CVSS: 6.9EPSS: 0%CPEs: 2EXPL: 0CVE-2025-0814
https://notcve.org/view.php?id=CVE-2025-0814
13 Feb 2025 — CWE-20: Improper Input Validation vulnerability exists that could cause Denial-of-Service of the network services running on the product when malicious IEC61850-MMS packets are sent to the device. The core functionality of the breaker remains intact during the attack. CWE-20: Improper Input Validation vulnerability exists that could cause Denial-of-Service of the network services running on the product when malicious IEC61850-MMS packets are sent to the device. The core functionality of the breaker remains ... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-042-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-042-04.pdf • CWE-20: Improper Input Validation •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2025-0815
https://notcve.org/view.php?id=CVE-2025-0815
13 Feb 2025 — CWE-20: Improper Input Validation vulnerability exists that could cause Denial-of-Service of the product when malicious ICMPV6 packets are sent to the device. CWE-20: Improper Input Validation vulnerability exists that could cause Denial-of-Service of the product when malicious ICMPV6 packets are sent to the device. • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-042-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-042-04.pdf • CWE-20: Improper Input Validation •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2025-0816
https://notcve.org/view.php?id=CVE-2025-0816
13 Feb 2025 — CWE-20: Improper Input Validation vulnerability exists that could cause Denial-of-Service of the product when malicious IPV6 packets are sent to the device. CWE-20: Improper Input Validation vulnerability exists that could cause Denial-of-Service of the product when malicious IPV6 packets are sent to the device. • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-042-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-042-04.pdf • CWE-20: Improper Input Validation •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0327
https://notcve.org/view.php?id=CVE-2025-0327
13 Feb 2025 — CWE-269: Improper Privilege Management vulnerability exists for two services (of which one managing audit trail data and the other acting as server managing client request) that could cause a loss of Confidentiality, Integrity and Availability of engineering workstation when an attacker with standard privilege modifies the executable path of the windows services. To be exploited, services need to be restarted. CWE-269: Improper Privilege Management vulnerability exists for two services (of which one managin... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-042-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-042-03.pdf • CWE-269: Improper Privilege Management •
CVSS: 8.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-1070
https://notcve.org/view.php?id=CVE-2025-1070
13 Feb 2025 — CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could render the device inoperable when a malicious file is downloaded. CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could render the device inoperable when a malicious file is downloaded. • https://download.schneider-electric.com/files?p_Doc_Ref=sevd-2025-042-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-042-01.pdf • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.7EPSS: 0%CPEs: 2EXPL: 0CVE-2025-1060
https://notcve.org/view.php?id=CVE-2025-1060
13 Feb 2025 — CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists that could result in the exposure of data when network traffic is being sniffed by an attacker. CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists that could result in the exposure of data when network traffic is being sniffed by an attacker. • https://download.schneider-electric.com/files?p_Doc_Ref=sevd-2025-042-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-042-01.pdf • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 8.7EPSS: 0%CPEs: 2EXPL: 0CVE-2025-1059
https://notcve.org/view.php?id=CVE-2025-1059
13 Feb 2025 — CWE-770: Allocation of Resources Without Limits or Throttling vulnerability exists that could cause communications to stop when malicious packets are sent to the webserver of the device. CWE-770: Allocation of Resources Without Limits or Throttling vulnerability exists that could cause communications to stop when malicious packets are sent to the webserver of the device. • https://download.schneider-electric.com/files?p_Doc_Ref=sevd-2025-042-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-042-01.pdf • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 8.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-1058
https://notcve.org/view.php?id=CVE-2025-1058
13 Feb 2025 — CWE-494: Download of Code Without Integrity Check vulnerability exists that could render the device inoperable when malicious firmware is downloaded. CWE-494: Download of Code Without Integrity Check vulnerability exists that could render the device inoperable when malicious firmware is downloaded. • https://download.schneider-electric.com/files?p_Doc_Ref=sevd-2025-042-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-042-01.pdf • CWE-494: Download of Code Without Integrity Check •
CVSS: 6.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-10083
https://notcve.org/view.php?id=CVE-2024-10083
13 Feb 2025 — CWE-20: Improper Input Validation vulnerability exists that could cause denial of service of engineering workstation when specific driver interface is invoked locally by an authenticated user with crafted input. CWE-20: Improper Input Validation vulnerability exists that could cause denial of service of engineering workstation when specific driver interface is invoked locally by an authenticated user with crafted input. • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-042-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-042-02.pdf • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8401
https://notcve.org/view.php?id=CVE-2024-8401
28 Jan 2025 — CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability exists when an authenticated attacker modifies folder names within the context of the product. CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability exists when an authenticated attacker modifies folder names within the context of the product. • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-254-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-254-02.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •