Schneider Electric Security Vulnerabilities (CVEs)
Track 134 security vulnerabilities affecting Schneider Electric products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
A double free vulnerability in Rapsody software allows attackers to cause heap memory corruption by tricking users into importing malicious SSD projec...
Jan 15, 2026A missing authorization vulnerability (CWE-862) in Schneider Electric products allows unauthorized access when devices are network-enabled. This could...
Nov 13, 2024A Use After Free vulnerability in Zelio Soft 2 allows arbitrary code execution when a malicious project file is opened. This affects users of Schneide...
Oct 8, 2024This CVE describes an improper privilege management vulnerability in Schneider Electric software that allows authenticated non-admin users to escalate...
Sep 11, 2024CVE-2024-6407 is a critical information disclosure vulnerability in Schneider Electric devices that allows attackers to extract credentials by sending...
Jul 11, 2024This CVE describes a cross-site scripting (XSS) vulnerability in Schneider Electric products where attackers can inject malicious JavaScript into web ...
Jul 11, 2024This CVE describes a path traversal vulnerability (CWE-22) in Schneider Electric software that allows authenticated users to execute malicious code by...
Jul 11, 2024A local privilege escalation vulnerability in the Foxboro.sys driver allows authenticated attackers to cause denial-of-service through improper array ...
Jul 11, 2024This vulnerability involves the use of a broken cryptographic algorithm in Schneider Electric devices, allowing attackers to cause denial of service, ...
Jun 12, 2024CVE-2024-2747 is an unquoted search path vulnerability in Schneider Electric's Easergy Studio software that allows local authenticated users to escala...
Jun 12, 2024This vulnerability involves hard-coded credentials in Schneider Electric software that allow local privilege escalation. Non-administrative users can ...
Jun 12, 2024This CVE describes an out-of-bounds read vulnerability in Schneider Electric devices that allows attackers to cause denial of service of the web inter...
Jun 12, 2024This vulnerability allows authenticated users with web interface access to perform unauthorized file and firmware uploads by crafting custom web reque...
Jun 12, 2024This CVE describes a classic buffer overflow vulnerability in Schneider Electric devices that allows authenticated users to crash the device by sendin...
Jun 12, 2024This vulnerability exposes SNMP credentials in log files due to sensitive information being written to logs. Attackers who gain access to controller l...
Jun 12, 2024CVE-2024-37036 is an out-of-bounds write vulnerability in Schneider Electric products that allows authentication bypass when attackers send malformed ...
Jun 12, 2024This vulnerability exposes an SSH interface on Schneider Electric products' network interfaces, allowing attackers to discover and potentially target ...
Jun 12, 2024This CVE describes a CWE-552 vulnerability where specific files or directories are accessible to external parties in Schneider Electric devices. If ex...
Jun 12, 2024This vulnerability allows attackers to intercept and manipulate communications between Schneider Electric controllers due to improper message integrit...
Feb 14, 2024This vulnerability allows a local attacker with access to the engineering workstation to tamper with memory and gain unauthorized access to project fi...
Feb 14, 2024This vulnerability allows an attacker with a low-privilege user account to escalate privileges by sending a malicious serialized object. It affects Sc...
Jan 9, 2024This CVE describes an open redirect vulnerability (CWE-601) in Schneider Electric products that allows attackers to redirect users to malicious websit...
Dec 14, 2023This vulnerability allows attackers to redirect users to malicious websites after successful login by manipulating URL parameters. It affects Schneide...
Nov 15, 2023This vulnerability allows remote code execution through deserialization of untrusted data in Schneider Electric products. Attackers can send specially...
Oct 4, 2023This vulnerability allows remote attackers to execute arbitrary code on affected Schneider Electric systems by exploiting improper privilege managemen...
Oct 4, 2023A local attacker can change the update source in IGSS Update Service without authentication, potentially leading to remote code execution by forcing u...
