Welcome to the Schneider Electric corporate Website

Select your location

Welcome the the Schneider Electric French website. It looks like you are located in the United States, would you like to change your location?

Traduisez en francais

Stay Informed

Register to our security notification mailing list and we will notify you via email on newly released or updated Security Notifications.
Date
Product
CVE
Description
Products and versions affected
More information
Date
Product
CVE
Description
Products and versions affected
More information
2021/01/12 EcoStruxure Operator Terminal Expert and Pro-face BLUE CVE-2020-28221 CWE-20: Improper Input Validation • EcoStruxure™ Operator Terminal Expert 3.1 Service Pack 1A and prior running on Harmony HMIs • Pro-face BLUE 3.1 Service Pack 1A and prior running on Pro-face HMIs • (See security notification for more details) SEVD-2021-012-01
2021/01/12 EcoStruxure Power Build - Rapsody CVE-2021-22697, CVE-2021-22698 Multiple Vulnerabilities EcoStruxure Power Build - Rapsody software V2.1.13 and prior SEVD-2021-012-02
2021/01/12 Treck HTTP Server Vulnerability on Sepam ACE850 CVE-2020-25066 Heap-Based Overflow ACE850 Sepam communication interface – All versions SEVD-2021-012-03
2021/01/12 Treck TCP/IP Vulnerabilities (Ripple20) CVE-2020-11896, CVE-2020-11897, CVE-2020-11898, CVE-2020-11899, CVE-2020-11900, CVE-2020-11901, CVE-2020-11902, CVE-2020-11903, CVE-2020-11904, CVE-2020-11905, CVE-2020-11906, CVE-2020-11907, CVE-2020-11908, CVE-2020-11909, CVE-2020-11910, CVE-2020-11911, CVE-2020-11912, CVE-2020-11913, CVE-2020-11914 Multiple Vulnerabilities (Notification Updated) See Security Notification for offer specific information SEVD-2020-175-01 (V2.9)
2021/01/12 APC by Schneider Electric Network Management Cards (Ripple20) CVE-2020-11896, CVE-2020-11897, CVE-2020-11898, CVE-2020-11899, CVE-2020-11900, CVE-2020-11901, CVE-2020-11902, CVE-2020-11903, CVE-2020-11904, CVE-2020-11905, CVE-2020-11906, CVE-2020-11907, CVE-2020-11908, CVE-2020-11909, CVE-2020-11910, CVE-2020-11911, CVE-2020-11912, CVE-2020-11913, CVE-2020-11914 Multiple Vulnerabilities (Notification Updated) • APC Network Management Card 1 (NMC1) • APC Network Management Card 2 (NMC2) • APC Network Management Card 3 (NMC3) SEVD-2020-174-01 (V2.2)
2021/01/12 EcoStruxure™ Operator Terminal Expert (Vijeo XD), Pro-face BLUE and WinGP runtime CVE-2020-7544 CWE-269 Improper Privilege Management (Notification Updated) • EcoStruxure™ Operator Terminal Expert Runtime 3.1 Service Pack 1A and prior • Pro-face BLUE Runtime 3.1 Service Pack 1A and prior • WinGP V4.09.120 • (See security notification for more details) SEVD-2020-315-02 (V2.0)
2021/01/12 Modicon M100/M200/M221 Programmable Logic Controllers (V3.0) CVE-2020-7565, CVE-2020-7566, CVE-2020-7567, CVE-2020-7568, CVE-2020-28214 Multiple Vulnerabilities (Notification Updated) Modicon M100/M200/M221, all references, all versions SEVD-2020-315-05 (V3.0)
2020/12/18 Treck HTTP Server Vulnerability on TM3 Bus Coupler Modules CVE-2020-25066 Heap-Based Overflow • TM3 Bus Coupler (EIP firmware version 2.1.50.2 and prior) • TM3 Bus Coupler (SL firmware version 2.0.50.2 and prior) • TM3 Bus Coupler (CANOpen firmware version 2.0.50.2 and prior) SEVD-2020-353-02
2020/12/18 Treck TCP/IPv6 Vulnerabilities CVE-2020-27336, CVE-2020-27337, CVE-2020-27338 Multiple Vulnerabilities • ATV340E Altivar Machine Drives • ATV630/650/660/680/6A0/6B0 Altivar Process Drives • ATV930/950/960/980/9A0/9B0 Altivar Process Drives • VW3A3720, VW3A3721 Altivar Process Communication Modules • APC Network Management Card 2 (NMC2) • APC Network Management Card 3 (NMC3) • IFE Gateway  • Acti9 Smartlink IP*  • Acti9 PowerTag Link / HD*  • Acti9 Smartlink SI D*  • Acti9 Smartlink SI B*  • EGX150/Link150 Ethernet Gateway**  • eIFE Ethernet Interface for MasterPact MTZ drawout circuit breakers • IFE Ethernet Interface for ComPact, PowerPact, and MasterPact circuit breakers • TM3 Bus Coupler EIP • ATV6000 Medium Voltage Altivar Process Drives SEVD-2020-353-01
2020/12/08 EcoStruxure™ Control Expert CVE-2020-7560 CWE-123 - Write-what-where Condition • EcoStruxure™ Control Expert, all versions • Unity Pro (former name of EcoStruxure™ Control Expert), all versions SEVD-2020-343-01
2020/12/08 EcoStruxure™ Geo SCADA Expert CVE-2020-28219 CWE-522: Insufficiently Protected Credentials • EcoStruxure Geo SCADA Expert 2019 (Original release and Monthly Updates to September 2020, from 81.7268.1 to 81.7578.1) • EcoStruxure Geo SCADA Expert 2020 (Original release and Monthly Updates to September 2020, from 83.7551.1 to 83.7578.1) SEVD-2020-343-02
2020/12/08 Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules CVE-2020-7539, CVE-2020-7541 Multiple Vulnerabilities • Modicon M340 CPUs (BMXP34* versions prior to V3.30) • Modicon M340 Ethernet Communication modules (BMXNOE0100 (H) versions prior to V3.3, BMXNOE0110 (H) versions prior to V6.5, BMXNOC0401 (H) versions prior to V2.10) • Modicon Premium communication modules (TSXETY4103 versions prior to V6.2, TSXETY5103 versions prior to V6.4) • Modicon Premium processors with integrated Ethernet COPRO (TSXP574634 versions prior to V6.1, TSXP575634 versions prior to V6.1, TSXP576634 versions prior to V6.1) • Modicon Quantum processors with integrated Ethernet COPRO (140CPU65xx0 versions prior to V6.1) • Modicon Quantum communication modules (140NOE771x1 versions prior to V7.1, 140NOC78x00 versions prior to V1.74, 140NOC77101 versions prior to V1.08) SEVD-2020-343-03
2020/12/08 Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules CVE-2020-7540 CWE-306: Missing Authentication for Critical Function • Modicon M340 CPUs (BMXP34* all versions prior to V3.30) • Modicon M340 Ethernet Communication modules(BMXNOE0100 (H) all versions prior to V3.3, BMXNOE0110 (H) all versions prior to V6.5, BMXNOC0401 (H) all versions prior to V2.10) • Modicon Premium communication modules (TSXETY4103 prior to V6.2, TSXETY5103 prior to V6.4) • Modicon Premium processors with integrated Ethernet COPRO (TSXP574634 versions prior to V6.1, TSXP575634 versions prior to V6.1, TSXP576634 versions prior to V6.1) • Modicon Quantum processors with integrated Ethernet COPRO (140CPU65xx0 prior to V6.1) • Modicon Quantum communication modules (140NOE771x1, prior to V7.1, 140NOC78x00, prior to V1.74, 140NOC77101, prior to V1.08) • BMXNOR200H (all versions) SEVD-2020-343-04
