4 matches found
CVE-2020-28212
A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists in PLC Simulator on EcoStruxureª Control Expert now Unity Pro all versions that could cause unauthorized command execution when a brute force attack is done over Modbus...
CVE-2020-28212
creationtimestamp| type| source ---|---|--- 2022-09-29 14:00:07+00:00| seen| https://t.me/truesecator/3489...
The secrets of Schneider Electric’s UMAS protocol
UMAS Unified Messaging Application Services is a proprietary Schneider Electric SE protocol used to configure and monitor Schneider Electric PLCs. Schneider Electric controllers that use UMAS include Modicon M580 CPU part numbers BMEP and BMEH and Modicon M340 CPU part numbers BMXP34. Controllers...
CVE-2020-28212
CVE-2020-28212 describes an authentication- bypass risk in EcoStruxure Control Expert PLC Simulator (Unity Pro) via brute-forcing Modbus sessions. Root cause: CWE-307 improper restriction of excessive authentication attempts, enabling a remote attacker to gain unauthorized command execution with ...