2026/03/13 | Deserialization of Untrusted Data vulnerability on EcoStruxure™ Foxboro DCS | CVE-2026-1286 | CWE-502: Deserialization of Untrusted Data | EcoStruxure™ Foxboro DCS (Versions prior to CS8.1) | ||
2026/03/10 | Improper Resource Shutdown or Release vulnerability in Multiple Products | CVE-2025-13901 | CWE-404 Improper Resource Shutdown or Release | Modicon M241/M251 (Versions prior to 5.4.13.12) Modicon M262 (Versions prior to 5.4.10.12) | ||
2026/03/10 | Improper Neutralization vulnerability in Multiple Products | CVE-2025-13902 | CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | Modicon Controllers M241/M251 (Versions prior to 5.4.13.12) Modicon Controllers M258/LMC058 (All versions) | ||
2026/03/10 | Improper Control of Generation of Code ('Code Injection') vulnerability on EcoStruxure™ Automation Expert | CVE-2026-2273 | CWE-94: Improper Control of Generation of Code ('Code Injection') | EcoStruxure™ Automation Expert (Versions prior to v25.0.1) | ||
2026/03/10 | Use of Hard-coded Credentials vulnerability in EcoStruxure™ IT Data Center Expert | CVE-2025-13957 | CWE-798: Use of Hard-coded Credentials | EcoStruxure™ IT Data Center Expert (Formerly known as StruxureWare Data Center Expert) (v9.0 and prior) | ||
2026/03/10 | Deserialization of Untrusted Data vulnerability on Multiple Products | CVE-2025-11739 | CWE‑502: Deserialization of Untrusted Data | EcoStruxure™ Power Monitoring Expert (PME) (Version 2022, Version 2023, Version 2023 R2, Version 2024, & Version 2024 R2) EcoStruxure™ Power Operation (EPO) Advanced Reporting and Dashboards Module (Version 2022 & Version 2024) | ||
2026/03/10 | FlexNet Publisher Vulnerability | CVE-2024-2658 | Schneider Electric is aware of a vulnerability disclosed on Revenera FlexNet Publisher component. | EcoStruxure™ Control Expert (Versions prior to v16.2) EcoStruxure™ Process Expert (Versions prior to 2023 v4.8.0.5715) EcoStruxure™ Process Expert for AVEVA System Platform (All versions) EcoStruxure™ OPC UA Server Expert (All versions) EcoStruxure™ Control Expert Asset Link (Versions prior to v4.0 SP1) EcoStruxure™ Machine SCADA Expert Asset Link (All versions) EcoStruxure™ Architecture Builder (Versions prior to v7.0.18) EcoStruxure™ Operator Terminal Expert (Versions prior to v4.0) Pro-face BLUE (Versions prior to v4.0) Vijeo Designer (Version prior to v6.3SP1 HF1) EcoStruxure™ Machine Expert (Versions prior to v2.5.0.1) EcoStruxure™ Machine Expert Safety (All versions) EcoStruxure™ Machine Expert Twin (Versions prior to v2.3) Zelio Soft 2 (Versions prior to v5.4.3) | ||
2026/03/10 | Multiple Third-Party Vulnerabilities on ProLeiT Plant iT/Brewmaxx | CVE-2025-49844 CVE-2025-46817 CVE-2025-46818 CVE-2025-46819 | Schneider Electric is aware of a third-party vulnerability affecting the ProLeiT Plant iT/Brewmaxx product. | Plant iT/Brewmaxx (v9.60 and above) | ||
2026/03/10 | Multiple Vulnerabilities on EcoStruxure™ Power Build Rapsody | CVE-2025-13844 CVE-2025-13845 | CWE-415: Double Free CWE-416: Use After Free | EcoStruxure™ Power Build Rapsody software (See Security Notification for versions affected) | ||
2026/02/10 | Improper Check for Unusual or Exceptional Conditions on Multiple Products | CVE-2026-0667 | CWE-754: Improper Check for Unusual or Exceptional Conditions | SCADAPack™ 47x & SCADAPack™ 47xi (Versions prior to R3.4.2) (Firmware version prior to 9.12.2) SCADAPack™ 57x (All Versions) | SEVD-2026-041-01 PDF | SEVD-2026-041-01 CSAF |
2026/02/10 | Multiple Vulnerabilities on EcoStruxure™ Building Operation Workstation and EcoStruxure™ Building Operation Webstation | CVE-2026-1226 | CWE-611: Improper Restriction of XML External Entity Reference | EcoStruxure™ Building Operation Workstation & EcoStruxure™ Building Operation | SEVD-2026-041-02 PDF | SEVD-2026-041-02 CSAF |
2026/02/10 | Multiple Third-Party Vulnerabilities on EcoStruxure™ Power Operation | CVE-2023-50447, | Schneider Electric is aware of a third-party vulnerability disclosed on the PostgreSQL pgadmin tool. | EcoStruxure™ Power Operation (EPO) 2022 (CU6 and prior) | SEVD-2025-189-03 (V2.0) PDF | SEVD-2025-189-03 (V2.0) CSAF |
2026/02/10 | EcoStruxure™ Foxboro DCS | CVE-2018-12130 | Schneider Electric is aware of a third-party vulnerability disclosed on Intel Xeon Silver 4110 and Intel Xeon W-2123 | EcoStruxure™ Foxboro DCS V91 DCS Virtualization Server, H90 DCS Server, and H92 DCS Standard Workstation (Versions Intel Xeon Silver 4110 (V91, H90), Intel Xeon W 2123 (H92) and prior) | SEVD-2025-343-01 (V2.0)PDF | SEVD-2025-343-01 (V2.0) CSAF |
2026/02/10 | Improper Input Validation Vulnerability in Uni-Telway Driver | CVE-2024-10083 | CWE-20: Improper Input Validation | Uni-Telway driver (All versions) | SEVD-2025-042-02 (V3.1) PDF | SEVD-2025-042-02 (V3.1) CSAF |
2026/01/13 | Incorrect Default Permissions Vulnerability on EcoStruxure™ Process Expert | CVE-2025-13905 | CWE-276 : Incorrect Default Permissions | EcoStruxure™ Process Expert (Versions prior to 2025) | SEVD-2026-013-02 PDF | SEVD-2026-013-02 CSAF |
2026/01/13 | Multiple Third-Party Vulnerabilities on Zigbee Products | CVE-2024-6351 | Schneider Electric is aware of a third-party vulnerability disclosed on Silicon Labs’ Zigbee processors. | See Security Notification for offer specific information. | SEVD-2026-013-03 PDF | SEVD-2026-013-03 CSAF |
2026/01/13 | Modicon Controllers M340 / Momentum / MC80 | CVE-2024-8936 CVE-2024-8937 CVE-2024-8938 | CWE-20: Improper Input Validation | Modicon M340 CPU (part numbers BMXP34*) | SEVD-2024-317-03 (V3.0) PDF | SEVD-2024-317-03 (V3.0) CSAF |
2026/01/13 | RemoteConnect and SCADAPack x70 Utilities | CVE-2024-12703 | CWE-502: Deserialization of untrusted data | RemoteConnect and SCADAPack™ x70 Utilities - RemoteConnect (Versions prior to R3.4.2) | SEVD-2025-014-06 (V2.0) PDF | SEVD-2025-014-06 (V2.0) CSAF |
2025/12/09 | EcoStruxure™ Foxboro DCS Advisor | CVE-2025-59287 | Schneider Electric is aware of a third-party vulnerability disclosed on EcoStruxure™ Foxboro DCS Advisor | EcoStruxure™ Foxboro DCS Advisor services with Windows Server Update Services application running on MS Server 2016 (Microsoft updates KB5066836) | SEVD-2025-343-02 PDF | SEVD-2025-343-02 CSAF |
2025/12/09 | Multiple Altivar Process Drives and Communication Modules | CVE-2025-7746 | CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | ATV630/650/660/680/6A0/6B0/6L0 Altivar Process Drives (Versions prior to v4.5) | SEVD-2025-252-01 (V3.0) PDF | SEVD-2025-252-01 (V3.0) CSAF |
2025/11/11 | PowerChute™ Serial Shutdown | CVE-2025-11565 | CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | PowerChute™ Serial Shutdown (Versions v1.3 and prior) | SEVD-2025-315-01 PDF | SEVD-2025-315-01 CSAF |
2025/11/11 | EcoStruxure™ Machine SCADA Expert & Pro-face BLUE Open Studio | CVE-2025-9317 | CWE-327: Use of a Broken or Risky Cryptographic Algorithm | EcoStruxure™ Machine SCADA Expert (Versions prior to 2023.1 Patch 1) | SEVD-2025-315-02 PDF | SEVD-2025-315-02 CSAF |
2025/11/11 | CODESYS Runtime Vulnerabilities | CVE-2022-47378 | Schneider Electric is aware of multiple vulnerabilities disclosed on CODESYS runtime system V3 communication server. | Easy Harmony HMIET6/HMIFT6 | SEVD-2023-192-04 (V8.0) PDF | SEVD-2023-192-04 (V8.0) CSAF |
2025/11/11 | Saitel DR & Saitel DP Remote Terminal Unit | CVE-2025-8453 | CWE-269: Improper Privilege Management | Saitel DR RTU Versions 11.06.29 and prior | SEVD-2025-224-01 (V2.0) PDF | SEVD-2025-224-01 (V2.0) CSAF |
2025/11/11 | EcoStruxure™ Power Monitoring Expert Software & EcoStruxure™ Power Operation (EPO) and EcoStruxure™ Power SCADA Operation (PSO) | CVE-2025-54923 | CWE-502: Deserialization of Untrusted Data | EcoStruxure™ Power Monitoring Expert (PME) (Version 2022, Version 2023, Version 2023 R2, Version 2024, Version 2024 R2) | SEVD-2025-224-02 (V3.0) PDF | SEVD-2025-224-02 (V3.0) CSAF |
2025/10/14 | EcoStruxure™ OPC UA Server Expert and EcoStruxureTM Modicon Communication Server | CVE-2024-10085 | CWE-770: Allocation of Resources Without Limits or Throttling | EcoStruxure™ OPC UA Server Expert (Versions prior to SV2.01 SP3) | SEVD-2025-287-01 PDF | SEVD-2025-287-01 CSAF |
2025/10/14 | Modicon Controllers M241 / M251, M258 / LMC058 and M262 | CVE-2024-6528 | CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | Modicon Controllers M241 / M251 (Versions prior to v5.2.11.24) | SEVD-2024-191-04 (V3.0) PDF | SEVD-2024-191-04 (V3.0) CSAF |
2025/10/14 | Modicon M241 / M251 / M258 / LMC058 | CVE-2024-11737 | CWE-20: Improper Input Validation | Modicon Controllers M241 / M251 (Versions prior to v5.2.11.29) | SEVD-2024-345-03 (V3.0) PDF | SEVD-2024-345-03 (V3.0) CSAF |
2025/10/14 | Modicon Controllers M241 / M251 / M258 / LMC058 | CVE-2025-2875 | CWE-610: Externally Controlled Reference to a Resource in Another Sphere | Modicon Controllers M241 / M251 (Versions prior to v5.3.12.48) | SEVD-2025-133-01 (V3.0) PDF | SEVD-2025-133-01 (V3.0) CSAF |
2025/09/09 | Saitel DR & Saitel DP Remote Terminal Unit | CVE-2025-9996 | CWE-78: Improper Neutralization of Special Elements used in an OS Command | Saitel DR RTU (Versions 11.06.29 and prior) | SEVD-2025-252-02 PDF | SEVD-2025-252-02 CSAF |
2025/09/09 | BadAlloc Vulnerabilities | CVE-2020-28895 | Schneider Electric is aware of multiple memory allocation vulnerabilities dubbed ‘BadAlloc’, disclosed by Microsoft on April 29, 2021. The impact of a successful exploitation of the vulnerabilities may result in denial of service, or remote code execution, depending on the context. | See Security Notification for offer specific information. | SEVD-2021-313-05 (V28.0) PDF | SEVD-2021-313-05 (V28.0) CSAF |
2025/09/09 | Pro-face GP-Pro EX and Remote HMI | CVE-2024-12399 | CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel | Pro-face GP-Pro EX (Versions prior to v5.00.100) | SEVD-2025-014-02 (V2.0) PDF | SEVD-2025-014-02 (V2.0) CSAF |
