Stay Informed
Register to our security notification mailing list and we will notify you via email on newly released or updated Security Notifications.
Date |
Product |
CVE |
Description |
Products and versions affected |
More information |
|---|---|---|---|---|---|
Date |
Product |
CVE |
Description |
Products and versions affected |
More information |
| 2020/09/08 | SCADAPack 7x Remote Connect and SCADAPack x70 Security Administrator | CVE-2020-7528, CVE-2020-7529, CVE-2020-7530, CVE-2020-7531, CVE-2020-7532 | Multiple Vulnerabilities | SCADAPack 7x Remote Connect (V3.6.3.574 and prior) and SCADAPack x70 Security Administrator (V1.2.0 and prior) | SEVD-2020-252-01 |
| 2020/09/01 | Treck TCP/IP Vulnerabilities (Ripple20) | CVE-2020-11896, CVE-2020-11897, CVE-2020-11898, CVE-2020-11899, CVE-2020-11900, CVE-2020-11901, CVE-2020-11902, CVE-2020-11903, CVE-2020-11904, CVE-2020-11905, CVE-2020-11906, CVE-2020-11907, CVE-2020-11908, CVE-2020-11909, CVE-2020-11910, CVE-2020-11911, CVE-2020-11912, CVE-2020-11913, CVE-2020-11914 | Multiple Vulnerabilities | See Security Notification for offer specific information | SEVD-2020-175-01 (V2.3) |
| 2020/08/11 | Modbus Serial Driver | CVE-2020-7523 | CWE-269: Improper Privilege Management | Schneider Electric Modbus Serial Driver (64 bits) versions prior to V3.20 IE 30. • Schneider Electric Modbus Serial Driver (32 bits) versions prior to V2.20 IE 30. • Schneider Electric Modbus Driver Suite versions prior to V14.15.0.0. | SEVD-2020-224-01 |
| 2020/08/11 | spaceLYnk and Wiser for KNX (formerly homeLYnk) | CVE-2020-7525 | CWE-307: Improper Restriction of Excessive Authentication Attempts | All hardware versions of spaceLYnk and Wiser for KNX (formerly homeLYnk) | SEVD-2020-224-02 |
| 2020/08/11 | Modicon M218 Logic Controller | CVE-2020-7524 | CWE-787:Out-of-bounds Write | Modicon M218 Logic Controller V5.0.0.7 and prior | SEVD-2020-224-03 |
| 2020/08/11 | APC Easy UPS On-Line Software | CVE-2020-7521, CVE-2020-7522 | Multiple Vulnerabilities | SFAPV9601 - APC Easy UPS On-Line Software V2.0 and earlier | SEVD-2020-224-04 |
| 2020/08/11 | PowerChute Business Edition | CVE-2020-7526 | CWE-20: Improper Input Validation | PowerChute Business Edition software V9.0.x and earlier | SEVD-2020-224-05 |
| 2020/08/11 | Harmony® eXLhoist | CVE-2019-19193 | Bluetooth Low Energy Vulnerability (SweynTooth) | Harmony® eXLhoist base stations v04.00.02.00 and prior | SEVD-2020-224-06 |
| 2020/08/11 | SoMove | CVE-2020-7527 | CWE-276: Incorrect Default Permission | SoMove V2.8.1 and prior | SEVD-2020-224-07 |
| 2020/08/11 | Schneider Electric PACTware | CVE-2020-9403, CVE-2020-9404 | Multiple Vulnerabilities | • Schneider Electric PACTware V5.0.5.30 and prior. • Schneider Electric PACTware V4.1 SP5 and prior. | SEVD-2020-224-08 |
| 2020/08/11 | Vijeo Designer and Vijeo Designer Basic | CVE-2020-7501 | CWE-798: Use of Hard-coded Credentials | Vijeo Designer Basic V1.1 HotFix 16 and prior , Vijeo Designer V6.9 SP9 and prior | SEVD-2020-133-02 (V1.1) |
| 2020/08/11 | Vijeo Designer and Vijeo Designer Basic | CVE-2020-7490 | CWE-426: Untrusted Search Path | Vijeo Designer Basic (V1.1 HotFix 15 and prior) and Vijeo Designer (V6.2 SP9 and prior) | SEVD-2020-105-03 (V1.2) |
| 2020/08/11 | Modicon Controllers | CVE-2018-7846, CVE-2018-7849, CVE-2018-7843, CVE-2018-7848, CVE-2018-7842, CVE-2018-7847, CVE-2018-7850, CVE-2018-7845, CVE-2018-7852, CVE-2018-7853, CVE-2018-7854, CVE-2018-7855, CVE-2018-7856, CVE-2018-7857, CVE-2019-6806, CVE-2019-6807, CVE-2019-6808, CVE-2018-7844, CVE-2019-6830, CVE-2019-6828, CVE-2019-6829, CVE-2019-6809 | Multiple Vulnerabilities (Notification Updated) | Modicon M580 Modicon M340 Modicon Quantum Modicon Premium | SEVD-2019-134-11 (V4.1) |
| 2020/08/11 | Harmony (formerly known as Magelis) HMI Panels | CVE-2019-6833 | CWE-754 – Improper Check for Unusual or Exceptional Conditions | See security notification | SEVD-2019-225-01 (V1.1) |
| 2020/07/14 | Schneider Electric Software Update (SESU) | CVE-2020-7520 | CWE-601: URL Redirection to Untrusted Site ('Open Redirect') | SESU V2.4.0 and earlier | SEVD-2020-196-01 |
| 2020/07/14 | Schneider Electric Floating License Manager | CVE-2019-8960, CVE-2019-8961 | Multiple Vulnerabilities | Schneider Electric Floating License Manager V2.4.0.0 and earlier | SEVD-2020-196-02 |
