Schneider Electric Vulnerabilities

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Type

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product

Schneider Electric Modicon M34059
Schneider Electric Modicon Quantum45
Schneider Electric Modicon Premium41
Schneider Electric Modicon M58041
Schneider Electric U.motion Builder26

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation

Official Fix307
Temporary Fix0
Workaround17
Unavailable3
Not Defined311

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability

High2
Functional0
Proof-of-Concept11
Unproven2
Not Defined623

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

Access Vector

Not Defined0
Physical7
Local71
Adjacent101
Network459

The approach a vulnerability it becomes important to use the expected access vector. This is typically via the network, local, or physically even.

Authentication

Not Defined0
High25
Low225
None388

To exploit a vulnerability a certail level of authentication might be required. Vulnerabilities without such a requirement are much more popular.

User Interaction

Not Defined0
Required121
None517

Some attack scenarios require some user interaction by a victim. This is typical for phishing, social engineering and cross site scripting attacks.

C3BM Index

Our unique C3BM Index (CVSSv3 Base Meta Index) cumulates the CVSSv3 Meta Base Scores of all entries over time. Comparing this index to the amount of disclosed vulnerabilities helps to pinpoint the most important events.

CVSSv3 Base

≤10
≤20
≤36
≤452
≤558
≤6114
≤7182
≤8121
≤972
≤1033

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤311
≤447
≤561
≤6146
≤7172
≤8100
≤968
≤1033

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤20
≤317
≤479
≤580
≤6162
≤7109
≤8138
≤921
≤1032

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤42
≤512
≤632
≤733
≤8137
≤946
≤1076

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤30
≤41
≤53
≤615
≤723
≤834
≤920
≤1018

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

Exploit 0-day

<1k145
<2k263
<5k229
<10k0
<25k1
<50k0
<100k0
≥100k0

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today

<1k605
<2k29
<5k4
<10k0
<25k0
<50k0
<100k0
≥100k0

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

Exploit Market Volume

Our unique calculation of exploit prices makes it possible to forecast the expected exploit market volume. The calculated prices for all possible 0-day expoits are cumulated for this task. Comparing the volume to the amount of disclosed vulnerabilities helps to pinpoint the most important events.

🔴 CTI Activities

Our unique Cyber Threat Intelligence aims to determine the ongoing research of actors to anticipiate their acitivities. Observing exploit markets on the Darknet, discussions of vulnerabilities on mailinglists, and exchanges on social media makes it possible to identify planned attacks. Monitored actors and activities are classified whether they are offensive or defensive. They are also weighted as some actors are well-known for certain products and technologies. And some of their disclosures might contain more or less details about technical aspects and personal context. The world map highlights active actors in real-time.

