnerability/CVE-2019-6826,Untrusted Search Path Vulnerability in SoMachine HVAC by Schneider Electric,"An untrusted search path vulnerability exists in SoMachine HVAC, allowing attackers to exploit the loading of malicious DLL libraries. This could lead to arbitrary code execution on the system running the affected software, potentially compromising the integrity and security of the entire environment. Users are urged to update to newer versions to mitigate this risk.",Schneider Electric,Somachine Hvac,7.8,HIGH,0.0007200000109151006,false,,false,false,false,,,false,false,,2019-09-17T19:57:55.000Z,0
CVE-2018-7823,https://securityvulnerability.io/vulnerability/CVE-2018-7823,Remote Launch Vulnerability in SoMachine Basic and Modicon M221 by Schneider Electric,"An Environment vulnerability identified in SoMachine Basic allows attackers to remotely launch the application by sending specially crafted Ethernet messages. This affects all versions of SoMachine Basic, as well as Modicon M221 devices with firmware versions prior to V1.10.0.0, potentially exposing critical systems to exploitation.",Schneider Electric,"Somachine Basic And Modicon M221, Somachine Basic, All Versions Modicon M221, All References, All Versions Prior To Firmware V1.10.0.0",5.3,MEDIUM,0.0009200000204145908,false,,false,false,false,,,false,false,,2019-05-22T19:37:45.000Z,0
CVE-2018-7822,https://securityvulnerability.io/vulnerability/CVE-2018-7822,Incorrect Default Permissions Vulnerability in SoMachine Basic by Schneider Electric,"An incorrect default permissions vulnerability exists in SoMachine Basic and Modicon M221, allowing unauthorized access to sensitive resource files on systems utilizing SoMachine Basic. This issue may expose crucial configuration and operational data, creating potential security risks for users who do not update their systems or apply the appropriate security measures.",Schneider Electric,"Somachine Basic And Modicon M221, Somachine Basic, All Versions Modicon M221, All References, All Versions Prior To Firmware V1.10.0.0",5.5,MEDIUM,0.00046999999904073775,false,,false,false,false,,,false,false,,2019-05-22T19:37:16.000Z,0
CVE-2018-7821,https://securityvulnerability.io/vulnerability/CVE-2018-7821,Environment Vulnerability in SoMachine Basic and Modicon M221 by Schneider Electric,"An environment vulnerability exists in SoMachine Basic and Modicon M221, which can lead to significant cycle time degradation. When the Ethernet/IP adapter is activated, excessive flooding of the M221's Ethernet interface can disrupt normal operations, potentially impacting system performance and efficiency. Users should ensure firmware is updated to version V1.10.0.0 or higher to mitigate this issue.",Schneider Electric,"Somachine Basic And Modicon M221, Somachine Basic, All Versions Modicon M221, All References, All Versions Prior To Firmware V1.10.0.0",7.5,HIGH,0.0010300000431016088,false,,false,false,false,,,false,false,,2019-05-22T19:36:47.000Z,0
CVE-2018-7783,https://securityvulnerability.io/vulnerability/CVE-2018-7783,,Schneider Electric SoMachine Basic prior to v1.6 SP1 suffers from an XML External Entity (XXE) vulnerability using the DTD parameter entities technique resulting in disclosure and retrieval of arbitrary data on the affected node via out-of-band (OOB) attack. The vulnerability is triggered when input passed to the xml parser is not sanitized while parsing the xml project/template file.,Schneider Electric,Somachine Basic,7.5,HIGH,0.0016799999866634607,false,,false,false,false,,,false,false,,2018-07-03T14:29:00.000Z,0
CVE-2017-7965,https://securityvulnerability.io/vulnerability/CVE-2017-7965,,"A buffer overflow vulnerability exists in Programming Software executable AlTracePrint.exe, in Schneider Electric's SoMachine HVAC v2.1.0 for Modicon M171/M172 Controller.",Schneider Electric,Somachine Hvac Programming Software,7.3,HIGH,0.00044999999227002263,false,,false,false,false,,,false,false,,2017-06-07T19:00:00.000Z,0
CVE-2017-7966,https://securityvulnerability.io/vulnerability/CVE-2017-7966,,A DLL Hijacking vulnerability in the programming software in Schneider Electric's SoMachine HVAC v2.1.0 allows a remote attacker to execute arbitrary code on the targeted system. The vulnerability exists due to the improper loading of a DLL.,Schneider Electric,Somachine Hvac Programming Software,8.8,HIGH,0.006909999996423721,false,,false,false,false,,,false,false,,2017-06-07T19:00:00.000Z,0
CVE-2016-4529,https://securityvulnerability.io/vulnerability/CVE-2016-4529,,"An unspecified ActiveX control in Schneider Electric SoMachine HVAC Programming Software for M171/M172 Controllers before 2.1.0 allows remote attackers to execute arbitrary code via unknown vectors, related to the INTERFACESAFE_FOR_UNTRUSTED_CALLER (aka safe for scripting) flag.",Schneider Electric,Somachine Hvac Firmware,7.3,HIGH,0.2217700034379959,false,,false,false,false,,,false,false,,2016-07-15T16:00:00.000Z,0
CVE-2014-9200,https://securityvulnerability.io/vulnerability/CVE-2014-9200,,"Stack-based buffer overflow in an unspecified DLL file in a DTM development kit in Schneider Electric Unity Pro, SoMachine, SoMove, SoMove Lite, Modbus Communication Library 2.2.6 and earlier, CANopen Communication Library 1.0.2 and earlier, EtherNet/IP Communication Library 1.0.0 and earlier, EM X80 Gateway DTM (MB TCP/SL), Advantys DTM for OTB, Advantys DTM for STB, KINOS DTM, SOLO DTM, and Xantrex DTMs allows remote attackers to execute arbitrary code via unspecified vectors.",Schneider Electric,"Somove,Somove Lite,Somachine,Unity Pro",,,0.35471999645233154,false,,false,false,false,,,false,false,,2015-02-01T15:00:00.000Z,0
CVE-2013-0662,https://securityvulnerability.io/vulnerability/CVE-2013-0662,,Multiple stack-based buffer overflows in ModbusDrv.exe in Schneider Electric Modbus Serial Driver 1.10 through 3.2 allow remote attackers to execute arbitrary code via a large buffer-size value in a Modbus Application Header.,Schneider Electric,"Somachine,Concept,Modbus Serial Driver,Sft2841,Somove,Opc Factory Server,Powersuite,Pl7,Modbuscommdtm Sl,Unity Pro,Twidosuite,Unityloader",,,0.647379994392395,false,,false,false,false,,,false,false,,2014-04-01T06:17:00.000Z,0