Welcome to the Schneider Electric corporate Website

Select your location

Welcome the the Schneider Electric French website. It looks like you are located in the United States, would you like to change your location?

Traduisez en francais

Stay Informed

Register to our security notification mailing list and we will notify you via email on newly released or updated Security Notifications.
Date
Product
CVE
Description
Products and versions affected
More information
Date
Product
CVE
Description
Products and versions affected
More information
2020/09/08 SCADAPack 7x Remote Connect and SCADAPack x70 Security Administrator CVE-2020-7528, CVE-2020-7529, CVE-2020-7530, CVE-2020-7531, CVE-2020-7532 Multiple Vulnerabilities SCADAPack 7x Remote Connect (V3.6.3.574 and prior) and SCADAPack x70 Security Administrator (V1.2.0 and prior) SEVD-2020-252-01
2020/09/01 Treck TCP/IP Vulnerabilities (Ripple20) CVE-2020-11896, CVE-2020-11897, CVE-2020-11898, CVE-2020-11899, CVE-2020-11900, CVE-2020-11901, CVE-2020-11902, CVE-2020-11903, CVE-2020-11904, CVE-2020-11905, CVE-2020-11906, CVE-2020-11907, CVE-2020-11908, CVE-2020-11909, CVE-2020-11910, CVE-2020-11911, CVE-2020-11912, CVE-2020-11913, CVE-2020-11914 Multiple Vulnerabilities See Security Notification for offer specific information SEVD-2020-175-01 (V2.3)
2020/08/11 Modbus Serial Driver CVE-2020-7523 CWE-269: Improper Privilege Management Schneider Electric Modbus Serial Driver (64 bits) versions prior to V3.20 IE 30. • Schneider Electric Modbus Serial Driver (32 bits) versions prior to V2.20 IE 30. • Schneider Electric Modbus Driver Suite versions prior to V14.15.0.0. SEVD-2020-224-01
2020/08/11 spaceLYnk and Wiser for KNX (formerly homeLYnk) CVE-2020-7525 CWE-307: Improper Restriction of Excessive Authentication Attempts All hardware versions of spaceLYnk and Wiser for KNX (formerly homeLYnk) SEVD-2020-224-02
2020/08/11 Modicon M218 Logic Controller CVE-2020-7524 CWE-787:Out-of-bounds Write Modicon M218 Logic Controller V5.0.0.7 and prior SEVD-2020-224-03
2020/08/11 APC Easy UPS On-Line Software CVE-2020-7521, CVE-2020-7522 Multiple Vulnerabilities SFAPV9601 - APC Easy UPS On-Line Software V2.0 and earlier SEVD-2020-224-04
2020/08/11 PowerChute Business Edition CVE-2020-7526 CWE-20: Improper Input Validation PowerChute Business Edition software V9.0.x and earlier SEVD-2020-224-05
2020/08/11 Harmony® eXLhoist CVE-2019-19193 Bluetooth Low Energy Vulnerability (SweynTooth) Harmony® eXLhoist base stations v04.00.02.00 and prior  SEVD-2020-224-06
2020/08/11 SoMove CVE-2020-7527 CWE-276: Incorrect Default Permission SoMove V2.8.1 and prior SEVD-2020-224-07
2020/08/11 Schneider Electric PACTware CVE-2020-9403, CVE-2020-9404 Multiple Vulnerabilities • Schneider Electric PACTware V5.0.5.30 and prior. • Schneider Electric PACTware V4.1 SP5 and prior. SEVD-2020-224-08
2020/08/11 Vijeo Designer and Vijeo Designer Basic CVE-2020-7501 CWE-798: Use of Hard-coded Credentials  Vijeo Designer Basic V1.1 HotFix 16 and prior , Vijeo Designer V6.9 SP9 and prior  SEVD-2020-133-02 (V1.1)
2020/08/11 Vijeo Designer and Vijeo Designer Basic  CVE-2020-7490  CWE-426: Untrusted Search Path  Vijeo Designer Basic (V1.1 HotFix 15 and prior) and Vijeo Designer (V6.2 SP9 and prior) SEVD-2020-105-03 (V1.2)
2020/08/11 Modicon Controllers CVE-2018-7846, CVE-2018-7849, CVE-2018-7843, CVE-2018-7848, CVE-2018-7842, CVE-2018-7847, CVE-2018-7850, CVE-2018-7845, CVE-2018-7852, CVE-2018-7853, CVE-2018-7854, CVE-2018-7855, CVE-2018-7856, CVE-2018-7857, CVE-2019-6806, CVE-2019-6807, CVE-2019-6808, CVE-2018-7844, CVE-2019-6830, CVE-2019-6828, CVE-2019-6829, CVE-2019-6809 Multiple Vulnerabilities (Notification Updated) Modicon M580 Modicon M340 Modicon Quantum Modicon Premium     SEVD-2019-134-11 (V4.1)
2020/08/11 Harmony (formerly known as Magelis) HMI Panels CVE-2019-6833 CWE-754 – Improper Check for Unusual or Exceptional Conditions See security notification SEVD-2019-225-01 (V1.1)
2020/07/14 Schneider Electric Software Update (SESU) CVE-2020-7520 CWE-601: URL Redirection to Untrusted Site ('Open Redirect') SESU V2.4.0 and earlier SEVD-2020-196-01
2020/07/14 Schneider Electric Floating License Manager CVE-2019-8960, CVE-2019-8961 Multiple Vulnerabilities Schneider Electric Floating License Manager V2.4.0.0 and earlier SEVD-2020-196-02