Affected Products (313): 140CRA312xxx (1), 66074 MGE Network Management Card (4), AP7xxxx (1), AP8xxx (1), APC Easy UPS Online (7), APDU9xxx (1), ATV IMC Drive Controller (1), AccuSine PCS+ (1), AccuSine PCSn (1), AccuSine PFV+ (1), Accutech Manager (2), Acti9 PowerTag Link C (1), Ampla MES (2), Andover Continuum (4), BMX-NOR-0200H (1), BMXNOR0200 (6), BMXNOR0200H Ethernet-Serial RTU Module (1), BMXNOR0200H Ethernet Serial RTU Module (2), BMxCRA312xx (1), C-Bus Network Automation Controller (2), C-Bus Toolkit (8), C-Gate Server (1), CanBRASS (1), CitectSCADA (4), Citectscada Reports (4), ClearSCADA (9), Clipsal C-Bus Network Automation Controller (2), Clipsal Wiser for C-Bus Automation Controller (2), Conext ComBox (4), Conext ComBox 865-1058 (1), Conext Gateway (1), ConneXium (1), ConneXium Network Manager (1), ConneXium Tofino Firewall (4), ConneXium Tofino OPCLSM (2), Cove (1), Custom Reports (8), Cybersecurity Admin Expert (1), Data Center Expert (4), Device Type Manager (1), EER21000 (6), EER21001 (6), ETG3000 (2), EVlink City (14), EVlink City EVC1S7P4 (7), EVlink City EVC1S22P4 (7), EVlink Parking (14), EVlink Parking EVF2 (7), EVlink Parking EVP2PE (7), EVlink Parking EVW2 (7), EVlink Smart Wallbox (14), EVlink Smart Wallbox EVB1A (7), Easergy Builder Installer (1), Easergy P3 (1), Easergy P5 (5), Easergy P40 (1), Easergy T200 (1), Easergy T300 (18), Easergy T300 RTU (1), EcoStruxure (3), EcoStruxure Building Operation Enterprise Server Installer (1), EcoStruxure Building Operation WebReports (5), EcoStruxure Building Operation WebStation (1), EcoStruxure Control Expert (20), EcoStruxure Cybersecurity Admin Expert (1), EcoStruxure EV Charging Expert (2), EcoStruxure Enterprise Central Installer (1), EcoStruxure Foxboro DCS Control Core Services (2), EcoStruxure Geo SCADA Expert (7), EcoStruxure Geo SCADA Expert 2019 (4), EcoStruxure Geo SCADA Expert 2020 (4), EcoStruxure Geo SCADA Expert 2021 (3), EcoStruxure Hybrid DCS (1), EcoStruxure Machine Expert (3), EcoStruxure OPC UA Server Expert (1), EcoStruxure Operator Terminal Expert (13), EcoStruxure Power Build Rapsody (2), EcoStruxure Power Commission (4), EcoStruxure Power Monitoring Expert (8), EcoStruxure Pro-face BLUE (6), EcoStruxure Process Expert (10), Enerlin'X Com'X 510 (1), Evlink Charging Station (1), FlexNet Publisher (1), Floating License Manager (1), GP-Pro EX (1), GP-Pro EX WinGP (1), GUIcon (6), Geo SCADA Mobile (1), HMI Panel HMIGTO (1), HMI Panel HMIGTU (1), HMI Panel HMIGTUX (1), HMI Panel HMIGXO (1), HMI Panel HMIGXU (1), HMI Panel HMISCU (1), HMI Panel HMISTO (1), HMI Panel HMISTU (1), HMI Panel XBTGH (1), HMI Panel XBTGT (2), Harmony (1), IGSS Dashboard (9), IGSS Data Server (18), IGSS Definition (22), IGSS Mobile Application (2), IMT25 Magnetic Flow DTM (1), ION73XX (2), ION75XX (2), ION76XX (2), ION8650 (2), ION8800 (2), IOS Smart Meter (3), InTouch Machine Edition (2), InduSoft Web Studio (10), InsightFacility (1), InsightHome (1), Interactive Graphical SCADA System (7), Interactive Graphical SCADA System Data Collector (6), Interactive Graphical SCADA System Data Server (8), Kerweb (1), LANDAC II-2 (1), Legacy Modicon Premium (1), Legacy Modicon Quantum (3), Legacy Offers Modicon Quantum (1), Magelis (2), Magelis XBT HMI (1), Magelis iPC (1), Merten KNX Device (1), MiCOM Px4x (1), MiCOM S1 Studio (1), Modbus Serial Driver (2), Modicon 140CRA (5), Modicon BMENOC 0311 (3), Modicon BMENOC 0321 (3), Modicon BMXNOC0401 (2), Modicon BMXNOE0100 (2), Modicon BMXNOE0110 (2), Modicon BMXNOE0110H (2), Modicon BMXNOR0200H (2), Modicon BMXP342020 (2), Modicon BMXP342020H (2), Modicon BMXP342030 (2), Modicon BMXP342030H (2), Modicon BMXP3420302 (2), Modicon BMXP3420302H (2), Modicon BMxCRA (5), Modicon LMC058 (1), Modicon LMC078 (1), Modicon M100 (1), Modicon M200 (1), Modicon M218 Logic Controller (3), Modicon M221 (12), Modicon M241 (5), Modicon M251 (5), Modicon M258 (2), Modicon M340 (59), Modicon M340 BMX (1), Modicon