Schneider Electric Vulnerabilities

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Type

SCADA Software	538
Not Defined	61
Automation Software	35
Log Management Software	3
Hardware Driver Software	1

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product

Schneider Electric Modicon M340	59
Schneider Electric Modicon Quantum	45
Schneider Electric Modicon Premium	41
Schneider Electric Modicon M580	41
Schneider Electric U.motion Builder	26

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation

Official Fix	307
Temporary Fix	0
Workaround	17
Unavailable	3
Not Defined	311

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability

High	2
Functional	0
Proof-of-Concept	11
Unproven	2
Not Defined	623

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

Access Vector

Not Defined	0
Physical	7
Local	71
Adjacent	101
Network	459

The approach a vulnerability it becomes important to use the expected access vector. This is typically via the network, local, or physically even.

Authentication

Not Defined	0
High	25
Low	225
None	388

To exploit a vulnerability a certail level of authentication might be required. Vulnerabilities without such a requirement are much more popular.

User Interaction

Not Defined	0
Required	121
None	517

Some attack scenarios require some user interaction by a victim. This is typical for phishing, social engineering and cross site scripting attacks.

C3BM Index

Our unique C3BM Index (CVSSv3 Base Meta Index) cumulates the CVSSv3 Meta Base Scores of all entries over time. Comparing this index to the amount of disclosed vulnerabilities helps to pinpoint the most important events.

CVSSv3 Base

≤1	0
≤2	0
≤3	6
≤4	52
≤5	58
≤6	114
≤7	182
≤8	121
≤9	72
≤10	33

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤1	0
≤2	0
≤3	11
≤4	47
≤5	61
≤6	146
≤7	172
≤8	100
≤9	68
≤10	33

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤1	0
≤2	0
≤3	17
≤4	79
≤5	80
≤6	162
≤7	109
≤8	138
≤9	21
≤10	32

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤1	0
≤2	0
≤3	0
≤4	2
≤5	12
≤6	32
≤7	33
≤8	137
≤9	46
≤10	76

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤1	0
≤2	0
≤3	0
≤4	1
≤5	3
≤6	15
≤7	23
≤8	34
≤9	20
≤10	18

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤1	0
≤2	0
≤3	0
≤4	0
≤5	0
≤6	0
≤7	0
≤8	0
≤9	0
≤10	0

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤1	0
≤2	0
≤3	0
≤4	0
≤5	0
≤6	0
≤7	0
≤8	0
≤9	0
≤10	0

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

Exploit 0-day

<1k	145
<2k	263
<5k	229
<10k	0
<25k	1
<50k	0
<100k	0
≥100k	0

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today

<1k	605
<2k	29
<5k	4
<10k	0
<25k	0
<50k	0
<100k	0
≥100k	0

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

Exploit Market Volume

Our unique calculation of exploit prices makes it possible to forecast the expected exploit market volume. The calculated prices for all possible 0-day expoits are cumulated for this task. Comparing the volume to the amount of disclosed vulnerabilities helps to pinpoint the most important events.

🔴 CTI Activities

Our unique Cyber Threat Intelligence aims to determine the ongoing research of actors to anticipiate their acitivities. Observing exploit markets on the Darknet, discussions of vulnerabilities on mailinglists, and exchanges on social media makes it possible to identify planned attacks. Monitored actors and activities are classified whether they are offensive or defensive. They are also weighted as some actors are well-known for certain products and technologies. And some of their disclosures might contain more or less details about technical aspects and personal context. The world map highlights active actors in real-time.