2020/07/14 Intel Microarchitectural Data Sampling (ZombieLoad) CVE-2018-12126, CVE-2018-12130, CVE-2018-12127, CVE-2019-11091 Multiple Vulnerabilities (Notification Updated) Multiple Products SEVD-2019-193-01 (V1.4)
2020/07/14 Microsoft Remote Desktop Services (BlueKeep) CVE-2019-0708 Remote Code Execution (Notification Updated) Multiple Products SEVD-2019-193-02 (V1.5)
2020/06/23 APC by Schneider Electric Network Management Cards CVE-2020-11896, CVE-2020-11897, CVE-2020-11898, CVE-2020-11899, CVE-2020-11900, CVE-2020-11901, CVE-2020-11902, CVE-2020-11903, CVE-2020-11904, CVE-2020-11905, CVE-2020-11906, CVE-2020-11907, CVE-2020-11908, CVE-2020-11909, CVE-2020-11910, CVE-2020-11911, CVE-2020-11912, CVE-2020-11913, CVE-2020-11914 Multiple Vulnerabilities - Network Management Card 1 (NMC1) - AOS V3.9.2 and earlier - Network Management Card 2 (NMC2) - AOS V6.8.8 and earlier - Network Management Card 3 (NMC3) - AOS V1.3.0.6 and earlier SEVD-2020-174-01 (V1.1)
2020/06/23 Security Bulletin: Treck TCP/IP Vulnerabilities (Ripple20) CVE-2020-11896, CVE-2020-11897, CVE-2020-11898, CVE-2020-11899, CVE-2020-11900, CVE-2020-11901, CVE-2020-11902, CVE-2020-11903, CVE-2020-11904, CVE-2020-11905, CVE-2020-11906, CVE-2020-11907, CVE-2020-11908, CVE-2020-11909, CVE-2020-11910, CVE-2020-11911, CVE-2020-11912, CVE-2020-11913, CVE-2020-11914 Multiple Vulnerabilities See Security Bulletin SESB-2020-168-01 (V2.0)
2020/06/23 Legacy Triconex Product Vulnerabilities CVE-2020-7483, CVE-2020-7484, CVE-2020-7485, CVE-2020-7486, CVE-2020-7491 Multiple Vulnerabilities See Security Bulletin SESB-2020-105-01 (V2.1)
2020/06/09 Modicon M218 Logic Controller CVE-2020-7502 CWE-787: Out-of-bounds Write Vulnerability Modicon M218 firmware version 4.3 and prior SEVD-2020-161-01
2020/06/09 Unity Loader and OS Loader Software CVE-2020-7498 CWE-798: Use of Hard-coded Credentials  Unity Loader - All versions OS Loader - All versions (uiserd for legacy Modicon offers) SEVD-2020-161-02
2020/06/09 Modicon LMC078 Logic Controller CVE-2020-10664 NULL Pointer Dereference  Modicon LMC Logic Controller running with firmware version V1.51.15.05 and later SEVD-2020-161-03
2020/06/09 Easergy T300 CVE-2020-7503, CVE-2020-7504, CVE-2020-7505, CVE-2020-7506, CVE-2020-7507, CVE-2020-7508, CVE-2020-7509, CVE-2020-7510, CVE-2020-7511, CVE-2020-7512, CVE-2020-7513 Multiple Vulnerabilities Easergy T300 with firmware 1.5.2. and older SEVD-2020-161-04
2020/06/09 Easergy Builder CVE-2020-7514, CVE-2020-7515, CVE-2020-7516, CVE-2020-7517, CVE-2020-7518, CVE-2020-7519 Multiple Vulnerabilities Easergy Builder version 1.4.7.2 and older SEVD-2020-161-05
2020/06/09 Wind River VxWorks (URGENT/11) CVE-2019-12256, CVE-2019-12257, CVE-2019-12255, CVE-2019-12260, CVE-2019-12261, CVE-2019-12263, CVE-2019-12258, CVE-2019-12259, CVE-2019-12262, CVE-2019-12264, CVE-2019-12265 Bulletin Update: Remediations now available See Security Bulletin SESB-2019-214-01 (V2.11)
2020/06/09 EcoStruxure™ Operator Terminal Expert (Vijeo XD)  CVE-2020-7493, CVE-2020-7494, CVE-2020-7495, CVE-2020-7496, CVE-2020-7497 Multiple Vulnerabilities  EcoStruxure™ Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD)  SEVD-2020-133-04 (V2.0)
2020/06/09 GoAhead Web Server CVE-2015-7937 Stack-based buffer overflow  BMXNOC0401 (all versions prior to v2.09) BMXNOE0100 (all versions prior to v3.10) BMXNOE0100H (all versions prior to v3.10) BMXNOE0110 (all versions prior to v6.30) BMXNOE0110H (all versions prior to v6.30) BMXNOR0200 (all versions prior to v1.70) BMXNOR0200H (all versions prior to v1.70) BMXP342020 (all versions prior to v2.80) BMXP342020H (all versions prior to v2.80) BMXP342030 (all versions prior to v2.80) BMXP3420302 (all versions prior to v2.80) BMXP3420302H (all versions prior to v2.80) BMXPRA0100 (all versions prior to v2.80)  SEVD-2015-344-01 (V2.0)
2020/05/12 Pro-face GP-Pro EX Programming Software CVE-2020-7492 CWE-521: Weak Password Requirements  GP-Pro EX V1.00 to V4.09.100 SEVD-2020-133-01
2020/05/12 U.motion Servers and Touch Panels CVE-2020-7499, CVE-2020-7500 Multiple Vulnerabilities  All versions of: MTN6501-0001 – U.Motion – KNX Server, MTN6501-0002 – U.Motion – KNX Server Plus, MTN6260-0410 – U.Motion KNX server Plus, Touch 10, MTN6260-0415 – U.Motion KNX server Plus, Touch 15, MTN6260-0310 – U.Motion KNX Client Touch 10, MTN6260-0315 – U.Motion KNX Client Touch 15  SEVD-2020-133-03
