schneider-electric

Top products

The 15 most recently published vulnerabilities affecting schneider-electric.

• CVE-2026-6332Clear Text Storage of Sensitive Information on EcoStruxure™ Machine Expert HVAC7.5May 14, 2026
• CVE-2026-2401CWE-532 Insertion of Sensitive Information into Log File vulnerability exists that could cause confidential information to be exposed when a Web Admin user executes a malicious file provided by an...5.0Apr 14, 2026
• CVE-2026-2400CWE-93 Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability exists that could cause application user credentials to reset when a Web Admin user alters the POST /setPCBEDesc ...4.3Apr 14, 2026
• CVE-2026-2403CWE-1284 Improper Validation of Specified Quantity in Input vulnerability exists that could cause Event and Data Log truncation impacting log integrity when a Web Admin user alters the POST /logset...4.3Apr 14, 2026
• CVE-2026-2405CWE-400 Uncontrolled Resource Consumption vulnerability exists that could cause excessive troubleshooting zip file creation and denial of service when a Web Admin user floods the system with POST /...6.5Apr 14, 2026
• CVE-2026-2402CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists that would allow an attacker to gain access to the user account by performing an arbitrary number of authentic...5.3Apr 14, 2026
• CVE-2026-2404CWE-116 Improper Encoding or Escaping of Output vulnerability exists that could cause log injection and forged log when an attacker alters the POST /j_security check request payload.5.3Apr 14, 2026
• CVE-2026-2399CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause critical files overwritten with text data when a Web Admin user alters th...6.1Apr 14, 2026
• CVE-2025-13845CWE-416: Use After Free vulnerability that could cause remote code execution when the end user imports the malicious project file (SSD file) into Rapsody.7.8Jan 15, 2026
• CVE-2025-13844CWE-415: Double Free vulnerability exists that could cause heap memory corruption when the end user imports a malicious project file (SSD file) shared by the attacker into Rapsody.5.3Jan 15, 2026
• CVE-2024-10575CWE-862: Missing Authorization vulnerability exists that could cause unauthorized access when enabled on the network and potentially impacting connected devices.9.8Nov 13, 2024
• CVE-2024-9409CWE-400: An Uncontrolled Resource Consumption vulnerability exists that could cause the device to become unresponsive resulting in communication loss when a large amount of IGMP packets is present ...7.5Nov 13, 2024
• CVE-2024-8422CWE-416: Use After Free vulnerability exists that could cause arbitrary code execution, denial of service and loss of confidentiality & integrity when application user opens a malicious Zelio Soft ...7.8Oct 8, 2024
• CVE-2024-8306CWE-269: Improper Privilege Management vulnerability exists that could cause unauthorized access, loss of confidentiality, integrity and availability of the workstation when non-admin authenticated...7.8Sep 11, 2024
• CVE-2024-6407CWE-200: Information Exposure vulnerability exists that could cause disclosure of credentials when a specially crafted message is sent to the device.9.8Jul 11, 2024