Schneider Electric Security Vulnerabilities (CVEs)

Track 134 security vulnerabilities affecting Schneider Electric products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.

44 Critical

82 High

8 Medium

Sort by:

🔔 Get Alerts for Schneider Electric

CVE-2021-22726 8.1

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in Schneider Electric EVlink electric vehicle charging stations. An attacker can...

Jul 21, 2021

CVE-2021-22727 9.8

This vulnerability allows attackers to gain unauthorized access to Schneider Electric EVlink charging station web servers due to insufficient entropy ...

Jul 21, 2021

CVE-2021-22729 9.8

This vulnerability allows attackers to gain administrative access to Schneider Electric EVlink charging stations by exploiting hard-coded passwords in...

Jul 21, 2021

CVE-2021-22778 7.1

This vulnerability allows unauthorized users to read or modify protected function blocks in Schneider Electric industrial control software when access...

Jul 14, 2021

CVE-2021-22779 9.1

This vulnerability allows attackers to bypass authentication and gain unauthorized read/write access to industrial controllers by spoofing Modbus comm...

Jul 14, 2021

CVE-2021-22758 7.8

This vulnerability in Schneider Electric IGSS Definition software allows attackers to execute arbitrary code or cause data loss by importing a malicio...

Jun 11, 2021

CVE-2021-22760 7.8

This vulnerability in Schneider Electric's IGSS Definition software allows attackers to execute arbitrary code or cause data loss by importing a malic...

Jun 11, 2021

CVE-2021-22762 7.8

This vulnerability allows remote code execution through path traversal in Schneider Electric's IGSS Definition software. Attackers can exploit it by t...

Jun 11, 2021

CVE-2021-22763 9.8

This vulnerability allows attackers to bypass password recovery mechanisms in Schneider Electric PowerLogic devices, potentially gaining administrator...

Jun 11, 2021

CVE-2021-22765 9.8

This vulnerability allows attackers to send specially crafted HTTP packets to PowerLogic EGX100 and EGX300 devices, potentially causing denial of serv...

Jun 11, 2021

CVE-2021-22767 9.8

This vulnerability in Schneider Electric PowerLogic EGX devices allows attackers to send specially crafted HTTP packets that bypass input validation, ...

Jun 11, 2021

CVE-2021-22750 7.8

This vulnerability allows attackers to execute arbitrary code or cause data loss by exploiting an out-of-bounds write flaw in Schneider Electric's IGS...

Jun 11, 2021

CVE-2021-22752 7.8

This vulnerability allows attackers to execute arbitrary code or cause data loss by exploiting an out-of-bounds write flaw in Schneider Electric's IGS...

Jun 11, 2021

CVE-2021-22754 7.8

This vulnerability allows attackers to execute arbitrary code or cause data loss on systems running vulnerable versions of Schneider Electric's IGSS D...

Jun 11, 2021

CVE-2021-22756 7.8

This vulnerability allows attackers to read memory beyond intended boundaries in Schneider Electric's IGSS Definition software when importing maliciou...

Jun 11, 2021

CVE-2021-22735 7.2

This vulnerability allows remote attackers to execute arbitrary code on affected Schneider Electric homeLYnk and spaceLYnk devices by bypassing crypto...

May 26, 2021

CVE-2021-22737 9.8

This vulnerability in Schneider Electric homeLYnk and spaceLYnk systems allows attackers to discover credentials through brute force attacks, leading ...

May 26, 2021

CVE-2021-22738 9.8

This vulnerability in Schneider Electric homeLYnk and spaceLYnk systems allows attackers to brute-force credentials due to weak cryptographic algorith...

May 26, 2021

CVE-2021-22699 7.5

An improper input validation vulnerability in Schneider Electric Modicon M241/M251 logic controllers allows attackers to cause denial of service via s...

May 26, 2021

CVE-2021-22731 9.8

This vulnerability allows remote attackers to change passwords on Modicon Managed Switches without authentication when basic user information is known...

May 26, 2021

CVE-2021-22733 7.8

This vulnerability allows attackers to gain unauthorized shell access on Schneider Electric homeLYnk (Wiser For KNX) and spaceLYnk systems by loading ...

May 26, 2021

CVE-2021-22717 8.8

This path traversal vulnerability in Schneider Electric C-Bus Toolkit allows attackers to execute arbitrary code remotely by manipulating config file ...

Apr 13, 2021

CVE-2021-22719 8.8

This path traversal vulnerability in Schneider Electric's C-Bus Toolkit allows attackers to upload malicious files to arbitrary locations on the syste...

Apr 13, 2021

CVE-2021-22709 7.8

This vulnerability in Schneider Electric's IGSC SCADA system allows attackers to execute arbitrary code or cause data loss by importing a malicious co...

Mar 11, 2021

CVE-2021-22711 7.8

This vulnerability in Schneider Electric's IGSC SCADA system allows attackers to execute arbitrary read or write operations by importing a malicious c...

Mar 11, 2021

CVE-2021-22713 7.5

This vulnerability is a memory buffer overflow in Schneider Electric PowerLogic ION series power meters that could allow an attacker to cause denial o...

Mar 11, 2021

CVE-2021-22714 9.8

This vulnerability is a memory buffer overflow in Schneider Electric PowerLogic meters that could allow attackers to cause denial of service (reboots)...

Mar 11, 2021

CVE-2021-22702 7.5

This vulnerability allows attackers to intercept Telnet communications between users and affected Schneider Electric PowerLogic/ION power monitoring d...

Feb 19, 2021

CVE-2020-28221 9.8

This vulnerability allows remote attackers to execute arbitrary code on affected HMI devices by exploiting improper input validation in the Ethernet D...

Jan 26, 2021

CVE-2020-7540 9.8

This vulnerability allows unauthenticated attackers to execute arbitrary commands on Schneider Electric Modicon PLCs via specially crafted HTTP reques...

Dec 11, 2020

CVE-2020-28215 9.8

CVE-2020-28215 is a missing authorization vulnerability in Schneider Electric's Easergy T300 firmware that allows attackers to bypass access controls....

Dec 11, 2020

CVE-2020-7548 9.8

This vulnerability allows unauthorized users to bypass authentication and gain access to Schneider Electric Smartlink, PowerTag, and Wiser Series Gate...

Dec 1, 2020

CVE-2020-7561 9.8

CVE-2020-7561 is a critical authentication bypass vulnerability in Schneider Electric's Easergy T300 firmware that allows unauthenticated attackers to...

Nov 19, 2020

CVE-2020-28212 9.8

This vulnerability allows attackers to perform brute force attacks against the PLC Simulator in EcoStruxure Control Expert (Unity Pro) via Modbus prot...

Nov 19, 2020

← Previous Page 3 of 3

Why Monitor Schneider Electric Security Vulnerabilities?

Real-time CVE tracking: Our automated system monitors 134+ known vulnerabilities affecting Schneider Electric products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.

Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Schneider Electric packages in under 60 seconds. No agents required - completely agentless scanning that works across Schneider Electric deployments.

Free vulnerability database: Access detailed information about every Schneider Electric CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.

🚀 Get Started in 60 Seconds

Register free account & add your servers
Run one-time scan or schedule automatic monitoring (every 1-24 hours)
Receive instant alerts when new Schneider Electric CVEs affect your systems
Access dashboard with severity breakdown & fix instructions

Start Monitoring Schneider Electric CVEs Free