PT-2026-4356

Name of the Vulnerable Software and Affected Versions Schneider Electric EcoStruxure Process Expert versions prior to 2025 Description An incorrect default permissions issue can lead to privilege escalation via a reverse shell. A local user with normal privileges can modify executable service...

CVE-2021-22781

Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert all versions prior to V15.0 SP1, including all versions of Unity Pro, EcoStruxure Process Expert all versions, including all versions of EcoStruxure Hybrid DCS, and SCADAPack RemoteConnect for x70, all version...

CVE-2021-22789

A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU part numbers BM...

CVE-2021-22782

Missing Encryption of Sensitive Data vulnerability exists in EcoStruxure Control Expert all versions prior to V15.0 SP1, including all versions of Unity Pro, EcoStruxure Process Expert all versions, including all versions of EcoStruxure Hybrid DCS, and SCADAPack RemoteConnect for x70, all version...

EUVD-2021-9913

Malicious code in bioql PyPI...

EUVD-2021-9932

Malicious code in bioql PyPI...

EUVD-2022-29221

Malicious code in bioql PyPI...

CVE-2022-24323

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause a disruption of communication between the Modicon controller and the engineering software, when an attacker is able to intercept and manipulate specific Modbus response data. Affected Product:...

Schneider Electric EcoStruxure Process Expert 安全漏洞

Schneider Electric EcoStruxure Process Expert is a next-generation process automation system for designing, operating, and maintaining entire plants from Schneider Electric, France. A security vulnerability exists in Schneider Electric EcoStruxure Process Expert that stems from the inclusion of a...

PT-2025-6780 · Schneider Electric · Ecostruxure Process Expert

Name of the Vulnerable Software and Affected Versions: EcoStruxure Process Expert version 2020R2 Description: The issue is related to improper privilege management, affecting two services, one of which manages audit trail data and the other acts as a server managing client requests. This could le...

CVE-2021-22797

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal vulnerability exists that could cause malicious script to be deployed in an unauthorized location and may result in code execution on the engineering workstation when a malicious project file is loaded in the...

Schneider Electric EcoStruxure Control Expert, EcoStruxure Process Expert, and Modicon M340, M580 and M580 Safety PLCs Improper Enforcement of Message Integrity During Transmission in a Communication Channel (CVE-2023-6408)

CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability exists that could cause a denial of service and loss of confidentiality, integrity of controllers when conducting a Man in the Middle attack. This plugin only works with Tenable.ot...

The vulnerability of the programming tools for programmable logic controllers (PLCs), EcoStruxure Control Expert and EcoStruxure Process Expert, arises from insufficient protection of registration data. This allows a malicious individual to gain unauthorized access to the project file.

The vulnerability of the programming tools for programmable logic controllers PLCs, EcoStruxure Control Expert and EcoStruxure Process Expert, is related to insufficient protection of registration data. Exploiting this vulnerability can allow an intruder to gain unauthorized access to the project...

The vulnerability of the programming tools for PLCs (programmable logic controllers), namely EcoStruxure Control Expert and EcoStruxure Process Expert, arises from the use of strictly encrypted audit data. This vulnerability allows a malicious individual to gain unauthorized access to the project file.

The vulnerability of the programming interfaces for PLCs programmable logic controllers, namely EcoStruxure Control Expert and EcoStruxure Process Expert, lies in the use of strictly encrypted configuration data. Exploiting this vulnerability could allow an intruder to gain unauthorized access to...

PT-2024-1606 · Schneider Electric · M580 Cpu Bmeh +4

Name of the Vulnerable Software and Affected Versions: Schneider Electric Modicon M340 CPU BMXP34, M580 CPU BMEP, M580 CPU BMEH, M580 CPU Safety BMEP58S, M580 CPU Safety BMEH58S versions affected versions not specified EcoStruxure Control Expert versions affected versions not specified EcoStruxur...

The vulnerabilities of the microprogramming software for Schneider Electric Modicon M340 CPU BMXP34, M580 CPU BMEP, M580 CPU BMEH, M580 CPU Safety BMEP58*S, and M580 CPU Safety BMEH58*S, as well as the programming tools EcoStruxure Control Expert and EcoStruxure Process Expert, allow a attacker to execute a “man-in-the-middle” attack.

The vulnerability of microprogrammed logic controllers PLCs from Schneider Electric, such as the Modicon M340 CPU BMXP34, M580 CPU BMEP, M580 CPU BMEH, M580 CPU Safety BMEP58S, and M580 CPU Safety BMEH58S, as well as the PLC programming software EcoStruxure Control Expert and EcoStruxure Process...

The vulnerabilities of microprogrammed logic controllers such as Modicon M580, Modicon M340, Modicon MC80, Modicon Momentum Ethernet, Modicon Quantum, Modicon Premium, and the programming software for these controllers—EcoStruxure Control Expert and EcoStruxure Process Expert—allow a hacker to trigger malfunctions during maintenance operations.

The vulnerability of microprogrammed logic controllers such as Modicon M580, Modicon M340, Modicon MC80, Modicon Momentum Ethernet, Modicon Quantum, Modicon Premium, and the programming software for these controllers—EcoStruxure Control Expert and EcoStruxure Process Expert—is related to reading...

The vulnerabilities of microprogrammed logic controllers such as Modicon M580, Modicon M340, Modicon MC80, Modicon Momentum Ethernet, Modicon Quantum, Modicon Premium, and the programming software for these controllers—EcoStruxure Control Expert and EcoStruxure Process Expert—allow a hacker to trigger malfunctions during maintenance operations.

The vulnerability of microprogrammed logic controllers such as Modicon M580, Modicon M340, Modicon MC80, Modicon Momentum Ethernet, Modicon Quantum, Modicon Premium, and the programming software for these controllers—EcoStruxure Control Expert and EcoStruxure Process Expert—is related to the...

The vulnerability of the microprogramming software of Modicon PAC controllers and PLCs included in EcoStruxure Control Expert and EcoStruxure Process Expert allows a intruder to trigger maintenance failures.

The vulnerability of the microprogramming software of Modicon PAC controllers and PLCs included in EcoStruxure Control Expert and EcoStruxure Process Expert lies in the storage of data beyond the buffer boundaries. Exploiting this vulnerability could allow a malicious actor to trigger service...

The vulnerability of the programming software for PLCs (programmable logic controllers), namely EcoStruxure Control Expert, and the automation system for technological processes, EcoStruxure Process Expert, allows a intruder to gain unauthorized access to SMTP account data.

The vulnerability of the programming software for PLCs programmable logic controllers, as well as the EcoStruxure Process Expert automation system, is related to insufficient protection for registration data. Exploiting this vulnerability could allow attackers to gain unauthorized access to SMTP...