Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Schneider ELectric — Vulnerabilities & Security Advisories 287

Browse all 287 CVE security advisories affecting Schneider ELectric. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Schneider Electric operates as a global specialist in energy management and industrial automation, providing critical infrastructure solutions for data centers, buildings, and manufacturing facilities. Its extensive product portfolio, including programmable logic controllers and supervisory control and data acquisition systems, has historically been associated with a significant volume of vulnerabilities, currently totaling 287 Common Vulnerabilities and Exposures. These security flaws frequently involve remote code execution, cross-site scripting, and privilege escalation, often stemming from legacy protocols or default configurations in industrial control interfaces. While the company has implemented various security patches and guidelines, the sheer scale of its connected ecosystem presents persistent attack surfaces. Notable incidents have highlighted risks in unpatched firmware and weak authentication mechanisms within its EcoStruxure platform, underscoring the critical need for rigorous network segmentation and continuous monitoring to mitigate potential disruptions to essential operational technology environments.

Top products by Schneider ELectric: StruxureWare Data Center Expert PowerChute™ Serial Shutdown IGSS Data Server (IGSSdataServer.exe) IGSS Data Server(IGSSdataServer.exe) EcoStruxure Control Expert Modicon M340 CPU (part numbers BMXP34*) OPC UA Modicon Communication Module Modicon Controllers M241/M251 Sage 1410 EcoStruxure Operator Terminal Expert EcoStruxure™ IT Data Center Expert Data Center Expert EcoStruxure™ Power Monitoring Expert (PME) Wiser Smart Wonderware Information Server Portal ClearSCADA ASCO 5310 Single-Channel Remote Annunciator APC Easy UPS Online Monitoring Software EVLink WallBox EcoStruxure Power Commission Easergy P5 StruxureWare Data Center Expert EcoStruxure Foxboro DCS Core Control Services Enerlin’X IFE interface (LV434001) Trio Q Licensed Data Radio Conext™ ComBox C-Bus Toolkit Easergy Studio NetBotz 4 - 355/450/455/550/570 APC Easy UPS Online Monitoring Software (Windows 10, 11 Windows Server 2016, 2019, 2022)
CVE IDTitleCVSSSeverityPublished
CVE-2014-9198 Schneider Electric ETG3000 FactoryCast HMI Gateway Use of Hard-coded Credentials — ETG3000 FactoryCast HMI GatewayCWE-798 9.8 -2015-01-27
CVE-2014-9190 Schneider Electric Wonderware InTouch Access Anywhere Server Buffer Overflow — InTouch Access Anywhere ServerCWE-121 9.8 -2015-01-10
CVE-2014-9188 Schneider Electric ProClima Command Injection — ProClimaCWE-77 9.8 -2014-12-27
CVE-2014-0754 Schneider Electric — Ethernet modules for M340, Quantum and Premium PLC ranges 8.1 -2014-10-03
CVE-2014-5411 Schneider Electric SCADA Expert ClearSCADA Cross-site Scripting — ClearSCADACWE-79 5.4 -2014-09-18
CVE-2014-5412 Schneider Electric SCADA Expert ClearSCADA Improper Authentication — ClearSCADACWE-287 6.5 -2014-09-18
CVE-2014-5413 Schneider Electric SCADA Expert ClearSCADA Cryptographic Issues — ClearSCADACWE-310 8.6 -2014-09-18
CVE-2014-5407 Schneider Electric VAMPSET Stack-based Buffer Overflow — VAMPSETCWE-121 5.5 -2014-09-15
CVE-2014-2380 Schneider Electric Wonderware Inadequate Encryption Strength — Wonderware Information Server PortalCWE-326 7.5 -2014-08-28
CVE-2014-2381 Schneider Electric Wonderware Inadequate Encryption Strength — Wonderware Information Server PortalCWE-326 6.2 -2014-08-28
CVE-2014-5397 Schneider Electric Wonderware Cross-site Scripting — Wonderware Information Server PortalCWE-79 6.1 -2014-08-28
CVE-2014-5398 Schneider Electric Wonderware Input Validation — Wonderware Information Server PortalCWE-20 9.1 -2014-08-28
CVE-2014-5399 Schneider Electric Wonderware SQL Injection — Wonderware Information Server PortalCWE-89 9.8 -2014-08-28
CVE-2014-0789 Schneider Electric OPC Factory Server Buffer Overflow — OPC Factory Server (OFS)CWE-122 7.5 -2014-04-04
CVE-2014-0779 Schneider Electric StruxureWare SCADA Expert ClearSCADA Improper Restriction of Operations within the Bounds of a Memory Buffer — ClearSCADACWE-119 7.8 -2014-03-14
CVE-2014-0759 Schneider Electric Floating License Manager Unquoted Search Path or Element — Floating License ManagerCWE-428 7.8 -2014-02-28
CVE-2014-0774 Schneider Electric OFS Stack Buffer Overflow — TLXCDSUOFS33CWE-121 7.8 -2014-02-28

This page lists every published CVE security advisory associated with Schneider ELectric. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.