CVSS: 10.0EPSS: 0%CPEs: 7EXPL: 0CVE-2024-37036
https://notcve.org/view.php?id=CVE-2024-37036
12 Jun 2024 — CWE-787: Out-of-bounds Write vulnerability exists that could result in an authentication bypass when sending a malformed POST request and particular configuration parameters are set. CWE-787: Existe una vulnerabilidad de escritura fuera de los límites que podría provocar una omisión de autenticación al enviar una solicitud POST con formato incorrecto y se establecen parámetros de configuración particulares. CWE-787: Out-of-bounds Write vulnerability exists that could result in an authentication bypass when ... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-163-05.pdf • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-5560
https://notcve.org/view.php?id=CVE-2024-5560
12 Jun 2024 — CWE-125: Out-of-bounds Read vulnerability exists that could cause denial of service of the device’s web interface when an attacker sends a specially crafted HTTP request. CWE-125: Existe una vulnerabilidad de lectura fuera de los límites que podría causar denegación de servicio de la interfaz web del dispositivo cuando un atacante envía una solicitud HTTP especialmente manipulada. CWE-125: Out-of-bounds Read vulnerability exists that could cause denial of service of the device’s web interface when an attack... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-163-05.pdf • CWE-125: Out-of-bounds Read •
CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0CVE-2024-5557
https://notcve.org/view.php?id=CVE-2024-5557
12 Jun 2024 — CWE-532: Insertion of Sensitive Information into Log File vulnerability exists that could cause exposure of SNMP credentials when an attacker has access to the controller logs. CWE-532: Existe una vulnerabilidad de inserción de información confidencial en el archivo de registro que podría causar la exposición de las credenciales SNMP cuando un atacante tiene acceso a los registros del controlador. CWE-532: Insertion of Sensitive Information into Log File vulnerability exists that could cause exposure of SNM... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-163-04.pdf • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 6.4EPSS: 0%CPEs: 4EXPL: 0CVE-2024-5558
https://notcve.org/view.php?id=CVE-2024-5558
12 Jun 2024 — CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability exists that could cause escalation of privileges when an attacker abuses a limited admin account. CWE-367: Existe una vulnerabilidad de condición de ejecución de tiempo de verificación y tiempo de uso (TOCTOU) que podría provocar una escalada de privilegios cuando un atacante abusa de una cuenta de administrador limitada. CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability exists that could cause escalation of priv... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-163-04.pdf • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-5313
https://notcve.org/view.php?id=CVE-2024-5313
12 Jun 2024 — CWE-668: Exposure of the Resource Wrong Sphere vulnerability exists that exposes a SSH interface over the product network interface. This does not allow to directly exploit the product or make any unintended operation as the SSH interface access is protected by an authentication mechanism. Impacts are limited to port scanning and fingerprinting activities as well as attempts to perform a potential denial of service attack on the exposed SSH interface. CWE-668: Existe exposición a la vulnerabilidad Resource ... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-163-03.pdf • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-5056
https://notcve.org/view.php?id=CVE-2024-5056
12 Jun 2024 — CWE-552: Files or Directories Accessible to External Parties vulnerability exists which may prevent user to update the device firmware and prevent proper behavior of the webserver when specific files or directories are removed from the filesystem. CWE-552: Existe una vulnerabilidad de archivos o directorios accesibles a terceros que puede impedir que el usuario actualice el firmware del dispositivo e impedir el comportamiento adecuado del servidor web cuando se eliminan archivos o directorios específicos de... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-163-01.pdf • CWE-552: Files or Directories Accessible to External Parties •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-2229 – Schneider Electric EcoStruxure Power Design - Ecodial BinSerializer Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-2229
18 Mar 2024 — CWE-502: Deserialization of Untrusted Data vulnerability exists that could cause remote code execution when a malicious project file is loaded into the application by a valid user. CWE-502: Existe una vulnerabilidad de deserialización de datos no confiables que podría causar la ejecución remota de código cuando un usuario válido carga un archivo de proyecto malicioso en la aplicación. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric EcoStru... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-072-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-072-02.pdf • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-2052
https://notcve.org/view.php?id=CVE-2024-2052
18 Mar 2024 — CWE-552: Files or Directories Accessible to External Parties vulnerability exists that could allow unauthenticated files and logs exfiltration and download of files when an attacker modifies the URL to download to a different location. CWE-552: Existe una vulnerabilidad de archivos o directorios accesibles a terceros que podría permitir la filtración y descarga de archivos y registros no autenticados cuando un atacante modifica la URL para descargarlos en una ubicación diferente. CWE-552: Files or Directori... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-072-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-072-01.pdf • CWE-552: Files or Directories Accessible to External Parties •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-2051
https://notcve.org/view.php?id=CVE-2024-2051
18 Mar 2024 — CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could cause account takeover and unauthorized access to the system when an attacker conducts brute-force attacks against the login form. CWE-307: Existe una vulnerabilidad de restricción inadecuada de intentos de autenticación excesivos que podría provocar la apropiación de cuentas y el acceso no autorizado al sistema cuando un atacante realiza ataques de fuerza bruta contra el formulario de inicio de sesión. CWE-30... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-072-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-072-01.pdf • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0865 – Schneider Electric EcoStruxure IT Gateway Hard-Coded Credentials Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-0865
21 Feb 2024 — CWE-798: Use of hard-coded credentials vulnerability exists that could cause local privilege escalation when logged in as a non-administrative user. CWE-798: Existe una vulnerabilidad en el uso de credenciales codificadas que podría provocar una escalada de privilegios locales al iniciar sesión como usuario no administrativo. This vulnerability allows local attackers to escalate privileges on affected installations of Schneider Electric EcoStruxure IT Gateway. An attacker must first obtain the ability to ex... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-044-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-044-03.pdf • CWE-798: Use of Hard-coded Credentials •