schneider electric

Top products

The 15 most recently published vulnerabilities affecting schneider electric.

• CVE-2026-6332Clear Text Storage of Sensitive Information on EcoStruxure™ Machine Expert HVAC7.5May 14, 2026
• CVE-2026-6866Initialization of a Resource with an Insecure Default vulnerability on EcoStruxure™ Panel Server7.5May 12, 2026
• CVE-2026-6865Improper Limitation of a Pathname to a Restricted Directory Vulnerability on Multiple Products7.1May 12, 2026
• CVE-2026-4827Insufficient Entropy vulnerability on Multiple Products8.3May 12, 2026
• CVE-2026-2401CWE-532 Insertion of Sensitive Information into Log File vulnerability exists that could cause confidential information to be exposed when a Web Admin user executes a malicious file provided by an...5.0Apr 14, 2026
• CVE-2026-2400CWE-93 Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability exists that could cause application user credentials to reset when a Web Admin user alters the POST /setPCBEDesc ...4.3Apr 14, 2026
• CVE-2026-2403CWE-1284 Improper Validation of Specified Quantity in Input vulnerability exists that could cause Event and Data Log truncation impacting log integrity when a Web Admin user alters the POST /logset...4.3Apr 14, 2026
• CVE-2026-2405CWE-400 Uncontrolled Resource Consumption vulnerability exists that could cause excessive troubleshooting zip file creation and denial of service when a Web Admin user floods the system with POST /...6.5Apr 14, 2026
• CVE-2026-2402CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists that would allow an attacker to gain access to the user account by performing an arbitrary number of authentic...5.3Apr 14, 2026
• CVE-2026-2404CWE-116 Improper Encoding or Escaping of Output vulnerability exists that could cause log injection and forged log when an attacker alters the POST /j_security check request payload.5.3Apr 14, 2026
• CVE-2026-2399CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause critical files overwritten with text data when a Web Admin user alters th...6.1Apr 14, 2026
• CVE-2026-4832CWE-798 Use of Hard-coded Credentials vulnerability exists that could cause unauthorized access to sensitive device information when an unauthenticated attacker is able to interrogate the SNMP port.5.3Apr 14, 2026
• CVE-2026-2273CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exist that could cause execution of untrusted commands on the engineering workstation which could result in a limited...8.2Mar 10, 2026
• CVE-2026-1286CWE-502: Deserialization of untrusted data vulnerability exists that could lead to loss of confidentiality, integrity and potential remote code execution on workstation when an admin authenticated ...6.5Mar 10, 2026
• CVE-2025-13902CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause condition where authenticated attackers can have a victim’s brows...5.4Mar 10, 2026