| 2020/07/14 | Intel Microarchitectural Data Sampling (ZombieLoad) | CVE-2018-12126, CVE-2018-12130, CVE-2018-12127, CVE-2019-11091 | Multiple Vulnerabilities (Notification Updated) | Multiple Products | SEVD-2019-193-01 (V1.4) |
| 2020/07/14 | Microsoft Remote Desktop Services (BlueKeep) | CVE-2019-0708 | Remote Code Execution (Notification Updated) | Multiple Products | SEVD-2019-193-02 (V1.5) |
| 2020/06/23 | APC by Schneider Electric Network Management Cards | CVE-2020-11896, CVE-2020-11897, CVE-2020-11898, CVE-2020-11899, CVE-2020-11900, CVE-2020-11901, CVE-2020-11902, CVE-2020-11903, CVE-2020-11904, CVE-2020-11905, CVE-2020-11906, CVE-2020-11907, CVE-2020-11908, CVE-2020-11909, CVE-2020-11910, CVE-2020-11911, CVE-2020-11912, CVE-2020-11913, CVE-2020-11914 | Multiple Vulnerabilities | - Network Management Card 1 (NMC1) - AOS V3.9.2 and earlier - Network Management Card 2 (NMC2) - AOS V6.8.8 and earlier - Network Management Card 3 (NMC3) - AOS V1.3.0.6 and earlier | SEVD-2020-174-01 (V1.1) |
| 2020/06/23 | Security Bulletin: Treck TCP/IP Vulnerabilities (Ripple20) | CVE-2020-11896, CVE-2020-11897, CVE-2020-11898, CVE-2020-11899, CVE-2020-11900, CVE-2020-11901, CVE-2020-11902, CVE-2020-11903, CVE-2020-11904, CVE-2020-11905, CVE-2020-11906, CVE-2020-11907, CVE-2020-11908, CVE-2020-11909, CVE-2020-11910, CVE-2020-11911, CVE-2020-11912, CVE-2020-11913, CVE-2020-11914 | Multiple Vulnerabilities | See Security Bulletin | SESB-2020-168-01 (V2.0) |
| 2020/06/23 | Legacy Triconex Product Vulnerabilities | CVE-2020-7483, CVE-2020-7484, CVE-2020-7485, CVE-2020-7486, CVE-2020-7491 | Multiple Vulnerabilities | See Security Bulletin | SESB-2020-105-01 (V2.1) |
| 2020/06/09 | Modicon M218 Logic Controller | CVE-2020-7502 | CWE-787: Out-of-bounds Write Vulnerability | Modicon M218 firmware version 4.3 and prior | SEVD-2020-161-01 |
| 2020/06/09 | Unity Loader and OS Loader Software | CVE-2020-7498 | CWE-798: Use of Hard-coded Credentials | Unity Loader - All versions OS Loader - All versions (uiserd for legacy Modicon offers) | SEVD-2020-161-02 |
| 2020/06/09 | Modicon LMC078 Logic Controller | CVE-2020-10664 | NULL Pointer Dereference | Modicon LMC Logic Controller running with firmware version V1.51.15.05 and later | SEVD-2020-161-03 |
| 2020/06/09 | Easergy T300 | CVE-2020-7503, CVE-2020-7504, CVE-2020-7505, CVE-2020-7506, CVE-2020-7507, CVE-2020-7508, CVE-2020-7509, CVE-2020-7510, CVE-2020-7511, CVE-2020-7512, CVE-2020-7513 | Multiple Vulnerabilities | Easergy T300 with firmware 1.5.2. and older | SEVD-2020-161-04 |
| 2020/06/09 | Easergy Builder | CVE-2020-7514, CVE-2020-7515, CVE-2020-7516, CVE-2020-7517, CVE-2020-7518, CVE-2020-7519 | Multiple Vulnerabilities | Easergy Builder version 1.4.7.2 and older | SEVD-2020-161-05 |
| 2020/06/09 | Wind River VxWorks (URGENT/11) | CVE-2019-12256, CVE-2019-12257, CVE-2019-12255, CVE-2019-12260, CVE-2019-12261, CVE-2019-12263, CVE-2019-12258, CVE-2019-12259, CVE-2019-12262, CVE-2019-12264, CVE-2019-12265 | Bulletin Update: Remediations now available | See Security Bulletin | SESB-2019-214-01 (V2.11) |
| 2020/06/09 | EcoStruxure™ Operator Terminal Expert (Vijeo XD) | CVE-2020-7493, CVE-2020-7494, CVE-2020-7495, CVE-2020-7496, CVE-2020-7497 | Multiple Vulnerabilities | EcoStruxure™ Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD) | SEVD-2020-133-04 (V2.0) |
| 2020/06/09 | GoAhead Web Server | CVE-2015-7937 | Stack-based buffer overflow | BMXNOC0401 (all versions prior to v2.09) BMXNOE0100 (all versions prior to v3.10) BMXNOE0100H (all versions prior to v3.10) BMXNOE0110 (all versions prior to v6.30) BMXNOE0110H (all versions prior to v6.30) BMXNOR0200 (all versions prior to v1.70) BMXNOR0200H (all versions prior to v1.70) BMXP342020 (all versions prior to v2.80) BMXP342020H (all versions prior to v2.80) BMXP342030 (all versions prior to v2.80) BMXP3420302 (all versions prior to v2.80) BMXP3420302H (all versions prior to v2.80) BMXPRA0100 (all versions prior to v2.80) | SEVD-2015-344-01 (V2.0) |
| 2020/05/12 | Pro-face GP-Pro EX Programming Software | CVE-2020-7492 | CWE-521: Weak Password Requirements | GP-Pro EX V1.00 to V4.09.100 | SEVD-2020-133-01 |