2020/12/08 Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules CVE-2020-7535 CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal' Vulnerability Type) • Modicon M340 CPUs (BMXP34* versions prior to V3.30) • Modicon M340 Ethernet Communication modules (BMXNOE0100 (H) prior to version 3.4, BMXNOE0110 (H) prior to version 6.6) • Modicon Premium processors with integrated Ethernet COPRO (TSXP574634 all versions, TSXP575634 all versions, TSXP576634 all versions) • Modicon Quantum processors with integrated Ethernet COPRO (140CPU65xxxxx all versions) • Modicon Quantum communication modules (140NOE771x1 versions prior to V7.3, 140NOC78x00 all versions, 140NOC77101 all versions) • Modicon Premium communication modules (TSXETY4103 all versions, TSXETY5103 all versions) SEVD-2020-343-05
2020/12/08 Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules CVE-2020-7549 CWE-754: Improper Check for Unusual or Exceptional Conditions • Modicon M340 CPUs (BMXP34* versions prior to V3.30) • Modicon M340 Ethernet Communication modules (BMXNOE0100 (H) versions prior to V3.4, BMXNOE0110 (H) versions prior to V6.5, BMXNOC0401 (H) all versions) • Modicon Quantum communication modules (140NOE771x1 versions prior to V7.3, 140NOC78x00 all versions, 140NOC77101 all versions) • Modicon Quantum processors with integrated Ethernet COPRO (140CPU65xx0 all versions) • Modicon Premium communication modules (TSXETY4103 all versions, TSXETY5103 all versions) • Modicon Premium processors with integrated Ethernet COPRO (TSXP574634 all versions, TSXP575634 all versions, TSXP576634 all versions) SEVD-2020-343-06
2020/12/08 SNMP Service on Modicon M340 and associated Communication Modules CVE-2020-7536 CWE-754: Improper Check for Unusual or Exceptional Conditions • Modicon M340 CPUs (BMXP34* versions prior to V3.30) • Modicon M340 Communication Ethernet modules (BMXNOE0100 (H) versions prior to V3.4, BMXNOE0110 (H) versions prior to V6.6, BMXNOR0200H all versions) SEVD-2020-343-07
2020/12/08 Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium CVE-2020-7537, CVE-2020-7542, CVE-2020-7543 Multiple Vulnerabilities • Modicon M580 CPUs (BMEx58xxxxx prior to version 3.20) • Modicon M340 CPUs (BMX P34x prior to version 3.30) • Modicon Premium CPUs all versions –(SXP574634, TSXP575634, TSXP576634) • Modicon Quantum CPUs all versions (40CPU65xxxxx) SEVD-2020-343-08
2020/12/08 Modicon M258 Logic Controllers and SoMachine/ SoMachine Motion Software CVE-2020-28220 CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer • Modicon M258 Firmware (All versions prior to V5.0.4.11) • SoMachine/SoMachine Motion software (All versions) SEVD-2020-343-09
2020/12/08 Easergy T300  CVE-2020-7561, CVE-2020-28215, CVE-2020-28216, CVE-2020-28217, CVE-2020-28218 Multiple Vulnerabilities (Notification Updated) Easergy T300 with firmware 2.7 and older  SEVD-2020-315-06 (V2.0)
