44 matches found
Wago PLC Cycle Time Influences Uncontrolled Resource Consumption (CVE-2019-10953)
ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - Programmable Logic Controllers, multiple versions. Researchers have found some controllers are susceptible to a denial-of-service attack due to a flood of network packets. This plugin only works with Tenable.ot. Please visit...
Schneider Electric Modicon M221 Programmable Logic Controller Inadequate Encryption Strength (CVE-2020-7565)
A CWE-326: Inadequate Encryption Strength vulnerability exists in Modicon M221 all references, all versions that could allow the attacker to break the encryption key when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller. This plugin on...
The vulnerability of the SoMachine and EcoStruxure Machine Expert programming devices lies in the lack of protection for operational data, which allows attackers to disclose the protected information.
The vulnerability of the SoMachine and EcoStruxure Machine Expert logic controller programs lies in the lack of protection for operational data. Exploiting this vulnerability allows a malicious actor to disclose sensitive information by sending certain messages to the server’s TCP port through th...
CVE-2022-2988
A CWE-787: Out-of-bounds Write vulnerability exists that could cause sensitive information leakage when accessing a malicious web page from the commissioning software. Affected Products: SoMachine HVAC Versions prior to V2.1.0, EcoStruxure Machine Expert – HVAC Versions prior to V1.4.0...
CVE-2022-2988
A CWE-787: Out-of-bounds Write vulnerability exists that could cause sensitive information leakage when accessing a malicious web page from the commissioning software. Affected Products: SoMachine HVAC Versions prior to V2.1.0, EcoStruxure Machine Expert – HVAC Versions prior to V1.4.0...
Out-of-bounds
A CWE-787: Out-of-bounds Write vulnerability exists that could cause sensitive information leakage when accessing a malicious web page from the commissioning software. Affected Products: SoMachine HVAC Versions prior to V2.1.0, EcoStruxure Machine Expert – HVAC Versions prior to V1.4.0...
CVE-2022-2988
A CWE-787: Out-of-bounds Write vulnerability exists that could cause sensitive information leakage when accessing a malicious web page from the commissioning software. Affected Products: SoMachine HVAC Versions prior to V2.1.0, EcoStruxure Machine Expert – HVAC Versions prior to V1.4.0...
CVE-2022-2988
The CVE-2022-2988 entry concerns a CWE-787 Out-of-bounds Write vulnerability in Schneider Electric SoMachine HVAC and EcoStruxure Machine Expert – HVAC. Affects SoMachine HVAC prior to V2.1.0 and EcoStruxure Machine Expert – HVAC prior to V1.4.0. Root cause/impact: when a malicious web page is ac...
CVE-2022-2988
A CWE-787: Out-of-bounds Write vulnerability exists that could cause sensitive information leakage when accessing a malicious web page from the commissioning software. Affected Products: SoMachine HVAC Versions prior to V2.1.0, EcoStruxure Machine Expert – HVAC Versions prior to V1.4.0...
Phoenix Contact PLC Cycle Time Influences Uncontrolled Resource Consumption (CVE-2019-10953)
ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - Programmable Logic Controllers, multiple versions. Researchers have found some controllers are susceptible to a denial-of-service attack due to a flood of network packets. This plugin only works with Tenable.ot. Please visit...
Schneider Electric SESU
1. EXECUTIVE SUMMARY CVSS v3 3.8 ATTENTION: Low attack complexity Vendor: Schneider Electric Equipment: Schneider Electric Software Update SESU Vulnerability: Insufficient Entropy 2. RISK EVALUATION Successful exploitation of this vulnerability could cause unintended connection from an internal...
CVE-2021-22704
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists in Harmony/HMI Products Configured by Vijeo Designer all versions prior to V6.2 SP11 , Vijeo Designer Basic all versions prior to V1.2, or EcoStruxure Machine Expert all versions prior to V2.0 that could...
多款 Schneider Electric 产品路径遍历漏洞
Schneider Electric EcoStruxure Machine Expert-Basic and others are products of Schneider Electric, France.Schneider Electric EcoStruxure Machine Expert-Basic is a PLC configuration application. Schneider Electric EcoStruxure Machine Expert-Basic is a PLC configuration application program.Schneide...
CVE-2021-22705
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause denial of service or unauthorized access to system information when interacting directly with a driver installed by Vijeo Designer or EcoStruxure Machine Expert...
CVE-2021-22705
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause denial of service or unauthorized access to system information when interacting directly with a driver installed by Vijeo Designer or EcoStruxure Machine Expert...
Design/Logic Flaw
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause denial of service or unauthorized access to system information when interacting directly with a driver installed by Vijeo Designer or EcoStruxure Machine Expert...
CVE-2021-22705
CVE-2021-22705 describes an Improper Restriction of Operations within the Bounds of a Memory Buffer that could allow denial of service or unauthorized access to system information when interacting with a driver installed by Schneider Electric’s Vijeo Designer or EcoStruxure Machine Expert. The co...
CVE-2021-22705
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause denial of service or unauthorized access to system information when interacting directly with a driver installed by Vijeo Designer or EcoStruxure Machine Expert...
Bugs in Critical Infrastructure Gear Allow Sophisticated Cyberattacks
Two security vulnerabilities in Schneider Electric’s programmable logic controllers PLCs could allow attackers to compromise a PLC and move on to more sophisticated critical infrastructure attacks. PLCs are key pieces of equipment in environments such as electric utilities and factories. They...
Schneider Electric EcoStruxure Machine Expert-Basic or SoMachine Basic Injection Vulnerability
Schneider Electric EcoStruxure Machine Expert-Basic and SoMachine Basic are both products of Schneider Electric, France.Schneider Electric EcoStruxure Machine Expert-Basic is a PLC configuration application. The program is mainly used for programmable logic controller configuration, programming a...