Ecostruxure Control Expert

ecostruxure_control_expert

CVEs (26)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-7538 1Schneider Electric 1Ecostruxure Control Expert Nov 21, 2024 Nov 19, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause a crash of the PLC simulator present in...Show more A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause a crash of the PLC simulator present in EcoStruxureª Control Expert software when receiving a specially crafted request over Modbus.Show less
CVE-2020-28213 1Schneider Electric 1Ecostruxure Control Expert Nov 21, 2024 Nov 19, 2020 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A CWE-494: Download of Code Without Integrity Check vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause unauthorized command execution when sending special...Show more A CWE-494: Download of Code Without Integrity Check vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause unauthorized command execution when sending specially crafted requests over Modbus.Show less
CVE-2020-28212 1Schneider Electric 1Ecostruxure Control Expert Nov 21, 2024 Nov 19, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause unauthorized command execution whe...Show more A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause unauthorized command execution when a brute force attack is done over Modbus.Show less
CVE-2020-28211 1Schneider Electric 1Ecostruxure Control Expert Nov 21, 2024 Nov 19, 2020 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 A CWE-863: Incorrect Authorization vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause bypass of authentication when overwriting memory using a debugger.
CVE-2020-7475 1Schneider Electric 4Ecostruxure Control Expert Modicon M340 FirmwareModicon M580 Firmware+1 more Nov 21, 2024 Mar 23, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'), reflective DLL, vulnerability exists in EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity...Show more A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'), reflective DLL, vulnerability exists in EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions), Modicon M340 (all versions prior to V3.20), Modicon M580 (all versions prior to V3.10), which, if exploited, could allow attackers to transfer malicious code to the controller.Show less
CVE-2019-6855 1Schneider Electric 23Ecostruxure Control Expert Modicon M340 Bmxp341000 FirmwareModicon M340 Bmxp342000 Firmware+20 more Nov 21, 2024 Jan 6, 2020 N/A· v4 7.3 HIGH· v3 7.5 HIGH· v2 Incorrect Authorization vulnerability exists in EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions), Modicon M340 (all versions prior to V3.20) , and Modicon M580 (all versions prior...Show more Incorrect Authorization vulnerability exists in EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions), Modicon M340 (all versions prior to V3.20) , and Modicon M580 (all versions prior to V3.10), which could cause a bypass of the authentication process between EcoStruxure Control Expert and the M340 and M580 controllers.Show less

Previous 12