2025/09/09 | Galaxy VS, Galaxy VL, Galaxy VXL |
| Schneider Electric is aware of a vulnerability disclosed on the Erlang/OTP’s SSH Server component used Schneider Electric Galaxy VS, VL, and VXL. | Galaxy VS (v6.118.0 and prior) | SEVD-2025-133-05 (V2.0) PDF | SEVD-2025-133-05 (V2.0) CSAF |
2025/09/09 | EcoStruxure™ Building Operation Enterprise Server, EcoStruxure™ Building Operation Enterprise Central, and EcoStruxure™ Workstation | CVE-2025-8448 | CWE-200: Exposure of Sensitive Information to an Unauthorized Actor | EcoStruxure™ Building Operation Enterprise Server | SEVD-2025-224-04 (V2.0) PDF | SEVD-2025-224-04 (V2.0) CSAF |
2025/08/12 | Schneider Electric Software Update | CVE-2025-5296 | CWE-59: Improper Link Resolution Before File Access ('Link Following') | SESU (Versions prior to v3.0.12) | SEVD-2025-224-03 PDF | SEVD-2025-224-03 CSAF |
2025/08/12 | Modicon M340 Controller and Communication Modules | CVE-2025-6625 | CWE-20: Improper Input Validation | Modicon M340 (All versions) | SEVD-2025-224-05 PDF | SEVD-2025-224-05 CSAF |
2025/08/12 | Web Server on Modicon M340 and BMXNOE0100/0110, BMXNOR0200H Communication Modules | CVE-2024-12142 | CWE-200: Exposure of Sensitive Information to an Unauthorized Actor | Modicon M340 processors (part numbers BMXP34*) | SEVD-2025-014-05 (V2.0) PDF | SEVD-2025-014-05 (V2.0) CSAF |
2025/08/12 | Wind River VxWorks DHCP Server Vulnerability |
| Schneider Electric is aware of a vulnerability within the VxWorks Operating System from Wind River. | Modicon M580 communication modules BMENOC | SEVD-2025-014-03 (V3.0) PDF | SEVD-2025-014-03 (V3.0) CSAF |
2025/08/12 | Modicon M340, | CVE-2024-5056 | CWE-552: Files or Directories Accessible to External Parties | Modicon M340 (All Versions) | SEVD-2024-163-01 (V2.0) PDF | SEVD-2024-163-01 (V2.0) CSAF |
2025/07/08 | EcoStruxure™ IT Data Center Expert | CVE-2025-6438 | CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | EcoStruxure™ IT Data Center Expert Versions 8.3 and prior (Versions 8.3 and prior) | SEVD-2025-189-01 PDF | SEVD-2025-189-01 CSAF |
2025/07/08 | System Monitor Application in Harmony and Pro-face PS5000 Legacy Industrial PCs |
| Schneider Electric is aware of a third-party vulnerability disclosed by GitHub affecting the jQuery component used in its HMI products. | System Monitor application in Harmony Industrial PC HMIBMO/HMIBMI/ HMIPSO/HMIBMP/ HMIBMU/HMIPSP/HMIPEP series (All versions) | SEVD-2025-189-02 PDF | SEVD-2025-189-02 CSAF |
2025/07/08 | EcoStruxure™ Power Monitoring Expert (PME) and EcoStruxure™ Power Operation (EPO) with Advanced Reporting and Dashboards | CVE-2025-6788 | CWE-668: Exposure of Resource to Wrong Sphere | EcoStruxure™ Power Monitoring Expert (PME) (Version 2023, Version 2023 R2, Version 2024, Version 2024 R2) | SEVD-2025-189-04 PDF | SEVD-2025-189-04 CSAF |
2025/07/08 | EVLink WallBox | CVE-2025-5740 | CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | EVLink WallBox (All versions) | SEVD-2025-161-03 (V1.1) PDF | SEVD-2025-161-03 (V1.1) CSAF |
2025/07/08 | Modicon Controllers M241/M251/M258/LMC058/M262 | CVE-2025-3112 | CWE-20: Improper Input Validation | Modicon Controllers M241/M251 | SEVD-2025-161-02 (V2.0) PDF | SEVD-2025-161-02 (V2.0) CSAF |
2025/07/08 | Vijeo Designer | CVE-2024-6918 | CWE-269: Improper Privilege Management | Vijeo Designer (Versions prior to V6.3 SP1 ) | SEVD-2024-254-01 (V2.0) PDF | SEVD-2024-254-01 (V2.0) CSAF |
2025/06/10 | Insight Home and Insight Facility |
| Schneider Electric is aware of a vulnerability in a third-party Real-Time Operating System (RTOS) component utilized in the Insight Home and Insight Facility products. | Insight Home, Insight Facility (All versions) | SEVD-2025-161-01 PDF | SEVD-2025-161-01 CSAF |
2025/05/13 | Wiser Home Automation |
| Schneider Electric is aware of a vulnerability disclosed in the Silicon Labs Gecko Bootloader used in the Wiser AvatarOn 6K Freelocate and Wiser Cuadro H 5P Socket products. | Wiser AvatarOn 6K Freelocate (All versions) | SEVD-2025-133-02 PDF | SEVD-2025-133-02 CSAF |
2025/05/13 | EcoStruxure™ Power Build Rapsody | CVE-2025-3916 | CWE-121: Stack-based Buffer Overflow | EcoStruxure™ Power Build Rapsody software (v2.7.12 FR and prior) | SEVD-2025-133-03 PDF | SEVD-2025-133-03 CSAF |
2025/05/13 | PrismaSeT Active - Wireless Panel Server |
| Schneider Electric is aware of a vulnerability disclosed in the Silicon Labs Gecko Bootloader used in the PrismaSet Active – Wireless Panel Server. | PrismaSeT Active - Wireless Panel Server (All versions) | SEVD-2025-133-04 PDF | SEVD-2025-133-04 CSAF |
2025/05/13 | ConneXium Network Manager | CVE-2025-2222 | CWE-20: Improper Input Validation | ConneXium Network Manager | SEVD-2025-098-01 (V1.1) PDF | SEVD-2025-098-01 (V1.1) CSAF |
2025/05/13 | EcoStruxure™ Power Build Rapsody | CVE-2024-11139 | CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer | EcoStruxure™ Power Build Rapsody | SEVD-2025-014-09 (V2.0) PDF | SEVD-2025-014-09 (V2.0) CSAF |
2025/04/08 | Trio™ Q Licensed Data Radios | CVE-2025-2440 | CWE-922: Insecure Storage of Sensitive Information | Trio™ Q Licensed Data Radio (Versions prior to v2.7.2) | SEVD-2025-098-02 PDF | SEVD-2025-098-02 CSAF |
2025/04/08 | Modicon M580 PLCs, BMENOR2200H and EVLink Pro AC | CVE-2024-11425 | CWE-131: Incorrect Calculation of Buffer Size | Modicon M580 CPU (part numbers BMEP* and BMEH*, excluding M580 CPU Safety) | SEVD-2025-014-01 (V2.0) PDF | SEVD-2025-014-01 (V2.0) CSAF |
2025/03/11 | EcoStruxure™ Panel Server | CVE-2025-2002 | CWE-532: Insertion of Sensitive Information into Log Files | EcoStruxure™ Panel Server (v2.0 and prior) | SEVD-2025-070-01 PDF | SEVD-2025-070-01 CSAF |
2025/03/11 | EPAS-UI & EcoSUI | CVE-2025-0813 | CWE-287: Improper Authentication | EcoStruxure™ Power Automation System User Interface (EPAS-UI) - Secured Versions (v2.1 up to and including v2.9) | SEVD-2025-070-02 PDF | SEVD-2025-070-02 CSAF |
2025/03/11 | WebHMI Component For EcoStruxure™ Power Automation System User Interface and EcoStruxure™ Microgrid Operation Large |
| CWE-1188: Initialization of a Resource with an Insecure Default | WebHMI – Deployed with EcoStruxure™ Power Automation System (WebHMI v4.1.0.0 and prior when deployed with EPAS User Interface 2.6.30.19 and prior) | SEVD-2025-070-03 PDF | SEVD-2025-070-03 CSAF |
2025/03/11 | EcoStruxure™ Power Monitoring Expert (PME) | CVE-2024-9005 | CWE-502: Deserialization of Untrusted Data | EcoStruxure™ Power Monitoring Expert (PME) (Version 2022 and prior) | SEVD-2024-282-05 (V1.1) PDF | SEVD-2024-282-05 (V1.1) CSAF |
2025/02/11 | ASCO 5310 / 5350 Remote Annunciator | CVE-2025-1058 | CWE-319: Cleartext Transmission of Sensitive Information | ASCO 5310 Single-Channel Remote Annunciator (All versions) | SEVD-2025-042-01 PDF | SEVD-2025-042-01 CSAF |
2025/02/11 | EcoStruxure™ Process Expert, EcoStruxure™ Process Expert for AVEVA System Platform | CVE-2025-0327 | CWE-269: Improper Privilege Management | EcoStruxure™ Process Expert (Versions 2020R2, 2021 & 2023 (prior to v4.8.0.5715)) | SEVD-2025-042-03 PDF | SEVD-2025-042-03 CSAF |
2025/02/11 | Enerlin’X IFE and eIFE | CVE-2025-0816 | CWE-20: Improper Input Validation | Enerlin’X IFE interface (LV434001) (All versions) | SEVD-2025-042-04 PDF | SEVD-2025-042-04 CSAF |
2025/02/11 | Modicon Controllers | CVE-2018-7842 | CWE-125: Out-of-bounds Read | Modicon M340 | SEVD-2019-134-11 (V12.0) PDF | SEVD-2019-134-11 (V12.0) CSAF |
2025/01/14 | Web Designer for Modicon Communication Modules | CVE-2024-12476 | CWE-611: Improper Restriction of XML External Entity Reference | Web Designer for BMXNOR0200H | SEVD-2025-014-04 PDF | SEVD-2025-014-04 CSAF |
2025/01/14 | PowerLogic™ HDPM6000 High-Density Metering System | CVE-2024-10497 | CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer | PowerLogic™ HDPM6000 Version v0.62.7 only (CVE-2024-10497) | SEVD-2025-014-08 PDF | SEVD-2025-014-08 CSAF |
2024/12/10 | PowerChute Serial Shutdown | CVE-2024-10511 | CWE-287: Improper Authentication | PowerChute Serial Shutdown (Versions v1.2.0.301 and prior) | SEVD-2024-345-01 PDF | SEVD-2024-345-01 CSAF |
2024/12/10 | Harmony HMI and Pro-face HMI products | CVE-2024-11999 | CWE-1104: Use of Unmaintained Third-Party Components | Harmony (Formerly Magelis) HMIST6, HMISTM6, HMIG3U, HMIG3X, HMISTO7 series with EcoStruxure™ Operator Terminal Expert runtime (All versions) | SEVD-2024-345-02 PDF | SEVD-2024-345-02 CSAF |
2024/11/12 | PowerLogic PM5300 Series | CVE-2024-9409 | CWE-400: An Uncontrolled Resource Consumption | PowerLogic PM5320 | SEVD-2024-317-01 PDF | SEVD-2024-317-01 CSAF |
2024/11/12 | Modicon Controllers M340 / Momentum / MC80 | CVE-2024-8933 | CWE-290: Authentication Bypass by Spoofing | Modicon M340 CPU (part numbers BMXP34*) | SEVD-2024-317-02 PDF | SEVD-2024-317-02 CSAF |
2024/11/12 | EcoStruxure™ IT Gateway | CVE-2024-10575 | CWE-862: Missing Authorization | EcoStruxure™ IT Gateway (Versions 1.21.0.6, 1.22.0.3, 1.22.1.5, 1.23.0.4) | SEVD-2024-317-04 PDF | SEVD-2024-317-04 CSAF |
2024/11/12 | PowerLogic PM55xx and PowerLogic PM8ECC | CVE-2021-22763 | CWE-640: Weak Password Recovery Mechanism for Forgotten Password | PM5560 | SEVD-2021-159-02 (V2.0) PDF | SEVD-2021-159-02 (V2.0) CSAF |
2024/10/08 | Data Center Expert | CVE-2024-8531 | CWE-347: Improper Verification of Cryptographic Signature | Data Center Expert (Versions 8.1.1.3 and prior) | SEVD-2024-282-01 PDF | SEVD-2024-282-01 CSAF |
2024/10/08 | Harmony iPC – HMIBSC IIoT Edge Box Core |
| The third-party Yocto OS (v2.1 Krogoth) is used in the HMIBSC offer. It is known to contain multiple high and critical risk vulnerabilities. Schneider Electric cannot update the OS on the HMIBSC due to its hardware limitations and cannot provide further security updates to our customers. | Harmony iPC – HMIBSC IIoT Edge Box Core | SEVD-2024-282-02 PDF | SEVD-2024-282-02 CSAF |
2024/10/08 | Easergy Studio | CVE-2024-9002 | CWE-269: Improper Privilege Management | Easergy Studio (Versions 9.3.1 and prior) | SEVD-2024-282-03 PDF | SEVD-2024-282-03 CSAF |
2024/10/08 | EVlink Home Smart and Schneider Charge | CVE-2024-8070 | CWE-312: Cleartext Storage of Sensitive Information | EVlink Home Smart (All versions prior to 2.0.6.0.0) | SEVD-2024-282-04 PDF | SEVD-2024-282-04 CSAF |
2024/10/08 | Zelio Soft 2 | CVE-2024-8422 | CWE-416: Use After Free | Zelio Soft 2 (Versions prior to 5.4.2.2) | SEVD-2024-282-06 PDF | SEVD-2024-282-06 CSAF |
2024/10/08 | System Monitor Application in Harmony and Pro-face PS5000 Legacy Industrial PCs | CVE-2024-8884 | CWE-200: Information Exposure | System Monitor application in Harmony Industrial PC HMIBMO/HMIBMI/HMIPSO/HMIBMP/HMIBMU/HMIPSP/HMIPEP series (All versions) | SEVD-2024-282-07 PDF | SEVD-2024-282-07 CSAF |
2024/10/08 | EcoStruxure EV Charging Expert |
| The third-party Yocto Krogoth 2.1 Operating System is used in the EcoStruxure EV Charging Expert product. It is known to contain multiple high and critical severity vulnerabilities. | EcoStruxure EV Charging Expert (All versions prior to V6.0.0) | SEVD-2024-282-08 PDF | SEVD-2024-282-08 CSAF |
2024/10/08 | Modicon M340 Controller and Communication Modules | CVE-2022-0222 | CWE-269: Improper Privilege Management | Modicon M340 CPUs (BMXP34* versions prior to v3.50) | SEVD-2022-102-02 (V3.1) PDF | SEVD-2022-102-02 (V3.1) CSAF |
2024/09/10 | EcoStruxure™ Power Monitoring Expert and EcoStruxure™ Power Operation or EcoStruxure™ Power SCADA Operation with Advanced Reporting and Dashboards | CVE-2024-8401 | CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) | EcoStruxure™ Power Monitoring Expert (PME) 2021 | SEVD-2024-254-02 PDF | SEVD-2024-254-02 CSAF |
2024/09/10 | PowerLogic P5 | CVE-2024-5559 | CWE-327: Use of a Broken or Risky Cryptographic Algorithm | PowerLogic P5 (v01.500.104 and prior) | SEVD-2024-163-02 (V1.2) PDF | SEVD-2024-163-02 (V1.2) CSAF |
2024/09/10 | EcoStruxure™ Power Monitoring Expert | CVE-2023-28003 | CWE-613: Insufficient Session Expiration | EcoStruxure™ Power Monitoring Expert 2022 | SEVD-2023-073-01 (V3.0) PDF | SEVD-2023-073-01 (V3.0) CSAF |
2024/08/13 | Accutech Manager | CVE-2024-6918 | CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') | Accutech Manager (Versions 2.8.0.0 and prior) | SEVD-2024-226-01 PDF | SEVD-2024-226-01 CSAF |
2024/08/13 | Modicon Controllers | CVE-2019-6841 | CWE-755: Improper Handling of Exceptional Conditions | Modicon M580 (part numbers BMEP* & BMEH*, excluding M580 CPU Safety) | SEVD-2019-281-02 (V7.0) PDF | SEVD-2019-281-02 (V7.0) CSAF |
2024/08/13 | EcoStruxure™ Machine SCADA Expert / BLUE Open Studio |
| Schneider Electric is aware of a vulnerability disclosed on AVEVA component used in EcoStruxure™ Machine SCADA Expert and BLUE Open Studio products. | EcoStruxure™ Machine SCADA Expert (Version prior to 2020 SP3 HF1) | SEVD-2024-226-02 PDF | SEVD-2024-226-02 CSAF |
2024/08/13 | EcoStruxure™ Control Expert, EcoStruxure™ Process Expert and Modicon M340, M580 and M580 Safety PLCs | CVE-2023-6408 | CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel | Modicon M340 CPU (part numbers BMXP34*) | SEVD-2024-044-01 (V2.0) PDF | SEVD-2024-044-01 (V2.0) CSAF |
2024/08/13 | EcoStruxure™ OPC UA Server Expert, Modicon Communication Server | CVE-2023-37200 | CWE-611: Improper Restriction of XML External Entity Reference | EcoStruxure™ OPC UA Server Expert (Versions prior to SV2.01 SP2) | SEVD-2023-192-02 (V2.0) PDF | SEVD-2023-192-02 (V2.0) CSAF |
2024/08/13 | Modicon PLCs (Programmable Logic Controllers) and PACs (Programmable Automation Controllers) | CVE-2023-25619 | CWE-754: Improper Check for Unusual or Exceptional Conditions | Modicon M340 CPU (part numbers BMXP34*) | SEVD-2023-101-05 (V4.0) PDF | SEVD-2023-101-05 (V4.0) CSAF |
2024/08/13 | EcoStruxure™ Control Expert, EcoStruxure™ Process Expert and Modicon M340, M580 and M580 CPU Safety | CVE-2022-45789 | CWE-294: Authentication Bypass by Capture-replay vulnerability. | EcoStruxure™ Control Expert | SEVD-2023-010-06 (V5.0) PDF | SEVD-2023-010-06 (V5.0) CSAF |
2024/08/13 | EcoStruxure™ Control Expert, EcoStruxure™ Process Expert and Modicon PLCs (Programmable Logic Controllers) and PACs (Programmable Automation Controllers) | CVE-2022-45788 | CWE-754: Improper Check for Unusual or Exceptional Conditions | Modicon Controllers M241 / M251 | SEVD-2023-010-05 (V6.0) PDF | SEVD-2023-010-05 (V6.0) CSAF |
2024/08/13 | Modicon PAC Controllers | CVE-2021-22786 | CWE-200: Information Exposure | Modicon M340 CPU (part numbers BMXP34*) | SEVD-2022-221-04 (V5.0) PDF | SEVD-2022-221-04 (V5.0) |
2024/08/13 | Modicon PAC Controllers | CVE-2022-37301 | CWE-191: Integer Underflow (Wrap or Wraparound) | Modicon M340 CPU (part numbers BMXP34*) | SEVD-2022-221-02 (V5.0) PDF | SEVD-2022-221-02 (V5.0) CSAF |
2024/08/13 | EcoStruxure™ Control Expert, EcoStruxure™ Process Expert, and Modicon Controllers M580 and M340 | CVE-2022-37300 | CWE-640: Weak Password Recovery Mechanism for Forgotten Password | EcoStruxure™ Control Expert Including all Unity Pro versions (former name of EcoStruxure™ Control Expert) | SEVD-2022-221-01 (V5.0) PDF | SEVD-2022-221-01 (V5.0) CSAF |
2024/08/13 | Modicon PAC Controllers and PLC Simulator for EcoStruxure™ Control Expert and EcoStruxure™ Process Expert | CVE-2021-22789 | CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer | Modicon M580 CPU (part numbers BMEP* and BMEH*) | SEVD-2021-222-04 (V7.0) PDF | SEVD-2021-222-04 (V7.0) CSAF |
2024/08/13 | EcoStruxure™ Control Expert, EcoStruxure™ Process Expert, SCADAPack RemoteConnect™ x70, and Modicon Controllers M580 and M340 | CVE-2021-22778 | CWE-311: Missing Encryption of Sensitive Data | EcoStruxure™ Control Expert | SEVD-2021-194-01 (V9.0) PDF | SEVD-2021-194-01 (V9.0) CSAF |
2024/08/13 | Embedded FTP Servers for Modicon PAC Controllers | CVE-2018-7240 | CWE-327: Use of a Broken or Risky Cryptographic Algorithm | Modicon M340 | SEVD-2018-081-01 (V9.0) PDF | SEVD-2018-081-01 (V9.0) |
2024/03/12 | ISaGRAF Vulnerabilities in IEC 61131-3 Programming and Engineering Tools | CVE-2020-25176 | Schneider Electric is aware of multiple vulnerabilities in ISaGRAF Workbench and ISaGRAF Runtime products. | Easergy T300 | SEVD-2021-159-04 (V7.0) PDF | SEVD-2021-159-04 (V7.0) CSAF |
2024/07/09 | Wiser Home Controller WHC-5918A | CVE-2024-6407 | CWE-200: Information Exposure | Wiser Home Controller WHC-5918A | SEVD-2024-191-01 PDF | SEVD-2024-191-01 CSAF |
2024/07/09 | EcoStruxure™ Foxboro DCS Core Control Services | CVE-2024-5679 | CWE-20: Improper Input Validation | EcoStruxure™ Foxboro DCS Core Control Services (Versions 9.8 and prior) | SEVD-2024-191-02 PDF | SEVD-2024-191-02 CSAF |
2024/07/09 | EcoStruxure™ Foxboro SCADA FoxRTU Station | CVE-2024-2602 | CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | FoxRTU Station (All versions prior to v9.3.0) | SEVD-2024-191-03 PDF | SEVD-2024-191-03 CSAF |
2024/07/09 | Sage RTU | CVE-2024-5560 | CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) | Sage 1410 (Versions C3414-500-S02K5_P8 and prior) | SEVD-2024-163-05 (V2.0) PDF | SEVD-2024-163-05 (V2.0) CSAF |
2024/06/11 | EVlink Home Smart | CVE-2024-5313 | CWE-668: Exposure of the Resource Wrong Sphere | EVlink Home Smart (v2.0.4.1.2_131, v2.0.3.8.2_128) | SEVD-2024-163-03 PDF | SEVD-2024-163-03 CSAF |
2024/06/11 | SpaceLogic AS-P and AS-B Automation Servers | CVE-2024-5558 | CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition | SpaceLogic AS-P (v5.0.3 and prior) | SEVD-2024-163-04 PDF | SEVD-2024-163-04 CSAF |
2024/06/11 | Easy UPS Online Monitoring Software | CVE-2023-29411 | CWE-306: Missing Authentication for Critical Function | APC Easy UPS Online Monitoring Software (v2.5-GA-01-22320 and prior (Windows 10, 11 Windows Server 2016, 2019, 2022)) | SEVD-2023-101-04 (V4.0) PDF | SEVD-2023-101-04 (V4.0) CSAF |
2024/04/09 | Easergy Studio | CVE-2024-2747 | CWE-428: Unquoted search path or element vulnerability | Easergy Studio (Easergy Studio v9.3.3 and prior) | SEVD-2024-100-01 PDF | SEVD-2024-100-01 CSAF |
2024/04/09 | Trio™ Licensed and License-free Data Radios | CVE-2023-5629 | CWE-601: URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability | Trio Q-Series Ethernet Data Radio | SEVD-2023-346-01 (V2.0) PDF | SEVD-2023-346-01 (V2.0) CSAF |
2024/04/06 | Galaxy VS and Galaxy VL | CVE-2023-6032 | CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability | Galaxy VS (v12.21) | SEVD-2023-318-03 (V2.0) PDF | SEVD-2023-318-03 (V2.0) CSAF |
2024/03/12 | Easergy T200 | CVE-2024-2050 | CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) | Easergy T200 Models: T200I, T200E, T200P, T200S, T200H (Modbus) (Version SC2-04MOD-07000104 and prior) | SEVD-2024-072-01 PDF | SEVD-2024-072-01 CSAF |
2024/03/12 | EcoStruxure Power Design - Ecodial | CVE-2024-2229 | CWE-502: Deserialization of Untrusted Data | EcoStruxure Power Design - Ecodial (Ecodial NL All Versions, Ecodial INT All Versions, Ecodial FR All Versions) | SEVD-2024-072-02 PDF | SEVD-2024-072-02 CSAF |
2024/02/13 | EcoStruxure™ Control Expert, EcoStruxure™ Process Expert and Modicon M340, M580 and M580 Safety PLCs | CVE-2023-6408 | CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel | Modicon M340 CPU (part numbers BMXP34*) | SEVD-2024-044-01 PDF | SEVD-2024-044-01 CSAF |
2024/02/13 | Harmony Relay NFC | CVE-2024-0568 | CWE-287: Improper Authentication | Harmony Control Relay RMNF22TB30 (All versions) | SEVD-2024-044-02 PDF | SEVD-2024-044-02 CSAF |
2024/02/13 | EcoStruxure IT Gateway | CVE-2024-0865 | CWE-798: Use of hard-coded credentials | EcoStruxure IT Gateway (1.20.x and prior) | SEVD-2024-044-03 PDF | SEVD-2024-044-03 CSAF |