2020/05/12 Andover Continuum System CVE-2020-7480, CVE-2020-7481, CVE-2020-7482 Multiple Vulnerabilities All Continuum versions are affected SEVD-2020-070-04 (2.1)
2020/05/12 Embedded Web Servers for Modicon CVE-2018-7804, CVE-2018-7809, CVE-2018-7810, CVE-2018-7811, CVE-2018-7812, CVE-2018-7830, CVE-2018-7831, CVE-2018-7833 Multiple Vulnerabilities All Modicon M340, Premium, Quantum PLCs, BMXNOR0200 controllers SESB-2018-327-01 (V3.2)
2020/04/14 Modicon M100/M200/M221 controllers, SoMachine Basic and EcoStruxure Machine Expert - Basic Programming Software  CVE-2020-7489  CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')  All versions SEVD-2020-105-01
2020/04/14 Modicon M218/M241/M251/M258 Logic Controllers SoMachine/SoMachine Motion EcoStruxure™ Machine Expert  CVE-2020-7487, CVE-2020-7488 Multiple Vulnerabilities All versions SEVD-2020-105-02
2020/04/14 Modicon Controllers CVE-2019-6852, CVE-2019-6859 Multiple Vulnerabilities M340 CPUs, M340 communication modules, Premium CPUs, Premium communication modules, Quantum CPUs, Quantum communication modules SEVD-2019-316-02 (V2.0)
2020/04/14 Modicon Controllers, EcoStruxure™Control Expert and Unity Pro Programming Software CVE-2019-6855  CWE-285  Improper Authorization EcoStruxure™ Control Expert: all versions prior to 14.1 Hot Fix, Unity Pro: all versions, Modicon M340: all versions prior to V3.20, Modicon M580: all versions prior to V3.10 SEVD-2019-344-02 (V2.0)
2020/03/20 Modicon Controllers, EcoStruxure™ Control Expert and Unity Pro Programming Software CVE-2020-7475 CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') • EcoStruxure™ Control Expert: all versions prior to 14.1 Hot Fix • Unity Pro: all versions • Modicon M340: all versions prior to V3.20 • Modicon M580: all versions prior to V3.10 SEVD-2020-080-01
2020/03/10 IGSS (Interactive Graphical SCADA System) CVE-2020-7478, CVE-2020-7479 Multiple Vulnerabilities Versions 14 and prior using the service: IGSSupdate. SEVD-2020-070-01
2020/03/10 Modicon Quantum Ethernet Network module and Quantum / Premium COPRO CVE-2020-7477 CWE-754: Improper Check gor Unusual or Exception Conditions Quantum Ethernet Network module 140NOE771x1, versions 7.0 and prior, Quantum processors with integrated Ethernet – 140CPU65xxxxx, all versions, Premium processors with integrated Ethernet, all versions SEVD-2020-070-02
2020/03/10 ZigBee Installation Toolkit CVE-2020-7476 CWE-426: Untrusted Search Path Versions prior to 1.0.1 SEVD-2020-070-03
2020/02/11 ProSoft Configurator for Modicon PMEPXM0100 (H) CVE-2020-7474 CWE-427: Uncontrolled Search Path Element ProSoft Configurator v1.002 and prior, for the PMEPXM0100 (H) module SEVD-2020-042-01
2020/02/11 U.motion Builder Software CVE-2018-7763, CVE-2018-7764, CVE-2018-7765, CVE-2018-7766, CVE-2018-7767, CVE-2018-7768, CVE-2018-7769, CVE-2018-7770, CVE-2018-7771, CVE-2018-7772, CVE-2018-7773, CVE-2018-7774, CVE-2018-7776, CVE-2018-7777, CVE-2018-7494 Security Notification Updated All versions prior to v1.3.4 SEVD-2018-095-01  (V1.2)
2020/01/28 EcoStruxure™ Operator Terminal Expert - Security Bulletin EcoStruxure™ Operator Terminal Expert software  SESB-2020-028-01
2020/01/14 MSX Configurator CVE-2019-6858 CWE-427:Uncontrolled Search Path Element Software Version prior to V1.0.8.1 SEVD-2020-014-01
2020/01/14 Microsoft Remote Desktop Services (DejaBlue) CVE-2019-1181, CVE-2019-1182, CVE-2019-1222, CVE-2019-1223, CVE-2019-1224, CVE-2019-1225, CVE-2019-1226 Notification Update: Remediations now available Multiple Products SEVD-2019-267-01 (V1.3)
2019/12/10 Modicon Controllers CVE-2019-6856, CVE-2019-6857, CVE-2018-7794 Multiple Vulnerabilities Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium SEVD-2019-344-01
2019/12/10 Power SCADA Operation  CVE-2019-13537  CWE-121 Stack-based Buffer Overflow Power SCADA Operation 9.0, Power SCADA Expert 8.2, Power SCADA Expert 8.1, Power SCADA Expert 8.0, Power SCADA Expert 7.4, and Power SCADA Expert 7.3 (including all associated Cumulative Updates) SEVD-2019-344-04