| 2020/05/12 | U.motion Servers and Touch Panels | CVE-2020-7499, CVE-2020-7500 | Multiple Vulnerabilities | All versions of: MTN6501-0001 – U.Motion – KNX Server, MTN6501-0002 – U.Motion – KNX Server Plus, MTN6260-0410 – U.Motion KNX server Plus, Touch 10, MTN6260-0415 – U.Motion KNX server Plus, Touch 15, MTN6260-0310 – U.Motion KNX Client Touch 10, MTN6260-0315 – U.Motion KNX Client Touch 15 | SEVD-2020-133-03 |
| 2020/05/12 | Andover Continuum System | CVE-2020-7480, CVE-2020-7481, CVE-2020-7482 | Multiple Vulnerabilities | All Continuum versions are affected | SEVD-2020-070-04 (2.1) |
| 2020/05/12 | Embedded Web Servers for Modicon | CVE-2018-7804, CVE-2018-7809, CVE-2018-7810, CVE-2018-7811, CVE-2018-7812, CVE-2018-7830, CVE-2018-7831, CVE-2018-7833 | Multiple Vulnerabilities | All Modicon M340, Premium, Quantum PLCs, BMXNOR0200 controllers | SESB-2018-327-01 (V3.2) |
| 2020/04/14 | Modicon M100/M200/M221 controllers, SoMachine Basic and EcoStruxure Machine Expert - Basic Programming Software | CVE-2020-7489 | CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') | All versions | SEVD-2020-105-01 |
| 2020/04/14 | Modicon M218/M241/M251/M258 Logic Controllers SoMachine/SoMachine Motion EcoStruxure™ Machine Expert | CVE-2020-7487, CVE-2020-7488 | Multiple Vulnerabilities | All versions | SEVD-2020-105-02 |
| 2020/04/14 | Modicon Controllers | CVE-2019-6852, CVE-2019-6859 | Multiple Vulnerabilities | M340 CPUs, M340 communication modules, Premium CPUs, Premium communication modules, Quantum CPUs, Quantum communication modules | SEVD-2019-316-02 (V2.0) |
| 2020/04/14 | Modicon Controllers, EcoStruxure™Control Expert and Unity Pro Programming Software | CVE-2019-6855 | CWE-285 Improper Authorization | EcoStruxure™ Control Expert: all versions prior to 14.1 Hot Fix, Unity Pro: all versions, Modicon M340: all versions prior to V3.20, Modicon M580: all versions prior to V3.10 | SEVD-2019-344-02 (V2.0) |
| 2020/03/20 | Modicon Controllers, EcoStruxure™ Control Expert and Unity Pro Programming Software | CVE-2020-7475 | CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') | • EcoStruxure™ Control Expert: all versions prior to 14.1 Hot Fix • Unity Pro: all versions • Modicon M340: all versions prior to V3.20 • Modicon M580: all versions prior to V3.10 | SEVD-2020-080-01 |
| 2020/03/10 | IGSS (Interactive Graphical SCADA System) | CVE-2020-7478, CVE-2020-7479 | Multiple Vulnerabilities | Versions 14 and prior using the service: IGSSupdate. | SEVD-2020-070-01 |
| 2020/03/10 | Modicon Quantum Ethernet Network module and Quantum / Premium COPRO | CVE-2020-7477 | CWE-754: Improper Check gor Unusual or Exception Conditions | Quantum Ethernet Network module 140NOE771x1, versions 7.0 and prior, Quantum processors with integrated Ethernet – 140CPU65xxxxx, all versions, Premium processors with integrated Ethernet, all versions | SEVD-2020-070-02 |
| 2020/03/10 | ZigBee Installation Toolkit | CVE-2020-7476 | CWE-426: Untrusted Search Path | Versions prior to 1.0.1 | SEVD-2020-070-03 |
| 2020/02/11 | ProSoft Configurator for Modicon PMEPXM0100 (H) | CVE-2020-7474 | CWE-427: Uncontrolled Search Path Element | ProSoft Configurator v1.002 and prior, for the PMEPXM0100 (H) module | SEVD-2020-042-01 |
| 2020/02/11 | U.motion Builder Software | CVE-2018-7763, CVE-2018-7764, CVE-2018-7765, CVE-2018-7766, CVE-2018-7767, CVE-2018-7768, CVE-2018-7769, CVE-2018-7770, CVE-2018-7771, CVE-2018-7772, CVE-2018-7773, CVE-2018-7774, CVE-2018-7776, CVE-2018-7777, CVE-2018-7494 | Security Notification Updated | All versions prior to v1.3.4 | SEVD-2018-095-01 (V1.2) |
| 2020/01/28 | EcoStruxure™ Operator Terminal Expert | - | Security Bulletin | EcoStruxure™ Operator Terminal Expert software | SESB-2020-028-01 |
| 2020/01/14 | MSX Configurator | CVE-2019-6858 | CWE-427:Uncontrolled Search Path Element | Software Version prior to V1.0.8.1 | SEVD-2020-014-01 |
| 2020/01/14 | Microsoft Remote Desktop Services (DejaBlue) | CVE-2019-1181, CVE-2019-1182, CVE-2019-1222, CVE-2019-1223, CVE-2019-1224, CVE-2019-1225, CVE-2019-1226 | Notification Update: Remediations now available | Multiple Products | SEVD-2019-267-01 (V1.3) |
| 2019/12/10 | Modicon Controllers | CVE-2019-6856, CVE-2019-6857, CVE-2018-7794 | Multiple Vulnerabilities | Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium | SEVD-2019-344-01 |
