73 matches found
CVE-2020-28212
A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists in PLC Simulator on EcoStruxureª Control Expert now Unity Pro all versions that could cause unauthorized command execution when a brute force attack is done over Modbus...
CVE-2020-28212
CVE-2020-28212 describes an authentication- bypass risk in EcoStruxure Control Expert PLC Simulator (Unity Pro) via brute-forcing Modbus sessions. Root cause: CWE-307 improper restriction of excessive authentication attempts, enabling a remote attacker to gain unauthorized command execution with ...
CVE-2020-28211
A CWE-863: Incorrect Authorization vulnerability exists in PLC Simulator on EcoStruxureª Control Expert now Unity Pro all versions that could cause bypass of authentication when overwriting memory using a debugger...
Schneider Electric EcoStruxure Control Expert 权限许可和访问控制问题漏洞
Schneider Electric EcoStruxure Control Expert is the universal programming, commissioning and operating software for the Modicon M340, M580, M580S, Premium, Momentum and Quantum series. An incorrect authorization vulnerability exists in PLC Simulator in Schneider Electric EcoStruxure Control...
Schneider Electric EcoStruxure Control Expert 授权问题漏洞
EcoStruxure Control Expert is the universal programming, debugging and operating software for the Modicon M340, M580, M580S, Premium, Momentum and Quantum series. A security vulnerability exists in PLC Simulator in EcoStruxure Control Expert. The vulnerability can be exploited by an attacker to...
Schneider Electric EcoStruxure Control Expert PLC Denial of Service Vulnerability
Schneider Electric EcoStruxure Control Expert formerly Unity Pro is a suite of programming software for Schneider Electric logic controller products from Schneider Electric, France. A denial of service vulnerability exists in EcoStruxure Control Expert's PLC simulator, which originates when a...
Schneider Electric PLC Simulator for EcoStruxure Control Expert
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Schneider Electric Equipment: PLC Simulator for EcoStruxure Control Expert Vulnerability: Improper Check for Unusual or Exceptional Conditions 2. RISK EVALUATION Successful exploitation of this...
Schneider Electric UnityPro PLC simulator remote code execution vulnerability
Summary An exploitable remote code execution vulnerability exists in the UMAS strategy programming functionality of the Schneider Electric Unity Pro L Programming Software PLC Simulator. A specially crafted sequence of UMAS commands sent to the software’s PLC simulator can cause a modified strate...
CVE-2016-8354
An issue was discovered in Schneider Electric Unity PRO prior to V11.1. Unity projects can be compiled as x86 instructions and loaded onto the PLC Simulator delivered with Unity PRO. These x86 instructions are subsequently executed directly by the simulator. A specially crafted patched Unity...
CVE-2016-8354
An issue was discovered in Schneider Electric Unity PRO prior to V11.1. Unity projects can be compiled as x86 instructions and loaded onto the PLC Simulator delivered with Unity PRO. These x86 instructions are subsequently executed directly by the simulator. A specially crafted patched Unity...
Code injection
An issue was discovered in Schneider Electric Unity PRO prior to V11.1. Unity projects can be compiled as x86 instructions and loaded onto the PLC Simulator delivered with Unity PRO. These x86 instructions are subsequently executed directly by the simulator. A specially crafted patched Unity...
CVE-2016-8354
CVE-2016-8354 affects Schneider Electric Unity PRO (before v11.1). Unity projects can be compiled to x86 instructions and loaded into the Unity PRO PLC Simulator; a specially crafted patched project can redirect control flow and cause the simulator to execute malicious code. Public vulnerability ...
Major Security Vulnerability Found In Schneider Electric ICS Gear
Schneider Electric is grappling with a critical vulnerability found in its flagship industrial controller management software called Unity Pro that allows hackers to remotely execute code on industrial networks. The warning comes from Indegy, an industrial cybersecurity firm. Indegy discovered th...