73 matches found
CVE-2021-22790
CVE-2021-22790 is an out-of-bounds read (CWE-125) vulnerability affecting Schneider Electric Modicon/M580/M340/MC80/Momentum Ethernet/Quantum/Premium CPUs and PLC simulators, triggered by a specially crafted project file. Root cause: out-of-bounds read could cause Denial of Service on Modicon PLC...
CVE-2021-22789
A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU part numbers BM...
Schneider Electric EcoStruxure Control Expert PLC Simulator Modbus message processing remote code execution vulnerability
Summary A code execution vulnerability exists in the Modbus message-processing functionality of Schneider Electric EcoStruxure Control Expert PLC Simulator 14.1. A specially crafted network request can lead to remote code execution. An attacker can send a large Modbus request to trigger this...
Schneider Electric EcoStruxure Control Expert Incorrect Authorization Vulnerability
Schneider Electric EcoStruxure Control Expert is the universal programming, commissioning and operating software for the Modicon M340, M580, M580S, Premium, Momentum and Quantum series. An incorrect authorization vulnerability exists in PLC Simulator in Schneider Electric EcoStruxure Control...
Schneider Electric EcoStruxure Control Expert Command Execution Vulnerability
Schneider Electric EcoStruxure Control Expert is the universal programming, commissioning and operating software for the Modicon M340, M580, M580S, Premium, Momentum and Quantum series. A command execution vulnerability exists in Schneider Electric EcoStruxure Control Expert. The vulnerability...
Unspecified Vulnerability in Schneider Electric EcoStruxure Control Expert
EcoStruxure Control Expert is the universal programming, debugging and operating software for the Modicon M340, M580, M580S, Premium, Momentum and Quantum series. A security vulnerability exists in PLC Simulator in EcoStruxure Control Expert. The vulnerability can be exploited by an attacker to...
CVE-2020-7559
A CWE-120: Buffer Copy without Checking Size of Input 'Classic Buffer Overflow' vulnerability exists in PLC Simulator on EcoStruxureª Control Expert now Unity Pro all versions that could cause a crash of the PLC simulator present in EcoStruxureª Control Expert software when receiving a specially...
CVE-2020-28211
A CWE-863: Incorrect Authorization vulnerability exists in PLC Simulator on EcoStruxureª Control Expert now Unity Pro all versions that could cause bypass of authentication when overwriting memory using a debugger...
CVE-2020-28213
A CWE-494: Download of Code Without Integrity Check vulnerability exists in PLC Simulator on EcoStruxureª Control Expert now Unity Pro all versions that could cause unauthorized command execution when sending specially crafted requests over Modbus...
CVE-2020-28212
A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists in PLC Simulator on EcoStruxureª Control Expert now Unity Pro all versions that could cause unauthorized command execution when a brute force attack is done over Modbus...
Design/Logic Flaw
A CWE-494: Download of Code Without Integrity Check vulnerability exists in PLC Simulator on EcoStruxureª Control Expert now Unity Pro all versions that could cause unauthorized command execution when sending specially crafted requests over Modbus...
Authentication flaw
A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists in PLC Simulator on EcoStruxureª Control Expert now Unity Pro all versions that could cause unauthorized command execution when a brute force attack is done over Modbus...
Buffer overflow
A CWE-120: Buffer Copy without Checking Size of Input 'Classic Buffer Overflow' vulnerability exists in PLC Simulator on EcoStruxureª Control Expert now Unity Pro all versions that could cause a crash of the PLC simulator present in EcoStruxureª Control Expert software when receiving a specially...
Design/Logic Flaw
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in PLC Simulator on EcoStruxureª Control Expert now Unity Pro all versions that could cause a crash of the PLC simulator present in EcoStruxureª Control Expert software when receiving a specially crafted request...
CVE-2020-7559
Schneider Electric EcoStruxure Control Expert PLC Simulator Modbus processing vulnerability (CVE-2020-7559) is a stack-based buffer overflow in the Modbus message handling path. In the TALOS report, a large Modbus request can be written into a stack buffer of 0x8000 bytes via memcpy without lengt...
CVE-2020-7559
A CWE-120: Buffer Copy without Checking Size of Input 'Classic Buffer Overflow' vulnerability exists in PLC Simulator on EcoStruxureª Control Expert now Unity Pro all versions that could cause a crash of the PLC simulator present in EcoStruxureª Control Expert software when receiving a specially...
CVE-2020-7538
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in PLC Simulator on EcoStruxureª Control Expert now Unity Pro all versions that could cause a crash of the PLC simulator present in EcoStruxureª Control Expert software when receiving a specially crafted request...
CVE-2020-7538
CVE-2020-7538 affects the PLC Simulator for EcoStruxure Control Expert (Unity Pro) across all versions. The flaw is CWE-754: Improper Check for Unusual or Exceptional Conditions, which could crash the PLC simulator when it receives a specially crafted Modbus request. Affected: PLC Simulator for E...
CVE-2020-28213
Across multiple sources, CVE-2020-28213 affects Schneider Electric EcoStruxure Control Expert (Unity Pro) PLC Simulator, with the flaw lying in downloading code without integrity checking via Modbus. The vulnerability allows unauthorized command execution on all versions, as reported in CVE recor...
CVE-2020-28213
A CWE-494: Download of Code Without Integrity Check vulnerability exists in PLC Simulator on EcoStruxureª Control Expert now Unity Pro all versions that could cause unauthorized command execution when sending specially crafted requests over Modbus...