| 2019/12/10 | Power SCADA Operation | CVE-2019-13537 | CWE-121 Stack-based Buffer Overflow | Power SCADA Operation 9.0, Power SCADA Expert 8.2, Power SCADA Expert 8.1, Power SCADA Expert 8.0, Power SCADA Expert 7.4, and Power SCADA Expert 7.3 (including all associated Cumulative Updates) | SEVD-2019-344-04 |
| 2019/12/10 | EcoStruxure Geo SCADA Expert (ClearSCADA) | CVE-2019-6854 | CWE-264 Permissions, Privileges, and Access Controls | EcoStruxure Geo SCADA Expert (ClearSCADA) with initial releases before 1 January 2019 | SEVD-2019-344-05 |
| 2019/12/10 | Modicon Controllers | CVE-2019-6841, CVE-2019-6842, CVE-2019-6843, CVE-2019-6844, CVE-2019-6846, CVE-2019-6847 | Multiple Vulnerabilities (Notification Updated) | Modicon M580 (all firmware versions) , Modicon M340 (all firmware versions) . Modicon BMxCRA and 140CRA modules (all firmware versions) | SEVD-2019-281-02 (V2.0) |
| 2019/12/10 | Modicon Controllers | CVE-2017-6017 | Improper Check for Unusual or Exceptional Conditions Vulnerability (Notification Updated) | M340 CPUs with firmware prior to V2.9, M580 CPUs with firmware prior to V2.3, Quantum CPUs with firmware prior to V3.52, Premium CPUs all versions, M1E CPUs all versions | SEVD-2017-048-02 (V3.0) |
| 2019/12/10 | Schneider Electric Floating License Manager | CVE-2019-20031, CVE-2019-20032, CVE-2019-20033, CVE-2019-20034 | Multiple Vulnerabilities (Notification Updated) | Schneider Electric Floating License Manager V2.3.0.0 and earlier (EcoStruxure Machine Expert) | SEVD-2019-134-04 (V2.2) |
| 2019/11/12 | Andover Continuum | CVE-2019-6853 | CWE-79: Failure to Preserve Web Page Structure (Cross-Site Scripting) | Andover Continuum models 9680, 5740 and 5720, bCX4040, bCX9640, 9900, 9940, 9924 and 9702. | SEVD-2019-316-01 |
| 2019/11/12 | Wind River VxWorks (URGENT/11) | CVE-2019-12256, CVE-2019-12257, CVE-2019-12255, CVE-2019-12260, CVE-2019-12261, CVE-2019-12263, CVE-2019-12258, CVE-2019-12259, CVE-2019-12262, CVE-2019-12264, CVE-2019-12265 | Multiple Vulnerabilities (Bulletin Updated) | See Security Bulletin | SESB-2019-214-01 (V2.2) |
| 2019/11/12 | ConneXium Gateway TSXETG100 and PowerLogic Ethernet Gateway EGX100 | CVE-2018-7834 | CWE-79: Cross-Site Scripting (Notification Updated) | TSXETG100, EGX100 (all variants), ECI850 (all variants) | SEVD-2019-134-07 (V2) |
| 2019/11/12 | Triconex TriStation Emulator | CVE-2018-7803 | CWE-754: Improper Check for Unusual or Exceptional Conditions (Notification Updated) | Triconex TriStation Emulator V1.2.0 | SEVD-2019-071-03 (V2) |
| 2019/10/08 | Modicon Controllers | CVE-2019-6851 | CWE-538: File and Directory Information Exposure | Modicon M580 (all firmware versions), Modicon M340 (all firmware versions), Modicon Premium (all firmware versions), Modicon Quantum (all firmware versions) | SEVD-2019-281-01 |
| 2019/10/08 | Modicon Controllers | CVE-2019-6841, CVE-2019-6842, CVE-2019-6843, CVE-2019-6844, CVE-2019-6846, CVE-2019-6847 | Multiple Vulnerabilities | Modicon M580 (all firmware versions), Modicon M340 (all firmware versions). Modicon BMxCRA and 140CRA modules (all firmware versions) | SEVD-2019-281-02 |
| 2019/10/08 | Modicon Controllers | CVE-2019-6845 | CWE-319: Cleartext Transmission of Sensitive Information | Modicon M580 (all firmware versions), Modicon M340 (all firmware versions), Modicon Premium (all firmware versions), Modicon Quantum (all firmware versions) | SEVD-2019-281-03 |
| 2019/10/08 | Modicon Controllers | CVE-2019-6848, CVE-2019-6849, CVE-2019-6850 | Multiple Vulnerabilities | Modicon M580, Modicon BMENOC 0311, Modicon BMENOC 0321 | SEVD-2019-281-04 |
| 2019/10/08 | Schneider Electric Floating License Manager | CVE-2019-20031, CVE-2019-20032, CVE-2019-20033, CVE-2019-20034 | Multiple Vulnerabilities (Notification Updated) | Schneider Electric Floating License Manager V2.3.0.0 and earlier (EcoStruxure Machine Expert) | SEVD-2019-134-04 (V2.1) |
| 2019/10/08 | SoMachine HVAC & SoMove | CVE-2019-6826 | CWE-426: Untrusted Search Path (Notification Updated) | SoMachine HVAC v2.4.1 and earlier versions and SoMove FDT v2.7.5 and earlier versions | SEVD-2019-225-04 (V2.0) |
| 2019/10/08 | Embedded Web Servers for Modicon | CVE-2018-7804, CVE-2018-7809, CVE-2018-7810, CVE-2018-7811, CVE-2018-7812, CVE-2018-7830, CVE-2018-7831, CVE-2018-7833 | Multiple Vulnerabilities (Notification Updated) | All Modicon M340, Premium, Quantum PLCs and BMXNOR0200 | SEVD-2018-327-01 (V3) |
| 2019/09/19 | ProClima | CVE-2019-6823, CVE-2019-6824, CVE-2019-6825 | Multiple Vulnerabilities (Notification Updated) | All versions of ProClima prior to version 8.0.0 | SEVD-2019-162-01 (V1.1) |
| 2019/09/10 | U.motion Server | CVE-2019-6835, CVE-2019-6836, CVE-2019-6837, CVE-2019-6838, CVE-2019-6839, CVE-2019-6840 | Multiple Vulnerabilities | MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15 | SEVD-2019-253-01 |
| 2019/09/10 | Modicon Quantum 140 NOE771x1 | CVE-2019-6811 | CWE-754 – Improper Check for Unusual or Exceptional Conditions | Quantum 140 NOE771x1 version 6.9 and earlier | SEVD-2019-253-02 |
| 2019/09/10 | TwidoSuite | - | Multiple Vulnerabilities | TwidoSuite v2.20.11 running on Windows 7 SP1 32-bit | SEVD-2019-253-03 |
| 2019/08/19 | Microsoft Remote Desktop Services – DejaBlue | CVE-2019-1181, CVE-2019-1182, CVE-2019-1222, CVE-2019-1223, CVE-2019-1224, CVE-2019-1225, CVE-2019-1226 | Multiple Vulnerabilities (Updated Bulletin) | See Security Bulletin | SESB-2019-214-01 (V1.2) |
| 2019/08/13 | Modicon M340 Controller | CVE-2019-6813 | CWE-754: Improper Check for Unusual or Exceptional Conditions | All firmware versions | SEVD-2019-225-02 |
| 2019/08/13 | Modicon Ethernet / Serial RTU Module | CVE-2019-6831, CVE-2019-6810, CVE-2019-6813 | Multiple Vulnerabilities | All firmware versions | SEVD-2019-225-03 |
| 2019/08/13 | TelevisGo | CVE-2019-8258, CVE-2018-15361, CVE-2019-8259, CVE-2019-8260, CVE-2019-8261, CVE-2019-8262, CVE-2019-8280, CVE-2019-8263, CVE-2019-8264, CVE-2019-8265, CVE-2019-8266, CVE-2019-8267, CVE-2019-8268, CVE-2019-8269, CVE-2019-8270, CVE-2019-8271, CVE-2019-8272, CVE-2019-8273, CVE-2019-8274, CVE-2019-8275, CVE-2019-8276, CVE-2019-8277 | Multiple Vulnerabilities | Versions manufactured prior to 15th July 2019. | SEVD-2019-225-05 |
| 2019/08/13 | Schneider Electric Software Update (SESU) – SUT Service Component | CVE-2019-6834 | CWE-502: Deserialization of Untrusted Data | Versions 2.1.1 to 2.3.0. | SEVD-2019-225-06 |
| 2019/08/13 | spaceLYnk & homeLYnk | CVE-2019-6832 | CWE-287: Authentication Issues | spaceLYnk all versions before 2.4.0 and Wiser for KNX (formerly known as homeLYnk) all versions before 2.4.0 | SEVD-2019-225-07 |
| 2019/08/13 | Modicon Controllers | CVE-2018-7846, CVE-2018-7849, CVE-2018-7843, CVE-2018-7848, CVE-2018-7842, CVE-2018-7847, CVE-2018-7850, CVE-2018-7845, CVE-2018-7852, CVE-2018-7853, CVE-2018-7854, CVE-2018-7855, CVE-2018-7856, CVE-2018-7857, CVE-2019-6806, CVE-2019-6807, CVE-2019-6808, CVE-2018-7844, CVE-2019-6830, CVE-2019-6828, CVE-2019-6829, CVE-2019-6809 | Multiple Vulnerabilities (Notification Updated) | Modicon M580 Modicon M340 Modicon Quantum Modicon Premium | SEVD-2019-134-11(V2.0) |
| 2019/08/13 | Modicon Controllers and SCADAPack | CVE-2017-6034 | Authentication Bypass by Capture-Replay | Modicon Momentum M1E 171CBU98090 (All versions), Modicon Momentum M1E 171CBU98091 (All versions), Modicon M340 (All versions prior to V2.70), Modicon M580 (All versions prior to V2.01), Modicon Premium (All versions prior to V3.10), Modicon Quantum (All versions prior to V3.12), Modicon M221 (All versions), SCADAPack 32 RTU (All Versions), SCADAPack 300 series RTU (314, 330, 334, 350) (All Versions), SCADAPack 300 E and 500 E series RTU (312E, 313E, 314E, 330E, 333E, 337E, 350E, 530E, 535E) (All Versions), SCADAPack 57x RTU (570, 575) (All Versions) | SEVD-2017-065-01 (V3.0) |
| 2019/07/09 | Zelio Soft 2 | CVE-2019-6822 | CWE-416: Use After Free | V5.2 and earlier versions | SEVD-2019-190-01 |
| 2019/07/09 | Interactive Graphical SCADA System (IGSS) | CVE-2019-6827 | CWE-787: Out-of-bounds Write | Versions 14 and prior | SEVD-2019-190-02 |
| 2019/07/09 | Modicon M580 Controller | CVE-2018-7838 | CWE-119 Buffer Errors | Modicon M580 CPU - BMEP582040 all versions before V2.90 and Modicon Ethernet Module BMENOC0301 all versions before V2.16 | SEVD-2019-190-03 |