Affected Products (313): 140CRA312xxx (1), 66074 MGE Network Management Card (4), AP7xxxx (1), AP8xxx (1), APC Easy UPS Online (7), APDU9xxx (1), ATV IMC Drive Controller (1), AccuSine PCS+ (1), AccuSine PCSn (1), AccuSine PFV+ (1), Accutech Manager (2), Acti9 PowerTag Link C (1), Ampla MES (2), Andover Continuum (4), BMX-NOR-0200H (1), BMXNOR0200 (6), BMXNOR0200H Ethernet-Serial RTU Module (1), BMXNOR0200H Ethernet Serial RTU Module (2), BMxCRA312xx (1), C-Bus Network Automation Controller (2), C-Bus Toolkit (8), C-Gate Server (1), CanBRASS (1), CitectSCADA (4), Citectscada Reports (4), ClearSCADA (9), Clipsal C-Bus Network Automation Controller (2), Clipsal Wiser for C-Bus Automation Controller (2), Conext ComBox (4), Conext ComBox 865-1058 (1), Conext Gateway (1), ConneXium (1), ConneXium Network Manager (1), ConneXium Tofino Firewall (4), ConneXium Tofino OPCLSM (2), Cove (1), Custom Reports (8), Cybersecurity Admin Expert (1), Data Center Expert (4), Device Type Manager (1), EER21000 (6), EER21001 (6), ETG3000 (2), EVlink City (14), EVlink City EVC1S7P4 (7), EVlink City EVC1S22P4 (7), EVlink Parking (14), EVlink Parking EVF2 (7), EVlink Parking EVP2PE (7), EVlink Parking EVW2 (7), EVlink Smart Wallbox (14), EVlink Smart Wallbox EVB1A (7), Easergy Builder Installer (1), Easergy P3 (1), Easergy P5 (5), Easergy P40 (1), Easergy T200 (1), Easergy T300 (18), Easergy T300 RTU (1), EcoStruxure (3), EcoStruxure Building Operation Enterprise Server Installer (1), EcoStruxure Building Operation WebReports (5), EcoStruxure Building Operation WebStation (1), EcoStruxure Control Expert (20), EcoStruxure Cybersecurity Admin Expert (1), EcoStruxure EV Charging Expert (2), EcoStruxure Enterprise Central Installer (1), EcoStruxure Foxboro DCS Control Core Services (2), EcoStruxure Geo SCADA Expert (7), EcoStruxure Geo SCADA Expert 2019 (4), EcoStruxure Geo SCADA Expert 2020 (4), EcoStruxure Geo SCADA Expert 2021 (3), EcoStruxure Hybrid DCS (1), EcoStruxure Machine Expert (3), EcoStruxure OPC UA Server Expert (1), EcoStruxure Operator Terminal Expert (13), EcoStruxure Power Build Rapsody (2), EcoStruxure Power Commission (4), EcoStruxure Power Monitoring Expert (8), EcoStruxure Pro-face BLUE (6), EcoStruxure Process Expert (10), Enerlin'X Com'X 510 (1), Evlink Charging Station (1), FlexNet Publisher (1), Floating License Manager (1), GP-Pro EX (1), GP-Pro EX WinGP (1), GUIcon (6), Geo SCADA Mobile (1), HMI Panel HMIGTO (1), HMI Panel HMIGTU (1), HMI Panel HMIGTUX (1), HMI Panel HMIGXO (1), HMI Panel HMIGXU (1), HMI Panel HMISCU (1), HMI Panel HMISTO (1), HMI Panel HMISTU (1), HMI Panel XBTGH (1), HMI Panel