2019/12/10 EcoStruxure Geo SCADA Expert (ClearSCADA) CVE-2019-6854 CWE-264 Permissions, Privileges, and Access Controls EcoStruxure Geo SCADA Expert (ClearSCADA) with initial releases before 1 January 2019 SEVD-2019-344-05
2019/12/10 Modicon Controllers CVE-2019-6841, CVE-2019-6842, CVE-2019-6843, CVE-2019-6844, CVE-2019-6846, CVE-2019-6847 Multiple Vulnerabilities (Notification Updated) Modicon M580 (all firmware versions) , Modicon M340 (all firmware versions) . Modicon BMxCRA and 140CRA modules (all firmware versions) SEVD-2019-281-02 (V2.0)
2019/12/10 Modicon Controllers CVE-2017-6017 Improper Check for Unusual or Exceptional Conditions Vulnerability (Notification Updated) M340 CPUs with firmware prior to V2.9, M580 CPUs with firmware prior to V2.3, Quantum CPUs with firmware prior to V3.52, Premium CPUs all versions, M1E CPUs all versions SEVD-2017-048-02 (V3.0)
2019/12/10 Schneider Electric Floating License Manager CVE-2019-20031, CVE-2019-20032, CVE-2019-20033, CVE-2019-20034 Multiple Vulnerabilities (Notification Updated) Schneider Electric Floating License Manager V2.3.0.0 and earlier (EcoStruxure Machine Expert) SEVD-2019-134-04 (V2.2)
2019/11/12 Andover Continuum CVE-2019-6853 CWE-79: Failure to Preserve Web Page Structure (Cross-Site Scripting) Andover Continuum models 9680, 5740 and 5720, bCX4040, bCX9640, 9900, 9940, 9924 and 9702. SEVD-2019-316-01
2019/11/12 Wind River VxWorks (URGENT/11) CVE-2019-12256, CVE-2019-12257, CVE-2019-12255, CVE-2019-12260, CVE-2019-12261, CVE-2019-12263, CVE-2019-12258, CVE-2019-12259, CVE-2019-12262, CVE-2019-12264, CVE-2019-12265  Multiple Vulnerabilities (Bulletin Updated) See Security Bulletin SESB-2019-214-01 (V2.2)
2019/11/12 ConneXium Gateway TSXETG100 and PowerLogic Ethernet Gateway EGX100 CVE-2018-7834 CWE-79: Cross-Site Scripting (Notification Updated) TSXETG100, EGX100 (all variants), ECI850 (all variants) SEVD-2019-134-07 (V2)
2019/11/12 Triconex TriStation Emulator CVE-2018-7803 CWE-754: Improper Check for Unusual or Exceptional Conditions (Notification Updated) Triconex TriStation Emulator V1.2.0 SEVD-2019-071-03 (V2)
2019/10/08 Modicon Controllers CVE-2019-6851 CWE-538: File and Directory Information Exposure Modicon M580 (all firmware versions), Modicon M340 (all firmware versions), Modicon Premium (all firmware versions), Modicon Quantum (all firmware versions) SEVD-2019-281-01
2019/10/08 Modicon Controllers CVE-2019-6841, CVE-2019-6842, CVE-2019-6843, CVE-2019-6844, CVE-2019-6846, CVE-2019-6847 Multiple Vulnerabilities Modicon M580 (all firmware versions), Modicon M340 (all firmware versions). Modicon BMxCRA and 140CRA modules (all firmware versions) SEVD-2019-281-02
2019/10/08 Modicon Controllers CVE-2019-6845 CWE-319: Cleartext Transmission of Sensitive Information Modicon M580 (all firmware versions), Modicon M340 (all firmware versions), Modicon Premium (all firmware versions), Modicon Quantum (all firmware versions) SEVD-2019-281-03
2019/10/08 Modicon Controllers CVE-2019-6848, CVE-2019-6849, CVE-2019-6850  Multiple Vulnerabilities Modicon M580, Modicon BMENOC 0311, Modicon BMENOC 0321 SEVD-2019-281-04
2019/10/08 Schneider Electric Floating License Manager CVE-2019-20031, CVE-2019-20032, CVE-2019-20033, CVE-2019-20034 Multiple Vulnerabilities (Notification Updated) Schneider Electric Floating License Manager V2.3.0.0 and earlier (EcoStruxure Machine Expert) SEVD-2019-134-04 (V2.1)
2019/10/08 SoMachine HVAC & SoMove  CVE-2019-6826  CWE-426: Untrusted Search Path (Notification Updated) SoMachine HVAC v2.4.1 and earlier versions and SoMove FDT v2.7.5 and earlier versions SEVD-2019-225-04 (V2.0)
2019/10/08 Embedded Web Servers for Modicon CVE-2018-7804, CVE-2018-7809, CVE-2018-7810, CVE-2018-7811, CVE-2018-7812, CVE-2018-7830, CVE-2018-7831, CVE-2018-7833 Multiple Vulnerabilities (Notification Updated) All Modicon M340, Premium, Quantum PLCs and BMXNOR0200 SEVD-2018-327-01 (V3)
2019/09/19 ProClima CVE-2019-6823, CVE-2019-6824, CVE-2019-6825 Multiple Vulnerabilities (Notification Updated) All versions of ProClima prior to version 8.0.0 SEVD-2019-162-01 (V1.1)
2019/09/10 U.motion Server CVE-2019-6835, CVE-2019-6836, CVE-2019-6837, CVE-2019-6838, CVE-2019-6839, CVE-2019-6840 Multiple Vulnerabilities MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15 SEVD-2019-253-01
