CVE-2022-45788

Schneider Electric’s CVE-2022-45788 affects EcoStruxure Control Expert, EcoStruxure Process Expert, and multiple Modicon CPU families (M340 BMXP34*, M580 BMEP*/BMEH*, M580 Safety BMEP58*/BMEH58*, Momentum Unity 171CBU*, MC80 BMKC80, Legacy Quantum 140CPU65* and Premium TSXP57*; all versions prior...

PT-2023-1079 · Schneider Electric · Modicon M580 Cpu +7

Name of the Vulnerable Software and Affected Versions: EcoStruxure Control Expert All Versions EcoStruxure Process Expert All Versions Modicon M340 CPU - part numbers BMXP34 All Versions Modicon M580 CPU - part numbers BMEP and BMEH All Versions Modicon M580 CPU Safety - part numbers BMEP58S and...

PT-2023-1236 · Schneider Electric · Ecostruxure Process Expert +4

Name of the Vulnerable Software and Affected Versions: EcoStruxure Control Expert versions prior to V2020 EcoStruxure Process Expert versions prior to V2020 Modicon M340 CPU versions prior to the latest version Modicon M580 CPU versions prior to the latest version Modicon M580 CPU Safety versions...

Schneider Electric EcoStruxure Control Expert, Process Expert, Modicon M340, M580 and M580 CPU (Update A)

1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely Vendor: Schneider Electric Equipment: EcoStruxure Control Expert, EcoStruxure Process Expert, Modicon M340 CPU, Modicon M580 CPU, Modicon Momentum Unity M1E Processor, Modicon MC80 Vulnerability: Authentication Bypass by...

Schneider Electric Modicon Weak Password Recovery Mechanism for Forgotten Password (CVE-2022-37300)

A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could cause unauthorized access in read and write mode to the controller when communicating over Modbus. Affected Products: EcoStruxure Control Expert Including all Unity Pro versions former name of...

CVE-2022-37300

A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could cause unauthorized access in read and write mode to the controller when communicating over Modbus. Affected Products: EcoStruxure Control Expert Including all Unity Pro versions former name of...

CVE-2022-37300

A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could cause unauthorized access in read and write mode to the controller when communicating over Modbus. Affected Products: EcoStruxure Control Expert Including all Unity Pro versions former name of...

Design/Logic Flaw

A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could cause unauthorized access in read and write mode to the controller when communicating over Modbus. Affected Products: EcoStruxure Control Expert Including all Unity Pro versions former name of...

CVE-2022-37300

CVE-2022-37300 is a CWE-640 weakness (Weak Password Recovery Mechanism) that could allow unauthorized read/write access to Schneider Electric controllers over Modbus. Affected products and versions include EcoStruxure Control Expert (Unity Pro lineage) up to V15.0 SP1, EcoStruxure Process Expert ...

CVE-2022-37300

A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could cause unauthorized access in read and write mode to the controller when communicating over Modbus. Affected Products: EcoStruxure Control Expert Including all Unity Pro versions former name of...

The vulnerability of the programming software for PLCs (programmable logic controllers), EcoStruxure Control Expert, and the automation systems for technological processes, EcoStruxure Process Expert. This vulnerability relates to the lack of a password recovery mechanism, allowing attackers to gain read/write access via the Modbus protocol.

The vulnerabilities of the programming software for PLCs programmable logic controllers, the EcoStruxure Control Expert system for automating technological processes, and the micro-programming software for programmable logic controllers—such as Schneider Electric Modicon M340 and M580—are related...

The vulnerability of the programming software for PLCs (programmable logic controllers), namely EcoStruxure Control Expert, and the configuration software SCADAPack RemoteConnect, along with the automation system EcoStruxure Process Expert, is related to writing data beyond the buffer boundaries in memory. This allows a intruder to execute arbitrary code.

The vulnerabilities of the programming software for PLCs programmable logic controllers, the configuration software SCADAPack RemoteConnect, and the automation system for technological processes EcoStruxure Process Expert are related to writing beyond the buffer boundaries in memory. Exploiting...

AT&T Labs Xmill 缓冲区错误漏洞

AT&T Labs Xmill is a new tool for efficiently compressing XML data from AT&T Labs. A buffer error vulnerability exists in AT&T Labs' Compressor XMilI and decompressor XDemill, which could be exploited by an attacker to cause code execution with elevated privileges on an engineering workstation. T...

PT-2022-3587 · Schneider Electric · Ecostruxure Process Expert +2

Name of the Vulnerable Software and Affected Versions: EcoStruxure Control Expert affected versions not specified EcoStruxure Process Expert affected versions not specified SCADAPack RemoteConnect affected versions not specified Description: The issue is related to a buffer overflow in memory,...

CVE-2021-22797

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal vulnerability exists that could cause malicious script to be deployed in an unauthorized location and may result in code execution on the engineering workstation when a malicious project file is loaded in the...

Path traversal

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal vulnerability exists that could cause malicious script to be deployed in an unauthorized location and may result in code execution on the engineering workstation when a malicious project file is loaded in the...

CVE-2021-22797

CVE-2021-22797 is a CWE-22 path traversal vulnerability in Schneider Electric EcoStruxure Control Expert (incl. Unity Pro), EcoStruxure Process Expert, and SCADAPack RemoteConnect for x70. The root cause is improper validation of a user-supplied path when loading a malicious project file, which c...

CVE-2021-22797

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal vulnerability exists that could cause malicious script to be deployed in an unauthorized location and may result in code execution on the engineering workstation when a malicious project file is loaded in the...

CVE-2022-24323

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause a disruption of communication between the Modicon controller and the engineering software, when an attacker is able to intercept and manipulate specific Modbus response data. Affected Product:...

CVE-2022-24323

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause a disruption of communication between the Modicon controller and the engineering software, when an attacker is able to intercept and manipulate specific Modbus response data. Affected Product:...