2020/12/08 Wibu-Systems CodeMeter Vulnerabilities CVE-2020-14509, CVE-2020-14513, CVE-2020-14515, CVE-2020-14517, CVE-2020-14519, CVE-2020-16233 Multiple Vulnerabilities - EcoStruxure Machine Expert (formerly known as SoMachine and SoMachine Motion) - E+PLC400 - E+PLC100 - E+PLC_Setup - EcoStruxure Machine SCADA Expert SEVD-2020-287-02 (V1.1)
2020/12/08 Modicon Controllers CVE-2018-7846, CVE-2018-7849, CVE-2018-7843, CVE-2018-7848, CVE-2018-7842, CVE-2018-7847, CVE-2018-7850, CVE-2018-7845, CVE-2018-7852, CVE-2018-7853, CVE-2018-7854, CVE-2018-7855, CVE-2018-7856, CVE-2018-7857, CVE-2019-6806, CVE-2019-6807, CVE-2019-6808, CVE-2018-7844, CVE-2019-6830, CVE-2019-6828, CVE-2019-6829, CVE-2019-6809 Multiple Vulnerabilities (Notification Updated) Modicon M580 • Modicon M340 • Modicon Quantum • Modicon Premium SEVD-2019-134-11 (V6.0)
2020/11/10 Modicon Web Server CVE-2020-7562, CVE-2020-7563, CVE-2020-7564 Multiple Vulnerabilities Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details) SEVD-2020-315-01
2020/11/10 Interactive Graphical SCADA System (IGSS) CVE-2020-7550, CVE-2020-7551, CVE-2020-7552, CVE-2020-7553, CVE-2020-7554, CVE-2020-7555, CVE-2020-7556, CVE-2020-7557, CVE-2020-7558 Multiple Vulnerabilities IGSS Definition (Def.exe) version 14.0.0.20247 and prior SEVD-2020-315-03
2020/11/10 EcoStruxure Building Operation (EBO) CVE-2020-7569, CVE-2020-7570, CVE-2020-7571, CVE-2020-7572, CVE-2020-7573, CVE-2020-28209, CVE-2020-28210 Multiple Vulnerabilities • WebReports V1.9 - V3.1 WebStation (V2.0 - V3.1) • Enterprise Server installer (V1.9 - V3.1) • Enterprise Central installer (V2.0 - V3.1) SEVD-2020-315-04
2020/11/10 PLC Simulator on EcoStruxure™ Control Expert  CVE-2020-7559, CVE-2020-7538, CVE-2020-28211, CVE-2020-28212, CVE-2020-28213 Multiple Vulnerabilities PLC Simulator for EcoStruxure™ Control Expert, all versions and PLC Simulator for Unity Pro (former name of EcoStruxure™ Control Expert), all versions SEVD-2020-315-07
2020/11/10 Trio Q and J Data Radios - Drovorub malware  Trio Q and J Data Radios  SESB-2020-315-01
2020/11/10 EcoStruxure™ Operator Terminal Expert (Vijeo XD)  CVE-2020-7493, CVE-2020-7494, CVE-2020-7495, CVE-2020-7496, CVE-2020-7497 Multiple Vulnerabilities EcoStruxure™ Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD)  SEVD-2020-133-04 (V3.0)
2020/11/10 Modicon M218/M241/M251/M258 Logic Controllers SoMachine/SoMachine Motion EcoStruxure™ Machine Expert  CVE-2020-7487, CVE-2020-7488 Multiple Vulnerabilities All versions SEVD-2020-105-02 (V1.1)
2020/11/10 Modicon Controllers, EcoStruxure™ Control Expert and Unity Pro Programming Software CVE-2020-7475 CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') • EcoStruxure™ Control Expert: all versions prior to 14.1 Hot Fix • Unity Pro: all versions • Modicon M340: all versions prior to V3.20 • Modicon M580: all versions prior to V3.10 SEVD-2020-080-01 (V2.0)
2020/11/10 Modicon Controllers CVE-2019-6848, CVE-2019-6849, CVE-2019-6850  Multiple Vulnerabilities Modicon M580, Modicon BMENOC 0311, Modicon BMENOC 0321 SEVD-2019-281-04 (V2.0)
2020/10/13 Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules CVE-2020-7533 CWE-255: Credentials Management - M340 CPUs - M340 Communication Ethernet modules - Premium processors with integrated Ethernet COPRO - Premium communication modules - Quantum processors with integrated Ethernet COPRO - Quantum communication modules SEVD-2020-287-01
