Vulnerabilidades em Schneider Electric
302 resultadosCVE-2024-2050HIGH
CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
vulnerability exists when an attacker injects EPSS 0.5%CVE-2014-0774—Schneider Electric OFS Stack Buffer OverflowEPSS 0.5%CVE-2025-50125MEDIUMA
CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists that could cause unauthenticated remote
code execution when the serverEPSS 0.5%CVE-2022-43378MEDIUM
A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists that
could cause the user to be tricked into peEPSS 0.5%CVE-2015-1014—A successful exploit of these vulnerabilities requires the local user to load a crafted DLL file in the system directory on servers running EPSS 0.5%CVE-2025-13901MEDIUMCWE-404 Improper Resource Shutdown or Release vulnerability exists that could cause partial Denial of Service on Machine Expert protocol wheEPSS 0.5%CVE-2025-6625HIGHCWE-20: Improper Input Validation vulnerability exists that could cause a Denial Of Service when specific
crafted FTP command is sent to theEPSS 0.5%CVE-2023-5986HIGH
A CWE-601 URL Redirection to Untrusted Site vulnerability exists that could cause an openredirect vulnerability leading to a cross site scrEPSS 0.5%CVE-2024-8531HIGHCWE-347: Improper Verification of Cryptographic Signature vulnerability exists that could
compromise the Data Center Expert software when anEPSS 0.4%CVE-2014-0759MEDIUMSchneider Electric Floating License Manager Unquoted Search Path or ElementEPSS 0.4%CVE-2025-1070HIGHCWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could render the device
inoperable when a malicious file EPSS 0.4%CVE-2023-27983MEDIUMA CWE-306: Missing Authentication for Critical Function vulnerability exists in the Data Server TCP interface that could allow deletion of rEPSS 0.4%CVE-2025-3898HIGHCWE-20: Improper Input Validation vulnerability exists that could cause Denial of Service when an
authenticated malicious user sends HTTPS rEPSS 0.4%CVE-2025-1059HIGHCWE-770: Allocation of Resources Without Limits or Throttling vulnerability exists that could
cause communications to stop when malicious paEPSS 0.4%CVE-2018-7522—In Schneider Electric Triconex Tricon MP model 3008 firmware versions 10.0-10.4, when a system call is made, registers are stored to a fixedEPSS 0.4%CVE-2022-32517MEDIUMA CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause an adversary to trick the interface uEPSS 0.4%CVE-2024-6407CRITICALCWE-200: Information Exposure vulnerability exists that could cause disclosure of
credentials when a specially crafted message is sent to thEPSS 0.4%CVE-2024-2229HIGH
CWE-502: Deserialization of Untrusted Data vulnerability exists that could cause remote code
execution when a malicious project file is loaEPSS 0.4%CVE-2023-5629HIGH
A CWE-601:URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability exists that could
cause disclosure of information through phishEPSS 0.4%CVE-2022-2988MEDIUMA CWE-787: Out-of-bounds Write vulnerability exists that could cause sensitive information leakage when accessing a malicious web page from EPSS 0.4%