31 matches found
CVE-2026-6332 Clear Text Storage of Sensitive Information on EcoStruxure™ Machine Expert HVAC
CWE-312: Cleartext Storage of Sensitive Information vulnerability exists that could cause the disclosure of a sensitive information which could result in revealing protected source code and loss of confidentiality, When an authorized attacker accesses the source code for editing or compiling it...
CVE-2026-6332
CVE-2026-6332 describes a plaintext storage of sensitive information vulnerability in Schneider Electric’s EcoStruxure Machine Expert HVAC platform. The issue centers on how sensitive data (potentially including protected source code) is stored, which could lead to confidentiality loss if an auth...
Schneider Electric Ecostruxure Machine Expert HVAC 安全漏洞
Schneider Electric Ecostruxure Machine Expert HVAC is a software platform developed by Schneider Electric, a French company, dedicated to the control and automation of heating, ventilation, and air conditioning equipment. Schneider Electric Ecostruxure Machine Expert HVAC has a security...
CVE-2021-22705
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause denial of service or unauthorized access to system information when interacting directly with a driver installed by Vijeo Designer or EcoStruxure Machine Expert...
EUVD-2020-28614
Malware in sbrugna...
EUVD-2022-35208
Malicious code in bioql PyPI...
EUVD-2021-9840
Malicious code in bioql PyPI...
CVE-2022-2988
A CWE-787: Out-of-bounds Write vulnerability exists that could cause sensitive information leakage when accessing a malicious web page from the commissioning software. Affected Products: SoMachine HVAC Versions prior to V2.1.0, EcoStruxure Machine Expert – HVAC Versions prior to V1.4.0...
CVE-2021-22704
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists in Harmony/HMI Products Configured by Vijeo Designer all versions prior to V6.2 SP11 , Vijeo Designer Basic all versions prior to V1.2, or EcoStruxure Machine Expert all versions prior to V2.0 that could...
CVE-2020-7489
A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' vulnerability exists on EcoStruxure Machine Expert – Basic or SoMachine Basic programming software versions in security notification. The result of this vulnerability, DLL substitution, coul...
Schneider Electric Modicon M221 Programmable Logic Controller Inadequate Encryption Strength (CVE-2020-7565)
A CWE-326: Inadequate Encryption Strength vulnerability exists in Modicon M221 all references, all versions that could allow the attacker to break the encryption key when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller. This plugin on...
Wago PLC Cycle Time Influences Uncontrolled Resource Consumption (CVE-2019-10953)
ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - Programmable Logic Controllers, multiple versions. Researchers have found some controllers are susceptible to a denial-of-service attack due to a flood of network packets. This plugin only works with Tenable.ot. Please visit...
CVE-2022-2988
A CWE-787: Out-of-bounds Write vulnerability exists that could cause sensitive information leakage when accessing a malicious web page from the commissioning software. Affected Products: SoMachine HVAC Versions prior to V2.1.0, EcoStruxure Machine Expert – HVAC Versions prior to V1.4.0...
CVE-2022-2988
A CWE-787: Out-of-bounds Write vulnerability exists that could cause sensitive information leakage when accessing a malicious web page from the commissioning software. Affected Products: SoMachine HVAC Versions prior to V2.1.0, EcoStruxure Machine Expert – HVAC Versions prior to V1.4.0...
Out-of-bounds
A CWE-787: Out-of-bounds Write vulnerability exists that could cause sensitive information leakage when accessing a malicious web page from the commissioning software. Affected Products: SoMachine HVAC Versions prior to V2.1.0, EcoStruxure Machine Expert – HVAC Versions prior to V1.4.0...
CVE-2022-2988
A CWE-787: Out-of-bounds Write vulnerability exists that could cause sensitive information leakage when accessing a malicious web page from the commissioning software. Affected Products: SoMachine HVAC Versions prior to V2.1.0, EcoStruxure Machine Expert – HVAC Versions prior to V1.4.0...
CVE-2022-2988
The CVE-2022-2988 entry concerns a CWE-787 Out-of-bounds Write vulnerability in Schneider Electric SoMachine HVAC and EcoStruxure Machine Expert – HVAC. Affects SoMachine HVAC prior to V2.1.0 and EcoStruxure Machine Expert – HVAC prior to V1.4.0. Root cause/impact: when a malicious web page is ac...
CVE-2022-2988
A CWE-787: Out-of-bounds Write vulnerability exists that could cause sensitive information leakage when accessing a malicious web page from the commissioning software. Affected Products: SoMachine HVAC Versions prior to V2.1.0, EcoStruxure Machine Expert – HVAC Versions prior to V1.4.0...
Phoenix Contact PLC Cycle Time Influences Uncontrolled Resource Consumption (CVE-2019-10953)
ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - Programmable Logic Controllers, multiple versions. Researchers have found some controllers are susceptible to a denial-of-service attack due to a flood of network packets. This plugin only works with Tenable.ot. Please visit...
CVE-2021-22704
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists in Harmony/HMI Products Configured by Vijeo Designer all versions prior to V6.2 SP11 , Vijeo Designer Basic all versions prior to V1.2, or EcoStruxure Machine Expert all versions prior to V2.0 that could...