2020/10/13 Smartlink, PowerTag, and Wiser Series Gateways CVE-2020-7548 CWE-330 - Use of Insufficiently Random Values - Acti9 Smartlink SI D all versions prior to 002.004.002 - Acti9 Smartlink SI B all versions prior to 002.004.002 - Acti9 PowerTag Link / Link HD all versions prior to 001.008.007 - Acti9 Smartlink EL B all versions prior to 1.2.1 - Wiser Link all versions prior to 1.5.0 - Wiser Energy all versions prior to 1.5.0 SEVD-2020-287-03
2020/10/13 EcoStruxure™ and SmartStruxure™ Power Monitoring and SCADA Software CVE-2020-7545, CVE-2020-7546, CVE-2020-7547 Multiple Vulnerabilities - EcoStruxure™ Power Monitoring Expert versions 9.0, 8.x, 7.x - EcoStruxure™ Energy Expert version 2.0 - Power Manager versions 1.1, 1.2, 1.3 - StruxureWare™ PowerSCADA Expert with Advanced Reporting and Dashboards Module versions 8.x - EcoStruxure™ Power SCADA Operation with Advanced Reporting and Dashboards Module version 9.0 SEVD-2020-287-04
2020/10/13 Netlogon Elevation of Privilege Vulnerability CVE-2020-1472 Multiple Vulnerabilities Elevation of privilege vulnerability SESB-2020-287-01
2020/10/13 Wind River VxWorks (URGENT/11) CVE-2019-12256, CVE-2019-12257, CVE-2019-12255, CVE-2019-12260, CVE-2019-12261, CVE-2019-12263, CVE-2019-12258, CVE-2019-12259, CVE-2019-12262, CVE-2019-12264, CVE-2019-12265 Bulletin Update: Remediations now available See Security Bulletin SESB-2019-214-01 (V2.12)
2020/10/13 Modbus Serial Driver CVE-2020-7523 CWE-269: Improper Privilege Management - Schneider Electric Modbus Serial Driver (64 bits) versions prior to V3.20 IE 30 - Schneider Electric Modbus Serial Driver (32 bits) versions prior to V2.20 IE 30 - Schneider Electric Modbus Driver Suite versions prior to V14.15.0.0 SEVD-2020-224-01 (V1.1)
2020/10/13 SCADAPack 7x Remote Connect and SCADAPack x70 Security Administrator CVE-2020-7528, CVE-2020-7529, CVE-2020-7530, CVE-2020-7531, CVE-2020-7532 Multiple Vulnerabilities SCADAPack 7x Remote Connect (V3.6.3.574 and prior) and SCADAPack x70 Security Administrator (V1.2.0 and prior) SEVD-2020-252-01 (V1.1)
2020/10/13 Modicon Controllers CVE-2017-6028 CWE-522: Insufficiently Protected Credentials Modicon Controllers, see notification for details SEVD-2017-075-03 (V2.0)
2020/08/11 spaceLYnk and Wiser for KNX (formerly homeLYnk) CVE-2020-7525 CWE-307: Improper Restriction of Excessive Authentication Attempts All hardware versions of spaceLYnk and Wiser for KNX (formerly homeLYnk) SEVD-2020-224-02
2020/08/11 Modicon M218 Logic Controller CVE-2020-7524 CWE-787:Out-of-bounds Write Modicon M218 Logic Controller V5.0.0.7 and prior SEVD-2020-224-03
2020/08/11 APC Easy UPS On-Line Software CVE-2020-7521, CVE-2020-7522 Multiple Vulnerabilities SFAPV9601 - APC Easy UPS On-Line Software V2.0 and earlier SEVD-2020-224-04
2020/08/11 PowerChute Business Edition CVE-2020-7526 CWE-20: Improper Input Validation PowerChute Business Edition software V9.0.x and earlier SEVD-2020-224-05
2020/08/11 Harmony® eXLhoist CVE-2019-19193 Bluetooth Low Energy Vulnerability (SweynTooth) Harmony® eXLhoist base stations v04.00.02.00 and prior  SEVD-2020-224-06
2020/08/11 SoMove CVE-2020-7527 CWE-276: Incorrect Default Permission SoMove V2.8.1 and prior SEVD-2020-224-07
2020/08/11 Schneider Electric PACTware CVE-2020-9403, CVE-2020-9404 Multiple Vulnerabilities • Schneider Electric PACTware V5.0.5.30 and prior. • Schneider Electric PACTware V4.1 SP5 and prior. SEVD-2020-224-08
2020/08/11 Vijeo Designer and Vijeo Designer Basic CVE-2020-7501 CWE-798: Use of Hard-coded Credentials  Vijeo Designer Basic V1.1 HotFix 16 and prior , Vijeo Designer V6.9 SP9 and prior  SEVD-2020-133-02 (V1.1)
2020/08/11 Vijeo Designer and Vijeo Designer Basic  CVE-2020-7490  CWE-426: Untrusted Search Path  Vijeo Designer Basic (V1.1 HotFix 15 and prior) and Vijeo Designer (V6.2 SP9 and prior) SEVD-2020-105-03 (V1.2)
2020/08/11 Harmony (formerly known as Magelis) HMI Panels CVE-2019-6833 CWE-754 – Improper Check for Unusual or Exceptional Conditions See security notification SEVD-2019-225-01 (V1.1)
2020/07/14 Schneider Electric Software Update (SESU) CVE-2020-7520 CWE-601: URL Redirection to Untrusted Site ('Open Redirect') SESU V2.4.0 and earlier SEVD-2020-196-01
2020/07/14 Schneider Electric Floating License Manager CVE-2019-8960, CVE-2019-8961 Multiple Vulnerabilities Schneider Electric Floating License Manager V2.4.0.0 and earlier SEVD-2020-196-02
2020/07/14 Intel Microarchitectural Data Sampling (ZombieLoad) CVE-2018-12126, CVE-2018-12130, CVE-2018-12127, CVE-2019-11091 Multiple Vulnerabilities (Notification Updated) Multiple Products SEVD-2019-193-01 (V1.4)
2020/07/14 Microsoft Remote Desktop Services (BlueKeep) CVE-2019-0708 Remote Code Execution (Notification Updated) Multiple Products SEVD-2019-193-02 (V1.5)
2020/06/23 Security Bulletin: Treck TCP/IP Vulnerabilities (Ripple20) CVE-2020-11896, CVE-2020-11897, CVE-2020-11898, CVE-2020-11899, CVE-2020-11900, CVE-2020-11901, CVE-2020-11902, CVE-2020-11903, CVE-2020-11904, CVE-2020-11905, CVE-2020-11906, CVE-2020-11907, CVE-2020-11908, CVE-2020-11909, CVE-2020-11910, CVE-2020-11911, CVE-2020-11912, CVE-2020-11913, CVE-2020-11914 Multiple Vulnerabilities See Security Bulletin SESB-2020-168-01 (V2.0)
2020/06/23 Legacy Triconex Product Vulnerabilities CVE-2020-7483, CVE-2020-7484, CVE-2020-7485, CVE-2020-7486, CVE-2020-7491 Multiple Vulnerabilities See Security Bulletin SESB-2020-105-01 (V2.1)
2020/06/09 Modicon M218 Logic Controller CVE-2020-7502 CWE-787: Out-of-bounds Write Vulnerability Modicon M218 firmware version 4.3 and prior SEVD-2020-161-01
2020/06/09 Unity Loader and OS Loader Software CVE-2020-7498 CWE-798: Use of Hard-coded Credentials  Unity Loader - All versions OS Loader - All versions (uiserd for legacy Modicon offers) SEVD-2020-161-02
2020/06/09 Modicon LMC078 Logic Controller CVE-2020-10664 NULL Pointer Dereference  Modicon LMC Logic Controller running with firmware version V1.51.15.05 and later SEVD-2020-161-03
2020/06/09 Easergy T300 CVE-2020-7503, CVE-2020-7504, CVE-2020-7505, CVE-2020-7506, CVE-2020-7507, CVE-2020-7508, CVE-2020-7509, CVE-2020-7510, CVE-2020-7511, CVE-2020-7512, CVE-2020-7513 Multiple Vulnerabilities Easergy T300 with firmware 1.5.2. and older SEVD-2020-161-04
2020/06/09 Easergy Builder CVE-2020-7514, CVE-2020-7515, CVE-2020-7516, CVE-2020-7517, CVE-2020-7518, CVE-2020-7519 Multiple Vulnerabilities Easergy Builder version 1.4.7.2 and older SEVD-2020-161-05
2020/06/09 GoAhead Web Server CVE-2015-7937 Stack-based buffer overflow  BMXNOC0401 (all versions prior to v2.09) BMXNOE0100 (all versions prior to v3.10) BMXNOE0100H (all versions prior to v3.10) BMXNOE0110 (all versions prior to v6.30) BMXNOE0110H (all versions prior to v6.30) BMXNOR0200 (all versions prior to v1.70) BMXNOR0200H (all versions prior to v1.70) BMXP342020 (all versions prior to v2.80) BMXP342020H (all versions prior to v2.80) BMXP342030 (all versions prior to v2.80) BMXP3420302 (all versions prior to v2.80) BMXP3420302H (all versions prior to v2.80) BMXPRA0100 (all versions prior to v2.80)  SEVD-2015-344-01 (V2.0)
2020/05/12 Pro-face GP-Pro EX Programming Software CVE-2020-7492 CWE-521: Weak Password Requirements  GP-Pro EX V1.00 to V4.09.100 SEVD-2020-133-01
2020/05/12 U.motion Servers and Touch Panels CVE-2020-7499, CVE-2020-7500 Multiple Vulnerabilities  All versions of: MTN6501-0001 – U.Motion – KNX Server, MTN6501-0002 – U.Motion – KNX Server Plus, MTN6260-0410 – U.Motion KNX server Plus, Touch 10, MTN6260-0415 – U.Motion KNX server Plus, Touch 15, MTN6260-0310 – U.Motion KNX Client Touch 10, MTN6260-0315 – U.Motion KNX Client Touch 15  SEVD-2020-133-03
2020/05/12 Andover Continuum System CVE-2020-7480, CVE-2020-7481, CVE-2020-7482 Multiple Vulnerabilities All Continuum versions are affected SEVD-2020-070-04 (2.1)
2020/05/12 Embedded Web Servers for Modicon CVE-2018-7804, CVE-2018-7809, CVE-2018-7810, CVE-2018-7811, CVE-2018-7812, CVE-2018-7830, CVE-2018-7831, CVE-2018-7833 Multiple Vulnerabilities All Modicon M340, Premium, Quantum PLCs, BMXNOR0200 controllers SESB-2018-327-01 (V3.2)
2020/04/14 Modicon M100/M200/M221 controllers, SoMachine Basic and EcoStruxure Machine Expert - Basic Programming Software  CVE-2020-7489  CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')  All versions SEVD-2020-105-01
2020/04/14 Modicon Controllers CVE-2019-6852, CVE-2019-6859 Multiple Vulnerabilities M340 CPUs, M340 communication modules, Premium CPUs, Premium communication modules, Quantum CPUs, Quantum communication modules SEVD-2019-316-02 (V2.0)
2020/04/14 Modicon Controllers, EcoStruxure™Control Expert and Unity Pro Programming Software CVE-2019-6855  CWE-285  Improper Authorization EcoStruxure™ Control Expert: all versions prior to 14.1 Hot Fix, Unity Pro: all versions, Modicon M340: all versions prior to V3.20, Modicon M580: all versions prior to V3.10 SEVD-2019-344-02 (V2.0)
2020/03/10 IGSS (Interactive Graphical SCADA System) CVE-2020-7478, CVE-2020-7479 Multiple Vulnerabilities Versions 14 and prior using the service: IGSSupdate. SEVD-2020-070-01