M340 CPU (15), Modicon M340 Communication Module (1), Modicon M340 X80 Ethernet Communication Module (4), Modicon M580 (41), Modicon M580 CPU (10), Modicon M580 CPU Safety (3), Modicon MC80 (7), Modicon Managed Switch MCSESM (1), Modicon Managed Switch MCSESP (1), Modicon Modbus Protocol (1), Modicon Momentum Ethernet CPU (4), Modicon Momentum MDI (2), Modicon Momentum Unity M1E Processor (1), Modicon PLC (3), Modicon PLC Ethernet module (1), Modicon Premium (41), Modicon Premium (2), Modicon Premium CPU (5), Modicon Premium Communication Module (4), ModiconPremium Legacy (1), Modicon Premium Legacy (3), Modicon Premium Processor (3), Modicon Quantum (45), Modicon Quantum 140 NOE771x1 (1), Modicon Quantum CPU (5), Modicon Quantum Communication Module (4), Modicon Quantum PLC (7), Modicon Quantum Plc (2), Modicon Quantum Processor (3), Modicon TM221CE16R (2), Modicon X80 BMXNOR0200H RTU (1), NMC2 AOS (6), NMC3 AOS (6), NetBotz (3), OFS (1), OPC Factory Server (2), OPC UA Modicon Communication Module (7), Opc Factory Server Tlxcdstofs (1), PLC Simulator for EcoStruxure (3), PM5XXX (2), PacDrive Eco (1), PacDrive Pro (1), PacDrive Pro2 (1), Pelco DS-NV (1), Pelco Digital Sentry Video Management System (1), Pelco Endura NET55XX Encoder (1), Pelco Sarix Professional (15), Pelco VideoXpert Enterprise (3), PowerChute Business Edition (1), PowerLogic (2), PowerLogic EGX100 (6), PowerLogic EGX300 (6), PowerLogic HDPM6000 (1), PowerLogic ION73xx (1), PowerLogic ION83xx (4), PowerLogic ION84xx (4), PowerLogic ION85xx (4), PowerLogic ION7400 (4), PowerLogic ION7650 (4), PowerLogic ION7700 (1), PowerLogic ION8600 (4), PowerLogic ION8650 (4), PowerLogic ION8800 (4), PowerLogic ION9000 (4), PowerLogic PM8ECC (4), PowerLogic PM55xx (2), PowerLogic PM800 (3), PowerLogic PM5560 (1), PowerLogic PM8000 (1), Power Monitoring Expert (1), PowerSCADA Anywhere (5), Power SCADA Operation (1), PowerTag (1), Premium CPU (1), Pro-Face GP Pro EX (1), Pro-face BLUE (1), ProClima (7), Programmable Logic Controller (1), Quantum Ethernet Module 140noe77100 (2), Ritto Wiser Door (1), SCADA Expert ClearSCADA (4), SCADAPack 7x Remote Connect (4), SCADAPack 312E (1), SCADAPack 313E (1), SCADAPack 314E (1), SCADAPack 330E (1), SCADAPack 333E (1), SCADAPack 334E (1), SCADAPack 337E (1), SCADAPack 350E (1), SCADAPack 357E (1), SCADAPack RemoteConnect for x70 (6), SCADAPack Workbench (1), SCADAPack x70 Security Administrator (1), SCADA Software (1), SCL (3), SFAPV9601 APC Easy UPS On-Line Software (2), SMC (2), SMT (3), SMTL (2), SMX (3), SRT (1), SmartStruxure (3), Smartlink (1), SoMachine (1), SoMachine Basic (5), SoMachine HVAC (5), SoMove (1), SoMove Software (1), SoSafe Configurable (1), Software Update (3), Software Update SUT Service (1), Software Update Utility (1), SpaceLogic C-Bus Application Controller (2), SpaceLogic C-Bus Home Controller (1), SpaceLogic C-Bus Network Automation Controller (2), Stb Dio Ethernet Module Stbnic2212 (1), StruxureOn Gateway (1), StruxureWare Building Expert MPM (1), StruxureWare Data Center (4), StruxureWare Data Center Expert (11), Struxureware Building Operations Automation Server (1), TCM (1), Tableau Desktop (1), Tableau Server (1), Tburjr900 (1), Telemecanique Driver Pack (1), Telvent Sage (1), Telvent Sage 3030 (1), Touch Panel (2), TriStation (2), TriStation 1131 (1), Triconex Model 3009 MP (5), Triconex TCM 4351B (1), Triconex Tricon MP 3008 (2), U.motion Builder (26), U.motion Server (8), Unity Pro (4), VAMPSET (3), Vijeo Citect (1), Vijeo Designer (3), Vijeo Designer Basic (3), Wiser Series Gateway (1), Wiser Smart (7), Wiser for C-Bus Automation Controller (2), Wiser for KNX (8), Wonderware ArchestrA Logger (3), Wonderware Historian (1), Wonderware Historian Client (1), Wonderware InTouch (3), Wonderware InTouch Access Anywhere Server (1), Wonderware System Platform (1), X80 Advanced RTU Communication Module (7), ZelioSoft2 (1), fellerLYnk (5), homeLYnk (10), spaceLYnk (15)

