Lucene search
K

270 matches found

CNNVD
CNNVD
added 2023/01/30 12:0 a.m.5 views

Schneider Electric EcoStruxure Control Expert 代码问题漏洞

Schneider Electric EcoStruxure Control Expert formerly known as Unity Pro is a suite of programming software for Schneider Electric logic controller products from Schneider Electric, France. A code issue vulnerability exists in Schneider Electric EcoStruxure Control Expert that stems from imprope...

9.8CVSS8.9AI score0.01163EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/01/30 12:0 a.m.12 views

CVE-2022-45788

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause arbitrary code execution, denial of service and loss of confidentiality & integrity when a malicious project file is loaded onto the controller. Affected Products: EcoStruxure Control Expert All...

7.5CVSS9.6AI score0.01163EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/01/30 12:0 a.m.40 views

CVE-2022-45788

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause arbitrary code execution, denial of service and loss of confidentiality & integrity when a malicious project file is loaded onto the controller. Affected Products: EcoStruxure Control Expert All...

7.5CVSS9.7AI score0.01163EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/01/10 12:0 a.m.4 views

PT-2023-1079 · Schneider Electric · Modicon M580 Cpu +7

Name of the Vulnerable Software and Affected Versions: EcoStruxure Control Expert All Versions EcoStruxure Process Expert All Versions Modicon M340 CPU - part numbers BMXP34 All Versions Modicon M580 CPU - part numbers BMEP and BMEH All Versions Modicon M580 CPU Safety - part numbers BMEP58S and...

9.8CVSS9.7AI score0.01163EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2023/01/10 12:0 a.m.4 views

PT-2023-1236 · Schneider Electric · Ecostruxure Process Expert +4

Name of the Vulnerable Software and Affected Versions: EcoStruxure Control Expert versions prior to V2020 EcoStruxure Process Expert versions prior to V2020 Modicon M340 CPU versions prior to the latest version Modicon M580 CPU versions prior to the latest version Modicon M580 CPU Safety versions...

9.8CVSS9.3AI score0.01443EPSS
Exploits0References10
ICS
ICS
added 2023/01/10 12:0 a.m.73 views

Schneider Electric EcoStruxure Control Expert, Process Expert, Modicon M340, M580 and M580 CPU (Update A)

1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely Vendor: Schneider Electric Equipment: EcoStruxure Control Expert, EcoStruxure Process Expert, Modicon M340 CPU, Modicon M580 CPU, Modicon Momentum Unity M1E Processor, Modicon MC80 Vulnerability: Authentication Bypass by...

9.8CVSS7.5AI score0.01443EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2022/09/15 12:0 a.m.35 views

Schneider Electric Modicon Weak Password Recovery Mechanism for Forgotten Password (CVE-2022-37300)

A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could cause unauthorized access in read and write mode to the controller when communicating over Modbus. Affected Products: EcoStruxure Control Expert Including all Unity Pro versions former name of...

9.8CVSS8.3AI score0.00659EPSS
Exploits0References2
OSV
OSV
added 2022/09/13 10:15 a.m.5 views

CVE-2022-37302

A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause a crash of the Control Expert software when an incorrect project file is opened. Affected Products: EcoStruxure Control ExpertV15.1 HF001 and prior...

5.5CVSS5.8AI score0.00189EPSS
Exploits0References1
NVD
NVD
added 2022/09/13 10:15 a.m.27 views

CVE-2022-37302

A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause a crash of the Control Expert software when an incorrect project file is opened. Affected Products: EcoStruxure Control ExpertV15.1 HF001 and prior...

5.5CVSS0.00189EPSS
Exploits0References1
Prion
Prion
added 2022/09/13 10:15 a.m.21 views

Design/Logic Flaw

A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause a crash of the Control Expert software when an incorrect project file is opened. Affected Products: EcoStruxure Control ExpertV15.1 HF001 and prior...

