Filtered by vendor Schneider-electric
Subscriptions
Filtered by product Ecostruxure Control Expert
Subscriptions
Total
25 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2020-7475 | 1 Schneider-electric | 6 Ecostruxure Control Expert, Modicon M340, Modicon M340 Firmware and 3 more | 2024-11-21 | 9.8 Critical |
A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'), reflective DLL, vulnerability exists in EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions), Modicon M340 (all versions prior to V3.20), Modicon M580 (all versions prior to V3.10), which, if exploited, could allow attackers to transfer malicious code to the controller. | ||||
CVE-2020-28213 | 1 Schneider-electric | 1 Ecostruxure Control Expert | 2024-11-21 | 8.8 High |
A CWE-494: Download of Code Without Integrity Check vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause unauthorized command execution when sending specially crafted requests over Modbus. | ||||
CVE-2020-28212 | 1 Schneider-electric | 1 Ecostruxure Control Expert | 2024-11-21 | 9.8 Critical |
A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause unauthorized command execution when a brute force attack is done over Modbus. | ||||
CVE-2020-28211 | 1 Schneider-electric | 1 Ecostruxure Control Expert | 2024-11-21 | 7.8 High |
A CWE-863: Incorrect Authorization vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause bypass of authentication when overwriting memory using a debugger. | ||||
CVE-2019-6855 | 1 Schneider-electric | 44 Ecostruxure Control Expert, Modicon M340 Bmxp341000, Modicon M340 Bmxp341000 Firmware and 41 more | 2024-11-21 | 7.3 High |
Incorrect Authorization vulnerability exists in EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions), Modicon M340 (all versions prior to V3.20) , and Modicon M580 (all versions prior to V3.10), which could cause a bypass of the authentication process between EcoStruxure Control Expert and the M340 and M580 controllers. |