CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2875
https://notcve.org/view.php?id=CVE-2025-2875
14 May 2025 — CWE-610: Externally Controlled Reference to a Resource in Another Sphere vulnerability exists that could cause a loss of confidentiality when an unauthenticated attacker manipulates controller’s webserver URL to access resources. CWE-610: Existe una vulnerabilidad de referencia controlada externamente a un recurso en otra esfera que podría causar una pérdida de confidencialidad cuando un atacante no autenticado manipula la URL del servidor web del controlador para acceder a los recursos. CWE-610: Externally... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-133-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-133-01.pdf • CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2223
https://notcve.org/view.php?id=CVE-2025-2223
09 Apr 2025 — CWE-20: Improper Input Validation vulnerability exists that could cause a loss of Confidentiality, Integrity and Availability of engineering workstation when a malicious project file is loaded by a user from the local system. CWE-20: Improper Input Validation vulnerability exists that could cause a loss of Confidentiality, Integrity and Availability of engineering workstation when a malicious project file is loaded by a user from the local system. • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-098-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-098-01.pdf • CWE-20: Improper Input Validation •
CVSS: 6.9EPSS: 0%CPEs: 2EXPL: 0CVE-2025-0814
https://notcve.org/view.php?id=CVE-2025-0814
13 Feb 2025 — CWE-20: Improper Input Validation vulnerability exists that could cause Denial-of-Service of the network services running on the product when malicious IEC61850-MMS packets are sent to the device. The core functionality of the breaker remains intact during the attack. CWE-20: Improper Input Validation vulnerability exists that could cause Denial-of-Service of the network services running on the product when malicious IEC61850-MMS packets are sent to the device. The core functionality of the breaker remains ... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-042-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-042-04.pdf • CWE-20: Improper Input Validation •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2025-0815
https://notcve.org/view.php?id=CVE-2025-0815
13 Feb 2025 — CWE-20: Improper Input Validation vulnerability exists that could cause Denial-of-Service of the product when malicious ICMPV6 packets are sent to the device. CWE-20: Improper Input Validation vulnerability exists that could cause Denial-of-Service of the product when malicious ICMPV6 packets are sent to the device. • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-042-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-042-04.pdf • CWE-20: Improper Input Validation •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2025-0816
https://notcve.org/view.php?id=CVE-2025-0816
13 Feb 2025 — CWE-20: Improper Input Validation vulnerability exists that could cause Denial-of-Service of the product when malicious IPV6 packets are sent to the device. CWE-20: Improper Input Validation vulnerability exists that could cause Denial-of-Service of the product when malicious IPV6 packets are sent to the device. • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-042-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-042-04.pdf • CWE-20: Improper Input Validation •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0327
https://notcve.org/view.php?id=CVE-2025-0327
13 Feb 2025 — CWE-269: Improper Privilege Management vulnerability exists for two services (of which one managing audit trail data and the other acting as server managing client request) that could cause a loss of Confidentiality, Integrity and Availability of engineering workstation when an attacker with standard privilege modifies the executable path of the windows services. To be exploited, services need to be restarted. CWE-269: Improper Privilege Management vulnerability exists for two services (of which one managin... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-042-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-042-03.pdf • CWE-269: Improper Privilege Management •
CVSS: 8.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-1070
https://notcve.org/view.php?id=CVE-2025-1070
13 Feb 2025 — CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could render the device inoperable when a malicious file is downloaded. CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could render the device inoperable when a malicious file is downloaded. • https://download.schneider-electric.com/files?p_Doc_Ref=sevd-2025-042-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-042-01.pdf • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.7EPSS: 0%CPEs: 2EXPL: 0CVE-2025-1060
https://notcve.org/view.php?id=CVE-2025-1060
13 Feb 2025 — CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists that could result in the exposure of data when network traffic is being sniffed by an attacker. CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists that could result in the exposure of data when network traffic is being sniffed by an attacker. • https://download.schneider-electric.com/files?p_Doc_Ref=sevd-2025-042-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-042-01.pdf • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 8.7EPSS: 0%CPEs: 2EXPL: 0CVE-2025-1059
https://notcve.org/view.php?id=CVE-2025-1059
13 Feb 2025 — CWE-770: Allocation of Resources Without Limits or Throttling vulnerability exists that could cause communications to stop when malicious packets are sent to the webserver of the device. CWE-770: Allocation of Resources Without Limits or Throttling vulnerability exists that could cause communications to stop when malicious packets are sent to the webserver of the device. • https://download.schneider-electric.com/files?p_Doc_Ref=sevd-2025-042-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-042-01.pdf • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 8.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-1058
https://notcve.org/view.php?id=CVE-2025-1058
13 Feb 2025 — CWE-494: Download of Code Without Integrity Check vulnerability exists that could render the device inoperable when malicious firmware is downloaded. CWE-494: Download of Code Without Integrity Check vulnerability exists that could render the device inoperable when malicious firmware is downloaded. • https://download.schneider-electric.com/files?p_Doc_Ref=sevd-2025-042-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-042-01.pdf • CWE-494: Download of Code Without Integrity Check •