schneider electric
Latest CVEs
The 15 most recently published vulnerabilities affecting schneider electric.
- CVE-2026-9718CWE-617 Reachable Assertion vulnerability exists that could allow an authenticated attacker to trigger a denial-of-service condition, impacting system availability when a specially crafted request ...7.5
- CVE-2026-9717CWE-78 Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could allow unauthorized execution of commands with elevated privileges, impacting...7.5
- CVE-2026-9716CWE-476 NULL Pointer Dereference vulnerability exists that could cause a denial-of-service condition, rendering the device’s HMI and configuration functionality unavailable when malformed request...7.5
- CVE-2026-8045CWE-611 Improper Restriction of XML External Entity Reference vulnerability exists that could cause information disclosure of server-side file contents when an attacker with a Data Center Expert us...6.5
- CVE-2026-6332Clear Text Storage of Sensitive Information on EcoStruxure™ Machine Expert HVAC7.5
- CVE-2026-6866Initialization of a Resource with an Insecure Default vulnerability on EcoStruxure™ Panel Server7.5
- CVE-2026-6865Improper Limitation of a Pathname to a Restricted Directory Vulnerability on Multiple Products7.1
- CVE-2026-4827Insufficient Entropy vulnerability on Multiple Products8.3
- CVE-2026-2401CWE-532 Insertion of Sensitive Information into Log File vulnerability exists that could cause confidential information to be exposed when a Web Admin user executes a malicious file provided by an...5.0
- CVE-2026-2400CWE-93 Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability exists that could cause application user credentials to reset when a Web Admin user alters the POST /setPCBEDesc ...4.3
- CVE-2026-2403CWE-1284 Improper Validation of Specified Quantity in Input vulnerability exists that could cause Event and Data Log truncation impacting log integrity when a Web Admin user alters the POST /logset...4.3
- CVE-2026-2405CWE-400 Uncontrolled Resource Consumption vulnerability exists that could cause excessive troubleshooting zip file creation and denial of service when a Web Admin user floods the system with POST /...6.5
- CVE-2026-2402CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists that would allow an attacker to gain access to the user account by performing an arbitrary number of authentic...5.3
- CVE-2026-2404CWE-116 Improper Encoding or Escaping of Output vulnerability exists that could cause log injection and forged log when an attacker alters the POST /j_security check request payload.5.3
- CVE-2026-2399CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause critical files overwritten with text data when a Web Admin user alters th...6.1