1.9CVSS5.6AI score0.00189EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/09/13 9:35 a.m.76 views

CVE-2022-37302

CVE-2022-37302 affects Schneider Electric EcoStruxure Control Expert (formerly Unity Pro) and is described as CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer. The vulnerability can cause the Control Expert software to crash when opening an incorrect project file, ...

5.5CVSS5.5AI score0.00189EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/09/13 9:35 a.m.28 views

CVE-2022-37302

A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause a crash of the Control Expert software when an incorrect project file is opened. Affected Products: EcoStruxure Control ExpertV15.1 HF001 and prior...

5.5CVSS5.8AI score0.00189EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/09/13 12:0 a.m.5 views

Schneider Electric EcoStruxure Control Expert 缓冲区错误漏洞

Schneider Electric EcoStruxure Control Expert formerly known as Unity Pro is a suite of programming software for Schneider Electric logic controller products from Schneider Electric, France. A buffer error vulnerability exists in Schneider Electric EcoStruxure Control Expert version V15.1 HF001 a...

5.5CVSS6AI score0.00189EPSS
Exploits0References2
OSV
OSV
added 2022/09/12 6:15 p.m.3 views

CVE-2022-37300

A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could cause unauthorized access in read and write mode to the controller when communicating over Modbus. Affected Products: EcoStruxure Control Expert Including all Unity Pro versions former name of...

9.8CVSS5.8AI score0.00659EPSS
Exploits0References1
Prion
Prion
added 2022/09/12 6:15 p.m.21 views

Design/Logic Flaw

A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could cause unauthorized access in read and write mode to the controller when communicating over Modbus. Affected Products: EcoStruxure Control Expert Including all Unity Pro versions former name of...

7.5CVSS9.1AI score0.00659EPSS
Exploits0References1Affected Software36
Cvelist
Cvelist
added 2022/09/12 5:40 p.m.42 views

CVE-2022-37300

A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could cause unauthorized access in read and write mode to the controller when communicating over Modbus. Affected Products: EcoStruxure Control Expert Including all Unity Pro versions former name of...

9.8CVSS9.5AI score0.00659EPSS
Exploits0References1
CVE
CVE
added 2022/09/12 5:40 p.m.80 views

CVE-2022-37300

CVE-2022-37300 is a CWE-640 weakness (Weak Password Recovery Mechanism) that could allow unauthorized read/write access to Schneider Electric controllers over Modbus. Affected products and versions include EcoStruxure Control Expert (Unity Pro lineage) up to V15.0 SP1, EcoStruxure Process Expert ...

9.8CVSS9.1AI score0.00659EPSS
Exploits0References1Affected Software2
BDU FSTEC
BDU FSTEC
added 2022/08/18 12:0 a.m.8 views

The vulnerability of the backup function for source files of projects in the target programming system, the EcoStruxure Control Expert programmable logic controllers, allows a perpetrator to execute arbitrary code or cause a service failure.

The vulnerability of the backup function for source files in the target programming system, the EcoStruxure Control Expert programmable logic controllers, is related to insufficient verification of input data. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code o...

10CVSS8.2AI score0.00648EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2022/08/16 12:0 a.m.5 views

The vulnerability of the PLC programming software EcoStruxure Control Expert, the automation system ProcessExpert, and the configuration software SCADAPack RemoteConnect lies in the insufficient protection of registration data, allowing unauthorized access by attackers to the device.

The vulnerabilities of the PLC programming software EcoStruxure Control Expert, the automation system ProcessExpert, and the configuration software SCADAPack RemoteConnect are related to insufficient protection for registration data. Exploiting these vulnerabilities can allow attackers to gain...

7.1CVSS7.1AI score0.00217EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2022/08/15 12:0 a.m.6 views

The vulnerability of the programming software for PLCs (programmable logic controllers), namely EcoStruxure Control Expert, arises from the execution of operations beyond the buffer boundaries in memory. This vulnerability allows a malicious actor to cause system failures.

The vulnerability of the EcoStruxure Control Expert programming tool for programmable logic controllers involves the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability could allow a malicious actor to cause a service failure...

7.8CVSS6.3AI score0.00189EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder