S

Schneider-Electric Security Vulnerabilities (CVE)

Explore vulnerabilities and security advisories affecting Schneider-Electric products.

55 known CVE vulnerabilities tracked

Critical
12
High
29
Medium
14
Low
0
None
0

Vulnerabilities By Year

1
2014
4
2017
6
2018
6
2019
18
2020
15
2021
5
2022

Products Affected

Modicon M221 Firmware 9 Modicon M580 Firmware 5 Powerlogic Egx100 Firmware 4 Modicon M340 Bmxp341000 4 Modicon M340 Bmxp342020 Firmware 4 Powerlogic Pm5560 Firmware 3 Modicon Tsxety4103 Firmware 3 Powerlogic Ion7400 Firmware 3 Ecostruxure Machine Expert 2 Modicon Tm221Ce16R Firmware 2 Somachine Basic 2 Floating License Manager 1 Modbus Firmware 1 Modicon M100 Firmware 1 Bmx P34X Firmware 1 140Noe77101 Firmware 1 Ecostruxure Building Operation 1 Enterprise Server Installer 1 Modicon M258 Firmware 1 Modicon M241 Firmware 1 Modicon M340 Firmware 1 Modicon M340 Bmxp341000 Firmware 1 Powerlogic Ion8650 Firmware 1 Ecostruxure Control Expert 1 Smt Series 1015 Ups Firmware 1

All Schneider-Electric CVEs

Recent Highest Score Oldest
CVE-2018-7795
5.4 medium

A Cross Protocol Injection vulnerability exists in Schneider Electric's PowerLogic (PM5560 prior to FW version 2.5.4) product. The vulnerability makes the product susceptible to cross site scripting attack on its web browser. User inputs can be manipulated to cause execution of java script code.

Powerlogic Pm5560 Firmware Aug 29, 2018
CVE-2018-7789
7.5 high

An Improper Check for Unusual or Exceptional Conditions vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to remotely reboot Modicon M221 using crafted programing protocol frames.

Modicon M221 Firmware Aug 29, 2018
CVE-2017-6030
6.5 medium

A Predictable Value Range from Previous Values issue was discovered in Schneider Electric Modicon PLCs Modicon M221, firmware versions prior to Version 1.5.0.0, Modicon M241, firmware versions prior to Version 4.0.5.11, and Modicon M251, firmware versions prior to Version 4.0.5.11. The affected prod

Modicon M241 Firmware Jun 30, 2017
CVE-2017-6034
9.8 critical

An Authentication Bypass by Capture-Replay issue was discovered in Schneider Electric Modicon Modbus Protocol. Sensitive information is transmitted in cleartext in the Modicon Modbus protocol, which may allow an attacker to replay the following commands: run, stop, upload, and download.

Modbus Firmware Jun 30, 2017
CVE-2017-7575
9.8 critical

Schneider Electric Modicon TM221CE16R 1.3.3.3 devices allow remote attackers to discover the application-protection password via a \x00\x01\x00\x00\x00\x05\x01\x5a\x00\x03\x00 request to the Modbus port (502/tcp). Subsequently the application may be arbitrarily downloaded, modified, and uploaded.

Modicon Tm221Ce16R Firmware Apr 6, 2017
CVE-2017-7574
9.8 critical

Schneider Electric SoMachine Basic 1.4 SP1 and Schneider Electric Modicon TM221CE16R 1.3.3.3 devices have a hardcoded-key vulnerability. The Project Protection feature is used to prevent unauthorized users from opening an XML protected project file, by prompting the user for a password. This XML fil

Modicon Tm221Ce16R Firmware Apr 6, 2017
CVE-2014-0759
5.9 medium

Unquoted Windows search path vulnerability in Schneider Electric Floating License Manager 1.0.0 through 1.4.0 allows local users to gain privileges via a Trojan horse application with a name composed of an initial substring of a path that contains a space character.

Floating License Manager Feb 28, 2014