Lucene search
K

73 matches found

Cvelist
Cvelist
added 2020/11/19 9:3 p.m.26 views

CVE-2020-28212

A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists in PLC Simulator on EcoStruxureª Control Expert now Unity Pro all versions that could cause unauthorized command execution when a brute force attack is done over Modbus...

9.6AI score0.02642EPSS
Exploits0References1
CVE
CVE
added 2020/11/19 9:3 p.m.63 views

CVE-2020-28212

CVE-2020-28212 describes an authentication- bypass risk in EcoStruxure Control Expert PLC Simulator (Unity Pro) via brute-forcing Modbus sessions. Root cause: CWE-307 improper restriction of excessive authentication attempts, enabling a remote attacker to gain unauthorized command execution with ...

9.8CVSS9.5AI score0.02642EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/11/19 9:3 p.m.18 views

CVE-2020-28211

A CWE-863: Incorrect Authorization vulnerability exists in PLC Simulator on EcoStruxureª Control Expert now Unity Pro all versions that could cause bypass of authentication when overwriting memory using a debugger...

7.8AI score0.00323EPSS
Exploits0References1
CNNVD
CNNVD
added 2020/11/19 12:0 a.m.8 views

Schneider Electric EcoStruxure Control Expert 权限许可和访问控制问题漏洞

Schneider Electric EcoStruxure Control Expert is the universal programming, commissioning and operating software for the Modicon M340, M580, M580S, Premium, Momentum and Quantum series. An incorrect authorization vulnerability exists in PLC Simulator in Schneider Electric EcoStruxure Control...

7.8CVSS7.2AI score0.00323EPSS
Exploits0References2
CNNVD
CNNVD
added 2020/11/19 12:0 a.m.11 views

Schneider Electric EcoStruxure Control Expert 授权问题漏洞

EcoStruxure Control Expert is the universal programming, debugging and operating software for the Modicon M340, M580, M580S, Premium, Momentum and Quantum series. A security vulnerability exists in PLC Simulator in EcoStruxure Control Expert. The vulnerability can be exploited by an attacker to...

9.8CVSS7.3AI score0.02642EPSS
Exploits0References2
CNVD
CNVD
added 2020/11/12 12:0 a.m.5 views

Schneider Electric EcoStruxure Control Expert PLC Denial of Service Vulnerability

Schneider Electric EcoStruxure Control Expert formerly Unity Pro is a suite of programming software for Schneider Electric logic controller products from Schneider Electric, France. A denial of service vulnerability exists in EcoStruxure Control Expert's PLC simulator, which originates when a...

7.5CVSS6.7AI score0.01272EPSS
Exploits0References1
ICS
ICS
added 2020/11/10 12:0 a.m.70 views

Schneider Electric PLC Simulator for EcoStruxure Control Expert

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Schneider Electric Equipment: PLC Simulator for EcoStruxure Control Expert Vulnerability: Improper Check for Unusual or Exceptional Conditions 2. RISK EVALUATION Successful exploitation of this...

7.5CVSS7.8AI score0.01272EPSS
Exploits0References5
Talos
Talos
added 2019/06/10 12:0 a.m.219 views

Schneider Electric UnityPro PLC simulator remote code execution vulnerability

Summary An exploitable remote code execution vulnerability exists in the UMAS strategy programming functionality of the Schneider Electric Unity Pro L Programming Software PLC Simulator. A specially crafted sequence of UMAS commands sent to the software’s PLC simulator can cause a modified strate...

9.8CVSS9.9AI score0.08161EPSS
Exploits1
ATTACKERKB
ATTACKERKB
added 2017/02/13 9:59 p.m.6 views

CVE-2016-8354

An issue was discovered in Schneider Electric Unity PRO prior to V11.1. Unity projects can be compiled as x86 instructions and loaded onto the PLC Simulator delivered with Unity PRO. These x86 instructions are subsequently executed directly by the simulator. A specially crafted patched Unity...

7CVSS5.7AI score0.01103EPSS
Exploits0References3
NVD
NVD
added 2017/02/13 9:59 p.m.29 views

CVE-2016-8354

An issue was discovered in Schneider Electric Unity PRO prior to V11.1. Unity projects can be compiled as x86 instructions and loaded onto the PLC Simulator delivered with Unity PRO. These x86 instructions are subsequently executed directly by the simulator. A specially crafted patched Unity...

7CVSS7AI score0.01103EPSS
Exploits0References2
Prion
Prion
added 2017/02/13 9:59 p.m.20 views

Code injection

An issue was discovered in Schneider Electric Unity PRO prior to V11.1. Unity projects can be compiled as x86 instructions and loaded onto the PLC Simulator delivered with Unity PRO. These x86 instructions are subsequently executed directly by the simulator. A specially crafted patched Unity...

5.1CVSS7.4AI score0.01103EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2017/02/13 9:0 p.m.59 views

CVE-2016-8354

CVE-2016-8354 affects Schneider Electric Unity PRO (before v11.1). Unity projects can be compiled to x86 instructions and loaded into the Unity PRO PLC Simulator; a specially crafted patched project can redirect control flow and cause the simulator to execute malicious code. Public vulnerability ...

7CVSS6.9AI score0.01103EPSS
Exploits0References2Affected Software1
ThreatPost
ThreatPost
added 2016/10/26 7:0 a.m.9 views

Major Security Vulnerability Found In Schneider Electric ICS Gear

Schneider Electric is grappling with a critical vulnerability found in its flagship industrial controller management software called Unity Pro that allows hackers to remotely execute code on industrial networks. The warning comes from Indegy, an industrial cybersecurity firm. Indegy discovered th...

1.5AI score
Exploits0References7
Rows per page
Query Builder