Vulnerabilities in Schneider Electric
302 resultsCVE-2024-5313MEDIUMCWE-668: Exposure of the Resource Wrong Sphere vulnerability exists that exposes a SSH
interface over the product network interface. This doEPSS 0.4%CVE-2023-25556HIGH
A CWE-287: Improper Authentication vulnerability exists that could allow a device to be
compromised when a key of less than seven digits isEPSS 0.4%CVE-2021-22783HIGHA CWE-200: Information Exposure vulnerability exists which could allow a session hijack when the door panel is communicating with the door. EPSS 0.4%CVE-2025-0814MEDIUMCWE-20: Improper Input Validation vulnerability exists that could cause Denial-of-Service of the network
services running on the product wheEPSS 0.4%CVE-2024-5056MEDIUMCWE-552: Files or Directories Accessible to External Parties vulnerability exists which may
prevent user to update the device firmware and pEPSS 0.3%CVE-2025-2875HIGHCWE-610: Externally Controlled Reference to a Resource in Another Sphere vulnerability exists that could
cause a loss of confidentiality wheEPSS 0.3%CVE-2024-12142HIGHCWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could
cause information disclosure of restrictEPSS 0.3%CVE-2024-9005HIGHCWE-502: Deserialization of Untrusted Data vulnerability exists that could allow code to be
remotely executed on the server when unsafely deEPSS 0.3%CVE-2023-28003MEDIUM
A CWE-613: Insufficient Session Expiration vulnerability exists that could allow an attacker to
maintain unauthorized access over a hijacEPSS 0.3%CVE-2026-1286HIGHCWE-502: Deserialization of untrusted data vulnerability exists that could lead to loss of confidentiality, integrity and potential remote cEPSS 0.3%CVE-2023-6408HIGH
CWE-924: Improper Enforcement of Message Integrity During Transmission in a
Communication Channel vulnerability exists that could cause a dEPSS 0.3%CVE-2025-50123HIGHA
CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause remote
command execution by a priEPSS 0.3%CVE-2026-4827HIGHInsufficient Entropy vulnerability on Multiple ProductsEPSS 0.3%CVE-2022-32747HIGHA CWE-290: Authentication Bypass by Spoofing vulnerability exists that could cause legitimate users to be locked out of devices or facilitatEPSS 0.3%CVE-2024-0568HIGH
CWE-287: Improper Authentication vulnerability exists that could cause unauthorized tampering
of device configuration over NFC communicatioEPSS 0.3%CVE-2023-5984HIGH
A CWE-494 Download of Code Without Integrity Check vulnerability exists that could allow
modified firmware to be uploaded when an authorizeEPSS 0.3%CVE-2025-13845HIGHCWE-416: Use After Free vulnerability that could cause remote code execution when the end user imports the malicious project file (SSD file)EPSS 0.3%CVE-2024-12703HIGHCWE-502: Deserialization of untrusted data vulnerability exists that could lead to loss of confidentiality, integrity
and potential remote cEPSS 0.3%CVE-2026-6865HIGHImproper Limitation of a Pathname to a Restricted Directory Vulnerability on Multiple ProductsEPSS 0.3%CVE-2022-30237HIGHA CWE-311: Missing Encryption of Sensitive Data vulnerability exists that could allow authentication credentials to be recovered when an attEPSS 0.3%