Vulnerabilidades en Schneider Electric
302 resultadosCVE-2025-3905MEDIUMCWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability
exists impacting PLC system variaEPSS 0.2%CVE-2022-32516HIGHA CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists that could cause system’s configurations override and cause a reboot loop EPSS 0.2%CVE-2026-2405MEDIUMCWE-400 Uncontrolled Resource Consumption vulnerability exists that could cause excessive troubleshooting zip file creation and denial of seEPSS 0.2%CVE-2023-27977MEDIUMA CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server that could cause access to delete files inEPSS 0.2%CVE-2026-9718MEDIUMCWE-617 Reachable Assertion vulnerability exists that could allow an authenticated attacker to trigger a denial-of-service condition, impactEPSS 0.2%CVE-2023-27979MEDIUMA CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server that could allow the renaming of files in EPSS 0.2%CVE-2024-5681HIGHCWE-20: Improper Input Validation vulnerability exists that could cause local denial-of-service,
privilege escalation, and potentially kerneEPSS 0.2%CVE-2023-6407MEDIUM
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
vulnerability exists that could cause arbitrary fiEPSS 0.2%CVE-2024-0865HIGHCWE-798: Use of hard-coded credentials vulnerability exists that could cause local privilege
escalation when logged in as a non-administratiEPSS 0.2%CVE-2025-8449MEDIUMCWE-400: Uncontrolled Resource Consumption vulnerability exists that could cause a denial of service when an authenticated user sends a specEPSS 0.2%CVE-2026-8045HIGHCWE-611 Improper Restriction of XML External Entity Reference vulnerability exists that could cause information disclosure of server-side fiEPSS 0.2%CVE-2024-5557MEDIUMCWE-532: Insertion of Sensitive Information into Log File vulnerability exists that could cause
exposure of SNMP credentials when an attackeEPSS 0.2%CVE-2023-6409HIGH
CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause unauthorized
access to a project file protected with applicatiEPSS 0.2%CVE-2026-2400MEDIUMCWE-93 Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability exists that could cause application user credentials to reEPSS 0.2%CVE-2024-11139MEDIUMCWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that
could allow local attackers to exEPSS 0.2%CVE-2026-2273HIGHCWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exist that could cause execution of untrusted commands on thEPSS 0.2%CVE-2025-1060HIGHCWE-319: Cleartext Transmission of Sensitive Information vulnerability exists that could result in the exposure
of data when network trafficEPSS 0.2%CVE-2025-0816HIGHCWE-20: Improper Input Validation vulnerability exists that could cause Denial-of-Service of the
product when malicious IPV6 packets are senEPSS 0.2%CVE-2025-0815HIGHCWE-20: Improper Input Validation vulnerability exists that could cause Denial-of-Service of the
product when malicious ICMPV6 packets are sEPSS 0.2%CVE-2025-13902MEDIUMCWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause condition EPSS 0.2%