| 2019/07/09 | Modicon Controllers | CVE-2019-6819 | CWE-754: Improper Check for Unusual or Exceptional Conditions | Modicon M340 - firmware versions prior to V3.01 Modicon M580 - firmware versions prior to V2.80 All firmware versions of Modicon Quantum and Modicon Premium | SEVD-2019-134-05 (V1.1) |
| 2019/06/11 | PowerSCADA Expert | CVE-2019-10981 | CWE-255: Credentials Management | "PowerSCADA Expert 7.30PowerSCADA Expert 7.40PowerSCADA Expert 8.0 without Service Release 1" | SEVD-2019-162-02 |
| 2019/06/11 | U.motion Builder software V1.1 | CVE-2018-7841 | CWE-89: SQL Injection (Notification Updated) | U.motion Builder version 1.3.4 | SEVD-2019-071-02 V1.1 |
| 2019/05/16 | Intel Microarchitectural Data Sampling (Zombieload) | CVE-2018-12126, CVE-2018-12130, CVE-2018-12127, CVE-2019-11091 | Side Channel Attacks | See Security Bulletin | SESB-2019-136-01 |
| 2019/05/16 | Remote Desktop Services (RDS) | CVE-2019-0708 | Remote Code Execution | See Security Bulletin | SESB-2019-136-02 |
| 2019/05/14 | Modicon Controllers | CVE-2018-7851 | CWE-119: Buffer errors | Modicon M580 with firmware prior to V2.50 Modicon M340 with firmware prior to V3.01 BMxCRA312xx with firmware prior to V2.40 All firmware versions of Modicon Premium and 140CRA312xxx | SEVD-2019-134-10 |
| 2019/05/14 | Modicon Quantum | CVE-2019-6815, CVE-2019-6816 | Multiple Vulnerabilities | Modicon Quantum - all firmware versions | SEVD-2019-134-09 |
| 2019/05/14 | Modicon Quantum | CVE-2018-7788 | CWE-255: Credentials Management | Modicon Quantum with firmware versions prior to V2.40. | SEVD-2019-134-08 |
| 2019/05/14 | Modicon RTU Module | CVE-2019-6812 | CWE-798: Use of hardcoded credentials | BMX-NOR-0200H with firmware versions prior to V1.7 IR 19 | SEVD-2019-134-06 |
| 2019/05/14 | Modicon Controllers | CVE-2019-6819 | CWE-754: Improper Check for Unusual or Exceptional Conditions | Modicon M340 - firmware versions prior to V3.01 Modicon M580 - firmware versions prior to V2.80 All firmware versions of Modicon Quantum and Modicon Premium | SEVD-2019-134-05 |
| 2019/05/14 | Modicon Controllers | CVE-2019-6821 | CWE-330: Use of Insufficiently Random Values | Modicon M580 firmware versions prior to V2.30, and all firmware versions of Modicon M340, Modicon Premium, Modicon Quantum | SEVD-2019-134-03 |
| 2019/05/14 | Modicon and PacDrive Controller | CVE-2019-6820 | CWE-306: Missing Authentication for Critical Function | All versions of: Modicon M100, Modicon M200, Modicon M221, ATV IMC drive controller, Modicon M241, Modicon M251, Modicon M258, Modicon LMC058, Modicon LMC078, PacDrive Eco ,PacDrive Pro, PacDrive Pro2 | SEVD-2019-134-02 |
| 2019/02/14 | SoMachine Basic and Modicon M221 | CVE-2018-7821, CVE-2018-7822, CVE-2018-7823 | Multiple Vulnerabilities | SoMachine Basic, all versions Modicon M221, all references, all versions prior to firmware V1.10.0.0 | SEVD-2019-045-01 |
| 2019/02/14 | Vijeo Designer Lite | - | Buffer Error (CWE-119) | Vijeo Designer Lite V1.3SP1 | SEVD-2019-045-02 |
| 2019/01/14 | IIoT Monitor | CVE-2018-7835, CVE-2018-7836, CVE-2018-7837, CVE-2018-7839 | Multiple Vulnerabilities (Notification Updated) | IIoT Monitor 3.1.38 | SEVD-2018-354-03 |
| 2018/12/27 | Zelio Soft | CVE-2018-7817 | Use after free vulnerability | Zelio Soft 2 v5.1 and prior versions | SEVD-2018-361-01 |
| 2018/12/20 | EVLink Parking | CVE-2018-7800, CVE-2018-7801, CVE-2018-7802 | Multiple Vulnerabilities | EVLink Parking v3.2.0-12_v1 and earlier. | SEVD-2018-354-01 |
| 2018/12/20 | Pro-Face GP-Pro EX | CVE-2018-7832 | Improper Input Validation | Pro-Face GP-Pro EX v4.08 and previous versions | SEVD-2018-354-02 |
| 2018/12/18 | 2018/12/18 | CVE-2018-7796 | Buffer Error Vulnerability | All released versions of PowerSuite2 | SEVD-2018-351-01 |
| 2018/12/18 | Modicon Controllers | CVE-2017-6017 | Improper Check for Unusual or Exceptional Conditions Vulnerability (Notification Updated) | M340 CPUs with firmware prior to V2.9, M580 CPUs with firmware prior to V2.3, Quantum CPUs with firmware prior to V3.52, Premium CPUs all versions, M1E CPUs all versions | SEVD-2017-048-02 |
| 2018/12/14 | Triconex | Malware Discovered Affecting Triconex Safety Controllers | Malware Discovered Affecting Triconex Safety Controllers | Tricon Model MP3008, versions 10.0 – 10.4 | SEVD-2017-347-01 |
| 2018/12/13 | Power Monitoring Expert, Energy Expert (formerly Power Manager) | CVE-2018-7797 | URL redirection vulnerability | EcoStruxure™ Power Monitoring Expert (PME) v8.2 (all editions), EcoStruxure™ Energy Expert 1.3 (formerly Power Manager), EcoStruxure™ Power SCADA Operation (PSO) 8.2 Advanced Reports and Dashboards Module, EcoStruxure™ Power Monitoring Expert (PME) v9.0, EcoStruxure™ Energy Expert v2.0, EcoStruxure™ Power SCADA Operation (PSO) 9.0 Advanced Reports and Dashboards Module | SEVD-2018-347-01 |
| 2018/12/04 | Eurotherm by Schneider Electric GUIcon V2.0 | CVE-2018-7813, CVE-2018-7814, CVE-2018-7815 | Multiple Vulnerabilities | GUIcon Version 2.0 (Gold Build 683.0) | SEVD-2018-338-01 |
| 2018/10/25 | Schneider Electric Software Update | - | DLL hijacking | all versions prior to V2.2.0 | SEVD-2018-298-01 |
| 2018/09/27 | Modicon M221 | CVE-2018-7798 | Insufficient Verification of Data Authenticity (CWE-345) CVE-2018-7798 | Modicon M221 All Versions | SEVD-2018-270-01 |
| 2018/08/24 | Conext Combox and Conext Battery Monitor | - | USB removable media shipped with the products may have been exposed to malware | - USB media shipped with Conext Combox (sku 865-1058), all versions - USB media shipped with Conext Battery Monitor (sku 865-1080-01), all versions | SESN-2018-236-01 |
| 2018/08/23 | Modicon M221 | CVE-2018-7790, CVE-2018-7792, CVE-2018-7791 | Multiple Vulnerabilities CVE-2018-7790, CVE-2018-7792, CVE-2018-7791 | Modicon M221, all references, all versions prior to firmware V1.6.2.0. | SEVD-2018-235-01 |
| 2018/08/21 | Modicon M221 | CVE-2018-7789 | Improper Check for Unusual or Exceptional Conditions CVE-2018-7789 | Modicon M221, all references, all versions prior to firmware V1.6.2.0. | SEVD-2018-233-01 |
| 2018/08/16 | PowerLogic PM5560 | CVE-2018-7795 | Cross Protocol Injection CVE-2018-7795 | PM5560 prior to FW version 2.5.4 | SEVD-2018-228-01 |
| 2018/05/31 | U.Motion Builder | CVE-2018-7784 CVE-2018-7785 CVE-2018-7786 CVE-2018-7787 | Multiple Vulnerabilities CVE-2018-7784 CVE-2018-7785 CVE-2018-7786 CVE-2018-7787 | All versions prior to 1.3.4 | SEVD-2018-151-01 |
| 2018/05/24 | EcoStruxure Modicon Builder | CVE-2016-10395, CVE-2017-5571, CVE-2016-2177 | Multiple Vulnerabilities CVE-2016-10395 CVE-2017-5571 CVE-2016-2177 | V3.0 and prior versions | SEVD-2018-144-01 |
| 2018/05/22 | SoMachine Basic | CVE-2018-7783 | CVE-2018-7783 Out-Of-Band Remote Arbitrary Data Retrieval | All versions prior to v1.6 SP1 | SEVD-2018-142-01 |
| 2018/05/17 | PlantStruxure PES | CVE-2016-10395 CVE-2017-5571 CVE-2016-2177 | Multiple Vulnerabilities • CVE-2016-10395 • CVE-2017-5571 • CVE-2016-2177 | V4.3 SP1 and prior versions | SEVD-2018-137-01 |
| 2018/04/19 | EVlink Charging Station | CVE-2018-7778 | CVE-2018-7778 | All versions prior to v3.2.0-12_v1 | SEVD-2018-109-01 |
| 2018/04/19 | Wiser for KNX (formerly homeLYnk / spaceLYnk) | CVE-2018-7779 | CVE-2018-7779 | • Wiser for KNX, V2.1.0 and prior • homeLYnk V2.0.1 and prior • spaceLYnk V2.1.0 and prior | SEVD-2018-109-02 |
| 2018/04/05 | U.motion Builder | CVE-2018-7763, CVE-2018-7764, CVE-2018-7765, CVE-2018-7766, CVE-2018-7767, CVE-2018-7768, CVE-2018-7769, CVE-2018-7770, CVE-2018-7771, CVE-2018-7772, CVE-2018-7773, CVE-2018-7774, CVE-2018-7776, CVE-2018-7777, CVE-2018-7494 | Multiple vulnerabilities | All versions prior to v1.3.4 | Security Notification – U.motion Builder |
| 2018/03/22 | Modicon | CVE-2018-7240, CVE-2018-7241, CVE-2018-7242 | Arbitrary code execution, hardcoded accounts, vulnerable hash algorithms | All Modicon Premium, Quantum, M340 and BMXNOR0200 controllers | Security Notification - Embedded FTP Servers for Modicon |
| 2018/03/22 | Modicon | CVE-2018-7759, CVE-2018-7760, CVE-2018-7761, CVE-2018-7762 | Denial of service, authorization bypass, arbitrary code execution, buffer overflow | All Modicon M340, Premium, Quantum PLCs and BMXNOR0200 | Security Notification - Embedded Web Servers for Modicon |