2019/09/10 Modicon Quantum 140 NOE771x1 CVE-2019-6811 CWE-754 – Improper Check for Unusual or Exceptional Conditions Quantum 140 NOE771x1 version 6.9 and earlier SEVD-2019-253-02
2019/09/10 TwidoSuite - Multiple Vulnerabilities TwidoSuite v2.20.11 running on Windows 7 SP1 32-bit SEVD-2019-253-03
2019/08/19 Microsoft Remote Desktop Services – DejaBlue CVE-2019-1181, CVE-2019-1182, CVE-2019-1222, CVE-2019-1223, CVE-2019-1224, CVE-2019-1225, CVE-2019-1226 Multiple Vulnerabilities (Updated Bulletin) See Security Bulletin SESB-2019-214-01 (V1.2)
2019/08/13 Modicon M340 Controller CVE-2019-6813 CWE-754: Improper Check for Unusual or Exceptional Conditions All firmware versions SEVD-2019-225-02
2019/08/13 Modicon Ethernet / Serial RTU Module CVE-2019-6831, CVE-2019-6810, CVE-2019-6813 Multiple Vulnerabilities All firmware versions SEVD-2019-225-03
2019/08/13 TelevisGo CVE-2019-8258, CVE-2018-15361, CVE-2019-8259, CVE-2019-8260, CVE-2019-8261, CVE-2019-8262, CVE-2019-8280, CVE-2019-8263, CVE-2019-8264, CVE-2019-8265, CVE-2019-8266, CVE-2019-8267, CVE-2019-8268, CVE-2019-8269, CVE-2019-8270, CVE-2019-8271, CVE-2019-8272, CVE-2019-8273, CVE-2019-8274, CVE-2019-8275, CVE-2019-8276, CVE-2019-8277 Multiple Vulnerabilities Versions manufactured prior to 15th July 2019. SEVD-2019-225-05
2019/08/13 Schneider Electric Software Update (SESU) – SUT Service Component CVE-2019-6834 CWE-502: Deserialization of Untrusted Data Versions 2.1.1 to 2.3.0. SEVD-2019-225-06
2019/08/13 spaceLYnk & homeLYnk CVE-2019-6832 CWE-287: Authentication Issues spaceLYnk all versions before 2.4.0 and Wiser for KNX (formerly known as homeLYnk) all versions before 2.4.0 SEVD-2019-225-07
2019/08/13 Modicon Controllers CVE-2018-7846, CVE-2018-7849, CVE-2018-7843, CVE-2018-7848, CVE-2018-7842, CVE-2018-7847, CVE-2018-7850, CVE-2018-7845, CVE-2018-7852, CVE-2018-7853, CVE-2018-7854, CVE-2018-7855, CVE-2018-7856, CVE-2018-7857, CVE-2019-6806, CVE-2019-6807, CVE-2019-6808, CVE-2018-7844, CVE-2019-6830, CVE-2019-6828, CVE-2019-6829, CVE-2019-6809 Multiple Vulnerabilities (Notification Updated) Modicon M580 Modicon M340 Modicon Quantum Modicon Premium SEVD-2019-134-11(V2.0)
2019/08/13 Modicon Controllers and SCADAPack CVE-2017-6034 Authentication Bypass by Capture-Replay Modicon Momentum M1E 171CBU98090 (All versions), Modicon Momentum M1E 171CBU98091 (All versions), Modicon M340 (All versions prior to V2.70), Modicon M580 (All versions prior to V2.01), Modicon Premium (All versions prior to V3.10), Modicon Quantum (All versions prior to V3.12), Modicon M221 (All versions), SCADAPack 32 RTU (All Versions), SCADAPack 300 series RTU (314, 330, 334, 350) (All Versions), SCADAPack 300 E and 500 E series RTU (312E, 313E, 314E, 330E, 333E, 337E, 350E, 530E, 535E) (All Versions), SCADAPack 57x RTU (570, 575) (All Versions) SEVD-2017-065-01 (V3.0)
2019/07/09 Zelio Soft 2 CVE-2019-6822 CWE-416: Use After Free V5.2 and earlier versions SEVD-2019-190-01
2019/07/09 Interactive Graphical SCADA System (IGSS) CVE-2019-6827 CWE-787: Out-of-bounds Write Versions 14 and prior SEVD-2019-190-02
2019/07/09 Modicon M580 Controller CVE-2018-7838 CWE-119 Buffer Errors Modicon M580 CPU - BMEP582040 all versions before V2.90 and Modicon Ethernet Module BMENOC0301 all versions before V2.16 SEVD-2019-190-03
2019/07/09 Modicon Controllers CVE-2019-6819 CWE-754: Improper Check for Unusual or Exceptional Conditions Modicon M340 - firmware versions prior to V3.01 Modicon M580 - firmware versions prior to V2.80 All firmware versions of Modicon Quantum and Modicon Premium SEVD-2019-134-05 (V1.1)
2019/06/11 PowerSCADA Expert CVE-2019-10981 CWE-255: Credentials Management "PowerSCADA Expert 7.30PowerSCADA Expert 7.40PowerSCADA Expert 8.0 without Service Release 1" SEVD-2019-162-02
2019/06/11 U.motion Builder software V1.1 CVE-2018-7841 CWE-89: SQL Injection (Notification Updated) U.motion Builder version 1.3.4 SEVD-2019-071-02 V1.1
2019/05/16 Intel Microarchitectural Data Sampling (Zombieload) CVE-2018-12126, CVE-2018-12130, CVE-2018-12127, CVE-2019-11091 Side Channel Attacks See Security Bulletin SESB-2019-136-01
2019/05/16 Remote Desktop Services (RDS)  CVE-2019-0708 Remote Code Execution See Security Bulletin SESB-2019-136-02
