Schneider Electric Vulnerabilities

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Type

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product

Schneider Electric Modicon M34060
Schneider Electric Modicon Quantum45
Schneider Electric Modicon Premium41
Schneider Electric Modicon M58041
Schneider Electric U.motion Builder26

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation

Official Fix339
Temporary Fix0
Workaround17
Unavailable3
Not Defined313

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability

High2
Functional0
Proof-of-Concept11
Unproven2
Not Defined657

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

Access Vector

Not Defined0
Physical8
Local80
Adjacent103
Network481

The approach a vulnerability it becomes important to use the expected access vector. This is typically via the network, local, or physically even.

Authentication

Not Defined0
High30
Low236
None406

To exploit a vulnerability a certail level of authentication might be required. Vulnerabilities without such a requirement are much more popular.

User Interaction

Not Defined0
Required127
None545

Some attack scenarios require some user interaction by a victim. This is typical for phishing, social engineering and cross site scripting attacks.

C3BM Index

Our unique C3BM Index (CVSSv3 Base Meta Index) cumulates the CVSSv3 Meta Base Scores of all entries over time. Comparing this index to the amount of disclosed vulnerabilities helps to pinpoint the most important events.

CVSSv3 Base

≤10
≤20
≤36
≤454
≤558
≤6122
≤7193
≤8126
≤977
≤1036

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤311
≤449
≤561
≤6153
≤7185
≤8105
≤972
≤1036

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤20
≤319
≤480
≤585
≤6170
≤7113
≤8146
≤924
≤1035

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤42
≤514
≤632
≤735
≤8138
≤946
≤1077

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤30
≤41
≤55
≤620
≤729
≤843
≤926
≤1023

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

Exploit 0-day

<1k139
<2k306
<5k226
<10k0
<25k1
<50k0
<100k0
≥100k0

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today

<1k645
<2k26
<5k1
<10k0
<25k0
<50k0
<100k0
≥100k0

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

Exploit Market Volume

Our unique calculation of exploit prices makes it possible to forecast the expected exploit market volume. The calculated prices for all possible 0-day expoits are cumulated for this task. Comparing the volume to the amount of disclosed vulnerabilities helps to pinpoint the most important events.

🔴 CTI Activities

Our unique Cyber Threat Intelligence aims to determine the ongoing research of actors to anticipiate their acitivities. Observing exploit markets on the Darknet, discussions of vulnerabilities on mailinglists, and exchanges on social media makes it possible to identify planned attacks. Monitored actors and activities are classified whether they are offensive or defensive. They are also weighted as some actors are well-known for certain products and technologies. And some of their disclosures might contain more or less details about technical aspects and personal context. The world map highlights active actors in real-time.

