Schneider Electric Security Vulnerabilities (CVEs)
Track 133 security vulnerabilities affecting Schneider Electric products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
This CVE describes a buffer overflow vulnerability in the HTTPS stack of Schneider Electric's Easergy P5 devices, allowing remote attackers to execute...
Jul 13, 2022This CVE describes an out-of-bounds write vulnerability in Schneider Electric's X80 advanced RTU and OPC UA Modicon communication modules. Improper pa...
Jul 13, 2022A NULL pointer dereference vulnerability in Schneider Electric's X80 advanced RTU and OPC UA Modicon communication modules allows attackers to cause d...
Jul 13, 2022CVE-2022-30234 is a critical vulnerability in Schneider Electric Wiser Smart energy management systems where hard-coded credentials allow attackers to...
Jun 2, 2022This vulnerability allows attackers to perform cross-domain attacks that could lead to unauthorized access to Wiser Smart energy management systems. I...
Jun 2, 2022CVE-2022-30238 is an authentication bypass vulnerability in Schneider Electric Wiser Smart energy management systems that allows attackers to hijack a...
Jun 2, 2022CVE-2022-26507 is a critical heap-based buffer overflow vulnerability in AT&T Labs Xmill 0.7's XML decompression function. It allows remote attackers ...
Apr 14, 2022This path traversal vulnerability in StruxureWare Data Center Expert allows attackers to access files outside the intended directory, potentially lead...
Apr 13, 2022This path traversal vulnerability in Schneider Electric's industrial control software allows attackers to deploy malicious scripts to unauthorized loc...
Apr 13, 2022This vulnerability allows attackers to bypass OPC security enforcement on Schneider Electric ConneXium Tofino and Belden Tofino Xenon industrial secur...
Apr 3, 2022This vulnerability allows attackers to gain SSH access to Schneider Electric ConneXium Tofino Firewall and Belden Tofino Xenon Security Appliance devi...
Apr 3, 2022CVE-2020-25176 is a directory traversal vulnerability in Rockwell Automation ISaGRAF Runtime that allows remote, unauthenticated attackers to access a...
Mar 18, 2022Rockwell Automation ISaGRAF Runtime versions 4.x and 5.x store passwords in plaintext files in the same directory as the executable. This allows local...
Mar 18, 2022This vulnerability allows session hijacking through information exposure when the Ritto Wiser Door panel communicates with the door. Attackers could i...
Mar 9, 2022This CVE-2022-0715 is an improper authentication vulnerability in APC Smart-UPS and SmartConnect UPS devices, allowing attackers to upload malicious f...
Mar 9, 2022This CVE describes a critical buffer overflow vulnerability in Schneider Electric SmartConnect UPS devices that allows remote code execution when proc...
Mar 9, 2022This vulnerability allows remote attackers to cause denial of service on Schneider Electric Modicon industrial control devices by sending specially cr...
Feb 11, 2022CVE-2021-22796 is an authentication bypass vulnerability in Schneider Electric's C-Bus Toolkit and C-Gate Server that allows attackers to upload malic...
Feb 11, 2022CVE-2021-22800 is an input validation vulnerability in Schneider Electric Modicon M218 Logic Controllers that allows remote attackers to cause denial ...
Feb 11, 2022CVE-2021-22801 is a critical privilege management vulnerability in Schneider Electric's ConneXium Network Manager software that allows authenticated a...
Feb 11, 2022This vulnerability allows attackers to upload malicious files to Schneider Electric's Interactive Graphical SCADA System Data Collector (dc.exe), pote...
Feb 11, 2022This vulnerability in Schneider Electric's Interactive Graphical SCADA System Data Collector allows unauthenticated attackers to delete arbitrary file...
Feb 11, 2022CVE-2021-22823 is an authentication bypass vulnerability in Schneider Electric's Interactive Graphical SCADA System Data Collector (dc.exe) that allow...
Feb 11, 2022This path traversal vulnerability in Schneider Electric's C-Bus Toolkit and C-Gate Server allows attackers to write files outside intended directories...
Feb 11, 2022CVE-2022-24318 is an encryption weakness vulnerability in Schneider Electric's SCADA systems that allows non-encrypted communication between outdated ...
Feb 9, 2022A vulnerability in Geo SCADA servers allows denial of service attacks when processing malformed HTTP requests. This affects ClearSCADA and EcoStruxure...
Feb 9, 2022This clickjacking vulnerability allows attackers to trick users into performing unintended actions on the EcoStruxure EV Charging Expert web interface...
Feb 9, 2022This vulnerability allows attackers to perform unlimited authentication attempts against admin interfaces of Schneider Electric smart home controllers...
Feb 9, 2022CVE-2022-22813 is a critical vulnerability in Schneider Electric products where hard-coded TLS cryptographic keys allow attackers to decrypt and manip...
Feb 9, 2022This vulnerability allows attackers to trigger an integer overflow leading to heap-based buffer overflow in Schneider Electric's Interactive Graphical...
Feb 9, 2022This vulnerability allows attackers to write arbitrary files to the Schneider Electric Interactive Graphical SCADA System Data Server through path tra...
Feb 9, 2022CVE-2022-24314 is an out-of-bounds read vulnerability in Schneider Electric's Interactive Graphical SCADA System Data Server that could cause memory l...
Feb 9, 2022This vulnerability in Schneider Electric's Interactive Graphical SCADA System Data Server allows attackers to expose sensitive information by sending ...
Feb 9, 2022This vulnerability allows local attackers to escalate privileges by exploiting incorrect default permissions on the base installation directory. It af...
Feb 9, 2022CVE-2022-22722 is a hard-coded SSH cryptographic key vulnerability in Schneider Electric Easergy P5 protection relays. Attackers who obtain the key an...
Feb 4, 2022This vulnerability allows attackers to cause denial of service on Schneider Electric Modicon M340 PLCs by flooding open TCP ports with RST or FIN pack...
Feb 4, 2022This vulnerability in EcoStruxure Power Monitoring Expert allows unauthenticated attackers to exploit improper input validation. Attackers can view da...
Feb 4, 2022This CSRF vulnerability in Schneider Electric Modicon PLCs allows attackers to trick authenticated users into performing unauthorized actions or leaki...
Feb 4, 2022This vulnerability allows remote attackers to cause a Denial of Service (DoS) on Schneider Electric SCADAPack RTUs by sending specially crafted Modbus...
Jan 28, 2022This vulnerability allows attackers to maintain unauthorized access to EV charger web servers even after legitimate users change their passwords. Atta...
Jan 28, 2022This vulnerability allows attackers to gain elevated system privileges by tricking a privileged user into clicking a malicious URL that compromises se...
Jan 28, 2022This vulnerability allows remote code execution through improper input validation in Schneider Electric's EcoStruxure Power Monitoring Expert software...
Jan 28, 2022This CSRF vulnerability in Schneider Electric EVlink charging stations allows attackers to perform unauthorized actions by tricking authenticated user...
Jan 28, 2022This vulnerability allows arbitrary code execution when a malicious *.gd1 configuration file is loaded into the Eurotherm GUIcon tool. Attackers could...
Jan 28, 2022This vulnerability allows attackers to exploit a path traversal flaw in Schneider Electric's Harmony HMI products when accessed via FTP. Attackers cou...
Sep 2, 2021A NULL pointer dereference vulnerability in Schneider Electric Modicon PLC controllers and simulators allows denial of service attacks when processing...
Sep 2, 2021This vulnerability allows attackers to execute arbitrary commands on Schneider Electric Easergy T300 devices by exploiting improper CSV formula elemen...
Jul 21, 2021This vulnerability allows attackers to bypass authentication on Schneider Electric Easergy T200 devices, enabling unauthorized control of critical pow...
Jul 21, 2021This vulnerability allows attackers to recover user account credentials from Schneider Electric EVlink charging stations through dictionary attacks. T...
Jul 21, 2021This vulnerability involves hard-coded administrative credentials in Schneider Electric EVlink charging stations, allowing attackers to issue unauthor...
Jul 21, 2021Why Monitor Schneider Electric Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 133+ known vulnerabilities affecting Schneider Electric products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Schneider Electric packages in under 60 seconds. No agents required - completely agentless scanning that works across Schneider Electric deployments.
Free vulnerability database: Access detailed information about every Schneider Electric CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Schneider Electric CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