Sep 14, 2023This vulnerability allows local users to escalate privileges by exploiting a buffer overflow in a local function call. Attackers can send specially cr...
Jul 12, 2023This SQL injection vulnerability in Schneider Electric's DCE (Data Center Expert) allows authenticated attackers to manipulate endpoint alert settings...
Jul 12, 2023This vulnerability in the Foxboro.sys driver allows local attackers to cause denial-of-service or potentially execute kernel code by sending specially...
Jun 14, 2023This CVE describes a deserialization vulnerability in the Dashboard module that allows remote code execution when a user opens a malicious file. Attac...
Jun 14, 2023This CVE-2023-1049 vulnerability allows code injection when a user opens a malicious project file in Schneider Electric's HMI software. Attackers can ...
Jun 14, 2023CVE-2022-46680 is a cleartext transmission vulnerability in Schneider Electric products that allows attackers to intercept unencrypted network traffic...
May 22, 2023This vulnerability allows attackers to cause denial of service on Schneider Electric controllers by sending specially crafted Modbus TCP packets that ...
Apr 19, 2023This CVE describes an improper input validation vulnerability in Schneider Electric products that allows authenticated attackers to execute malicious ...
Apr 18, 2023This vulnerability allows attackers to send specially crafted Ethernet requests to improperly validated array indexes, potentially causing denial of s...
Apr 18, 2023This vulnerability allows unauthenticated attackers to change administrative credentials via the Java RMI interface, potentially leading to remote cod...
Apr 18, 2023This vulnerability allows unauthenticated attackers to cause Denial-of-Service on Schneider UPS Monitor service by exploiting missing authentication f...
Apr 18, 2023This vulnerability allows low-privileged users to upload and install packages, potentially leading to remote code execution on affected StruxureWare D...
Apr 18, 2023This vulnerability allows remote code execution through code injection in the DCE network settings endpoint of StruxureWare Data Center Expert. Attack...
Apr 18, 2023This vulnerability in StruxureWare Data Center Expert allows attackers to bypass authorization controls and perform unauthorized actions like viewing,...
Apr 18, 2023This CVE describes a local OS command injection vulnerability in StruxureWare Data Center Expert that allows authenticated local users to execute arbi...
Apr 18, 2023This cross-site scripting (XSS) vulnerability in NetBotz 4 environmental monitoring devices allows attackers to inject malicious scripts into web page...
Apr 18, 2023This vulnerability in EcoStruxure Control Expert allows remote code execution when authenticated users click malicious links. Attackers can exploit we...
Apr 18, 2023This vulnerability allows remote code execution through path traversal in Schneider Electric's IGSS software. An attacker can craft a malicious report...
Mar 21, 2023This vulnerability allows unauthenticated attackers to create malicious report files in IGSS project directories via the Data Server TCP interface. Wh...
Mar 21, 2023This vulnerability allows local attackers to escalate privileges by modifying the webroot directory due to incorrect permissions. It affects APC and S...
Feb 1, 2023This CVE-2022-4062 vulnerability allows attackers with access to the localhost interface of EcoStruxure Power Commission to bypass authorization contr...
Feb 1, 2023This vulnerability allows remote attackers to execute arbitrary code on affected IGSS Data Server systems by sending specially crafted messages that t...
Feb 1, 2023CVE-2022-42970 is a critical authentication bypass vulnerability in APC/Schneider Electric Easy UPS Online Monitoring Software that allows unauthentic...
Feb 1, 2023This CVE describes an OS command injection vulnerability in Schneider Electric's SpaceLogic C-Bus Home Controller (formerly C-Bus Wiser Homer Controll...
Jul 13, 2022Why Monitor Schneider Electric Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 134+ known vulnerabilities affecting Schneider Electric products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Schneider Electric packages in under 60 seconds. No agents required - completely agentless scanning that works across Schneider Electric deployments.
Free vulnerability database: Access detailed information about every Schneider Electric CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Schneider Electric CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