Affected Products (342): 140CRA312xxx (1), 66074 MGE Network Management Card (4), AP7xxxx (1), AP8xxx (1), APC Easy UPS Online (7), APDU9xxx (1), ATV IMC Drive Controller (1), AccuSine PCS+ (1), AccuSine PCSn (1), AccuSine PFV+ (1), Accutech Manager (2), Acti9 PowerTag Link C (1), Ampla MES (2), Andover Continuum (4), BMX-NOR-0200H (1), BMXNOR0200 (6), BMXNOR0200H Ethernet-Serial RTU Module (1), BMXNOR0200H Ethernet Serial RTU Module (2), BMxCRA312xx (1), C-Bus Network Automation Controller (2), C-Bus Toolkit (10), C-Gate Server (1), CanBRASS (1), CitectSCADA (4), Citectscada Reports (4), ClearSCADA (9), Clipsal C-Bus Network Automation Controller (2), Clipsal Wiser for C-Bus Automation Controller (2), Conext ComBox (4), Conext ComBox 865-1058 (1), Conext Gateway (1), ConneXium (1), ConneXium Network Manager (1), ConneXium Tofino Firewall (4), ConneXium Tofino OPCLSM (2), Cove (1), Custom Reports (8), Cybersecurity Admin Expert (1), Data Center Expert (4), Device Type Manager (1), EER21000 (6), EER21001 (6), ETG3000 (2), EVlink City (14), EVlink City EVC1S7P4 (7), EVlink City EVC1S22P4 (7), EVlink Home Smart (1), EVlink Parking (14), EVlink Parking EVF2 (7), EVlink Parking EVP2PE (7), EVlink Parking EVW2 (7), EVlink Smart Wallbox (14), EVlink Smart Wallbox EVB1A (7), Easergy Builder Installer (1), Easergy P3 (1), Easergy P5 (5), Easergy P40 (1), Easergy Studio (2), Easergy T200 (4), Easergy T200E (3), Easergy T200H (3), Easergy T200I (3), Easergy T200P (3), Easergy T200S (3), Easergy T300 (18), Easergy T300 RTU (1), Easy UPS Online Monitoring Software (1), EcoStruxure (3), EcoStruxure Building Operation Enterprise Server Installer (1), EcoStruxure Building Operation WebReports (5), EcoStruxure Building Operation WebStation (1), EcoStruxure Control Expert (23), EcoStruxure Cybersecurity Admin Expert (1), EcoStruxure EV Charging Expert (2), EcoStruxure Enterprise Central Installer (1), EcoStruxure Foxboro DCS Control Core Services (2), EcoStruxure Geo SCADA Expert (7), EcoStruxure Geo SCADA Expert 2019 (4), EcoStruxure Geo SCADA Expert 2020 (4), EcoStruxure Geo SCADA Expert 2021 (3), EcoStruxure Hybrid DCS (1), EcoStruxure IT Gateway (1), EcoStruxure Machine Expert (3), EcoStruxure OPC UA Server Expert (1), EcoStruxure Operator Terminal Expert (13), EcoStruxure Power Build Rapsody (2), EcoStruxure Power Commission (4), EcoStruxure Power Design (1), EcoStruxure Power Monitoring Expert (11), EcoStruxure Power Operation (2), EcoStruxure Power SCADA Operation (2), EcoStruxure Pro-face BLUE (6), EcoStruxure Process Expert (13), Enerlin'X Com'X 510 (1), Evlink Charging Station (1), FlexNet Publisher (1), Floating License Manager (1), GP-Pro EX (1), GP-Pro EX WinGP (1), GUIcon (6), Galaxy VL (1), Galaxy VS (1), Geo SCADA Mobile (1), HMI Panel HMIGTO (1), HMI Panel HMIGTU (1), HMI Panel HMIGTUX (1), HMI Panel HMIGXO (1), HMI Panel HMIGXU (1), HMI Panel HMISCU (1), HMI Panel HMISTO (1), HMI Panel HMISTU (1), HMI Panel XBTGH (1), HMI Panel XBTGT (2), Harmony (1), Harmony Control Relay RMNF22TB30 (1), Harmony Timer Relay RENF22R2MMW (1), IGSS Dashboard (9), IGSS Data Server (18), IGSS Definition (22), IGSS Mobile Application (2), IGSS Update Service (1), IMT25 Magnetic Flow DTM (1), ION73XX (2), ION75XX (2), ION76XX (2), ION8650 (4), ION8800 (4), IOS Smart Meter (3), InTouch Machine Edition (2), InduSoft Web Studio (10), InsightFacility (1), InsightHome (1), Interactive Graphical SCADA System (7), Interactive Graphical SCADA System Data Collector (6), Interactive Graphical SCADA System Data Server (8), Kerweb (1), LANDAC II-2 (1), Legacy Modicon Premium (1), Legacy Modicon Quantum (3), Legacy Offers Modicon Quantum (1), Magelis (2), Magelis XBT HMI (1), Magelis iPC (1), Merten KNX Device (1), MiCOM Px4x (1), MiCOM S1 Studio (1), Modbus Serial Driver (2), Modicon 140CRA (5), Modicon BMENOC 0311 (3), Modicon BMENOC 0321 (3), Modicon BMXNOC0401 (2), Modicon BMXNOE0100 (2), Modicon BMXNOE0110 (2), Modicon BMXNOE0110H (2), Modicon BMXNOR0200H (2), Modicon BMXP342020 (2), Modicon BMXP342020H (2), Modicon BMXP342030 (2), Modicon BMXP342030H (2), Modicon BMXP3420302 (2), Modicon BMXP3420302H (2), Modicon BMxCRA (5), Modicon LMC058 (1), Modicon LMC078 (1), Modicon M100 (1), Modicon M200 (1), Modicon M218 Logic Controller (3), Modicon M221 (12), Modicon M241 (5), Modicon M251 (5), Modicon M258 (2), Modicon M340 (60), Modicon M340 BMX (1), Modicon M340 CPU (16), Modicon M340 Communication Module (1), Modicon M340 X80 Ethernet Communication Module (4), Modicon M580 (41), Modicon M580 CPU (11), Modicon M580 CPU Safety (4), Modicon MC80 (7), Modicon Managed Switch MCSESM (1), Modicon Managed Switch MCSESP (1), Modicon Modbus Protocol (1), Modicon Momentum Ethernet CPU (4), Modicon Momentum MDI (2), Modicon Momentum Unity M1E Processor (1), Modicon PLC (3), Modicon PLC Ethernet module (1), Modicon Premium (41), Modicon Premium (2), Modicon Premium CPU (5), Modicon Premium Communication Module (4), ModiconPremium Legacy (1), Modicon Premium Legacy (3), Modicon Premium Processor (3), Modicon Quantum (45), Modicon Quantum 140 NOE771x1 (1), Modicon Quantum CPU (5), Modicon Quantum Communication Module (4), Modicon Quantum PLC (7), Modicon Quantum Plc (2), Modicon Quantum Processor (3), Modicon TM221CE16R (2), Modicon X80 BMXNOR0200H RTU (1), NMC2 AOS (6), NMC3 AOS (6), NetBotz (3), OFS (1), OPC Factory Server (2), OPC UA Modicon Communication Module (7), Opc Factory Server Tlxcdstofs (1), PLC Simulator for EcoStruxure (3), PM5XXX (2), PacDrive Eco (1), PacDrive Pro (1), PacDrive Pro2 (1), Pelco DS-NV (1), Pelco Digital Sentry Video Management System (1), Pelco Endura NET55XX Encoder (1), Pelco Sarix Professional (15), Pelco VideoXpert Enterprise (3), PowerChute Business Edition (1), PowerLogic (2), PowerLogic EGX100 (6), PowerLogic EGX300 (6), PowerLogic HDPM6000 (1), PowerLogic ION73xx (1), PowerLogic ION83xx (4), PowerLogic ION84xx (4), PowerLogic ION85xx (4), PowerLogic ION7400 (4), PowerLogic ION7650 (4), PowerLogic ION7700 (1), PowerLogic ION8600 (4), PowerLogic ION8650 (4), PowerLogic ION8800 (4), PowerLogic ION9000 (4), PowerLogic P5 (1), PowerLogic PM8ECC (4), PowerLogic PM55xx (2), PowerLogic PM800 (3), PowerLogic PM5560 (1), PowerLogic PM8000 (1), Power Monitoring Expert (1), PowerSCADA Anywhere (5), Power SCADA Operation (1), PowerTag (1), Premium CPU (1), Pro-Face GP Pro EX (1), Pro-face BLUE (1), ProClima (7), Programmable Logic Controller (1), Quantum Ethernet Module 140noe77100 (2), Ritto Wiser Door (1), SCADA Expert ClearSCADA (4), SCADAPack 7x Remote Connect (4), SCADAPack 312E (1), SCADAPack 313E (1), SCADAPack 314E (1), SCADAPack 330E (1), SCADAPack 333E (1), SCADAPack 334E (1), SCADAPack 337E (1), SCADAPack 350E (1), SCADAPack 357E (1), SCADAPack RemoteConnect for x70 (6), SCADAPack Workbench (1), SCADAPack x70 Security Administrator (1), SCADA Software (1), SCL (3), SFAPV9601 APC Easy UPS On-Line Software (2), SMC (2), SMT (3), SMTL (2), SMX (3), SRT (1), Sage 1410 (6), Sage 1430 (6), Sage 1450 (6), Sage 2400 (6), Sage 3030 Magnum (6), Sage 4400 (6), SmartStruxure (3), Smartlink (1), SoMachine (1), SoMachine Basic (5), SoMachine HVAC (5), SoMove (1), SoMove Software (1), SoSafe Configurable (1), Software Update (3), Software Update SUT Service (1), Software Update Utility (1), SpaceLogic AS-B (2), SpaceLogic AS-P (2), SpaceLogic C-Bus Application Controller (2), SpaceLogic C-Bus Home Controller (1), SpaceLogic C-Bus Network Automation Controller (2), Stb Dio Ethernet Module Stbnic2212 (1), StruxureOn Gateway (1), StruxureWare Building Expert MPM (1), StruxureWare Data Center (4), StruxureWare Data Center Expert (11), Struxureware Building Operations Automation Server (1), TCM (1), Tableau Desktop (1), Tableau Server (1), Tburjr900 (1), Telemecanique Driver Pack (1), Telvent Sage (1), Telvent Sage 3030 (1), Touch Panel (2), TriStation (2), TriStation 1131 (1), Triconex Model 3009 MP (5), Triconex TCM 4351B (1), Triconex Tricon MP 3008 (2), Trio E-Series Ethernet Data Radio (2), Trio J-Series Ethernet Data Radio (2), Trio Q-Series Ethernet Data Radio (2), U.motion Builder (26), U.motion Server (8), Unity Pro (4), VAMPSET (3), Vijeo Citect (1), Vijeo Designer (3), Vijeo Designer Basic (3), Wiser Series Gateway (1), Wiser Smart (7), Wiser for C-Bus Automation Controller (2), Wiser for KNX (8), Wonderware ArchestrA Logger (3), Wonderware Historian (1), Wonderware Historian Client (1), Wonderware InTouch (3), Wonderware InTouch Access Anywhere Server (1), Wonderware System Platform (1), X80 Advanced RTU Communication Module (7), ZelioSoft2 (1), fellerLYnk (5), homeLYnk (10), spaceLYnk (15)