XBTGT (2), Harmony (1), IGSS Dashboard (9), IGSS Data Server (18), IGSS Definition (22), IGSS Mobile Application (2), IMT25 Magnetic Flow DTM (1), ION73XX (2), ION75XX (2), ION76XX (2), ION8650 (2), ION8800 (2), IOS Smart Meter (3), InTouch Machine Edition (2), InduSoft Web Studio (10), InsightFacility (1), InsightHome (1), Interactive Graphical SCADA System (7), Interactive Graphical SCADA System Data Collector (6), Interactive Graphical SCADA System Data Server (8), Kerweb (1), LANDAC II-2 (1), Legacy Modicon Premium (1), Legacy Modicon Quantum (3), Legacy Offers Modicon Quantum (1), Magelis (2), Magelis XBT HMI (1), Magelis iPC (1), Merten KNX Device (1), MiCOM Px4x (1), MiCOM S1 Studio (1), Modbus Serial Driver (2), Modicon 140CRA (5), Modicon BMENOC 0311 (3), Modicon BMENOC 0321 (3), Modicon BMXNOC0401 (2), Modicon BMXNOE0100 (2), Modicon BMXNOE0110 (2), Modicon BMXNOE0110H (2), Modicon BMXNOR0200H (2), Modicon BMXP342020 (2), Modicon BMXP342020H (2), Modicon BMXP342030 (2), Modicon BMXP342030H (2), Modicon BMXP3420302 (2), Modicon BMXP3420302H (2), Modicon BMxCRA (5), Modicon LMC058 (1), Modicon LMC078 (1), Modicon M100 (1), Modicon M200 (1), Modicon M218 Logic Controller (3), Modicon M221 (12), Modicon M241 (5), Modicon M251 (5), Modicon M258 (2), Modicon M340 (59), Modicon M340 BMX (1), Modicon M340 CPU (15), Modicon M340 Communication Module (1), Modicon M340 X80 Ethernet Communication Module (4), Modicon M580 (41), Modicon M580 CPU (10), Modicon M580 CPU Safety (3), Modicon MC80 (7), Modicon Managed Switch MCSESM (1), Modicon Managed Switch MCSESP (1), Modicon Modbus Protocol (1), Modicon Momentum Ethernet CPU (4), Modicon Momentum MDI (2), Modicon Momentum Unity M1E Processor (1), Modicon PLC (3), Modicon PLC Ethernet module (1), Modicon Premium (41), Modicon Premium (2), Modicon Premium CPU (5), Modicon Premium Communication Module (4), ModiconPremium Legacy (1), Modicon Premium Legacy (3), Modicon Premium Processor (3), Modicon Quantum (45), Modicon Quantum 140 NOE771x1 (1), Modicon Quantum CPU (5), Modicon Quantum Communication Module (4), Modicon Quantum PLC (7), Modicon Quantum Plc (2), Modicon Quantum Processor (3), Modicon TM221CE16R (2), Modicon X80 BMXNOR0200H RTU (1), NMC2 AOS (6), NMC3 AOS (6), NetBotz (3), OFS (1), OPC Factory Server (2), OPC UA Modicon Communication Module (7), Opc Factory Server Tlxcdstofs (1), PLC Simulator for EcoStruxure (3), PM5XXX (2), PacDrive Eco (1), PacDrive Pro (1), PacDrive Pro2 (1), Pelco DS-NV (1), Pelco Digital Sentry Video Management System (1), Pelco Endura NET55XX Encoder (1), Pelco Sarix Professional (15), Pelco VideoXpert Enterprise (3), PowerChute Business Edition (1), PowerLogic (2), PowerLogic EGX100 (6), PowerLogic EGX300 (6), PowerLogic HDPM6000 (1), PowerLogic ION73xx (1), PowerLogic ION83xx (4), PowerLogic ION84xx (4), PowerLogic ION85xx (4), PowerLogic ION7400 (4), PowerLogic ION7650 (4), PowerLogic ION7700 (1), PowerLogic ION8600 (4), PowerLogic ION8650 (4), PowerLogic ION8800 (4), PowerLogic ION9000 (4), PowerLogic PM8ECC (4), PowerLogic PM55xx (2), PowerLogic PM800 (3), PowerLogic PM5560 (1), PowerLogic PM8000 (1), Power Monitoring Expert (1), PowerSCADA Anywhere (5), Power SCADA Operation (1), PowerTag (1), Premium CPU (1), Pro-Face GP Pro EX (1), Pro-face BLUE (1), ProClima (7), Programmable Logic Controller (1), Quantum Ethernet Module 140noe77100 (2), Ritto Wiser Door (1), SCADA Expert ClearSCADA (4), SCADAPack 7x Remote Connect (4), SCADAPack 312E (1), SCADAPack 313E (1), SCADAPack 314E (1), SCADAPack 330E (1), SCADAPack 333E (1), SCADAPack 334E (1), SCADAPack 337E (1), SCADAPack 350E (1), SCADAPack 357E (1), SCADAPack RemoteConnect for x70 (6), SCADAPack Workbench (1), SCADAPack x70 Security Administrator (1), SCADA Software (1), SCL (3), SFAPV9601 APC Easy UPS On-Line Software (2), SMC (2), SMT (3), SMTL (2), SMX (3), SRT (1), SmartStruxure (3), Smartlink (1), SoMachine (1), SoMachine Basic (5), SoMachine HVAC (5), SoMove (1), SoMove Software (1), SoSafe Configurable (1), Software Update (3), Software Update SUT Service (1), Software Update Utility (1), SpaceLogic C-Bus Application Controller (2), SpaceLogic C-Bus Home Controller (1), SpaceLogic C-Bus Network Automation Controller (2), Stb Dio Ethernet Module Stbnic2212 (1), StruxureOn Gateway (1), StruxureWare Building Expert MPM (1), StruxureWare Data Center (4), StruxureWare Data Center Expert (11), Struxureware Building Operations Automation Server (1), TCM (1), Tableau Desktop (1), Tableau Server (1), Tburjr900 (1), Telemecanique Driver Pack (1), Telvent Sage (1), Telvent Sage 3030 (1), Touch Panel (2), TriStation (2), TriStation 1131 (1), Triconex Model 3009 MP (5), Triconex TCM 4351B (1), Triconex Tricon MP 3008 (2), U.motion Builder (26), U.motion Server (8), Unity Pro (4), VAMPSET (3), Vijeo Citect (1), Vijeo Designer (3), Vijeo Designer Basic (3), Wiser Series Gateway (1), Wiser Smart (7), Wiser for C-Bus Automation Controller (2), Wiser for KNX (8), Wonderware ArchestrA Logger (3), Wonderware Historian (1), Wonderware Historian Client (1), Wonderware InTouch (3), Wonderware InTouch Access Anywhere Server (1), Wonderware System Platform (1), X80 Advanced RTU Communication Module (7), ZelioSoft2 (1), fellerLYnk (5), homeLYnk (10), spaceLYnk (15)

