Lucene search
+L

73 matches found

CVE
CVE
added 2021/09/02 4:52 p.m.56 views

CVE-2021-22790

CVE-2021-22790 is an out-of-bounds read (CWE-125) vulnerability affecting Schneider Electric Modicon/M580/M340/MC80/Momentum Ethernet/Quantum/Premium CPUs and PLC simulators, triggered by a specially crafted project file. Root cause: out-of-bounds read could cause Denial of Service on Modicon PLC...

6.5CVSS6.4AI score0.00832EPSS
Exploits0References2Affected Software49
Cvelist
Cvelist
added 2021/09/02 4:52 p.m.38 views

CVE-2021-22789

A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU part numbers BM...

6.6AI score0.00832EPSS
Exploits0References1
Talos
Talos
added 2020/12/08 12:0 a.m.246 views

Schneider Electric EcoStruxure Control Expert PLC Simulator Modbus message processing remote code execution vulnerability

Summary A code execution vulnerability exists in the Modbus message-processing functionality of Schneider Electric EcoStruxure Control Expert PLC Simulator 14.1. A specially crafted network request can lead to remote code execution. An attacker can send a large Modbus request to trigger this...

7.5CVSS8.1AI score0.01882EPSS
Exploits1
CNVD
CNVD
added 2020/11/20 12:0 a.m.5 views

Schneider Electric EcoStruxure Control Expert Incorrect Authorization Vulnerability

Schneider Electric EcoStruxure Control Expert is the universal programming, commissioning and operating software for the Modicon M340, M580, M580S, Premium, Momentum and Quantum series. An incorrect authorization vulnerability exists in PLC Simulator in Schneider Electric EcoStruxure Control...

7.8CVSS7.1AI score0.00323EPSS
Exploits0References1
CNVD
CNVD
added 2020/11/20 12:0 a.m.10 views

Schneider Electric EcoStruxure Control Expert Command Execution Vulnerability

Schneider Electric EcoStruxure Control Expert is the universal programming, commissioning and operating software for the Modicon M340, M580, M580S, Premium, Momentum and Quantum series. A command execution vulnerability exists in Schneider Electric EcoStruxure Control Expert. The vulnerability...

8.8CVSS7.3AI score0.01129EPSS
Exploits0References1
CNVD
CNVD
added 2020/11/20 12:0 a.m.24 views

Unspecified Vulnerability in Schneider Electric EcoStruxure Control Expert

EcoStruxure Control Expert is the universal programming, debugging and operating software for the Modicon M340, M580, M580S, Premium, Momentum and Quantum series. A security vulnerability exists in PLC Simulator in EcoStruxure Control Expert. The vulnerability can be exploited by an attacker to...

9.8CVSS7.2AI score0.02642EPSS
Exploits0References1
NVD
NVD
added 2020/11/19 10:15 p.m.33 views

CVE-2020-7559

A CWE-120: Buffer Copy without Checking Size of Input 'Classic Buffer Overflow' vulnerability exists in PLC Simulator on EcoStruxureª Control Expert now Unity Pro all versions that could cause a crash of the PLC simulator present in EcoStruxureª Control Expert software when receiving a specially...

7.5CVSS7.5AI score0.01882EPSS
Exploits1References2
NVD
NVD
added 2020/11/19 10:15 p.m.17 views

CVE-2020-28211

A CWE-863: Incorrect Authorization vulnerability exists in PLC Simulator on EcoStruxureª Control Expert now Unity Pro all versions that could cause bypass of authentication when overwriting memory using a debugger...

7.8CVSS7.8AI score0.00323EPSS
Exploits0References1
NVD
NVD
added 2020/11/19 10:15 p.m.32 views

CVE-2020-28213

A CWE-494: Download of Code Without Integrity Check vulnerability exists in PLC Simulator on EcoStruxureª Control Expert now Unity Pro all versions that could cause unauthorized command execution when sending specially crafted requests over Modbus...

8.8CVSS8.9AI score0.01129EPSS
Exploits0References1
NVD
NVD
added 2020/11/19 10:15 p.m.20 views

CVE-2020-28212

A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists in PLC Simulator on EcoStruxureª Control Expert now Unity Pro all versions that could cause unauthorized command execution when a brute force attack is done over Modbus...