Link to Vendor Website: https://www.schneider-electric.com/

PublishedBaseTempVulnerabilityProdExpRemEPSSCTICVE
06/12/20245.95.8Schneider Electric Sage 4400 HTTP Request return valueSCADA SoftwareNot DefinedOfficial Fix0.000430.00CVE-2024-37039
06/12/20245.35.2Schneider Electric Sage 4400 HTTP Request out-of-boundsSCADA SoftwareNot DefinedOfficial Fix0.000430.00CVE-2024-5560
06/12/20249.89.6Schneider Electric Sage 4400 POST Request out-of-bounds writeSCADA SoftwareNot DefinedOfficial Fix0.000430.02CVE-2024-37036
06/12/20245.25.1Schneider Electric PowerLogic P5 Reset Token risky encryptionSCADA SoftwareNot DefinedOfficial Fix0.000430.00CVE-2024-5559
06/12/20247.87.6Schneider Electric Easergy Studio unquoted search pathSCADA SoftwareNot DefinedOfficial Fix0.000430.00CVE-2024-2747
06/12/20245.95.7Schneider Electric Sage 4400 Web Interface buffer overflowSCADA SoftwareNot DefinedOfficial Fix0.000430.00CVE-2024-37040
06/12/20247.57.3Schneider Electric Sage 4400 Web Interface default permissionSCADA SoftwareNot DefinedOfficial Fix0.000430.03CVE-2024-37038
06/12/20247.27.0Schneider Electric Sage 4400 HTTP Request path traversalSCADA SoftwareNot DefinedOfficial Fix0.000440.06CVE-2024-37037
06/12/20243.43.4Schneider Electric SpaceLogic AS-P/SpaceLogic AS-B SNMP Credentials log fileSCADA SoftwareNot DefinedOfficial Fix0.000430.00CVE-2024-5557
06/12/20246.46.2Schneider Electric SpaceLogic AS-P/SpaceLogic AS-B toctouSCADA SoftwareNot DefinedOfficial Fix0.000430.05CVE-2024-5558
06/12/20245.95.8Schneider Electric EVlink Home Smart SSH Interface exposure of resourceSCADA SoftwareNot DefinedOfficial Fix0.000430.06CVE-2024-5313
06/12/20246.56.5Schneider Electric Modicon M340 file accessSCADA SoftwareNot DefinedNot Defined0.000430.06CVE-2024-5056
03/18/20246.26.1Schneider Electric Easergy T200 cross site scriptingSCADA SoftwareNot DefinedOfficial Fix0.000430.05CVE-2024-2050
03/18/20246.46.3Schneider Electric Easergy T200 file accessSCADA SoftwareNot DefinedOfficial Fix0.000430.03CVE-2024-2052
03/18/20246.76.7Schneider Electric Easergy T200 excessive authenticationSCADA SoftwareNot DefinedOfficial Fix0.000430.04CVE-2024-2051
03/12/20248.38.3Schneider Electric EcoStruxure Power Design Project File deserializationSCADA SoftwareNot DefinedNot Defined0.000650.03CVE-2024-2229
02/21/20247.87.5Schneider Electric EcoStruxure IT Gateway hard-coded credentialsSCADA SoftwareNot DefinedOfficial Fix0.000650.06CVE-2024-0865
02/14/20248.88.6Schneider Electric Harmony Control Relay RMNF22TB30 NFC improper authenticationSCADA SoftwareNot DefinedOfficial Fix0.000430.04CVE-2024-0568
02/14/20246.56.4Schneider Electric EcoStruxure Control Expert Project File hard-coded credentialsSCADA SoftwareNot DefinedOfficial Fix0.000430.03CVE-2023-6409
02/14/20246.26.1Schneider Electric EcoStruxure Control Expert Project File insufficiently protected credentialsSCADA SoftwareNot DefinedOfficial Fix0.000430.04CVE-2023-27975
02/14/20248.17.9Schneider Electric Modicon M340 CPU message integritySCADA SoftwareNot DefinedOfficial Fix0.000430.04CVE-2023-6408
01/09/20247.87.6Schneider Electric Easergy Studio deserializationSCADA SoftwareNot DefinedOfficial Fix0.000460.05CVE-2023-7032
12/14/20236.26.1Schneider Electric Trio Q-Series Ethernet Data Radio code downloadSCADA SoftwareNot DefinedOfficial Fix0.000460.03CVE-2023-5630
12/14/20236.26.1Schneider Electric Trio Q-Series Ethernet Data Radio redirectSCADA SoftwareNot DefinedOfficial Fix0.000460.00CVE-2023-5629
12/12/20235.95.8Schneider Electric Easy UPS Online Monitoring Software path traversalSCADA SoftwareNot DefinedOfficial Fix0.000930.00CVE-2023-6407

647 more entries are not shown

Want to stay up to date on a daily basis?

Enable the mail alert feature now!