2024/02/01 | Sustainability Business Division of Schneider Electric Responds to Cybersecurity Incident | N/A | On January 17th, 2024, a ransomware incident affected Schneider Electric Sustainability Business division. | N/A | Cybersecurity Incident Announcement |
|
2024/01/09 | Easergy Studio | CVE-2023-7032 | CWE-502: Deserialization of untrusted data | Easergy Studio (Versions prior to v9.3.50) | SEVD-2024-009-02 PDF | SEVD-2024-009-02 CSAF |
2024/01/09 | EcoStruxure™ Control Expert | CVE-2023-1548 | CWE-668: Exposure of Resource to Wrong Sphere | EcoStruxure™ Control Expert (Versions prior to V16.0) | SEVD-2023-101-03 (V2.0) PDF | SEVD-2023-101-03 (V2.0) CSAF |
2024/01/09 | CODESYS Runtime Vulnerabilities | CVE-2022-4224 | CWE-668: Exposure of Resource to Wrong Sphere | HMISCU Controller | SEVD-2023-101-01 (V2.0) PDF | SEVD-2023-101-01 (V2.0) CSAF |
2024/01/09 | Harmony (formerly known as Magelis) HMI Panels | CVE-2019-6833 | CWE-754 – Improper Check for Unusual or Exceptional Conditions | Harmony/Magelis HMIGK series | SEVD-2019-225-01 (V3.0) PDF | SEVD-2019-225-01 (V3.0) CSAF |
2023/12/12 | ProLeiT Plant iT/Brewmaxx |
| Schneider Electric is aware of a vulnerability in Redis open-source database, affecting its Plant iT product. | Plant iT/Brewmaxx (v9.60 and above) | SEVD-2023-346-02 PDF | SEVD-2023-346-02 CSAF |
2023/12/12 | Easy UPS Online Monitoring Software | CVE-2023-6407 | CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability | Easy UPS Online Monitoring Software (2.6-GA-01-23116 and prior (Windows 10, 11, Windows Server 2016, 2019, 2022)) | SEVD-2023-346-03 PDF | SEVD-2023-346-03 CSAF |
2023/12/12 | PowerLogic ION8650, PowerLogic ION8800 | CVE-2023-5984 | CWE-494 : Download of Code Without Integrity Check vulnerability | ION8650 (all versions) | SEVD-2023-318-01 (V1.1) PDF | SEVD-2023-318-01 (V1.1) CSAF |
2023/11/14 | EcoStruxure Power Monitoring Expert and EcoStruxure™ Power Operation with Advanced Reporting and Dashboards Module | CVE-2023-5986 | CWE-601 URL Redirection to Untrusted Site vulnerability | EcoStruxure™ Power Monitoring Expert (PME) (EcoStruxure™ Power Monitoring Expert (PME) 2021 prior to CU2, EcoStruxure™ Power Monitoring Expert (PME) 2020 prior to CU3) | SEVD-2023-318-02 PDF | SEVD-2023-318-02 CSAF |
2023/10/10 | SpaceLogic C-Bus Toolkit | CVE-2023-5402 | CWE-269: Improper Privilege Management vulnerability | SpaceLogic C-Bus Toolkit (v1.16.2.2 and prior) | SEVD-2023-283-01 PDF | SEVD-2023-283-01 CSAF |
2023/10/10 | EcoStruxure Power Monitoring Expert and EcoStruxure™ | CVE-2023-5391 | CWE-502: Deserialization of untrusted data vulnerability | EcoStruxure™ Power Monitoring Expert (PME) (All versions – prior to application of Hotfix-145271 ) EcoStruxure™ Power Operation with Advanced Reports (All versions – prior to application of Hotfix-145271) | SEVD-2023-283-02 PDF | SEVD-2023-283-02 CSAF |
2023/09/12 | IGSS (Interactive Graphical SCADA System) | CVE-2023-4516 | CWE-306: Missing Authentication for Critical Function vulnerability. | IGSS Update Service | SEVD-2023-255-01 PDF | SEVD-2023-255-01 CSAF |
2023/08/08 | Pro-face GP-Pro EX | CVE-2023-3953 | CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability. | GP-Pro EX WinGP for iPC (v4.09.450 and prior) | SEVD-2023-220-01 PDF | SEVD-2023-220-01 CSAF |
2023/07/11 | StruxureWare Data Center Expert | CVE-2023-37196 | CWE-89: Improper Neutralization of Special Elements | StruxureWare Data Center Expert (now known as EcoStruxure™ IT Data Center Expert) (v7.9.3 and earlier) | SEVD-2023-192-01 PDF | SEVD-2023-192-01 CSAF |
2023/07/11 | Accutech Manager | CVE-2023-29414 | CWE-120: Buffer Copy without Checking Size of Input (Classic Buffer Overflow) | Accutech Manager (Version 2.7 and prior) | SEVD-2023-192-03 PDF | SEVD-2023-192-03 CSAF |
2023/06/13 | EcoStruxure™ Operator Terminal Expert and Pro-face BLUE | CVE-2023-1049 | CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability | EcoStruxure™ Operator Terminal Expert (v3.3 SP1 and prior) | SEVD-2023-164-01 PDF | SEVD-2023-164-01 CSAF |
2023/06/13 | IGSS (Interactive Graphical SCADA System) | CVE-2023-3001 | CWE-502: Deserialization of Untrusted Data | IGSS Dashboard (DashBoard.exe) (v16.0.0.23130 and prior) | SEVD-2023-164-02 PDF | SEVD-2023-164-02 CSAF |
2023/06/13 | Foxboro SCADA |
| Schneider Electric is aware of a vulnerability in the AVEVA™ InTouch component which is included as part of Foxboro SCADA product. | Foxboro SCADA (All versions) | SEVD-2023-164-03 PDF | SEVD-2023-164-03 CSAF |
2023/06/13 | EcoStruxure™ Foxboro DCS Control Core Services | CVE-2023-2569 | CWE-787: Out-of-Bounds Write | EcoStruxure™ Foxboro DCS Control Core Services (All versions prior to patch HF98577958) | SEVD-2023-164-04 PDF | SEVD-2023-164-04 CSAF |
2023/06/13 | PowerLogic ION7400 / PM8000 / ION9000 Power Meters | CVE-2022-46680 | CWE-319: Cleartext transmission of sensitive information | PowerLogic ION9000, PowerLogic ION7400 | SEVD-2023-129-03 PDF (V1.1) | SEVD-2023-129-03 CSAF (V1.1) |
2023/05/09 | OPC Factory Server | CVE-2023-2161 | CWE-611: Improper Restriction of XML External Entity Reference | OPC Factory Server (OFS) (Version prior to V3.63SP2) | SEVD-2023-129-01 PDF | SEVD-2023-129-01 CSAF |
2023/05/09 | EcoStruxure™ Power Operation |
| Schneider Electric is aware of multiple vulnerabilities in the AVEVA™ Plant SCADA product which is included as part of EcoStruxure™ Power Operation, EcoStruxure™ Power SCADA Operation products. | EcoStruxure™ Power Operation (Version 2022, Versions 2021 CU3 and prior) | SEVD-2023-129-02 PDF | SEVD-2023-129-02 CSAF |
2023/05/09 | Power SCADA Anywhere |
| Schneider Electric is aware of multiple vulnerabilities in the AVEVA™ Plant SCADA Access Anywhere which is an optional component of the EcoStruxure™ Power Operation or EcoStruxure™ Power SCADA Operation products. | EcoStruxure™ Power Operation or EcoStruxure™ Power SCADA Operation configured with Power SCADA Anywhere (Power SCADA Anywhere Versions 1.1 and 1.2) | SEVD-2023-129-04 PDF | SEVD-2023-129-04 CSAF |
2023/05/09 | NicheStack TCP/IP Vulnerabilities (INFRA:HALT) in Lexium ILE, ILA, ILS, and Communication Option Boards for Altivar and Lexium32 drives | CVE-2021-31400 | Schneider Electric is aware of multiple vulnerabilities in HCC Embedded’s NicheStack TCP/IP third party component, which is integrated into Schneider Electric’s Lexium ILE, ILA, ILS, Altivar Profinet Communication Module (VW3A3627), Altivar and Lexium Ethernet TCP/IP Communication Module (VW3A3616), and Altivar Profinet - Communication Card (VW3A3327) products. | Lexium ILE ILA ILS firmware version (V01.110 and prior) | SEVD-2021-217-01 (V5.0) PDF | SEVD-2021-217-01 (V5.0) CSAF |
2023/04/26 | KNX Publicly Available Exploit |
| Schneider Electric is aware of publicly available exploit affecting KNX home and building automation systems. The products used in these systems may come from a variety of different vendors, including Schneider Electric spaceLYnk, Wiser for KNX (formerly homeLYnk), and FellerLYnk products. | spaceLYnk | SESB-2023-01 PDF | |
2023/04/11 | Conext™ Gateway/ InsightHome and InsightFacility | CVE-2023-29410 | CWE-20: Improper Input Validation | InsightHome (v1.16 Build 004 and prior) | SEVD-2023-101-02 PDF | SEVD-2023-101-02 CSAF |
2023/04/11 | Easergy Builder | CVE-2022-34755 | CWE-427 - Uncontrolled Search Path Element | Easergy Builder installer (Version 1.7.23 and older) | SEVD-2023-101-06 PDF | SEVD-2023-101-06 CSAF |
2023/04/11 | SCADAPack Workbench | CVE-2022-0221 | CWE-611: Improper Restriction of XML External Entity Reference | SCADAPack Workbench (Version 6.6.8a and prior) | SEVD-2022-087-01 (V2.0) PDF | SEVD-2022-087-01 (V2.0) CASF |
2023/04/11 | CODESYS V3 Runtime, Development System, and Gateway Vulnerabilities | CVE-2021-33485 | Multiple Vulnerabilities | M241/M251 (All Versions) | SEVD-2022-011-06 (V7.0) PDF | SEVD-2022-011-06 (V7.0) CSAF |
2023/03/14 | PowerLogic™ HDPM6000 | CVE-2023-28004 | CWE-129: Improper Validation of an Array Index | PowerLogic™ HDPM6000 (Version 0.58.6 and prior) | SEVD-2023-073-02 PDF | SEVD-2023-073-02 CSAF |
2023/03/14 | IGSS (Interactive Graphical SCADA System) | CVE-2023-27977 | Multiple Vulnerabilities | IGSS Data Server (IGSSdataServer.exe) (V16.0.0.23040 and prior) | SEVD-2023-073-04 PDF | SEVD-2023-073-04 CSAF |
2023/03/14 | EcoStruxure™ Geo SCADA Expert | CVE-2023-22610 | Notification Updated: Adjustment of the deprecated CWE of the CVE-2023-22610. | EcoStruxure™ Geo SCADA Expert 2019, EcoStruxure™ Geo SCADA Expert 2020, EcoStruxure™ Geo SCADA Expert 2021 (All versions prior to October 2022) | SEVD-2023-010-02 (V1.1) PDF | SEVD-2023-010-02 (V1.1) CSAF |
2023/03/14 | IGSS (Interactive Graphical SCADA System) | CVE-2022-32522 | Notification Updated: The CVE-2022-32528 description details have been clarified. | IGSS Data Server (IGSSdataServer.exe) Versions prior to Version 15.0.0.22139 | SEVD-2022-165-01 (V2.1) PDF | SEVD-2022-165-01 (V2.1) CSAF |
2023/02/14 | PLC Simulator on EcoStruxure™ Control Expert and Process Expert | CVE-2020-7559 | CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') | PLC Simulator for EcoStruxure™ Control Expert, all versions | SEVD-2020-315-07 (V4.0) PDF | SEVD-2020-315-07 (V4.0) CSAF |
2023/02/14 | EcoStruxure™ Geo SCADA Expert | CVE-2023-0595 | CWE-117: Improper Output Neutralization for Logs vulnerability. | EcoStruxure™ Geo SCADA Expert 2019, EcoStruxure™ Geo SCADA Expert 2020, EcoStruxure™ Geo SCADA Expert 2021 (All Versions prior to October 2022) | SEVD-2023-045-01 PDF | SEVD-2023-045-01 CSAF |
2023/02/14 | StruxureWare Data Center Expert | CVE-2023-25547 | Multiple Vulnerabilities | StruxureWare Data Center Expert (7.9.2 and earlier) | SEVD-2023-045-02 PDF | SEVD-2023-045-02 CSAF |
