CVE-2020-28213

A CWE-494: Download of Code Without Integrity Check vulnerability exists in PLC Simulator on EcoStruxureª Control Expert now Unity Pro all versions that could cause unauthorized command execution when sending specially crafted requests over Modbus...

Authentication flaw

A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists in PLC Simulator on EcoStruxureª Control Expert now Unity Pro all versions that could cause unauthorized command execution when a brute force attack is done over Modbus...

Design/Logic Flaw

A CWE-494: Download of Code Without Integrity Check vulnerability exists in PLC Simulator on EcoStruxureª Control Expert now Unity Pro all versions that could cause unauthorized command execution when sending specially crafted requests over Modbus...

Design/Logic Flaw

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in PLC Simulator on EcoStruxureª Control Expert now Unity Pro all versions that could cause a crash of the PLC simulator present in EcoStruxureª Control Expert software when receiving a specially crafted request...

Buffer overflow

A CWE-120: Buffer Copy without Checking Size of Input 'Classic Buffer Overflow' vulnerability exists in PLC Simulator on EcoStruxureª Control Expert now Unity Pro all versions that could cause a crash of the PLC simulator present in EcoStruxureª Control Expert software when receiving a specially...

CVE-2020-7559

Schneider Electric EcoStruxure Control Expert PLC Simulator Modbus processing vulnerability (CVE-2020-7559) is a stack-based buffer overflow in the Modbus message handling path. In the TALOS report, a large Modbus request can be written into a stack buffer of 0x8000 bytes via memcpy without lengt...

CVE-2020-7559

A CWE-120: Buffer Copy without Checking Size of Input 'Classic Buffer Overflow' vulnerability exists in PLC Simulator on EcoStruxureª Control Expert now Unity Pro all versions that could cause a crash of the PLC simulator present in EcoStruxureª Control Expert software when receiving a specially...

CVE-2020-7538

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in PLC Simulator on EcoStruxureª Control Expert now Unity Pro all versions that could cause a crash of the PLC simulator present in EcoStruxureª Control Expert software when receiving a specially crafted request...

CVE-2020-7538

CVE-2020-7538 affects the PLC Simulator for EcoStruxure Control Expert (Unity Pro) across all versions. The flaw is CWE-754: Improper Check for Unusual or Exceptional Conditions, which could crash the PLC simulator when it receives a specially crafted Modbus request. Affected: PLC Simulator for E...

CVE-2020-28213

A CWE-494: Download of Code Without Integrity Check vulnerability exists in PLC Simulator on EcoStruxureª Control Expert now Unity Pro all versions that could cause unauthorized command execution when sending specially crafted requests over Modbus...

CVE-2020-28213

Across multiple sources, CVE-2020-28213 affects Schneider Electric EcoStruxure Control Expert (Unity Pro) PLC Simulator, with the flaw lying in downloading code without integrity checking via Modbus. The vulnerability allows unauthorized command execution on all versions, as reported in CVE recor...

CVE-2020-28212

CVE-2020-28212 describes an authentication- bypass risk in EcoStruxure Control Expert PLC Simulator (Unity Pro) via brute-forcing Modbus sessions. Root cause: CWE-307 improper restriction of excessive authentication attempts, enabling a remote attacker to gain unauthorized command execution with ...

CVE-2020-28212

A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists in PLC Simulator on EcoStruxureª Control Expert now Unity Pro all versions that could cause unauthorized command execution when a brute force attack is done over Modbus...

Schneider Electric EcoStruxure Control Expert 授权问题漏洞

EcoStruxure Control Expert is the universal programming, debugging and operating software for the Modicon M340, M580, M580S, Premium, Momentum and Quantum series. A security vulnerability exists in PLC Simulator in EcoStruxure Control Expert. The vulnerability can be exploited by an attacker to...

Schneider Electric Unity Pro 安全漏洞

Schneider Electric EcoStruxure Control Expert is the universal programming, commissioning and operating software for the Modicon M340, M580, M580S, Premium, Momentum and Quantum series. A command execution vulnerability exists in Schneider Electric EcoStruxure Control Expert. The vulnerability...

PT-2020-6317 · Schneider Electric · Ecostruxure Control Expert

Name of the Vulnerable Software and Affected Versions: EcoStruxure Control Expert all versions Description: The issue is related to the lack of restrictions on authentication attempts, which could allow a remote attacker to bypass the authentication procedure. This vulnerability may lead to...

Schneider Electric EcoStruxure Control Expert Security Vulnerability

Schneider Electric EcoStruxure Control Expert formerly known as Unity Pro is a suite of programming software for Schneider Electric logic controller products from Schneider Electric, France. A security vulnerability exists in EcoStruxure Control Expert that stems from a specially crafted request...

isf

This is a Python-based framework for Industrial Control System ICS exploitation, similar to Metasploit. It's called ICSSploit and is a fork of the routersploit project. The framework is designed to be used for penetration testing and vulnerability assessment of industrial control systems. The...

Schneider Electric EcoStruxure Control Expert PLC Denial of Service Vulnerability

Schneider Electric EcoStruxure Control Expert formerly Unity Pro is a suite of programming software for Schneider Electric logic controller products from Schneider Electric, France. A denial of service vulnerability exists in EcoStruxure Control Expert's PLC simulator, which originates when a...

isf1

This is an offensive tool for Industrial Control Systems ICS exploitation. It is a Python-based framework, similar to Metasploit, designed for ICS exploitation. The framework is called ICSSploit and is a fork of the routersploit project. The tool has various modules for different types of ICS...