2019/05/14 Modicon Controllers CVE-2018-7851 CWE-119: Buffer errors Modicon M580 with firmware prior to V2.50 Modicon M340 with firmware prior to V3.01 BMxCRA312xx with firmware prior to V2.40 All firmware versions of Modicon Premium and 140CRA312xxx SEVD-2019-134-10
2019/05/14 Modicon Quantum CVE-2019-6815, CVE-2019-6816 Multiple Vulnerabilities Modicon Quantum - all firmware versions SEVD-2019-134-09
2019/05/14 Modicon Quantum CVE-2018-7788 CWE-255: Credentials Management Modicon Quantum with firmware versions prior to V2.40. SEVD-2019-134-08
2019/05/14 Modicon RTU Module CVE-2019-6812 CWE-798: Use of hardcoded credentials BMX-NOR-0200H with firmware versions prior to V1.7 IR 19 SEVD-2019-134-06
2019/05/14 Modicon Controllers CVE-2019-6819 CWE-754: Improper Check for Unusual or Exceptional Conditions Modicon M340 - firmware versions prior to V3.01 Modicon M580 - firmware versions prior to V2.80 All firmware versions of Modicon Quantum and Modicon Premium SEVD-2019-134-05
2019/05/14 Modicon Controllers CVE-2019-6821 CWE-330: Use of Insufficiently Random Values Modicon M580 firmware versions prior to V2.30, and all firmware versions of Modicon M340, Modicon Premium, Modicon Quantum SEVD-2019-134-03
2019/05/14 Modicon and PacDrive Controller CVE-2019-6820 CWE-306: Missing Authentication for Critical Function All versions of: Modicon M100, Modicon M200, Modicon M221, ATV IMC drive controller, Modicon M241, Modicon M251, Modicon M258, Modicon LMC058, Modicon LMC078, PacDrive Eco ,PacDrive Pro, PacDrive Pro2 SEVD-2019-134-02
2019/02/14 SoMachine Basic and Modicon M221 CVE-2018-7821, CVE-2018-7822, CVE-2018-7823 Multiple Vulnerabilities SoMachine Basic, all versions Modicon M221, all references, all versions prior to firmware V1.10.0.0 SEVD-2019-045-01
2019/02/14 Vijeo Designer Lite - Buffer Error (CWE-119) Vijeo Designer Lite V1.3SP1 SEVD-2019-045-02
2019/01/14 IIoT Monitor CVE-2018-7835, CVE-2018-7836, CVE-2018-7837, CVE-2018-7839 Multiple Vulnerabilities (Notification Updated) IIoT Monitor 3.1.38 SEVD-2018-354-03
2018/12/27 Zelio Soft CVE-2018-7817 Use after free vulnerability Zelio Soft 2 v5.1 and prior versions SEVD-2018-361-01
2018/12/20 EVLink Parking CVE-2018-7800, CVE-2018-7801, CVE-2018-7802 Multiple Vulnerabilities EVLink Parking v3.2.0-12_v1 and earlier. SEVD-2018-354-01
2018/12/20 Pro-Face GP-Pro EX CVE-2018-7832 Improper Input Validation Pro-Face GP-Pro EX v4.08 and previous versions SEVD-2018-354-02
2018/12/18 2018/12/18 CVE-2018-7796 Buffer Error Vulnerability All released versions of PowerSuite2 SEVD-2018-351-01
2018/12/18 Modicon Controllers CVE-2017-6017 Improper Check for Unusual or Exceptional Conditions Vulnerability (Notification Updated) M340 CPUs with firmware prior to V2.9, M580 CPUs with firmware prior to V2.3, Quantum CPUs with firmware prior to V3.52, Premium CPUs all versions, M1E CPUs all versions SEVD-2017-048-02
2018/12/14 Triconex Malware Discovered Affecting Triconex Safety Controllers Malware Discovered Affecting Triconex Safety Controllers Tricon Model MP3008, versions 10.0 – 10.4 SEVD-2017-347-01
2018/12/13 Power Monitoring Expert, Energy Expert (formerly Power Manager) CVE-2018-7797 URL redirection vulnerability EcoStruxure™ Power Monitoring Expert (PME) v8.2 (all editions), EcoStruxure™ Energy Expert 1.3 (formerly Power Manager), EcoStruxure™ Power SCADA Operation (PSO) 8.2 Advanced Reports and Dashboards Module, EcoStruxure™ Power Monitoring Expert (PME) v9.0, EcoStruxure™ Energy Expert v2.0, EcoStruxure™ Power SCADA Operation (PSO) 9.0 Advanced Reports and Dashboards Module SEVD-2018-347-01
2018/12/04 Eurotherm by Schneider Electric GUIcon V2.0 CVE-2018-7813, CVE-2018-7814, CVE-2018-7815 Multiple Vulnerabilities GUIcon Version 2.0 (Gold Build 683.0) SEVD-2018-338-01
2018/10/25 Schneider Electric Software Update - DLL hijacking all versions prior to V2.2.0 SEVD-2018-298-01
2018/09/27 Modicon M221 CVE-2018-7798 Insufficient Verification of Data Authenticity (CWE-345) CVE-2018-7798 Modicon M221 All Versions SEVD-2018-270-01
2018/08/24 Conext Combox and Conext Battery Monitor - USB removable media shipped with the products may have been exposed to malware - USB media shipped with Conext Combox (sku 865-1058), all versions - USB media shipped with Conext Battery Monitor (sku 865-1080-01), all versions SESN-2018-236-01
