Home›Brands›Schneider Electric

Platform

Schneider Electric

Global energy management and automation leader. Products include Modicon M340/M580 PLCs, Altivar drives, Harmony HMI, and EcoStruxure platform.

https://www.se.com/ww/en/work/products/industrial-automation-and-control/ →

216

Total CVEs

Resources

CVEsCVEs SpecsTech Specs DocsTech Docs ImplImplementations ExamplesExamples

Schneider Electric CVEs | AID

8 / 216

CVE-2017-9635LOW

Schneider Electric Ampla MES 6.4 provides capability to configure users and their privileges. When Ampla MES users are configured to use Simple Security, a weakness in the password hashing algorithm could be exploited to reverse the user's password. Schneider Electric recommends that users of Ampla MES versions 6.4 and prior should upgrade to Ampla MES version 6.5 as soon as possible.

May 18, 2018

3.9

CVE-2021-22799LOW

A CWE-331: Insufficient Entropy vulnerability exists that could cause unintended connection from an internal network to an external network when an attacker manages to decrypt the SESU proxy password from the registry. Affected Product: Schneider Electric Software Update, V2.3.0 through V2.5.1

Jan 28, 2022

3.8

CVE-2015-0998LOW

Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 transmit cleartext credentials, which allows remote attackers to obtain sensitive information by sniffing the network.

Mar 29, 2015

3.3

CVE-2015-0999LOW

Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 store cleartext OPC User credentials in a configuration file, which allows local users to obtain sensitive information by reading this file.

Mar 29, 2015

2.1

CVE-2015-0996LOW

Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 rely on a hardcoded cleartext password to control read access to Project files and Project Configuration files, which makes it easier for local users to obtain sensitive information by discovering this password.

Mar 29, 2015

2.1

CVE-2014-5398LOW

Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 allows remote attackers to read arbitrary files or cause a denial of service via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Aug 28, 2014

2.1

CVE-2014-2381LOW

Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 uses weak encryption, which allows local users to obtain sensitive information by reading a credential file.

Aug 28, 2014

2.1

CVE-2015-1009LOW

Schneider Electric InduSoft Web Studio before 7.1.3.5 Patch 5 and Wonderware InTouch Machine Edition through 7.1 SP3 Patch 4 use cleartext for project-window password storage, which allows local users to obtain sensitive information by reading a file.

Aug 1, 2015

1.7

CVE ID ⇅	Severity ↓	CVSS ⇅	Description	Published ⇅
CVE-2017-9635	LOW	3.9	Schneider Electric Ampla MES 6.4 provides capability to configure users and their privileges. When A…	May 18, 2018	›
CVE-2021-22799	LOW	3.8	A CWE-331: Insufficient Entropy vulnerability exists that could cause unintended connection from an …	Jan 28, 2022	›
CVE-2015-0998	LOW	3.3	Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 b…	Mar 29, 2015	›
CVE-2015-0999	LOW	2.1	Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 b…	Mar 29, 2015	›
CVE-2015-0996	LOW	2.1	Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 b…	Mar 29, 2015	›
CVE-2014-5398	LOW	2.1	Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 allows remote atta…	Aug 28, 2014	›
CVE-2014-2381	LOW	2.1	Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 uses weak encrypti…	Aug 28, 2014	›
CVE-2015-1009	LOW	1.7	Schneider Electric InduSoft Web Studio before 7.1.3.5 Patch 5 and Wonderware InTouch Machine Edition…	Aug 1, 2015	›

8 / 216

CVE-2017-9635LOW

May 18, 2018

3.9

CVE-2021-22799LOW

Jan 28, 2022

3.8

CVE-2015-0998LOW

Mar 29, 2015

3.3

CVE-2015-0999LOW

Mar 29, 2015

2.1

CVE-2015-0996LOW

Mar 29, 2015

2.1

CVE-2014-5398LOW

Aug 28, 2014

2.1

CVE-2014-2381LOW

Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 uses weak encryption, which allows local users to obtain sensitive information by reading a credential file.

Aug 28, 2014

2.1

CVE-2015-1009LOW

Aug 1, 2015

1.7

CVE ID ⇅	Severity ↓	CVSS ⇅	Description	Published ⇅
CVE-2017-9635	LOW	3.9	Schneider Electric Ampla MES 6.4 provides capability to configure users and their privileges. When A…	May 18, 2018	›
CVE-2021-22799	LOW	3.8	A CWE-331: Insufficient Entropy vulnerability exists that could cause unintended connection from an …	Jan 28, 2022	›
CVE-2015-0998	LOW	3.3	Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 b…	Mar 29, 2015	›
CVE-2015-0999	LOW	2.1	Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 b…	Mar 29, 2015	›
CVE-2015-0996	LOW	2.1	Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 b…	Mar 29, 2015	›
CVE-2014-5398	LOW	2.1	Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 allows remote atta…	Aug 28, 2014	›
CVE-2014-2381	LOW	2.1	Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 uses weak encrypti…	Aug 28, 2014	›
CVE-2015-1009	LOW	1.7	Schneider Electric InduSoft Web Studio before 7.1.3.5 Patch 5 and Wonderware InTouch Machine Edition…	Aug 1, 2015	›