270 matches found
Schneider Electric EcoStruxure Control Expert 代码问题漏洞
Schneider Electric EcoStruxure Control Expert formerly known as Unity Pro is a suite of programming software for Schneider Electric logic controller products from Schneider Electric, France. A code issue vulnerability exists in Schneider Electric EcoStruxure Control Expert that stems from imprope...
CVE-2022-45788
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause arbitrary code execution, denial of service and loss of confidentiality & integrity when a malicious project file is loaded onto the controller. Affected Products: EcoStruxure Control Expert All...
CVE-2022-45788
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause arbitrary code execution, denial of service and loss of confidentiality & integrity when a malicious project file is loaded onto the controller. Affected Products: EcoStruxure Control Expert All...
PT-2023-1079 · Schneider Electric · Modicon M580 Cpu +7
Name of the Vulnerable Software and Affected Versions: EcoStruxure Control Expert All Versions EcoStruxure Process Expert All Versions Modicon M340 CPU - part numbers BMXP34 All Versions Modicon M580 CPU - part numbers BMEP and BMEH All Versions Modicon M580 CPU Safety - part numbers BMEP58S and...
PT-2023-1236 · Schneider Electric · Ecostruxure Process Expert +4
Name of the Vulnerable Software and Affected Versions: EcoStruxure Control Expert versions prior to V2020 EcoStruxure Process Expert versions prior to V2020 Modicon M340 CPU versions prior to the latest version Modicon M580 CPU versions prior to the latest version Modicon M580 CPU Safety versions...
Schneider Electric EcoStruxure Control Expert, Process Expert, Modicon M340, M580 and M580 CPU (Update A)
1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely Vendor: Schneider Electric Equipment: EcoStruxure Control Expert, EcoStruxure Process Expert, Modicon M340 CPU, Modicon M580 CPU, Modicon Momentum Unity M1E Processor, Modicon MC80 Vulnerability: Authentication Bypass by...
Schneider Electric Modicon Weak Password Recovery Mechanism for Forgotten Password (CVE-2022-37300)
A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could cause unauthorized access in read and write mode to the controller when communicating over Modbus. Affected Products: EcoStruxure Control Expert Including all Unity Pro versions former name of...
CVE-2022-37302
A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause a crash of the Control Expert software when an incorrect project file is opened. Affected Products: EcoStruxure Control ExpertV15.1 HF001 and prior...
CVE-2022-37302
A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause a crash of the Control Expert software when an incorrect project file is opened. Affected Products: EcoStruxure Control ExpertV15.1 HF001 and prior...
Design/Logic Flaw
A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause a crash of the Control Expert software when an incorrect project file is opened. Affected Products: EcoStruxure Control ExpertV15.1 HF001 and prior...
CVE-2022-37302
CVE-2022-37302 affects Schneider Electric EcoStruxure Control Expert (formerly Unity Pro) and is described as CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer. The vulnerability can cause the Control Expert software to crash when opening an incorrect project file, ...
CVE-2022-37302
A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause a crash of the Control Expert software when an incorrect project file is opened. Affected Products: EcoStruxure Control ExpertV15.1 HF001 and prior...
Schneider Electric EcoStruxure Control Expert 缓冲区错误漏洞
Schneider Electric EcoStruxure Control Expert formerly known as Unity Pro is a suite of programming software for Schneider Electric logic controller products from Schneider Electric, France. A buffer error vulnerability exists in Schneider Electric EcoStruxure Control Expert version V15.1 HF001 a...
CVE-2022-37300
A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could cause unauthorized access in read and write mode to the controller when communicating over Modbus. Affected Products: EcoStruxure Control Expert Including all Unity Pro versions former name of...
Design/Logic Flaw
A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could cause unauthorized access in read and write mode to the controller when communicating over Modbus. Affected Products: EcoStruxure Control Expert Including all Unity Pro versions former name of...
CVE-2022-37300
A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could cause unauthorized access in read and write mode to the controller when communicating over Modbus. Affected Products: EcoStruxure Control Expert Including all Unity Pro versions former name of...
CVE-2022-37300
CVE-2022-37300 is a CWE-640 weakness (Weak Password Recovery Mechanism) that could allow unauthorized read/write access to Schneider Electric controllers over Modbus. Affected products and versions include EcoStruxure Control Expert (Unity Pro lineage) up to V15.0 SP1, EcoStruxure Process Expert ...
The vulnerability of the backup function for source files of projects in the target programming system, the EcoStruxure Control Expert programmable logic controllers, allows a perpetrator to execute arbitrary code or cause a service failure.
The vulnerability of the backup function for source files in the target programming system, the EcoStruxure Control Expert programmable logic controllers, is related to insufficient verification of input data. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code o...
The vulnerability of the PLC programming software EcoStruxure Control Expert, the automation system ProcessExpert, and the configuration software SCADAPack RemoteConnect lies in the insufficient protection of registration data, allowing unauthorized access by attackers to the device.
The vulnerabilities of the PLC programming software EcoStruxure Control Expert, the automation system ProcessExpert, and the configuration software SCADAPack RemoteConnect are related to insufficient protection for registration data. Exploiting these vulnerabilities can allow attackers to gain...
The vulnerability of the programming software for PLCs (programmable logic controllers), namely EcoStruxure Control Expert, arises from the execution of operations beyond the buffer boundaries in memory. This vulnerability allows a malicious actor to cause system failures.
The vulnerability of the EcoStruxure Control Expert programming tool for programmable logic controllers involves the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability could allow a malicious actor to cause a service failure...