Link to Vendor Website: https://www.schneider-electric.com/

Published	Base	Temp	Vulnerability	Prod	Exp	Rem	CTI	EPSS	CVE
08/09/2023	5.3	5.2	Schneider Electric GP-Pro EX WinGP Log File memory corruption	SCADA Software	Not Defined	Official Fix	0.03	0.00044	CVE-2023-3953
07/12/2023	7.8	7.6	Schneider Electric Accutech Manager buffer overflow	SCADA Software	Not Defined	Official Fix	0.03	0.00045	CVE-2023-29414
07/12/2023	5.4	5.3	Schneider Electric EcoStruxure OPC UA Server Expert Project File xml external entity reference	SCADA Software	Not Defined	Official Fix	0.03	0.00052	CVE-2023-37200
07/12/2023	7.1	7.0	Schneider Electric StruxureWare Data Center DCE code injection	SCADA Software	Not Defined	Official Fix	0.00	0.00084	CVE-2023-37199
07/12/2023	7.5	7.4	Schneider Electric StruxureWare Data Center DCE sql injection	SCADA Software	Not Defined	Official Fix	0.00	0.00050	CVE-2023-37197
07/12/2023	7.5	7.4	Schneider Electric StruxureWare Data Center DCE sql injection	SCADA Software	Not Defined	Official Fix	0.00	0.00050	CVE-2023-37196
07/12/2023	6.9	6.8	Schneider Electric StruxureWare Data Center DCE Upload code injection	SCADA Software	Not Defined	Official Fix	0.00	0.00084	CVE-2023-37198
06/14/2023	6.5	6.4	Schneider Electric EcoStruxure Operator Terminal Expert/Pro-face BLUE Project File code injection	SCADA Software	Not Defined	Official Fix	0.00	0.00045	CVE-2023-1049
06/14/2023	7.0	6.8	Schneider Electric EcoStruxure Foxboro DCS Control Core Services Foxboro.sys array index	SCADA Software	Not Defined	Official Fix	0.03	0.00045	CVE-2023-2570
06/14/2023	7.8	7.6	Schneider Electric EcoStruxure Foxboro DCS Control Core Services Foxboro.sys out-of-bounds write	SCADA Software	Not Defined	Official Fix	0.00	0.00045	CVE-2023-2569
06/14/2023	7.8	7.6	Schneider Electric IGSS Dashboard Dashboard Module DashBoard.exe deserialization	SCADA Software	Not Defined	Official Fix	0.03	0.00102	CVE-2023-3001
05/22/2023	7.4	7.4	Schneider Electric PowerLogic cleartext transmission	SCADA Software	Not Defined	Official Fix	0.04	0.00107	CVE-2022-46680
05/16/2023	4.6	4.6	Schneider Electric OPC Factory Server Configuration File xml external entity reference	SCADA Software	Not Defined	Official Fix	0.07	0.00042	CVE-2023-2161
04/19/2023	6.5	6.3	Schneider Electric Modicon PLC Project File unusual condition	SCADA Software	Not Defined	Official Fix	0.04	0.00044	CVE-2023-25620
04/19/2023	7.5	7.3	Schneider Electric Modicon PLC Modbus TCP Protocol unusual condition	SCADA Software	Not Defined	Official Fix	0.03	0.00046	CVE-2023-25619
04/19/2023	4.9	4.8	Schneider Electric StruxureWare Data Center Expert DCE File Upload cross site scripting	SCADA Software	Not Defined	Official Fix	0.03	0.00046	CVE-2023-25551
04/19/2023	7.8	7.6	Schneider Electric StruxureWare Data Center Expert os command injection	SCADA Software	Not Defined	Official Fix	0.00	0.00045	CVE-2023-25554
04/19/2023	7.7	7.6	Schneider Electric Conext Gateway/ InsightHome/InsightFacility HTTP input validation	SCADA Software	Not Defined	Official Fix	0.04	0.00048	CVE-2023-29410
04/19/2023	7.5	7.4	Schneider Electric EcoStruxure Power Monitoring Expert session expiration	SCADA Software	Not Defined	Official Fix	0.03	0.00091	CVE-2023-28003
04/19/2023	7.0	6.9	Schneider Electric StruxureWare Data Center Expert os command injection	SCADA Software	Not Defined	Official Fix	0.07	0.00068	CVE-2023-25555
04/19/2023	8.5	8.3	Schneider Electric StruxureWare Data Center Expert DCE Endpoint authorization	SCADA Software	Not Defined	Official Fix	0.00	0.00050	CVE-2023-25552
04/19/2023	8.0	7.9	Schneider Electric StruxureWare Data Center Expert DCE Endpoint authorization	SCADA Software	Not Defined	Official Fix	0.04	0.00049	CVE-2023-25548
04/19/2023	5.9	5.8	Schneider Electric NetBotz improper restriction of rendered ui layers	SCADA Software	Not Defined	Official Fix	0.04	0.00048	CVE-2022-43378
04/19/2023	9.3	9.1	Schneider Electric PowerLogic HDPM6000 Ethernet Request array index	SCADA Software	Not Defined	Official Fix	0.09	0.00237	CVE-2023-28004
04/19/2023	8.1	8.0	Schneider Electric StruxureWare Data Center Expert code injection	SCADA Software	Not Defined	Official Fix	0.04	0.00245	CVE-2023-25550

613 more entries are not shown

🔒 Login Required

You need to signup and login to see more of the remaining 613 results.

◂ PreviousOverviewNext ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!