2018/08/23 Modicon M221 CVE-2018-7790, CVE-2018-7792, CVE-2018-7791 Multiple Vulnerabilities CVE-2018-7790, CVE-2018-7792, CVE-2018-7791 Modicon M221, all references, all versions prior to firmware V1.6.2.0. SEVD-2018-235-01
2018/08/21 Modicon M221 CVE-2018-7789 Improper Check for Unusual or Exceptional Conditions CVE-2018-7789 Modicon M221, all references, all versions prior to firmware V1.6.2.0. SEVD-2018-233-01
2018/08/16 PowerLogic PM5560 CVE-2018-7795 Cross Protocol Injection CVE-2018-7795 PM5560 prior to FW version 2.5.4 SEVD-2018-228-01
2018/05/31 U.Motion Builder CVE-2018-7784 CVE-2018-7785 CVE-2018-7786 CVE-2018-7787 Multiple Vulnerabilities CVE-2018-7784 CVE-2018-7785 CVE-2018-7786 CVE-2018-7787 All versions prior to 1.3.4 SEVD-2018-151-01
2018/05/24 EcoStruxure Modicon Builder CVE-2016-10395, CVE-2017-5571, CVE-2016-2177 Multiple Vulnerabilities CVE-2016-10395 CVE-2017-5571 CVE-2016-2177 V3.0 and prior versions SEVD-2018-144-01
2018/05/22 SoMachine Basic CVE-2018-7783 CVE-2018-7783 Out-Of-Band Remote Arbitrary Data Retrieval All versions prior to v1.6 SP1 SEVD-2018-142-01
2018/05/17 PlantStruxure PES CVE-2016-10395 CVE-2017-5571 CVE-2016-2177 Multiple Vulnerabilities • CVE-2016-10395 • CVE-2017-5571 • CVE-2016-2177 V4.3 SP1 and prior versions SEVD-2018-137-01
2018/04/19 EVlink Charging Station CVE-2018-7778 CVE-2018-7778 All versions prior to v3.2.0-12_v1 SEVD-2018-109-01
2018/04/19 Wiser for KNX (formerly homeLYnk / spaceLYnk) CVE-2018-7779 CVE-2018-7779 • Wiser for KNX, V2.1.0 and prior  • homeLYnk V2.0.1 and prior  • spaceLYnk V2.1.0 and prior SEVD-2018-109-02
2018/04/05 U.motion Builder CVE-2018-7763, CVE-2018-7764, CVE-2018-7765, CVE-2018-7766, CVE-2018-7767, CVE-2018-7768, CVE-2018-7769, CVE-2018-7770, CVE-2018-7771, CVE-2018-7772, CVE-2018-7773, CVE-2018-7774, CVE-2018-7776, CVE-2018-7777, CVE-2018-7494 Multiple vulnerabilities All versions prior to v1.3.4 Security Notification – U.motion Builder
2018/03/22 Modicon CVE-2018-7240, CVE-2018-7241, CVE-2018-7242 Arbitrary code execution, hardcoded accounts, vulnerable hash algorithms All Modicon Premium, Quantum, M340 and BMXNOR0200 controllers Security Notification - Embedded FTP Servers for Modicon
2018/03/22 Modicon CVE-2018-7759, CVE-2018-7760, CVE-2018-7761, CVE-2018-7762 Denial of service, authorization bypass, arbitrary code execution, buffer overflow All Modicon M340, Premium, Quantum PLCs and BMXNOR0200 Security Notification - Embedded Web Servers for Modicon
2018/03/15 MGE Network Management Card Transverse installed in MGE UPS and MGE STS CVE-2018-7243, CVE-2018-7244, CVE-2018-7245, CVE-2018-7246 Authorization Bypass, Information Exposure, Improper Authorization, Cleartext Transmission of Sensitive Information MGE Network Management Card Transverse, part number: SF66074. All card versions affected, when installed in following products: MGE Galaxy 5000, MGE Galaxy 6000, MGE Galaxy 9000, MGE EPS 7000, MGE EPS 8000, MGE EPS 6000, MGE Comet UPS, MGE Comet 3000, MGE Galaxy PW, MGE Galaxy 3000, MGE Galaxy 4000, MGE STS (Upsilon and Epsilon) Security Notification – MGE Network Management Card Transverse installed in MGE UPS and MGE STS
2018/03/15 MiCOM P540D Range with Legacy Ethernet Board CVE-2018-7758 Denial of Service Within this list of product versions only products with CORTEC digit 9 = “8” (DNP3oE protocol -enabled) are affected : MiCOM P445 versions: 35, 36, 37, E0, F0*, F1, F2 MiCOM P443, P446 versions: 54, 55, 57, B0, D0*, D1, D2 MiCOM P543 to P546 versions: 44, 54, 45, 55, 47, 57, A0, B0, C0*, DO*, D1, D2 MiCOM P841A versions: 44, 45, 47, A0, C0(*), C1, C2 MiCOM P841B versions: 54, 55, 57, B0, D0*), D1, D2 *Excluding minor revision F Security Notification – MiCOM P540D Range with Legacy Ethernet Board
2018/03/15 MiCOM Px4x with Legacy Ethernet Board CVE-2018-7758 Denial of Service Within this list of product versions only products with CORTEC digit 9 = “8” (DNP3oE protocol) and last digit = “J” or “K” (Hardware version) are affected MiCOM P14x version 46, MiCOM P44x version D6 excluding D6(E), MiCOM P64x all versions, MiCOM P849 all versions Security Notification – MiCOM Px4x with Legacy Ethernet Board