| 2018/03/15 | MGE Network Management Card Transverse installed in MGE UPS and MGE STS | CVE-2018-7243, CVE-2018-7244, CVE-2018-7245, CVE-2018-7246 | Authorization Bypass, Information Exposure, Improper Authorization, Cleartext Transmission of Sensitive Information | MGE Network Management Card Transverse, part number: SF66074. All card versions affected, when installed in following products: MGE Galaxy 5000, MGE Galaxy 6000, MGE Galaxy 9000, MGE EPS 7000, MGE EPS 8000, MGE EPS 6000, MGE Comet UPS, MGE Comet 3000, MGE Galaxy PW, MGE Galaxy 3000, MGE Galaxy 4000, MGE STS (Upsilon and Epsilon) | Security Notification – MGE Network Management Card Transverse installed in MGE UPS and MGE STS |
| 2018/03/15 | MiCOM P540D Range with Legacy Ethernet Board | CVE-2018-7758 | Denial of Service | Within this list of product versions only products with CORTEC digit 9 = “8” (DNP3oE protocol -enabled) are affected : MiCOM P445 versions: 35, 36, 37, E0, F0*, F1, F2 MiCOM P443, P446 versions: 54, 55, 57, B0, D0*, D1, D2 MiCOM P543 to P546 versions: 44, 54, 45, 55, 47, 57, A0, B0, C0*, DO*, D1, D2 MiCOM P841A versions: 44, 45, 47, A0, C0(*), C1, C2 MiCOM P841B versions: 54, 55, 57, B0, D0*), D1, D2 *Excluding minor revision F | Security Notification – MiCOM P540D Range with Legacy Ethernet Board |
| 2018/03/15 | MiCOM Px4x with Legacy Ethernet Board | CVE-2018-7758 | Denial of Service | Within this list of product versions only products with CORTEC digit 9 = “8” (DNP3oE protocol) and last digit = “J” or “K” (Hardware version) are affected MiCOM P14x version 46, MiCOM P44x version D6 excluding D6(E), MiCOM P64x all versions, MiCOM P849 all versions | Security Notification – MiCOM Px4x with Legacy Ethernet Board |
| 2018/03/15 | MiCOM Px4x Rejuvenated | CVE-2018-7758 | Denial of Service | Within this list of product versions only products with CORTEC digit 9 = “8” (DNP3oE protocol) and last digit = “L” or “M” (Hardware version) are affected MiCOM P540D range:MiCOM P443 version H4, MiCOM P445 version H4, MiCOM P446 version H4, MiCOM All P54x version H4, MiCOM P841A version H4, MiCOM P841B version H4 MiCOM Px4x: MiCOM P14x all versions except B2(B), MiCOM P44x all versions, MiCOM P64x all versions, MiCOM P746 all versions, MiCOM P849 all versions | Security Notification – MiCOM Px4x Rejuvenated |
| 2018/03/01 | SoMove | CVE-2018-7239 | DLL Hijacking | V2.6.2 and prior | Security Notification – SoMove |
| 2018/02/20 | Saitel DP | CVE-2016-5195 | CVE-2016-5195 | all versions prior to 11.06.04 | Security Notification – Saitel DP |
| 2018/02/15 | EcoStruxure Power Monitoring Expert, Energy Expert (formerly Power Manager), EcoStruxure Power SCADA Operations (formerly PowerSCADA Expert) | CVE-2016-10395 | CVE-2016-10395 | EcoStruxure Power Monitoring Expert 8.2 (Standard, DC, HC Editions) StruxureWare Power Monitoring Expert 8.1 (Standard, DC, HC Editions) StruxureWare Power Monitoring Expert 8.0 (Standard, DC, HC, Buildings Editions) StruxureWare Power Monitoring Expert 7.2.x Energy Expert 1.x (formerly Power Manager) EcoStruxure Power SCADA Operations 8.x (formerly PowerSCADA Expert) (Only with Advanced Reports and Dashboards Module | Security Notification – EcoStruxure Power Monitoring Expert, Energy Expert (formerly Power Manager), EcoStruxure Power SCADA Operations (formerly PowerSCADA |
| 2018/02/15 | SCADA Expert Vijeo Citect / CitectSCADA, Vijeo Historian / Citect Historian™ ,CitectHistorian, and Citect™ Anywhere | CVE-2016-10395, CVE-2017-5571, CVE-2016-2177 | CVE-2016-10395, CVE-2017-5571, CVE-2016-2177 | Version 7.30, 7.40 of SCADA Expert Vijeo Citect / CitectSCADA™ Version 2015, 2016 of CitectSCADA Version 4.40, 4.50 of Vijeo Historian / Citect Historian™ Version 2016 of CitectHistorian Citect™ Anywhere | Vulnerability within Schneider Electric Floating License Manager |
| 2018/02/08 | StruxureOn Gateway | CVE-2017-9970 | Remote Code Execution | V1.1.3 and prior versions | Security Notification – StruxureOn Gateway |
| 2018/02/08 | IGSS Mobile | CVE-2017-9968, CVE-2017-9969 | Lack of certificate pinning, cleartext storage of password and other sensitive data | Android and iOS, version 3.01 and prior versions | Security Notification – IGSS Mobile |
| 2018/02/06 | Spectre and Meltdown | CVE-2017-5754, CVE-2017-5753, CVE-2017-5715 | side channel attacks | See Security Notification | Security Notification- Spectre and Meltdown |
| 2018/02/06 | IGSS SCADA Software | CVE-2017-9967 | Security Misconfiguration | V12 and all previous versions | Security Notification – IGSS SCADA Software |
See all archived security notifications
Firmware PKI