Link to Vendor Website: https://www.schneider-electric.com/

PublishedBaseTempVulnerabilityProdExpRemCTIEPSSCVE
08/09/20235.35.2Schneider Electric GP-Pro EX WinGP Log File memory corruptionSCADA SoftwareNot DefinedOfficial Fix0.030.00044CVE-2023-3953
07/12/20237.87.6Schneider Electric Accutech Manager buffer overflowSCADA SoftwareNot DefinedOfficial Fix0.030.00045CVE-2023-29414
07/12/20235.45.3Schneider Electric EcoStruxure OPC UA Server Expert Project File xml external entity referenceSCADA SoftwareNot DefinedOfficial Fix0.030.00052CVE-2023-37200
07/12/20237.17.0Schneider Electric StruxureWare Data Center DCE code injectionSCADA SoftwareNot DefinedOfficial Fix0.000.00084CVE-2023-37199
07/12/20237.57.4Schneider Electric StruxureWare Data Center DCE sql injectionSCADA SoftwareNot DefinedOfficial Fix0.000.00050CVE-2023-37197
07/12/20237.57.4Schneider Electric StruxureWare Data Center DCE sql injectionSCADA SoftwareNot DefinedOfficial Fix0.000.00050CVE-2023-37196
07/12/20236.96.8Schneider Electric StruxureWare Data Center DCE Upload code injectionSCADA SoftwareNot DefinedOfficial Fix0.000.00084CVE-2023-37198
06/14/20236.56.4Schneider Electric EcoStruxure Operator Terminal Expert/Pro-face BLUE Project File code injectionSCADA SoftwareNot DefinedOfficial Fix0.000.00045CVE-2023-1049
06/14/20237.06.8Schneider Electric EcoStruxure Foxboro DCS Control Core Services Foxboro.sys array indexSCADA SoftwareNot DefinedOfficial Fix0.030.00045CVE-2023-2570
06/14/20237.87.6Schneider Electric EcoStruxure Foxboro DCS Control Core Services Foxboro.sys out-of-bounds writeSCADA SoftwareNot DefinedOfficial Fix0.000.00045CVE-2023-2569
06/14/20237.87.6Schneider Electric IGSS Dashboard Dashboard Module DashBoard.exe deserializationSCADA SoftwareNot DefinedOfficial Fix0.030.00102CVE-2023-3001
05/22/20237.47.4Schneider Electric PowerLogic cleartext transmissionSCADA SoftwareNot DefinedOfficial Fix0.040.00107CVE-2022-46680
05/16/20234.64.6Schneider Electric OPC Factory Server Configuration File xml external entity referenceSCADA SoftwareNot DefinedOfficial Fix0.070.00042CVE-2023-2161
04/19/20236.56.3Schneider Electric Modicon PLC Project File unusual conditionSCADA SoftwareNot DefinedOfficial Fix0.040.00044CVE-2023-25620
04/19/20237.57.3Schneider Electric Modicon PLC Modbus TCP Protocol unusual conditionSCADA SoftwareNot DefinedOfficial Fix0.030.00046CVE-2023-25619
04/19/20234.94.8Schneider Electric StruxureWare Data Center Expert DCE File Upload cross site scriptingSCADA SoftwareNot DefinedOfficial Fix0.030.00046CVE-2023-25551
04/19/20237.87.6Schneider Electric StruxureWare Data Center Expert os command injectionSCADA SoftwareNot DefinedOfficial Fix0.000.00045CVE-2023-25554
04/19/20237.77.6Schneider Electric Conext Gateway/ InsightHome/InsightFacility HTTP input validationSCADA SoftwareNot DefinedOfficial Fix0.040.00048CVE-2023-29410
04/19/20237.57.4Schneider Electric EcoStruxure Power Monitoring Expert session expirationSCADA SoftwareNot DefinedOfficial Fix0.030.00091CVE-2023-28003
04/19/20237.06.9Schneider Electric StruxureWare Data Center Expert os command injectionSCADA SoftwareNot DefinedOfficial Fix0.070.00068CVE-2023-25555
04/19/20238.58.3Schneider Electric StruxureWare Data Center Expert DCE Endpoint authorizationSCADA SoftwareNot DefinedOfficial Fix0.000.00050CVE-2023-25552
04/19/20238.07.9Schneider Electric StruxureWare Data Center Expert DCE Endpoint authorizationSCADA SoftwareNot DefinedOfficial Fix0.040.00049CVE-2023-25548
04/19/20235.95.8Schneider Electric NetBotz improper restriction of rendered ui layersSCADA SoftwareNot DefinedOfficial Fix0.040.00048CVE-2022-43378
04/19/20239.39.1Schneider Electric PowerLogic HDPM6000 Ethernet Request array indexSCADA SoftwareNot DefinedOfficial Fix0.090.00237CVE-2023-28004
04/19/20238.18.0Schneider Electric StruxureWare Data Center Expert code injectionSCADA SoftwareNot DefinedOfficial Fix0.040.00245CVE-2023-25550

613 more entries are not shown

Want to stay up to date on a daily basis?

Enable the mail alert feature now!