Vulnerabilities in Schneider Electric
302 resultsCVE-2023-7032HIGH
A CWE-502: Deserialization of untrusted data vulnerability exists that could allow an attacker
logged in with a user level account to gain EPSS 0.4%CVE-2025-54924HIGHCWE-918: Server-Side Request Forgery (SSRF) vulnerability exists that could cause unauthorized access to sensitive data when an attacker senEPSS 0.4%CVE-2025-54925HIGHCWE-918: Server-Side Request Forgery (SSRF) vulnerability exists that could cause unauthorized access to sensitive data when an attacker conEPSS 0.4%CVE-2024-10498MEDIUMCWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that
could allow an unauthorized attacEPSS 0.4%CVE-2023-0595MEDIUMA CWE-117: Improper Output Neutralization for Logs vulnerability exists that could cause the misinterpretation of log files when malicious pEPSS 0.4%CVE-2022-32530MEDIUMA CWE-668 Exposure of Resource to Wrong Sphere vulnerability exists that could cause users to be misled, hiding alarms, showing the wrong seEPSS 0.4%CVE-2023-5987MEDIUM
A CWE-79 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)
vulnerability that could cause a vulnerability EPSS 0.4%CVE-2023-27982HIGHA CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server that could cause manipulation of dashboardEPSS 0.4%CVE-2023-5985MEDIUM
A CWE-79 Improper Neutralization of Input During Web Page Generation vulnerability
exists that could cause compromise of a user’s browserEPSS 0.4%CVE-2025-7746MEDIUMCWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause an unvaliEPSS 0.4%CVE-2023-25551MEDIUM
A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site
Scripting') vulnerability exists on a DCE fileEPSS 0.4%CVE-2024-37040MEDIUMCWE-120: Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’) vulnerability
exists that could allow a user with access to EPSS 0.4%CVE-2023-25553MEDIUM
A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site
Scripting') vulnerability exists on a DCE enEPSS 0.4%CVE-2025-6438MEDIUMA
CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could
cause manipulation of SOAP API callsEPSS 0.4%CVE-2022-34758MEDIUMA CWE-20: Improper Input Validation vulnerability exists that could cause the device watchdog function to be disabled if the attacker had acEPSS 0.4%CVE-2022-46680HIGH
A CWE-319: Cleartext transmission of sensitive information vulnerability exists that could
cause disclosure of sensitive information, deniaEPSS 0.4%CVE-2022-43376HIGH
A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site
Scripting') vulnerability exists that could cause codeEPSS 0.4%CVE-2025-3116HIGHCWE-20: Improper Input Validation vulnerability exists that could cause Denial of Service when an
authenticated malicious user sends specialEPSS 0.4%CVE-2024-37038HIGHCWE-276: Incorrect Default Permissions vulnerability exists that could allow an authenticated
user with access to the device’s web interfaceEPSS 0.4%CVE-2014-5407—Schneider Electric VAMPSET Stack-based Buffer OverflowEPSS 0.4%