Search Results (810 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-5296 1 Schneider-electric 1 Software Update Utility 2026-04-15 7.3 High
CWE-59: Improper Link Resolution Before File Access ('Link Following') vulnerability exists that could cause arbitrary data to be written to protected locations, potentially leading to escalation of privilege, arbitrary file corruption, exposure of application and system information or persistent denial of service when a low-privileged attacker tampers with the installation folder.
CVE-2025-54924 1 Schneider-electric 2 Ecostruxure Power Monitoring Expert, Ecostruxure Power Operation With Advanced Reports 2026-04-15 7.5 High
CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists that could cause unauthorized access to sensitive data when an attacker sends a specially crafted document to a vulnerable endpoint.
CVE-2025-11566 1 Schneider-electric 1 Powerchute Serial Shutdown 2026-04-15 N/A
CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that would allow an attacker on the local network to gain access to the user account by performing an arbitrary number of authentication attempts with different credentials on the /REST/shutdownnow endpoint.
CVE-2025-11565 1 Schneider-electric 1 Powerchute Serial Shutdown 2026-04-15 N/A
CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause elevated system access when a Web Admin user on the local network tampers with the POST /REST/UpdateJRE request payload.
CVE-2024-10498 1 Schneider-electric 1 Powerlogic Hdpm6000 2026-04-15 6.5 Medium
CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could allow an unauthorized attacker to modify configuration values outside of the normal range when the attacker sends specific Modbus write packets to the device which could result in invalid data or loss of web interface functionality.
CVE-2025-54926 1 Schneider-electric 2 Ecostruxure Power Monitoring Expert, Ecostruxure Power Operation With Advanced Reports 2026-04-15 7.2 High
CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause remote code execution when an authenticated attacker with admin privileges uploads a malicious file over HTTP which then gets executed.
CVE-2024-8518 1 Schneider-electric 1 Zelio Soft 2 2026-04-15 3.3 Low
CWE-20: Improper Input Validation vulnerability exists that could cause a crash of the Zelio Soft 2 application when a specially crafted project file is loaded by an application user.
CVE-2024-8530 1 Schneider-electric 1 Data Center Expert 2026-04-15 5.9 Medium
CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause exposure of private data when an already generated “logcaptures” archive is accessed directly by HTTPS.
CVE-2024-8938 1 Schneider-electric 3 Modicon M340, Modicon Mc80, Modicon Momentum Unity M1e Processor 2026-04-15 8.1 High
CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause a potential arbitrary code execution after a successful Man-In-The-Middle attack followed by sending a crafted Modbus function call to tamper with memory area involved in memory size computation.
CVE-2025-54927 1 Schneider-electric 2 Ecostruxure Power Monitoring Expert, Ecostruxure Power Operation With Advanced Reports 2026-04-15 4.9 Medium
CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause unauthorized access to sensitive files when an authenticated attackers uses a crafted path input that is processed by the system.
CVE-2025-9996 1 Schneider-electric 1 Blmon 2026-04-15 N/A
CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause the execution of any shell command when executing a netstat command using BLMon Console in an SSH session.
CVE-2025-6625 1 Schneider-electric 12 Bmxngd0100, Bmxngd0100 Firmware, Bmxnoc0401 and 9 more 2026-04-15 7.5 High
CWE-20: Improper Input Validation vulnerability exists that could cause a Denial Of Service when specific crafted FTP command is sent to the device.
CVE-2024-8933 1 Schneider-electric 3 Modicon M340, Modicon Mc80, Modicon Momentum Unity M1e Processor 2026-04-15 7.5 High
CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability exists that could cause retrieval of password hash that could lead to denial of service and loss of confidentiality and integrity of controllers. To be successful, the attacker needs to inject themself inside the logical network while a valid user uploads or downloads a project file into the controller.
CVE-2024-8935 1 Schneider-electric 3 Modicon M340 Bmxp341000, Modicon Mc80 Bmkc8020301, Modicon Momentum Unity M1e Processor 2026-04-15 7.5 High
CWE-290: Authentication Bypass by Spoofing vulnerability exists that could cause a denial of service and loss of confidentiality and integrity of controllers when conducting a Man-In-The-Middle attack between the controller and the engineering workstation while a valid user is establishing a communication session. This vulnerability is inherent to Diffie Hellman algorithm which does not protect against Man-In-The-Middle attacks.
CVE-2024-6918 1 Schneider-electric 1 Accutech Manager 2026-04-15 7.5 High
CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability exists that could cause a crash of the Accutech Manager when receiving a specially crafted request over port 2536/TCP.
CVE-2024-8936 1 Schneider-electric 1 Modicon M340 2026-04-15 6.5 Medium
CWE-20: Improper Input Validation vulnerability exists that could lead to loss of confidentiality of controller memory after a successful Man-In-The-Middle attack followed by sending a crafted Modbus function call used to tamper with memory.
CVE-2025-8448 1 Schneider-electric 2 Ecostruxure Building Operation Enterprise Server, Ecostruxure Workstation 2026-04-15 N/A
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could cause unauthorized access to sensitive credential data when an attacker is able to capture local SMB traffic between a valid user within the BMS network and the vulnerable products.
CVE-2025-13905 1 Schneider-electric 2 Ecostruxure Process Expert, Ecostruxure Process Expert For Aveva System Platform 2026-04-15 N/A
CWE-276: Incorrect Default Permissions vulnerability exists that could cause privilege escalation through the reverse shell when one or more executable service binaries are modified in the installation folder by a local user with normal privilege upon service restart.
CVE-2025-11567 1 Schneider-electric 1 Powerchute Serial Shutdown 2026-04-15 N/A
CWE-276: Incorrect Default Permissions vulnerability exists that could cause elevated system access when the target installation folder is not properly secured.
CVE-2025-11739 1 Schneider-electric 2 Ecostruxure Power Monitoring Expert, Ecostruxure Power Operation With Advanced Reporting And Dashboards 2026-03-11 N/A
CWE‑502: Deserialization of Untrusted Data vulnerability exists that could cause arbitrary code execution with administrative privileges when a locally authenticated attacker sends a crafted data stream, triggering unsafe deserialization.