9.8CVSS9.6AI score0.02642EPSS
Exploits0References1
Prion
Prion
added 2020/11/19 10:15 p.m.22 views

Design/Logic Flaw

A CWE-494: Download of Code Without Integrity Check vulnerability exists in PLC Simulator on EcoStruxureª Control Expert now Unity Pro all versions that could cause unauthorized command execution when sending specially crafted requests over Modbus...

6.5CVSS8.8AI score0.01129EPSS
Exploits0References1
Prion
Prion
added 2020/11/19 10:15 p.m.21 views

Authentication flaw

A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists in PLC Simulator on EcoStruxureª Control Expert now Unity Pro all versions that could cause unauthorized command execution when a brute force attack is done over Modbus...

7.5CVSS9.4AI score0.02642EPSS
Exploits0References1
Prion
Prion
added 2020/11/19 10:15 p.m.29 views

Buffer overflow

A CWE-120: Buffer Copy without Checking Size of Input 'Classic Buffer Overflow' vulnerability exists in PLC Simulator on EcoStruxureª Control Expert now Unity Pro all versions that could cause a crash of the PLC simulator present in EcoStruxureª Control Expert software when receiving a specially...

5CVSS7.4AI score0.01882EPSS
Exploits1References2
Prion
Prion
added 2020/11/19 10:15 p.m.19 views

Design/Logic Flaw

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in PLC Simulator on EcoStruxureª Control Expert now Unity Pro all versions that could cause a crash of the PLC simulator present in EcoStruxureª Control Expert software when receiving a specially crafted request...

5CVSS7.5AI score0.01272EPSS
Exploits0References1
CVE
CVE
added 2020/11/19 9:4 p.m.75 views

CVE-2020-7559

Schneider Electric EcoStruxure Control Expert PLC Simulator Modbus processing vulnerability (CVE-2020-7559) is a stack-based buffer overflow in the Modbus message handling path. In the TALOS report, a large Modbus request can be written into a stack buffer of 0x8000 bytes via memcpy without lengt...

7.5CVSS7.4AI score0.01882EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2020/11/19 9:4 p.m.42 views

CVE-2020-7559

A CWE-120: Buffer Copy without Checking Size of Input 'Classic Buffer Overflow' vulnerability exists in PLC Simulator on EcoStruxureª Control Expert now Unity Pro all versions that could cause a crash of the PLC simulator present in EcoStruxureª Control Expert software when receiving a specially...

7.5AI score0.01882EPSS
Exploits1References2
Cvelist
Cvelist
added 2020/11/19 9:4 p.m.34 views

CVE-2020-7538

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in PLC Simulator on EcoStruxureª Control Expert now Unity Pro all versions that could cause a crash of the PLC simulator present in EcoStruxureª Control Expert software when receiving a specially crafted request...

7.5AI score0.01272EPSS
Exploits0References1
CVE
CVE
added 2020/11/19 9:4 p.m.61 views

CVE-2020-7538

CVE-2020-7538 affects the PLC Simulator for EcoStruxure Control Expert (Unity Pro) across all versions. The flaw is CWE-754: Improper Check for Unusual or Exceptional Conditions, which could crash the PLC simulator when it receives a specially crafted Modbus request. Affected: PLC Simulator for E...

7.5CVSS7.5AI score0.01272EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2020/11/19 9:3 p.m.58 views

CVE-2020-28213

Across multiple sources, CVE-2020-28213 affects Schneider Electric EcoStruxure Control Expert (Unity Pro) PLC Simulator, with the flaw lying in downloading code without integrity checking via Modbus. The vulnerability allows unauthorized command execution on all versions, as reported in CVE recor...

8.8CVSS8.8AI score0.01129EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/11/19 9:3 p.m.41 views

CVE-2020-28213

A CWE-494: Download of Code Without Integrity Check vulnerability exists in PLC Simulator on EcoStruxureª Control Expert now Unity Pro all versions that could cause unauthorized command execution when sending specially crafted requests over Modbus...

8.9AI score0.01129EPSS
Exploits0References1
Rows per page
Query Builder