CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2025-3116
https://notcve.org/view.php?id=CVE-2025-3116
10 Jun 2025 — CWE-20: Improper Input Validation vulnerability exists that could cause Denial of Service when an authenticated malicious user sends special malformed HTTPS request containing improper formatted body data to the controller. CWE-20: Improper Input Validation vulnerability exists that could cause Denial of Service when an authenticated malicious user sends special malformed HTTPS request containing improper formatted body data to the controller. • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-161-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-161-02.pdf • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-3905
https://notcve.org/view.php?id=CVE-2025-3905
10 Jun 2025 — CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists impacting PLC system variables that could cause an unvalidated data injected by authenticated malicious user leading to modify or read data in a victim’s browser. CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists impacting PLC system variables that could cause an unvalidated data injected by authenticated malicious user leading to m... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-161-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-161-02.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2875
https://notcve.org/view.php?id=CVE-2025-2875
14 May 2025 — CWE-610: Externally Controlled Reference to a Resource in Another Sphere vulnerability exists that could cause a loss of confidentiality when an unauthenticated attacker manipulates controller’s webserver URL to access resources. CWE-610: Existe una vulnerabilidad de referencia controlada externamente a un recurso en otra esfera que podría causar una pérdida de confidencialidad cuando un atacante no autenticado manipula la URL del servidor web del controlador para acceder a los recursos. CWE-610: Externally... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-133-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-133-01.pdf • CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-11737
https://notcve.org/view.php?id=CVE-2024-11737
11 Dec 2024 — CWE-20: Improper Input Validation vulnerability exists that could lead to a denial of service and a loss of confidentiality, integrity of the controller when an unauthenticated crafted Modbus packet is sent to the device. CWE-20: Improper Input Validation vulnerability exists that could lead to a denial of service and a loss of confidentiality, integrity of the controller when an unauthenticated crafted Modbus packet is sent to the device. • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-345-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-345-03.pdf • CWE-20: Improper Input Validation •
CVSS: 6.4EPSS: 0%CPEs: 3EXPL: 0CVE-2024-6528
https://notcve.org/view.php?id=CVE-2024-6528
11 Jul 2024 — CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause a vulnerability leading to a cross-site scripting condition where attackers can have a victim’s browser run arbitrary JavaScript when they visit a page containing the injected payload. CWE-79: Existe una vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web ("Cross-site Scripting") que podría causar una vulnerabilidad que conduzca a una c... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-191-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-191-04.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •