schneider-electric security advisories
27 threat alerts tracking vulnerabilities and security advisories that affect schneider-electric products.
Vulnios monitors schneider-electric CVE feeds, vendor advisories, CISA KEV listings, and exploit-prediction data continuously. Each alert below is enriched with severity, exploitation status, affected products, and a remediation path. Use this page to scan recent schneider-electric security news in one place, or click into an individual alert for full detail.
Critical Vulnerability: CVE-2021-22763 — schneider-electric — powerlogic_pm5560_firmware, powerlogic_pm5560
A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists in PowerLogic PM55xx, PowerLogic PM8ECC, PowerLogic EGX100 and PowerLogic EGX300 (see security notification for
criticalCVE-2021-22763Critical Vulnerability: CVE-2021-22765 — schneider-electric — powerlogic_egx100_firmware, powerlogic_egx100
A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service or remote code executio
criticalCVE-2021-22765Critical Vulnerability: CVE-2021-22767 — schneider-electric — powerlogic_egx100_firmware, powerlogic_egx100
A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service or remote code executio
criticalCVE-2021-22767Critical Vulnerability: CVE-2021-22768 — schneider-electric — powerlogic_egx100_firmware, powerlogic_egx100
A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service or remote code executio
criticalCVE-2021-22768Critical Vulnerability: CVE-2021-22779 — schneider-electric — ecostruxure_control_expert, ecostruxure_process_expert
Authentication Bypass by Spoofing vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Control Expert V15.0 SP1, EcoSt
criticalCVE-2021-22779Critical Vulnerability: CVE-2018-7790 — schneider-electric — modicon_m221_firmware, modicon_m221
An Information Management Error vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users
criticalCVE-2018-7790Critical Vulnerability: CVE-2018-7791 — schneider-electric — modicon_m221_firmware, modicon_m221
A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unau
criticalCVE-2018-7791Critical Vulnerability: CVE-2020-7489 — schneider-electric — ecostruxure_machine_expert, somachine_basic
A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability exists on EcoStruxure Machine Expert – Basic or SoMachine Basic programming s
criticalCVE-2020-7489Critical Vulnerability: CVE-2016-4520 — schneider-electric — pelco_digital_sentry_video_management_system_firmware
Schneider Electric Pelco Digital Sentry Video Management System with firmware before 7.14 has hardcoded credentials, which allows remote attackers to obtain access, and consequently execute arbitrary
criticalCVE-2016-4520Critical Vulnerability: CVE-2015-7921 — schneider-electric — proface_gp-pro_ex_ex-ed, proface_gp-pro_ex_pfxexedls
The FTP server in Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before 4.05.000, PFXEXEDLS before 4.05.000, and PFXEXGRPLS before 4.05.000 has hardcoded credentials, which makes it easier for rem
criticalCVE-2015-7921Critical Vulnerability: CVE-2012-0931 — schneider-electric — modicon_quantum_plc
Schneider Electric Modicon Quantum PLC does not perform authentication between the Unity software and PLC, which allows remote attackers to cause a denial of service or possibly execute arbitrary code
criticalCVE-2012-0931Critical Vulnerability: CVE-2017-14024 — schneider-electric — wonderware_indusoft_web_studio, wonderware_intouch
A Stack-based Buffer Overflow issue was discovered in Schneider Electric InduSoft Web Studio v8.0 SP2 Patch 1 and prior versions, and InTouch Machine Edition v8.0 SP2 Patch 1 and prior versions. The s
criticalCVE-2017-14024Critical Vulnerability: CVE-2017-13997 — schneider-electric — wonderware_indusoft_web_studio, wonderware_intouch
A Missing Authentication for Critical Function issue was discovered in Schneider Electric InduSoft Web Studio v8.0 SP2 or prior, and InTouch Machine Edition v8.0 SP2 or prior. InduSoft Web Studio prov
criticalCVE-2017-13997Critical Vulnerability: CVE-2017-9957 — schneider-electric — u.motion_builder
A vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the web service contains a hidden system account with a hardcoded password. An attacker can u
criticalCVE-2017-9957Critical Vulnerability: CVE-2017-7973 — schneider-electric — u.motion_builder
A SQL injection vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an unauthenticated user can use calls to various paths allowing performance of
criticalCVE-2017-7973Critical Vulnerability: CVE-2017-7974 — schneider-electric — u.motion_builder
A path traversal information disclosure vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an unauthenticated user can execute arbitrary code and
criticalCVE-2017-7974Critical Vulnerability: CVE-2017-9629 — schneider-electric — wonderware_archestra_logger
A Stack-Based Buffer Overflow issue was discovered in Schneider Electric Wonderware ArchestrA Logger, versions 2017.426.2307.1 and prior. The stack-based buffer overflow vulnerability has been identif
criticalCVE-2017-9629Critical Vulnerability: CVE-2017-6034 — schneider-electric — modbus_firmware, modbus
An Authentication Bypass by Capture-Replay issue was discovered in Schneider Electric Modicon Modbus Protocol. Sensitive information is transmitted in cleartext in the Modicon Modbus protocol, which m
criticalCVE-2017-6034Critical Vulnerability: CVE-2017-6028 — schneider-electric — modicon_m241_firmware, modicon_m241
An Insufficiently Protected Credentials issue was discovered in Schneider Electric Modicon PLCs Modicon M241, all firmware versions, and Modicon M251, all firmware versions. Log-in credentials are sen
criticalCVE-2017-6028Critical Vulnerability: CVE-2017-6026 — schneider-electric — modicon_m251_firmware, modicon_m251
A Use of Insufficiently Random Values issue was discovered in Schneider Electric Modicon PLCs Modicon M241, firmware versions prior to Version 4.0.5.11, and Modicon M251, firmware versions prior to Ve
criticalCVE-2017-6026Critical Vulnerability: CVE-2017-7689 — schneider-electric — homelynk_controller_lss100100_firmware, homelynk_controller_lss100100
A Command Injection vulnerability in Schneider Electric homeLYnk Controller exists in all versions before 1.5.0.
criticalCVE-2017-7689Critical Vulnerability: CVE-2017-7574 — schneider-electric — modicon_tm221ce16r_firmware, modicon_tm221ce16r
Schneider Electric SoMachine Basic 1.4 SP1 and Schneider Electric Modicon TM221CE16R 1.3.3.3 devices have a hardcoded-key vulnerability. The Project Protection feature is used to prevent unauthorized
criticalCVE-2017-7574Critical Vulnerability: CVE-2017-7575 — schneider-electric — modicon_tm221ce16r_firmware, modicon_tm221ce16r
Schneider Electric Modicon TM221CE16R 1.3.3.3 devices allow remote attackers to discover the application-protection password via a \x00\x01\x00\x00\x00\x05\x01\x5a\x00\x03\x00 request to the Modbus po
criticalCVE-2017-7575Critical Vulnerability: CVE-2017-5178 — schneider-electric — tableau_desktop, tableau_server
An issue was discovered in Schneider Electric Tableau Server/Desktop Versions 7.0 to 10.1.3 in Wonderware Intelligence Versions 2014R3 and prior. These versions contain a system account that is instal
criticalCVE-2017-5178Critical Vulnerability: CVE-2016-5818 — schneider-electric — powerlogic_pm8ecc_firmware, powerlogic_pm8ecc
An issue was discovered in Schneider Electric PowerLogic PM8ECC device 2.651 and older. Undocumented hard-coded credentials allow access to the device.
criticalCVE-2016-5818Critical Vulnerability: CVE-2016-5815 — schneider-electric — ion5000, ion7300
An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. No authentication is config
criticalCVE-2016-5815Critical Vulnerability: CVE-2016-8352 — schneider-electric — connexium_firmware, tcsefec23f3f20
An issue was discovered in Schneider Electric ConneXium firewalls TCSEFEC23F3F20 all versions, TCSEFEC23F3F21 all versions, TCSEFEC23FCF20 all versions, TCSEFEC23FCF21 all versions, and TCSEFEC2CF3F20
criticalCVE-2016-8352
Track schneider-electric exposure across your environment
Vulnios automatically cross-references your asset inventory against new schneider-electric CVEs and surfaces only what affects you. No more sifting manually — actionable findings only.
Start a free scan