2020/03/10 Modicon Quantum Ethernet Network module and Quantum / Premium COPRO CVE-2020-7477 CWE-754: Improper Check gor Unusual or Exception Conditions Quantum Ethernet Network module 140NOE771x1, versions 7.0 and prior, Quantum processors with integrated Ethernet – 140CPU65xxxxx, all versions, Premium processors with integrated Ethernet, all versions SEVD-2020-070-02
2020/03/10 ZigBee Installation Toolkit CVE-2020-7476 CWE-426: Untrusted Search Path Versions prior to 1.0.1 SEVD-2020-070-03
2020/02/11 ProSoft Configurator for Modicon PMEPXM0100 (H) CVE-2020-7474 CWE-427: Uncontrolled Search Path Element ProSoft Configurator v1.002 and prior, for the PMEPXM0100 (H) module SEVD-2020-042-01
2020/02/11 U.motion Builder Software CVE-2018-7763, CVE-2018-7764, CVE-2018-7765, CVE-2018-7766, CVE-2018-7767, CVE-2018-7768, CVE-2018-7769, CVE-2018-7770, CVE-2018-7771, CVE-2018-7772, CVE-2018-7773, CVE-2018-7774, CVE-2018-7776, CVE-2018-7777, CVE-2018-7494 Security Notification Updated All versions prior to v1.3.4 SEVD-2018-095-01  (V1.2)
2020/01/28 EcoStruxure™ Operator Terminal Expert - Security Bulletin EcoStruxure™ Operator Terminal Expert software  SESB-2020-028-01
2020/01/14 MSX Configurator CVE-2019-6858 CWE-427:Uncontrolled Search Path Element Software Version prior to V1.0.8.1 SEVD-2020-014-01
2020/01/14 Microsoft Remote Desktop Services (DejaBlue) CVE-2019-1181, CVE-2019-1182, CVE-2019-1222, CVE-2019-1223, CVE-2019-1224, CVE-2019-1225, CVE-2019-1226 Notification Update: Remediations now available Multiple Products SEVD-2019-267-01 (V1.3)

See all archived security notifications

 

Firmware PKI 

 

Resources 

<script> $(document).ready(function() { $('head').append('<meta name="apple-itunes-app" content="app-id=714825126">'); }); </script>
<!-- Start SmartBanner configuration --> <meta name="smartbanner:title" content="mySchneider"> <meta name="smartbanner:author" content="Schneider Electric SA"> <meta name="smartbanner:price" content="Free"> <meta name="smartbanner:price-suffix-apple" content=" - On the App Store"> <meta name="smartbanner:price-suffix-google" content=" - Google Play"> <meta name="smartbanner:icon-apple" content="//lh3.googleusercontent.com/lAVirntKlp63vbntUZvOkMvZI8fE4rIoA5Lwif9M09VxzFhcWE21sTDYqJqOqIPqg4m4=w300-rw"> <meta name="smartbanner:icon-google" content="//lh3.googleusercontent.com/lAVirntKlp63vbntUZvOkMvZI8fE4rIoA5Lwif9M09VxzFhcWE21sTDYqJqOqIPqg4m4=w300-rw"> <meta name="smartbanner:button" content="VIEW"> <meta name="smartbanner:button-url-apple" content="https://app.appsflyer.com/id714825126?pid=Web&c=Smart_app_bannerCORP"> <meta name="smartbanner:button-url-google" content="https://app.appsflyer.com/com.schneider.qrcode.tocase?pid=Web&c=Smart_app_bannerCORP"> <meta name="smartbanner:enabled-platforms" content="android"> <!-- End SmartBanner configuration --> <link rel="stylesheet" href="[PublicationUrl]/assets-re1/css/smartbanner.min.css" /> <script type="text/javascript" src="[PublicationUrl]/assets-re1/js/smartbanner.min.js"></script>
Your browser is out of date and has known security issues. It also may not display all features of this website or other websites. Please upgrade your browser to access all of the features of this website. Internet Explorer 9 or higher is recommended for optimal functionality.