Lucene search
K

829 matches found

CVE
CVE
added 2026/05/14 4:54 p.m.11 views

CVE-2026-6332

CVE-2026-6332 describes a plaintext storage of sensitive information vulnerability in Schneider Electric’s EcoStruxure Machine Expert HVAC platform. The issue centers on how sensitive data (potentially including protected source code) is stored, which could lead to confidentiality loss if an auth...

7.5CVSS5.8AI score0.00012EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/05/14 4:54 p.m.27 views

CVE-2026-6332 Clear Text Storage of Sensitive Information on EcoStruxure™ Machine Expert HVAC

CWE-312: Cleartext Storage of Sensitive Information vulnerability exists that could cause the disclosure of a sensitive information which could result in revealing protected source code and loss of confidentiality, When an authorized attacker accesses the source code for editing or compiling it...

6.8CVSS0.00012EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/14 4:54 p.m.6 views

CVE-2026-6332 Clear Text Storage of Sensitive Information on EcoStruxure™ Machine Expert HVAC

CWE-312: Cleartext Storage of Sensitive Information vulnerability exists that could cause the disclosure of a sensitive information which could result in revealing protected source code and loss of confidentiality, When an authorized attacker accesses the source code for editing or compiling it...

6.8CVSS5.8AI score0.00012EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.6 views

Schneider Electric Ecostruxure Machine Expert HVAC 安全漏洞

Schneider Electric Ecostruxure Machine Expert HVAC is a software platform developed by Schneider Electric, a French company, dedicated to the control and automation of heating, ventilation, and air conditioning equipment. Schneider Electric Ecostruxure Machine Expert HVAC has a security...

7.5CVSS5.8AI score0.00012EPSS
Exploits0References1
CVE
CVE
added 2026/05/12 1:59 p.m.24 views

CVE-2026-6866

CVE-2026-6866 affects EcoStruxure Panel Server and describes a CWE-1188 vulnerability where initialization of a resource with an insecure default could enable unauthorized authentication when credentials revert to initial settings. The threat scenario implies potential unauthorized disclosure of ...

8.2CVSS5.8AI score0.00062EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/12 1:59 p.m.7 views

CVE-2026-6866 Initialization of a Resource with an Insecure Default vulnerability on EcoStruxure™ Panel Server

CWE-1188 Initialization of a Resource with an Insecure Default vulnerability exists that could cause unauthorized disclosure of sensitive information when credentials revert to initial settings in rare circumstances, enabling unauthorized authentication using known credentials...

8.2CVSS5.8AI score0.00062EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/12 1:59 p.m.24 views

CVE-2026-6866 Initialization of a Resource with an Insecure Default vulnerability on EcoStruxure™ Panel Server

CWE-1188 Initialization of a Resource with an Insecure Default vulnerability exists that could cause unauthorized disclosure of sensitive information when credentials revert to initial settings in rare circumstances, enabling unauthorized authentication using known credentials...

8.2CVSS0.00062EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.4 views

Schneider Electric EcoStruxure Panel Server 安全漏洞

Schneider Electric EcoStruxure Panel Server is an IoT gateway developed by Schneider Electric of France, used for data collection and uploading. Schneider Electric EcoStruxure Panel Server has a security vulnerability that stems from the use of insecure default values during resource...

8.2CVSS5.8AI score0.00062EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.5 views

Schneider Electric多款产品 安全特征问题漏洞

Schneider Electric Easergy MiCOM Px40 Series are products of Schneider Electric, a French company. The Schneider Electric Easergy MiCOM Px40 Series consists of a series of power protection and control relay devices. The Schneider Electric Easergy MiCOM C264 is an industrial communication gateway...

8.7CVSS5.8AI score0.00066EPSS
Exploits0References1
CNVD
CNVD
added 2026/03/17 12:0 a.m.2 views

Schneider Electric EcoStruxure Foxboro DCS Code Issue Vulnerability

The Schneider Electric EcoStruxure Foxboro DCS is an innovative fault-tolerant, highly available control component from Schneider Electric, France. A code issue vulnerability exists in the Schneider Electric EcoStruxure Foxboro DCS, which can be exploited by an attacker to cause compromise of...

7CVSS5.9AI score0.00601EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/03/12 12:0 a.m.3 views

EcoStruxure IT Data Center Expert <= 9.0 Use of Hard-coded Credentials (SEVD-2026-069-05)

The version of EcoStruxure IT Data Center Expert installed on the remote host is 9.0 or prior. It is, therefore, affected by a vulnerability as referenced in the SEVD-2026-069-05 advisory. - Use of Hard-coded Credentials vulnerability exists that could cause information disclosure and remote code...

7.5CVSS6.3AI score0.00506EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/10 12:0 a.m.3 views

Schneider Electric EcoStruxure Automation Expert 代码注入漏洞

Schneider Electric EcoStruxure Automation Expert is a software platform for industrial automation systems from the French company Schneider Electric Schneider Electric. A code injection vulnerability exists in Schneider Electric EcoStruxure Automation Expert, which can be exploited by an attacker...

7.2CVSS5.9AI score0.00034EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/10 12:0 a.m.3 views

Schneider Electric EcoStruxure Foxboro DCS 代码问题漏洞

The Schneider Electric EcoStruxure Foxboro DCS is an innovative fault-tolerant, highly available control component from Schneider Electric, France. A code issue vulnerability exists in the Schneider Electric EcoStruxure Foxboro DCS, which can be exploited by an attacker to cause compromise of...

7CVSS6.1AI score0.00601EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2026/02/12 12:0 a.m.4 views

Schneider Electric EcoStruxure Power Build SSD File Parsing Memory Corruption Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric EcoStruxure Power Build. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exist...

7.8CVSS6.1AI score0.00044EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2026/02/12 12:0 a.m.3 views

Schneider Electric EcoStruxure Power Build SSD File Parsing Memory Corruption Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric EcoStruxure Power Build. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exist...

7.8CVSS6.1AI score0.00044EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2026/02/12 12:0 a.m.4 views

Schneider Electric EcoStruxure Power Build SSD File Parsing Memory Corruption Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric EcoStruxure Power Build. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exist...

7.8CVSS6.1AI score0.00044EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2026/02/12 12:0 a.m.5 views

Schneider Electric EcoStruxure Power Build SSD File Parsing Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric EcoStruxure Power Build. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exist...

7.8CVSS6.1AI score0.00044EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2026/02/12 12:0 a.m.5 views

Schneider Electric EcoStruxure Power Build SSD File Parsing Memory Corruption Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric EcoStruxure Power Build. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exist...

7.8CVSS6.1AI score0.00044EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2026/02/12 12:0 a.m.3 views

Schneider Electric EcoStruxure Power Build SSD File Parsing Memory Corruption Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric EcoStruxure Power Build. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exist...

7.8CVSS6.1AI score0.00044EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/23 12:0 a.m.5 views

PT-2026-4356

Name of the Vulnerable Software and Affected Versions Schneider Electric EcoStruxure Process Expert versions prior to 2025 Description An incorrect default permissions issue can lead to privilege escalation via a reverse shell. A local user with normal privileges can modify executable service...

7CVSS5.9AI score0.00021EPSS
Exploits0References2
Rows per page
Query Builder