2018/03/15 MiCOM Px4x Rejuvenated CVE-2018-7758 Denial of Service Within this list of product versions only products with CORTEC digit 9 = “8” (DNP3oE protocol) and last digit = “L” or “M” (Hardware version) are affected MiCOM P540D range:MiCOM P443 version H4, MiCOM P445 version H4, MiCOM P446 version H4, MiCOM All P54x version H4, MiCOM P841A version H4, MiCOM P841B version H4 MiCOM Px4x: MiCOM P14x all versions except B2(B), MiCOM P44x all versions, MiCOM P64x all versions, MiCOM P746 all versions, MiCOM P849 all versions Security Notification – MiCOM Px4x Rejuvenated
2018/03/01 SoMove CVE-2018-7239 DLL Hijacking V2.6.2 and prior Security Notification – SoMove
2018/02/20 Saitel DP CVE-2016-5195 CVE-2016-5195 all versions prior to 11.06.04 Security Notification – Saitel DP
2018/02/15 EcoStruxure Power Monitoring Expert, Energy Expert (formerly Power Manager), EcoStruxure Power SCADA Operations (formerly PowerSCADA Expert) CVE-2016-10395 CVE-2016-10395 EcoStruxure Power Monitoring Expert 8.2 (Standard, DC, HC Editions) StruxureWare Power Monitoring Expert 8.1 (Standard, DC, HC Editions) StruxureWare Power Monitoring Expert 8.0 (Standard, DC, HC, Buildings Editions) StruxureWare Power Monitoring Expert 7.2.x Energy Expert 1.x (formerly Power Manager) EcoStruxure Power SCADA Operations 8.x (formerly PowerSCADA Expert) (Only with Advanced Reports and Dashboards Module Security Notification – EcoStruxure Power Monitoring Expert, Energy Expert (formerly Power Manager), EcoStruxure Power SCADA Operations (formerly PowerSCADA
2018/02/15 SCADA Expert Vijeo Citect / CitectSCADA, Vijeo Historian / Citect Historian™ ,CitectHistorian, and Citect™ Anywhere CVE-2016-10395, CVE-2017-5571, CVE-2016-2177 CVE-2016-10395, CVE-2017-5571, CVE-2016-2177 Version 7.30, 7.40 of SCADA Expert Vijeo Citect / CitectSCADA™ Version 2015, 2016 of CitectSCADA Version 4.40, 4.50 of Vijeo Historian / Citect Historian™ Version 2016 of CitectHistorian Citect™ Anywhere Vulnerability within Schneider Electric Floating License Manager
2018/02/08 StruxureOn Gateway CVE-2017-9970 Remote Code Execution V1.1.3 and prior versions Security Notification – StruxureOn Gateway
2018/02/08 IGSS Mobile CVE-2017-9968, CVE-2017-9969 Lack of certificate pinning, cleartext storage of password and other sensitive data Android and iOS, version 3.01 and prior versions Security Notification – IGSS Mobile
2018/02/06 Spectre and Meltdown CVE-2017-5754, CVE-2017-5753, CVE-2017-5715 side channel attacks See Security Notification Security Notification- Spectre and Meltdown
2018/02/06 IGSS SCADA Software CVE-2017-9967 Security Misconfiguration V12 and all previous versions Security Notification – IGSS SCADA Software

See all archived security notifications

 

Firmware PKI

 

Resources

<script> $(document).ready(function() { $('head').append('<meta name="apple-itunes-app" content="app-id=714825126">'); }); </script>
<!-- Start SmartBanner configuration --> <meta name="smartbanner:title" content="mySchneider"> <meta name="smartbanner:author" content="Schneider Electric SA"> <meta name="smartbanner:price" content="Free"> <meta name="smartbanner:price-suffix-apple" content=" - On the App Store"> <meta name="smartbanner:price-suffix-google" content=" - Google Play"> <meta name="smartbanner:icon-apple" content="//lh3.googleusercontent.com/lAVirntKlp63vbntUZvOkMvZI8fE4rIoA5Lwif9M09VxzFhcWE21sTDYqJqOqIPqg4m4=w300-rw"> <meta name="smartbanner:icon-google" content="//lh3.googleusercontent.com/lAVirntKlp63vbntUZvOkMvZI8fE4rIoA5Lwif9M09VxzFhcWE21sTDYqJqOqIPqg4m4=w300-rw"> <meta name="smartbanner:button" content="VIEW"> <meta name="smartbanner:button-url-apple" content="https://app.appsflyer.com/id714825126?pid=Web&c=Smart_app_bannerCORP"> <meta name="smartbanner:button-url-google" content="https://app.appsflyer.com/com.schneider.qrcode.tocase?pid=Web&c=Smart_app_bannerCORP"> <meta name="smartbanner:enabled-platforms" content="android"> <!-- End SmartBanner configuration --> <link rel="stylesheet" href="[PublicationUrl]/assets-re1/css/smartbanner.min.css" /> <script type="text/javascript" src="[PublicationUrl]/assets-re1/js/smartbanner.min.js"></script>
Your browser is out of date and has known security issues. It also may not display all features of this website or other websites. Please upgrade your browser to access all of the features of this website. Internet Explorer 9 or higher is recommended for optimal functionality.