Filter
29 September 2022
The secrets of Schneider Electric’s UMAS protocolThe UMAS protocol, in its implementation prior to the version in which the CVE-2021-22779 vulnerability was fixed, had significant shortcomings that had a critical effect on the security of control systems based on Schneider Electric controllers.
Filter
28 January 2021
Cryptographic deadly sins and the security of Modicon M100/M200/M221Weak implementation of cryptographic data protection allows various types of attacks and enables attackers to identify the key in captured traffic
27 January 2021
From buffer overflow to switchboard setup errors: vulnerabilities in building operation software by Schneider ElectricVulnerabilities in Schneider Electric’s low-voltage distribution system configuration software could enable attackers to upload arbitrary files defining electrical system parameters
Filter
26 January 2021
Twentieth for Ripple20: Vulnerability in embedded web server of I/O expansion modules for IoTSсhneider Electric has published an advisory on a critical vulnerability in the web server used in TM3 I/O expansion modules
26 January 2021
Critical vulnerability in Schneider Electric HMI configuration softwareThe vulnerability could cause a Windows local user privilege escalation when using EcoStruxure™ Operator Terminal Expert and Pro-face BLUE software and WinGP runtime environment by Schneider Electric.
19 December 2019
Multiple vulnerabilities in Modicon controllersIf exploited, the vulnerabilities could result in denial of service. They can be fixed by updating device firmware
16 July 2019
Dangerous vulnerability in the IGSS systemThe vulnerability could allow an attacker to force the software to crash or to execute arbitrary code
16 July 2019
Multiple vulnerabilities in Schneider Electric Floating License ManagerIn addition to Schneider Electric, security issues affect products from AVEVA Vijeo Citect and Citect SCADA
09 July 2019
New vulnerability in Schneider Electric Modicon PLCsThe vulnerability is due to an improper check for unusual or exceptional conditions and could lead to denial of service
15 January 2019
Vulnerabilities in Schneider Electric industrial solutionsCritical and severe vulnerabilities have been identified in GP-Pro EX programming environment, Zelio Soft software and IIoT Monitor platform
23 November 2018
Critical vulnerability in Modicon M221 PLCA critical vulnerability in Modicon M221 PLC could allow attackers to intercept traffic by remotely changing IPv4 parameters
08 November 2018
Schneider Electric has fixed a vulnerability in SESU softwareThe vulnerability affects the Schneider Electric Software Update (SESU) tool, which is used to notify users when updated Schneider Electric software is available
12 September 2018
Schneider Electric products shipped with infected USB mediaUSB media infected with malware were shipped with Conext ComBox and Conext Battery Monitor products