2023/02/14 | Merten KNX Devices | CVE-2023-25556 | CWE-287: Improper Authentication vulnerability. | Merten INSTABUS Tastermodul 1fach System M 625199 (Program Version 1.0) | SEVD-2023-045-03 PDF | SEVD-2023-045-03 CSAF |
2023/02/14 | NetBotz 4 -355/450/455/550/570 | CVE-2022-43376 | Multiple Vulnerabilities | NetBotz 4 -355/450/455/550/570 (V4.7.0 and earlier) | SEVD-2022-312-01 (V2.0) PDF | SEVD-2022-312-01 (V2.0) CSAF |
2023/02/14 | Web Server on Modicon M340, Legacy Offers Modicon Quantum and Premium and Associated Communication Modules | CVE-2021-22785 | Notification Updated: A remediation is available for Modicon M340 Ethernet Communication Modules BMXNOE0100 (H) and BMXNOE0110 (H). | Modicon M340 CPUs (BMXP34* versions prior to V3.40) | SEVD-2021-257-02 (V3.0) PDF | SEVD-2021-257-02 (V3.0) CSAF |
2023/02/14 | Modicon Web Server | CVE-2020-7562 | Notification Updated: A remediation is available on Modicon M340 Ethernet Communication Modules BMXNOE0100 (H) and BMXNOE0110 (H). | Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details) | SEVD-2020-315-01 (V4.0) PDF | SEVD-2020-315-01 (V4.0) CSAF |
2023/01/10 | EcoStruxure™ Machine Expert – HVAC (formerly SoMachine - HVAC) | CVE-2022-2988 | CWE-787: Out-of-bounds Write vulnerability. | SoMachine - HVAC (Version 2.1.0 and prior) | SEVD-2023-010-01 PDF | SEVD-2023-010-01 CSAF |
2023/01/10 | EcoStruxure™ Power Operation 2021, EcoStruxure™ Power SCADA Operation 2020 and EcoStruxure™ Power SCADA Operation 2020 R2 | CVE-2022-38138 | CWE-824: Access of uninitialized Pointer vulnerability. | EcoStruxure™ Power SCADA Operation 2020 (Version 2020 and 2020 CU1) | SEVD-2023-010-03 PDF | SEVD-2023-010-03 CSAF |
2023/01/10 | EcoStruxure™ Power SCADA Anywhere | CVE-2022-1467 | CWE-668: Exposure of Resource to Wrong Sphere vulnerability. | EcoStruxure™ Power SCADA Anywhere (Versions 2022, 2021, 2020 R2, 2020, 9.0, 8.x) | SEVD-2023-010-04 PDF | SEVD-2023-010-04 CSAF |
2023/01/11 | Easy UPS Online Monitoring Software | CVE-2022-42970 | Notification Updated: The Easy UPS Online Monitoring Software has been separated by the APC and Schneider Electric brand names. | APC Easy UPS Online Monitoring Software (V2.5-GA and prior (Windows 7, 10, 11 Windows Server 2016, 2019, 2022) (V2.5-GA-01-22261 and prior (Windows 11, Windows Server 2019, 2022)) | SEVD-2022-347-01 (V2.0) PDF | SEVD-2022-347-01 (V2.0) CSAF |
2022/12/13 | Saitel DR RTU | CVE-2020-6996 | CWE-787: Out-of-bounds write vulnerability. | SAITEL DR RTU (Firmware from Baseline_11.06.01 to Baseline_11.06.14) | SEVD-2022-347-02 PDF | SEVD-2022-347-02 CSAF |
2022/12/13 | EcoStruxure Power Commission | CVE-2022-4062 | CWE-285: Improper Authorization vulnerability. | EcoStruxure Power Commission (V2.25 and prior versions) | SEVD-2022-347-03 PDF | SEVD-2022-347-03 CSAF |
2022/11/22 | APC Smart-UPS SMT, SMC, SMX, SCL, SRC, XU, XP, CSH2, SURTD, SMTL, SRT, and select SRTL Series | CVE-2022-22805 | Notification Updated: In the Affected Products and Versions section, new series IDs were added to SMT, SMC, and SMX. Added CSH2 to the available remediations sections. Added mitigations for products with the specified IDs that have been phased out and will not have firmware remediation. | APC Smart-UPS Family and SmartConnect Family (see Security Notification for affected series and versions) | SEVD-2022-067-02 (V7.0) PDF | SEVD-2022-067-02 (V7.0) CSAF |
2022/11/08 | homeLYnk (Wiser For KNX) and spaceLYnk | CVE-2021-22732 | Notification Updated: The CWE for CVE-2021-22737 has been updated. | homeLYnk (Wiser For KNX) and spaceLYnk (V2.60 and prior) | SEVD-2021-130-04 (V2.0) PDF | SEVD-2021-130-04 (V2.0) CSAF |
2022/11/08 | EcoStruxure EV Charging Expert | CVE-2022-22807 | CWE-352: Cross-Site Request Forgery | EcoStruxure EV Charging Expert (formerly known as EVlink Load Management System) (All Versions prior to SP8 (Version 01)V4.0.0.13) | SEVD-2022-039-02 (V2.0) PDF | SEVD-2022-039-02 (V2.0) CSAF |
2022/11/08 | C-Bus Toolkit and C-Gate Server | CVE-2021-22716 | Notification Updated: The CWE for CVE-2021-22716 has been updated. No additional action is required for customers who have already followed the remediation instructions provided. | C-Bus Toolkit V1.15.9 and prior | SEVD-2021-103-01 (V4.0) PDF | SEVD-2021-103-01 (V4.0) CSAF |
2022/10/14 | EcoStruxure™ Power Operation 2021, EcoStruxure™ Power SCADA Operation 2020 and EcoStruxure™ Power SCADA Operation 2020 R2 | CVE-2022-22727 | Notification Updated: There is an update to the EcoStruxure™ Power SCADA Operation 2020 remediation advising customers to move to 2020 R2 instead of 2020 CU2. | EcoStruxure™ Power SCADA Operation 2020 Version 2020 and 2020 CU1 (Version 2020 and 2020 CU1) | SEVD-2022-284-04 (V1.1) PDF | SEVD-2022-284-04 (V1.1) CSAF |
2022/10/11 | EcoStruxure™ Operator Terminal Expert and Pro-face BLUE | CVE-2022-41666 | Multiple Vulnerabilities | EcoStruxure™ Operator Terminal Expert (V3.3 Hotfix 1 or prior) | SEVD-2022-284-01 PDF | SEVD-2022-284-01 CSAF |
2022/10/11 | EcoStruxure™ Panel Server Box (PAS900) | CVE-2022-30790 | Multiple Vulnerabilities | EcoStruxure™Panel Server Box (PAS900) (V3.1.16 and prior) | SEVD-2022-284-02 PDF | SEVD-2022-284-02 CSAF |
2022/10/11 | ISaGRAF Workbench for SAGE RTU | CVE-2022-2463 | Multiple Vulnerabilities | SAGE RTU C3414 CPU (Current) with optional ISaGRAF software versions prior to 6.6.10 (All firmware versions prior to C3414-500-S02K5_P5) | SEVD-2022-284-03 PDF | SEVD-2022-284-03 CSAF |
2022/10/11 | Apache Log4j Vulnerability (Log4Shell) | CVE-2021-44228 | Notification Updated: A remediation is now available for Netbotz 750/755. | Schneider Electric is aware of the vulnerabilities impacting Apache Log4j, including CVE-2021-44228, also known as Log4Shell. Our cybersecurity team is actively investigating the impact of the vulnerability on Schneider Electric offers and will continuously update this notification as information becomes available. | SESB-2021-347-01 (V14.0) PDF | SESB-2021-214-01 (V2.14) CSAF |
2022/09/13 | EcoStruxure Machine SCADA Expert and Pro-face BLUE Open Studio | N/A | Deserialization of Untrusted Data vulnerability exists that can lead to arbitrary code execution, information disclosure, or denial of services when the project file is loaded. | EcoStruxure Machine SCADA Expert 2020 Service Pack 2 (V20.0.2 or prior) | SEVD-2022-256-01 PDF | SEVD-2022-256-01 CSAF |
2022/09/13 | Wind River VxWorks Vulnerabilities (URGENT/11) | CVE-2019-12256 | Notification Updated: CANopen X80 Communication Module (BMECXM0100) and Profibus Remote Master (TCSEGPA23F14F) added to the list of affected products, along with their final mitigations. | See Security Notification for specific product versions affected. | SESB-2019-214-01 (V2.14) PDF | SESB-2019-214-01 CSAF (V2.14) |
2022/09/13 | Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and Associated Communication Modules | CVE-2020-7549 | Notification Updated: A fix is available for Modicon M340 X80 Ethernet Communication Module BMXNOC0401. | Modicon M340 CPUs (BMXP34* versions prior to V3.30) | SEVD-2020-343-06 (V2.0) PDF | SEVD-2020-343-06 (V2.0) CSAF |
2022/09/13 | Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and Associated Communication Modules | CVE-2020-7535 | Notification Updated: A remediation is available for ModiconM340 X80 Ethernet Communication Modules BMXNOC0401. | Modicon M340 | SEVD-2020-343-05 (V3.0) PDF | SEVD-2020-343-05 (V3.0) CSAF |
2022/09/13 | SNMP Service on Modicon M340 and Associated Communication Modules | CVE-2020-7536 | Notification Updated: A remediation is available for Modicon M340 X80 Ethernet Communication module BMXNOC0401. | Modicon M340 CPUs (BMXP34* versions prior to V3.30) | SEVD-2020-343-07 (V2.1) PDF | SEVD-2020-343-07 (V2.1) CSAF |
2022/08/19 | OPC UA and X80 advanced RTU Modicon Communication Modules | CVE-2022-34759 | Notification Updated: There is a remediation for the X80 Advanced RTU Communication Module (BMENOR2200). | OPC UA Modicon Communication Module (BMENUA0100) V1.10 and prior | SEVD-2022-193-01 (V3.0) PDF | SEVD-2022-193-01 (V3.0) CSAF |
2022/08/09 | Treck TCP/IP Vulnerabilities (Ripple20) | CVE-2020-11896 | Notification Updated - A remediation is available for the ATV6000 Medium Voltage Altivar Process Drive. | See Security Notification | SEVD-2020-175-01 (V2.18) PDF | SEVD-2020-175-01 (V2.18) CSAF |
2022/08/09 | EcoStruxure™ Control Expert | CVE-2022-37302 | CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability. | EcoStruxure™ Control Expert (V15.1 HF001 and prior) | SEVD-2022-221-03 PDF | SEVD-2022-221-03 CSAF |
2022/07/12 | SpaceLogic C-Bus Home Controller, formerly known as C-Bus Wiser Home Controller MK2 | CVE-2022-34753 | CWE-78: Improper Neutralizationof Special Elements used in an OS Command ('OS Command Injection') | SpaceLogic C-Bus Home Controller (5200WHC2), formerly known as C-Bus Wiser Homer Controller MK2 V1.31.460 and prior | SEVD-2022-193-02 PDF | SEVD-2022-193-02 CSAF |
2022/07/12 | Acti9 PowerTag Link C | CVE-2022-34754 | CWE-269: Improper Privilege Management | Acti9 PowerTag Link C (A9XELC10-A) V1.7.5 and prior | SEVD-2022-193-03 PDF | SEVD-2022-193-03 CSAF |
2022/07/12 | Easergy P5 | CVE-2022-34756 | Multiple Vulnerabilities | Easergy P5 Firmware V01.401.102 and prior | SEVD-2022-193-04 PDF | SEVD-2022-193-04 CSAF |
2022/07/12 | IGSS (Interactive Graphical SCADA System) | CVE-2022-24324 | Notification Updated: An additional vulnerability, CVE-2022-2329, was remediated with the released patch. | IGSS Data Server (V15.0.0.22073 and prior) | SEVD-2022-102-01 (V2.0) PDF | SEVD-2022-102-01 (V2.0) CSAF |
2022/07/12 | AT&T Labs Compressor (XMill) and Decompressor (XDemill) used by EcoStruxure™ Control Expert | CVE-2021-21810 | Notification Updated: A release is available for SCADAPack RemoteConnect™ R2.7.3 that addresses workstation vulnerabilities. | EcoStruxure™ Control Expert (All versions prior to V15.1 HF001 including former Unity Pro) | SEVD-2021-222-02 (V4.0) PDF | SEVD-2021-222-02 (V4.0) CSAF |
2022/07/12 | EcoStruxure™ Control Expert | CVE-2021-22797 | Notification Updated: A release is available for SCADAPack RemoteConnect™ R2.7.3 that addresses workstation vulnerabilities. | EcoStruxure™ Control Expert (All versions including former Unity Pro) | SEVD-2021-257-01 (V3.0) PDF | SEVD-2021-257-01 (V3.0) CSAF |
2022/06/16 | Data Center Expert | CVE-2022-32518 | CWE-257: Storing Passwords in a Recoverable Format | Data Center Expert (V7.9.0 and prior) | SEVD-2022-165-04 (V2.0) PDF | SEVD-2022-165-04 (V2.0) CSAF |
2022/06/14 | Conext™ Combox | CVE-2022-32515 | Multiple Vulnerabilities | Conext™ ComBox All Versions | SEVD-2022-165-03 PDF | SEVD-2022-165-03 CSAF |
2022/06/14 | Geo SCADA Mobile | CVE-2022-32530 | CWE-668: Exposure of Resource to Wrong Sphere | Geo SCADA Mobile Version Build 222 and prior | SEVD-2022-165-02 PDF | SEVD-2022-165-02 CSAF |
2022/06/14 | EcoStruxure Power Commission | CVE-2022-0223 | Multiple Vulnerabilities | EcoStruxure Power Commission Versions prior to V2.22 | SEVD-2022-165-05 PDF | SEVD-2022-165-05 CSAF |
2022/06/14 | Schneider Electric C-Bus Home Automation Products | CVE-2022-32513 | Multiple Vulnerabilities | Schneider Electric C-Bus Network Automation Controller - LSS5500NAC V1.10.0 and prior | SEVD-2022-165-06 PDF | SEVD-2022-165-06 CSAF |
2022/06/14 | CanBRASS | CVE-2022-32512 | CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer | CanBRASS Versions prior to V7.5.1 | SEVD-2022-165-07 PDF | SEVD-2022-165-07 CSAF |
2022/06/14 | EcoStruxure™ Cybersecurity Admin Expert | CVE-2022-32747 | Multiple Vulnerabilities | EcoStruxure™ Cybersecurity Admin Expert(CAE) Versions 2.2 and prior | SEVD-2022-165-08 PDF | SEVD-2022-165-08 CSAF |
2022/06/14 | EcoStruxure Power Build - Rapsody | CVE-2021-22697 | Notification Update: These vulnerabilities have been fixed in V2.1.3. | EcoStruxure Power Build - Rapsody software V2.1.13 and prior | SEVD-2021-012-02 (V2.0) PDF | SEVD-2021-012-02 (V2.0) CSAF |
2022/06/14 | EcoStruxure™ Control Expert | CVE-2022-24322 | Notification Updated: Added SCADAPack RemoteConnect™ to the list of affected products, which is impacted on versions prior to R2.7.3 through the integration of EcoStruxure™ Control Expert. | EcoStruxure™ Control Expert Version 15.0 SP1 and prior | SEVD-2022-067-01 (V2.0) PDF | SEVD-2022-067-01 (V2.0) CSAF |
2022/05/10 | PowerLogic ION Setup | CVE-2022-30232 | CWE-20: Improper Input Validation | PowerLogic ION Setup Versions prior to 3.2.22096.01 | SEVD-2022-130-01 PDF | SEVD-2022-130-01 CSAF |
2022/05/10 | Saitel DP RTU | CVE-2020-6996 | CWE-787: Out-of-bounds Write | Saitel DP RTU Firmware Version Baseline_09.00.00 to Baseline_11.06.23 | SEVD-2022-130-02 PDF | SEVD-2022-130-02 CSAF |
2022/05/10 | Wiser Smart | CVE-2022-30234 | Multiple Vulnerabilities | Wiser Smart EER21000 V4.5 and prior and Wiser Smart EER21001 V4.5 and prior | SEVD-2022-130-03 PDF | SEVD-2022-130-03 CSAF |
2022/05/10 | APC by Schneider Electric Network Management Cards (NMC) and NMC Embedded Devices | CVE-2021-22810 | Notification Updated: Remediations added for remaining affected products: APC Power Distribution products, Cooling products, Environmental Monitoring products, and Battery Management products. | Network Management Card 2 (NMC2), Network Management Card 3 (NMC3), and the NMC embedded devices including: | SEVD-2021-313-03 (V2.0) PDF | SEVD-2021-313-03 (V2.0) CSAF |
2022/04/13 | APT Cyber Tools Targeting ICS/SCADA Devices Security Bulletin |
|
| Schneider Electric, working in close collaboration with the United States Department of Energy, Homeland Security, and cybersecurity defense partner, Mandiant, identified and developed protective measures to defend against APT (Advanced Persistent Threat) Cyberattack Tools/Framework still in development that would target a set of our Programmable Logic Controllers (PLCs) products. | SESB-2022-01 | |
2022/03/08 | Ritto Wiser™ Door | CVE-2021-22783 | CWE-200: Information Exposure | Ritto Wiser™ Door (All versions) | SEVD-2022-067-03 PDF | SEVD-2022-067-03 CSAF |
2022/03/08 | Windows Print Spooler Embedded in EcoStruxure™ Process Expert | CVE-2021-34527 | Notification Updated - EcoStruxure™ Process Expert 2021 includes a fix for these vulnerabilities | EcoStruxure™ Process Expert (All versions prior to V2021) | SEVD-2021-313-04 (V2.0) PDF | SEVD-2021-313-04 (V2.0) CSAF |
2022/02/08 | IGSS (Interactive Graphical SCADA System) | CVE-2022-24310 | Multiple Vulnerabilities | IGSS Data Server: IGSSdataServer.exe (V15.0.0.22020 and prior) | SEVD-2022-039-01 PDF | SEVD-2022-039-01 CSAF |
2022/02/08 | Easergy P40 | CVE-2022-22813 | CWE-798: Use of Hard-coded Credentials | Easergy P40 Series model numbers with Ethernet option bit as Q, R, S (All PX4X firmware versions) | SEVD-2022-039-03 PDF | SEVD-2022-039-03 CSAF |
2022/02/08 | spaceLYnk, Wiser For KNX, fellerLYnk | CVE-2022-22809 | Multiple Vulnerabilities | spaceLYnk (V2.6.2 and prior) | SEVD-2022-039-04 PDF | SEVD-2022-039-04 CSAF |
2022/02/08 | EcoStruxure Geo SCADA Expert | CVE-2022-24318 | Multiple Vulnerabilities | ClearSCADA (All Versions) | SEVD-2022-039-05 PDF | SEVD-2022-039-05 CSAF |
2022/02/08 | Harmony/Magelis iPC SeriesHMI | CVE-2021-22817 | CWE-276: Incorrect Default Permissions | Harmony/Magelis iPC Series (All Versions) | SEVD-2022-039-06 PDF | SEVD-2022-039-06 CSAF |
2022/01/11 | Ethernet and Web server on Modicon M340 controller and Communication Modules | CVE-2022-22724 | CWE-352: Cross-Site Request Forgery (CSRF) & CWE-400: Uncontrolled Resource Consumption | Modicon M340 CPUs (BMXP34 - All Versions) | SEVD-2022-011-01 PDF | SEVD-2022-011-01 CSAF |
2022/01/11 | Easergy T300 | CVE-2020-8597 | CWE-120: Buffer Copy without Checking Size of Input | Easergy T300 (Only products connected to a 3G/4G network using the following T300 modems are vulnerable: | SEVD-2022-011-02 PDF | SEVD-2022-011-02 CSAF |
2022/01/11 | Easergy P5 | CVE-2022-22722 | CWE-798: Use of Hard-coded Credentials & CWE-120: Buffer Copy without Checking Size of Input | Easergy P5 (All firmware versions prior to V01.401.101) | SEVD-2022-011-03 PDF | SEVD-2022-011-03 CSAF |
2022/01/11 | Easergy P3 | CVE-2022-22725 | CWE-120: Buffer Copy without Checking Size of Input | Easergy P3 (All versions prior to V30.205) | SEVD-2022-011-04 PDF | SEVD-2022-011-04 CSAF |
2022/01/11 | ConneXium Tofino Firewall and Loadable Security Modules | CVE-2021-30061 | Multiple Vulnerabilities | ConneXium Tofino Firewall – part number TCSEFEA23F3F22 - Version prior to v03.23 | SEVD-2022-011-05 PDF | SEVD-2022-011-05 CSAF |
2022/01/11 | EcoStruxure™ Power Monitoring Expert | CVE-2022-22726 | Multiple Vulnerabilities | EcoStruxure Power Monitoring Expert (All Versions 2020 and prior) | SEVD-2022-011-07 PDF | SEVD-2022-011-07 CSAF |
2021/12/14 | EVlink City / Parking / Smart Wallbox Charging Stations | CVE-2021-22724 | Multiple Vulnerabilties | EVlink City (EVC1S22P4 / EVC1S7P4) | SEVD-2021-348-02 PDF | SEVD-2021-348-02 CSAF |
2021/12/14 | IGSS (Interactive Graphical SCADA System) | CVE-2021-22823 | CWE-306: Missing Authentication for Critical Function | IGSS Data Collector (dc.exe) (V15.0.0.21320 and prior) | SEVD-2021-348-01 PDF | SEVD-2021-348-01 CSAF |
2021/12/14 | EcoStruxure™ Power Monitoring Expert | CVE-2021-22826 | Multiple Vulnerabilties | EcoStruxure™ Power Monitoring Expert V9.0 and prior | SEVD-2021-348-03 | |
2021/12/14 | APC by Schneider Electric Rack PDU | CVE-2021-22825 | CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | AP7xxxx and AP8xxx with NMC2. (V6.9.6 and prior) | SEVD-2021-348-04 PDF | SEVD-2021-348-04 CSAF |
2021/12/14 | Web Server on Modicon M580 Controllers and Communication Modules (V4.0) | CVE-2019-6848 | Multiple Vulnerabilities (December 2021 Update: A fix is now available for CVE-2019-6849 on the BMENOC0321) | Modicon M580 | SEVD-2019-281-04 (V4.0) | |
2021/11/09 | Cyber Attacks against KNX Systems Improperly Exposed to the Internet |
|
| Schneider Electric is aware of confirmed reports of cyber-attacks targeting KNX home and building automation systems utilizing a KNXnet/IP Ethernet to KNX gateway or router that has been improperly exposed to the Internet. | SESB-2021-313-01 | |
2021/11/09 | SCADAPack 300E Series RTU | CVE-2021-22816 | CWE-754: Improper Check for Unusual or Exceptional Conditions | SCADAPack 312E, 313E, 314E, 330E, 333E, 334E, 337E, 350E and 357E RTUs with firmware V8.18.1 and prior | SEVD-2021-313-01 PDF | SEVD-2021-313-01 CSAF |
2021/11/09 | Schneider Electric Software Update (SESU) | CVE-2021-22799 | CWE-331: Insufficient Entropy | Schneider Electric Software Update, V2.3.0 through V2.5.1 | SEVD-2021-313-02 PDF | SEVD-2021-313-02 CSAF |
2021/11/09 | TelevisAir Dongle BTLE | - | - | TelevisAir V3.0 Dongle BTLE (part number ADBT42* and prior) | SEVD-2021-313-06 | |
2021/11/09 | Eurotherm GUIcon | CVE-2021-22807 | Multiple Vulnerabilities | Eurotherm by Schneider Electric GUIcon Version 2.0 (Build 683.003) and prior | SEVD-2021-313-07 PDF | SEVD-2021-313-07 CSAF |
2021/10/12 | spaceLYnk | CVE-2021-22806 | CWE-669: Incorrect Resource Transfer Between Spheres | spaceLYnk V2.6.1 and prior | SEVD-2021-285-01 PDF | SEVD-2021-285-01 CSAF |
2021/10/12 | ConneXium Network Manager (CNM) Software | CVE-2021-22801 | CWE-269: Improper Privilege Management | ConneXium Network Manager (Ethernet network management software) – all versions | SEVD-2021-285-02 PDF | SEVD-2021-285-02 CSAF |
2021/10/12 | IGSS (Interactive Graphical SCADA System) | CVE-2021-22802 | Multiple Vulnerabilties | IGSS Data Collector (dc.exe) V15.0.0.21243 and prior | SEVD-2021-285-03 PDF | SEVD-2021-285-03 CSAF |
2021/10/12 | Modicon M218 Logic Controller | CVE-2021-22800 | CWE-20: Improper Input Validation | Modicon M218 logic controller firmware version v5.1.0.6 and prior. | SEVD-2021-285-04 PDF | SEVD-2021-285-04 CSAF |
2021/10/12 | Conext™ Advisor & Conext™ Control V2 | CVE-2019-11135 | Multiple Vulnerabilities | Conext™ Advisor 2 Cloud 2.02 and below | SEVD-2021-285-05 PDF | SEVD-2021-285-05 CSAF |
2021/10/12 | Embedded TCP/IP Stacks Vulnerabilities (AMNESIA:33) in Modicon TM5 modules | CVE-2020-13987 | Multiple Vulnerabilities | TM5CSLC100FS: safety logic controller Firmware V2.56 and prior | SEVD-2021-285-06 | |
2021/10/12 | Microsoft Remote Desktop Services (DejaBlue) (V5.0) | CVE-2019-1181 | Multiple Vulnerabilities (Notification Updated) | Multiple Products | SEVD-2019-267-01 (V5.0) | |
2021/10/12 | Intel Microarchitectural Data Sampling (ZombieLoad) (V6.0) | CVE-2018-12126 | Multiple Vulnerabilities (Notification Updated) | Multiple Products | SEVD-2019-193-01 (V6.0) | |
2021/10/12 | Microsoft Remote Desktop Services (BlueKeep) (V7.0) | CVE-2019-0708 | Remote Code Execution (Notification Updated) | Multiple Products | SEVD-2019-193-02 (V7.0) | |
2021/09/14 | StruxureWare Data Center Expert | CVE-2021-22794 | Multiple Vulnerabilities | StruxureWare Data Center Expert versions 7.8.1 and prior. | SEVD-2021-257-03 PDF | SEVD-2021-257-03 CSAF |
2021/09/14 | Conext™ ComBox | CVE-2021-22798 | CWE-522: Insufficiently Protected Credentials | Conext™ ComBox, all versions | SEVD-2021-257-04 | |
2021/09/14 | Treck TCP/IPv6 Vulnerabilities (V4.0) | CVE-2020-27336 | Multiple Vulnerabilities (Notification Updated) | ATV340E Altivar Machine Drives | SEVD-2020-353-01 (V4.0) | |
2021/08/10 | Harmony/Magelis HMI Products configured by Vijeo Designer,Vijeo Designer Basic and EcoStruxure Machine Expert | CVE-2021-22704 | CWE-22: Improper Limitation of a Pathname to a Restricted Directory | Harmony/HMI Products Configured by Vijeo Designer (all versions prior to V6.2 SP11 ) | SEVD-2021-222-01 | |
2021/08/10 | Pro-face GP-Pro EX | CVE-2021-22775 | CWE-427: Uncontrolled Search Path Element | GP-Pro EX V4.09.250 and prior | SEVD-2021-222-03 PDF | SEVD-2021-222-03 CSAF |
2021/08/10 | AccuSine PCSn/PCS+/PFV+ | CVE-2021-22793 | CWE-200: Exposure of Sensitive Information to an Unauthorized Actor | AccuSine PCS+ / PFV+ (Versions prior to V1.6.7) and AccuSine PCSn (Versions prior to V2.2.4) | SEVD-2021-222-05 PDF | SEVD-2021-222-05 CSAF |
2021/08/10 | CODESYS V2 Vulnerabilities in ProgrammableAutomation Controller (PacDrive) M | CVE-2021-30186 | Multiple Vulnerabilities | Programmable Automation Controller (PacDrive) M, all versions | SEVD-2021-222-06 PDF | SEVD-2021-222-06 CSAF |
2021/08/10 | NTZ Mekhanotronika Rus. LLC SHAIIS-MT-111, SHASU-MT-107 and SHFK-MT, and SHFK-MT-104 Control Panels | CVE-2021-34527 | Multiple Vulnerabilities | SHAIIS-MT-111 | SEVD-2021-222-07 | |
2021/08/10 | NTZ Mekhanotronika Rus. LLC SHFK-MT-104 Control Panels | CVE-2021-31166 | HTTP Protocol Stack Remote Code Execution | SHFK-MT-104 Control Panels | SEVD-2021-222-08 | |
2021/08/10 | Embedded Web Server for Modicon X80 BMXNOR0200H RTU Module (V2.0) | CVE-2021-22749 | CWE-200: Exposure of Sensitive Information to an Unauthorized Actor | Modicon X80 BMXNOR0200H RTU SV1.70 IR22 and prior | SEVD-2021-159-05 (V2.0) | |
2021/08/10 | Treck HTTP Server Vulnerability on TM3 Bus Coupler Modules (V2.0) | CVE-2020-25066 | Heap-Based Overflow | TM3 Bus Coupler (EIP firmware version 2.1.50.2 and prior) | SEVD-2020-353-02 (V2.0) PDF | SEVD-2020-353-02 (V2.0) CSAF |
2021/08/10 | Web Server on Modicon M340 | CVE-2020-7540 | CWE-306: Missing Authentication for Critical Function | Modicon M340 CPUs (BMXP34* all versions prior to V3.30) | SEVD-2020-343-04 (V2.0) PDF | SEVD-2020-343-04 (V2.0) CSAF |
2021/08/10 | Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (V2.0) | CVE-2020-7539 | Multiple Vulnerabilities | Modicon M340 CPUs (BMXP34* versions prior to V3.30) | SEVD-2020-343-03 (V2.0) PDF | SEVD-2020-343-03 (V2.0) CSAF |
2021/07/13 | Easergy T300 | CVE-2021-22769 | Multiple Vulnerabilities | Easergy T300 with firmware V2.7.1 and prior | SEVD-2021-194-02 | |
2021/07/13 | SoSafe Configurable | CVE-2021-22777 | CWE-502: Deserialization of Untrusted Data | SoSafe Configurable prior to V1.8.1 | SEVD-2021-194-03 PDF | SEVD-2021-194-03 CSAF |
2021/07/13 | C-Bus Toolkit | CVE-2021-22784 | CWE-287: Improper Authentication | C-Bus Toolkit V1.15.8 and prior | SEVD-2021-194-04 PDF | SEVD-2021-194-04 CSAF |
2021/07/13 | Easergy T200 | CVE-2021-22772 | CWE-306: Missing Authentication for Critical Function | Easergy T200 (Modbus) SC2-04MOD-07000100 and earlier | SEVD-2021-194-05 PDF | SEVD-2021-194-05 CSAF |
2021/07/13 | EVlink City / Parking / Smart Wallbox Charging Stations | CVE-2021-22706 | Multiple Vulnerabilities | All versions prior to R8 V3.4.0.1 of EVlink City (EVC1S22P4 / EVC1S7P4), EVlink Parking (EVW2 / EVF2 / EV.2), and EVlink Smart Wallbox (EVB1A) | SEVD-2021-194-06 | |
2021/07/13 | APC by Schneider Electric Network Management Cards (Ripple20) (V2.3) | CVE-2020-11896 | Multiple Vulnerabilities (Notification Updated) | APC Network Management Card 1 (NMC1) | SEVD-2020-174-01 (V2.3) PDF | SEVD-2020-174-01 (V2.3) CSAF |
2021/07/13 | EcoStruxure™ Control Expert, EcoStruxure™ Process Expert and RemoteConnect™ (V2.0) | CVE-2020-7560 | CWE-123 - Write-what-where Condition | EcoStruxure Control Expert (versions prior to v15.0 SP1) | SEVD-2020-343-01 (V2.0) PDF | SEVD-2020-343-01 (V2.0) CSAF |
2021/07/13 | Triconex Models 3009 MP and TCM 4351B (V1.1) | CVE-2021-22742 | Multiple Vulnerabilities | Triconex Model 3009 MP and TCM 4351B installed on Tricon v11.3.x systems. | SEVD-2021-130-03 (V1.1) | |
2021/06/08 | IGSS (Interactive Graphical SCADA System) | CVE-2021-22750 | Multiple Vulnerabilities | IGSS Definition (Def.exe) V15.0.0.21140 and prior | SEVD-2021-159-01 PDF | SEVD-2021-159-01 CSAF |
2021/06/08 | PowerLogic EGX100 and PowerLogicEGX300 | CVE-2021-22763 | Multiple Vulnerabilities | EGX100 (All Versions) | SEVD-2021-159-03 PDF | SEVD-2021-159-03 CSAF |
2021/06/08 | Enerlin'X Com’X 510 | CVE-2021-22769 | CWE-269: Improper Privilege Management | Enerlin’X Com’X versions prior to V6.8.4 | SEVD-2021-159-06 | |
2021/06/08 | EcoStruxure™ Machine Expert and Modicon M218/M241/M251/M262 | CVE-2020-10245 | Multiple Vulnerabilities (Notification Updated) | EcoStruxure™ Machine Expert and Modicon M218/M241/M251/M262 | SEVD-2021-130-06 (V2.0) | |
2021/05/11 | Modicon Managed Switch | CVE-2021-22731 | CWE-640: Weak Password Recovery Mechanism for Forgotten Password | Modicon Managed Switch MCSESM* and MCSESP* V8.21 and prior | SEVD-2021-130-01 PDF | SEVD-2021-130-01 CSAF |
2021/05/11 | Harmony HMI Products Configured by Vijeo Designer or EcoStruxure Machine Expert | CVE-2021-22705 | CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer | Harmony HMI Products Configured by Vijeo Designer (all versions prior to V6.2 SP11 ) or EcoStruxur Machine Expert (all versions prior to V2.0) | SEVD-2021-130-02 | |
2021/05/11 | Modicon M241 and M251 Logic Controllers | CVE-2021-22699 | CWE-20: Improper Input Validation | Modicon M241/M251 logic controllers firmware prior to V5.1.9.1 | SEVD-2021-130-05 PDF | SEVD-2021-130-05 CSAF |
2021/05/11 | EcoStruxure™ Geo SCADA Expert | CVE-2021-22741 | CWE-916: Use of Password Hash with Insufficient Computational Effort | ClearSCADA (all versions) | SEVD-2021-130-07 PDF | SEVD-2021-130-07 CSAF |
2021/05/11 | Modicon Controllers, EcoStruxure™ Control Expert and Unity Pro Programming Software (V3.0) | CVE-2020-7475 | CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') (Notification Updated) | EcoStruxure™ Control Expert: all versions prior to V15.0 | SEVD-2020-080-01 (V3.0) PDF | SEVD-2020-080-01 (V3.0) CSAF |
2021/04/13 | NTZ Mekhanotronika Rus. LLC SHFK-MT-104, SHASU-MT-107 and SHAIIS-MT-111 Control Panels | CVE-2019-1040 | Multiple Vulnerabilities | SHFK-MT-104 | SEVD-2021-103-02 | |
2021/04/13 | Schneider Electric Floating License Manager | CVE-2019-8960 | Multiple Vulnerabilities (Notification Updated) | Schneider Electric Floating License Manager V2.4.0.0 and earlier | SEVD-2020-196-02 (V1.3) | |
2021/04/15 | PowerLogic ION8650 / ION8800 / ION7x50 / ION7700/73xx / ION83xx/84xx/85xx/8600 Power Meters | CVE-2021-22713 | CWE-119: Improper restriction of operations within the bounds of a memory buffer | ION8650 / ION8800 / ION7x50 / ION7700/73xx / ION83xx/84xx/85xx/8600 (See notification for affected versions) | SEVD-2021-068-03 (V2.0) PDF | |
2021/03/09 | IGSS (Interactive Graphical SCADA System) | CVE-2021-22709 | Multiple Vulnerabilities | IGSS Definition (Def.exe) version 15.0.0.21041 and prior | SEVD-2021-068-01 PDF | SEVD-2021-068-01 CSAF |
2021/03/09 | PowerLogic ION7400 / PM8000 / ION9000 Power Meters | CVE-2021-22714 | CWE-119: Improper restriction of operations within the bounds of a memory buffer | All versions prior to V3.0.0 of ION7400, ION9000, and ION8000 | SEVD-2021-068-02 PDF | SEVD-2021-068-02 CSAF |
2021/02/09 | PowerLogic Power Metering Products | CVE-2021-22701 | Multiple Vulnerabilities | ION7400 | SEVD-2021-040-01 PDF | SEVD-2021-040-01 CSAF |
2021/01/12 | EcoStruxure™ Operator Terminal Expert (Vijeo XD), Pro-face BLUE and WinGP runtime | CVE-2020-7544 | CWE-269 Improper Privilege Management (Notification Updated) | EcoStruxure™ Operator Terminal Expert Runtime 3.1 Service Pack 1A and prior | SEVD-2020-315-02 (V2.0) PDF | SEVD-2020-315-02 (V2.0) CSAF |
2021/01/12 | Modicon M100/M200/M221 Programmable Logic Controllers (V3.0) | CVE-2020-7565 | CWE-200: Exposure of Sensitive Information to an Unauthorized Actor | Modicon M100/M200/M221 (all references) (all versions) | SEVD-2020-315-05 (V3.0) PDF | SEVD-2020-315-05 (V3.0) CSAF |
