33 matches found
CVE-2024-10083
CWE-20: Improper Input Validation vulnerability exists that could cause denial of service of engineering workstation when specific driver interface is invoked locally by an authenticated user with crafted input...
PT-2025-6780 · Schneider Electric · Ecostruxure Process Expert
Name of the Vulnerable Software and Affected Versions: EcoStruxure Process Expert version 2020R2 Description: The issue is related to improper privilege management, affecting two services, one of which manages audit trail data and the other acts as a server managing client requests. This could le...
CVE-2024-8935
CWE-290: Authentication Bypass by Spoofing vulnerability exists that could cause a denial of service and loss of confidentiality and integrity of controllers when conducting a Man-In-The-Middle attack between the controller and the engineering workstation while a valid user is establishing a...
CVE-2024-8935
CVE-2024-8935 affects Schneider Electric Modicon M340, MC80, and Momentum Unity M1E. The issue is an Authentication Bypass by Spoofing enabling a Man-In-The-Middle attack during a controller–engineering workstation session, due to DH-based vulnerability that does not protect against MITM. Consequ...
CVE-2024-8935
CWE-290: Authentication Bypass by Spoofing vulnerability exists that could cause a denial of service and loss of confidentiality and integrity of controllers when conducting a Man-In-The-Middle attack between the controller and the engineering workstation while a valid user is establishing a...
AutomationDirect P3-550E Programming Software Connection FiBurn heap-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2024-1936 AutomationDirect P3-550E Programming Software Connection FiBurn heap-based buffer overflow vulnerability May 28, 2024 CVE Number CVE-2024-24851 SUMMARY A heap-based buffer overflow vulnerability exists in the Programming Software Connection FiBurn...
CVE-2023-27975
CWE-522: Insufficiently Protected Credentials vulnerability exists that could cause unauthorized access to the project file in EcoStruxure Control Expert when a local user tampers with the memory of the engineering workstation...
Design/Logic Flaw
CWE-522: Insufficiently Protected Credentials vulnerability exists that could cause unauthorized access to the project file in EcoStruxure Control Expert when a local user tampers with the memory of the engineering workstation...
PT-2024-2809 · Schneider Electric · Ecostruxure Process Expert +1
Name of the Vulnerable Software and Affected Versions: EcoStruxure Control Expert affected versions not specified EcoStruxure Process Expert affected versions not specified Description: A vulnerability exists that could cause unauthorized access to the project file when a local user tampers with...
CVE-2022-30316
Honeywell Experion PKS Safety Manager 5.02 has Insufficient Verification of Data Authenticity. According to FSCT-2022-0054, there is a Honeywell Experion PKS Safety Manager unauthenticated firmware update issue. The affected components are characterized as: Firmware update functionality. The...
CVE-2021-22797
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal vulnerability exists that could cause malicious script to be deployed in an unauthorized location and may result in code execution on the engineering workstation when a malicious project file is loaded in the...
CVE-2020-7520
A CWE-601: URL Redirection to Untrusted Site 'Open Redirect' vulnerability exists in Schneider Electric Software Update SESU, V2.4.0 and prior, which could cause execution of malicious code on the victim's machine. In order to exploit this vulnerability, an attacker requires privileged access on...
Open redirect
A CWE-601: URL Redirection to Untrusted Site 'Open Redirect' vulnerability exists in Schneider Electric Software Update SESU, V2.4.0 and prior, which could cause execution of malicious code on the victim's machine. In order to exploit this vulnerability, an attacker requires privileged access on...