Vulnerabilidades en Schneider Electric
302 resultadosCVE-2025-2223HIGHCWE-20: Improper Input Validation vulnerability exists that could cause a loss of Confidentiality, Integrity and
Availability of engineeringEPSS 0.2%CVE-2023-27975HIGH
CWE-522: Insufficiently Protected Credentials vulnerability exists that could cause unauthorized
access to the project file in EcoStruxure EPSS 0.1%CVE-2024-5679HIGHCWE-787: Out-of-Bounds Write vulnerability exists that could cause local denial-of-service, or
kernel memory leak when a malicious actor witEPSS 0.1%CVE-2023-1548MEDIUM
A CWE-269: Improper Privilege Management vulnerability exists that could cause a local user to
perform a denial of service through the consEPSS 0.1%CVE-2024-5680HIGHCWE-129: Improper Validation of Array Index vulnerability exists that could cause local denial-of-service when a malicious actor with local EPSS 0.1%CVE-2014-2381—Schneider Electric Wonderware Inadequate Encryption StrengthEPSS 0.1%CVE-2024-10083MEDIUMCWE-20: Improper Input Validation vulnerability exists that could cause denial of service of engineering
workstation when specific driver inEPSS 0.1%CVE-2022-32748HIGHA CWE-295: Improper Certificate Validation vulnerability exists that could cause the CAE software to give wrong data to end users when usingEPSS 0.1%CVE-2025-13844HIGHCWE-415: Double Free vulnerability exists that could cause heap memory corruption when the end user imports a malicious project file (SSD fiEPSS 0.1%CVE-2025-3899MEDIUMCWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability
exists in Certificates page on WeEPSS 0.1%CVE-2022-41666HIGHA CWE-347: Improper Verification of Cryptographic Signature vulnerability exists that allows adversaries with local user privileges to load EPSS 0.1%CVE-2026-1226HIGHCWE‑94: Improper Control of Generation of Code vulnerability exists that could cause execution of untrusted or unintended code within the apEPSS 0.1%CVE-2026-6332MEDIUMClear Text Storage of Sensitive Information on EcoStruxure™ Machine Expert HVACEPSS 0.1%CVE-2025-11565HIGHCWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause elevated systemEPSS 0.1%CVE-2024-8070HIGHCWE-312: Cleartext Storage of Sensitive Information vulnerability exists that exposes test
credentials in the firmware binaryEPSS 0.1%CVE-2022-41669HIGHA CWE-347: Improper Verification of Cryptographic Signature vulnerability exists in the SGIUtility component that allows adversaries with loEPSS 0.1%CVE-2024-5558MEDIUMCWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability exists that could
cause escalation of privileges when an attacker aEPSS 0.1%CVE-2025-11567HIGHCWE-276: Incorrect Default Permissions vulnerability exists that could cause elevated system access when the target installation folder is nEPSS 0.1%CVE-2026-1227HIGHCWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause unauthorized disclosure of local files,EPSS 0.1%CVE-2026-9651MEDIUMCWE-732 Incorrect Permission Assignment for Critical Resource vulnerability that could cause unauthorized disclosure of password hashes and EPSS 0.1%