2020/12/08 | EcoStruxure™ Geo SCADA Expert | CVE-2020-28219 | CWE-522: Insufficiently Protected Credentials | EcoStruxure Geo SCADA Expert 2019 (Original release and Monthly Updates to September 2020, from 81.7268.1 to 81.7578.1) | SEVD-2020-343-02 PDF | SEVD-2020-343-02 CSAF |
2020/12/08 | Modicon M580 | CVE-2020-7537 | Multiple Vulnerabilities | Modicon M580 CPUs (BMEx58xxxxx prior to version 3.20) | SEVD-2020-343-08 PDF | SEVD-2020-343-08 CSAF |
2020/12/08 | Modicon M258 Logic Controllers and SoMachine/ SoMachine Motion Software | CVE-2020-28220 | CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer | Modicon M258 Firmware (All versions prior to V5.0.4.11) | SEVD-2020-343-09 PDF | SEVD-2020-343-09 CSAF |
2020/12/08 | Easergy T300 | CVE-2020-7561 | Multiple Vulnerabilities (Notification Updated) | Easergy T300 with firmware 2.7 and older | SEVD-2020-315-06 (V2.0) PDF | SEVD-2020-315-06 (V2.0) CSAF |
2020/12/08 | Wibu-Systems CodeMeter Vulnerabilities | CVE-2020-14509 | Multiple Vulnerabilities | EcoStruxure Machine Expert (formerly known as SoMachine and SoMachine Motion) | SEVD-2020-287-02 (V1.1) PDF | SEVD-2020-287-02 (V1.1) CSAF |
2020/11/10 | Interactive Graphical SCADA System (IGSS) | CVE-2020-7550 | Multiple Vulnerabilities | IGSS Definition (Def.exe) version 14.0.0.20247 and prior | SEVD-2020-315-03 PDF | SEVD-2020-315-03 CSAF |
2020/11/10 | EcoStruxure Building Operation (EBO) | CVE-2020-7569 | Multiple Vulnerabilities | WebReports V1.9 - V3.1 WebStation (V2.0 - V3.1) | SEVD-2020-315-04 PDF | SEVD-2020-315-04 CSAF |
2020/11/10 | Trio Q and J Data Radios | - | Drovorub malware | Trio Q and J Data Radios | SESB-2020-315-01 | |
2020/11/10 | EcoStruxure™ Operator Terminal Expert (Vijeo XD) | CVE-2020-7493 | Multiple Vulnerabilities | EcoStruxure™ Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD) | SEVD-2020-133-04 (V3.0) | |
2020/11/10 | Modicon M218/M241/M251/M258 Logic Controllers SoMachine/SoMachine Motion EcoStruxure™ Machine Expert | CVE-2020-7487 | Multiple Vulnerabilities | All versions | SEVD-2020-105-02 (V1.1) PDF | SEVD-2020-105-02 (V1.1) CSAF |
2020/10/13 | Web Server on Modicon M340 | CVE-2020-7533 | CWE-287: Improper Authentication | M340 CPUs | SEVD-2020-287-01 (V1.1) PDF | SEVD-2020-287-01 (V1.1) CSAF |
2020/10/13 | Smartlink | CVE-2020-7548 | CWE-330 - Use of Insufficiently Random Values | Acti9 Smartlink SI D all versions prior to 002.004.002 | SEVD-2020-287-03 PDF | SEVD-2020-287-03 CSAF |
2020/10/13 | EcoStruxure™ and SmartStruxure™ Power Monitoring and SCADA Software | CVE-2020-7545 | Multiple Vulnerabilities | EcoStruxure™ Power Monitoring Expert versions 9.0, 8.x, 7.x | SEVD-2020-287-04 PDF | SEVD-2020-287-04 CSAF |
2020/10/13 | Netlogon Elevation of Privilege Vulnerability | CVE-2020-1472 | Multiple Vulnerabilities | Elevation of privilege vulnerability | SESB-2020-287-01 | |
2020/10/13 | Modbus Serial Driver | CVE-2020-7523 | CWE-269: Improper Privilege Management | Schneider Electric Modbus Serial Driver (64 bits) versions prior to V3.20 IE 30 | SEVD-2020-224-01 (V1.1) PDF | SEVD-2020-224-01 (V1.1) CSAF |
2020/10/13 | SCADAPack 7x Remote Connect and SCADAPack x70 Security Administrator | CVE-2020-7528 | Multiple Vulnerabilities | SCADAPack 7x Remote Connect (V3.6.3.574 and prior) and SCADAPack x70 Security Administrator (V1.2.0 and prior) | SEVD-2020-252-01 (V2.0) PDF | SEVD-2020-252-01 (V2.0) CSAF |
2020/08/11 | spaceLYnk and Wiser for KNX (formerly homeLYnk) | CVE-2020-7525 | CWE-307: Improper Restriction of Excessive Authentication Attempts | All hardware versions of spaceLYnk and Wiser for KNX (formerly homeLYnk) | SEVD-2020-224-02 PDF | SEVD-2020-224-02 CSAF |
2020/08/11 | Modicon M218 Logic Controller | CVE-2020-7524 | CWE-787:Out-of-bounds Write | Modicon M218 Logic Controller V5.0.0.7 and prior | SEVD-2020-224-03 PDF | SEVD-2020-224-03 CSAF |
2020/08/11 | APC Easy UPS On-Line Software | CVE-2020-7521 | Multiple Vulnerabilities | SFAPV9601 - APC Easy UPS On-Line Software V2.0 and earlier | SEVD-2020-224-04 PDF | SEVD-2020-224-04 CSAF |
2020/08/11 | PowerChute Business Edition | CVE-2020-7526 | CWE-20: Improper Input Validation | PowerChute Business Edition software V9.0.x and earlier | SEVD-2020-224-05 PDF | SEVD-2020-224-05 CSAF |
2020/08/11 | Harmony® eXLhoist | CVE-2019-19193 | Bluetooth Low Energy Vulnerability (SweynTooth) | Harmony® eXLhoist base stations v04.00.02.00 and prior | SEVD-2020-224-06 PDF | SEVD-2020-224-06 CSAF |
2020/08/11 | SoMove | CVE-2020-7527 | CWE-276: Incorrect Default Permission | SoMove V2.8.1 and prior | SEVD-2020-224-07 PDF | SEVD-2020-224-07 CSAF |
2020/08/11 | Schneider Electric PACTware | CVE-2020-9403 | Multiple Vulnerabilities | Schneider Electric PACTware V5.0.5.30 and prior. | SEVD-2020-224-08 PDF | SEVD-2020-224-08 CSAF |
2020/08/11 | Vijeo Designer and Vijeo Designer Basic | CVE-2020-7501 | CWE-798: Use of Hard-coded Credentials | Vijeo Designer Basic V1.1 HotFix 16 and prior | SEVD-2020-133-02 (V1.1) PDF | SEVD-2020-133-02 (V1.1) CSAF |
2020/08/11 | Vijeo Designer and Vijeo Designer Basic | CVE-2020-7490 | CWE-426: Untrusted Search Path | Vijeo Designer Basic (V1.1 HotFix 15 and prior) and Vijeo Designer (V6.2 SP9 and prior) | SEVD-2020-105-03 (V1.2) PDF | SEVD-2020-105-03 (V1.2) CSAF |
2020/07/14 | Schneider Electric Software Update (SESU) | CVE-2020-7520 | CWE-601: URL Redirection to Untrusted Site ('Open Redirect') | SESU V2.4.0 and earlier | SEVD-2020-196-01 PDF | SEVD-2020-196-01 CSAF |
2020/06/23 | Security Bulletin: Treck TCP/IP Vulnerabilities (Ripple20) | CVE-2020-11896 | Multiple Vulnerabilities | See Security Bulletin | SESB-2020-168-01 (V2.0) | |
2020/06/23 | Legacy Triconex Product Vulnerabilities | CVE-2020-7483 | Multiple Vulnerabilities | See Security Bulletin | SESB-2020-105-01 (V2.1) | |
2020/06/09 | Modicon M218 Logic Controller | CVE-2020-7502 | CWE-787: Out-of-bounds Write Vulnerability | Modicon M218 firmware version 4.3 and prior | SEVD-2020-161-01 PDF | SEVD-2020-161-01 CSAF |
2020/06/09 | Unity Loader and OS Loader Software | CVE-2020-7498 | CWE-798: Use of Hard-coded Credentials | Unity Loader - All versions | SEVD-2020-161-02 | |
2020/06/09 | Modicon LMC078 Logic Controller | CVE-2020-10664 | NULL Pointer Dereference | Modicon LMC Logic Controller running with firmware version V1.51.15.05 and later | SEVD-2020-161-03 PDF | SEVD-2020-161-03 CSAF |
2020/06/09 | Easergy T300 | CVE-2020-7503 | Multiple Vulnerabilities | Easergy T300 with firmware 1.5.2. and older | SEVD-2020-161-04 PDF | SEVD-2020-161-04 CSAF |
2020/06/09 | Easergy Builder | CVE-2020-7514 | Multiple Vulnerabilities | Easergy Builder version 1.4.7.2 and older | SEVD-2020-161-05 PDF | SEVD-2020-161-05 CSAF |
2020/06/09 | GoAhead Web Server | CVE-2015-7937 | Stack-based buffer overflow | BMXNOC0401 (all versions prior to v2.09) | SEVD-2015-344-01 (V2.0) PDF | SEVD-2015-344-01 (V2.0) CSAF |
2020/05/12 | Pro-face GP-Pro EX Programming Software | CVE-2020-7492 | CWE-521: Weak Password Requirements | GP-Pro EX V1.00 to V4.09.100 | SEVD-2020-133-01 | |
2020/05/12 | U.motion Servers and Touch Panels | CVE-2020-7499 | Multiple Vulnerabilities | All versions of: MTN6501-0001 – U.Motion – KNX Server, MTN6501-0002 – U.Motion – KNX Server Plus | SEVD-2020-133-03 PDF | SEVD-2020-133-03 CSAF |
2020/05/12 | Andover Continuum System | CVE-2020-7480 | Multiple Vulnerabilities | All Continuum versions are affected | SEVD-2020-070-04 (V2.1) PDF | SEVD-2020-070-04 (V2.1) CSAF |
2020/05/12 | Embedded Web Servers for Modicon | CVE-2018-7804 | Multiple Vulnerabilities | All Modicon M340, Premium | SESB-2018-327-01 (V3.2) | |
2020/04/14 | Modicon M100/M200/M221 controllers | CVE-2020-7489 | CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') | All versions | SEVD-2020-105-01 PDF | SEVD-2020-105-01 CSAF |
2020/04/14 | Modicon Controllers, EcoStruxure™Control Expert and Unity Pro Programming Software | CVE-2019-6855 | CWE-285 Improper Authorization | EcoStruxure™ Control Expert: all versions prior to 14.1 Hot Fix | SEVD-2019-344-02 (V2.0) | |
2020/03/10 | IGSS (Interactive Graphical SCADA System) | CVE-2020-7478 | Multiple Vulnerabilities | Versions 14 and prior using the service: IGSSupdate. | SEVD-2020-070-01 PDF | SEVD-2020-070-01 CSAF |
2020/03/10 | Modicon Quantum Ethernet Network module and Quantum / Premium COPRO | CVE-2020-7477 | CWE-754: Improper Check for Unusual or Exception Conditions | Quantum Ethernet Network module 140NOE771x1, versions 7.0 and prior | SEVD-2020-070-02 PDF | SEVD-2020-070-02 CSAF |
2020/03/10 | ZigBee Installation Toolkit | CVE-2020-7476 | CWE-426: Untrusted Search Path | Versions prior to 1.0.1 | SEVD-2020-070-03 PDF | SEVD-2020-070-03 CSAF |
2020/02/11 | ProSoft Configurator for Modicon PMEPXM0100 (H) | CVE-2020-7474 | CWE-427: Uncontrolled Search Path Element | ProSoft Configurator v1.002 and prior, for the PMEPXM0100 (H) module | SEVD-2020-042-01 PDF | SEVD-2020-042-01 CSAF |
2020/02/11 | U.motion Builder Software | CVE-2018-7763 | Security Notification Updated | All versions prior to v1.3.4 | SEVD-2018-095-01 (V1.2) PDF | SEVD-2018-095-01 (V1.2) CSAF |
2020/01/28 | EcoStruxure™ Operator Terminal Expert | - | Security Bulletin | EcoStruxure™ Operator Terminal Expert software | SESB-2020-028-01 | |
2020/01/14 | MSX Configurator | CVE-2019-6858 | CWE-427:Uncontrolled Search Path Element | Software Version prior to V1.0.8.1 | SEVD-2020-014-01 PDF | SEVD-2020-014-01 CSAF |
See all archived security notifications
See all archived security notifications
Need help?
Product Selector
Quickly and easily find the right products and accessories for your applications.
Get a Quote
Start your sales inquiry online and an expert will connect with you.
Where to buy?
Easily find the nearest Schneider Electric distributor in your location.
Help Center
Find support resources for all your needs, in one place.