CVE-2021-22781

Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert all versions prior to V15.0 SP1, including all versions of Unity Pro, EcoStruxure Process Expert all versions, including all versions of EcoStruxure Hybrid DCS, and SCADAPack RemoteConnect for x70, all version...

CVE-2021-22782

Missing Encryption of Sensitive Data vulnerability exists in EcoStruxure Control Expert all versions prior to V15.0 SP1, including all versions of Unity Pro, EcoStruxure Process Expert all versions, including all versions of EcoStruxure Hybrid DCS, and SCADAPack RemoteConnect for x70, all version...

EUVD-2021-9913

Malicious code in bioql PyPI...

EUVD-2021-9932

Malicious code in bioql PyPI...

CVE-2021-22780

Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert all versions prior to V15.0 SP1, including all versions of Unity Pro, EcoStruxure Process Expert all versions, including all versions of EcoStruxure Hybrid DCS, and SCADAPack RemoteConnect for x70, all version...

CVE-2021-22797

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal vulnerability exists that could cause malicious script to be deployed in an unauthorized location and may result in code execution on the engineering workstation when a malicious project file is loaded in the...

The vulnerability of the SCADAPack RemoteConnect configuration tool lies in its deserialization mechanism’s flaws, which allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the SCADAPack RemoteConnect configuration tool is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows an attacker to compromise the confidentiality, integrity, and accessibility of the protected information by loading a malicious...

Schneider Electric RemoteConnect and SCADAPack 代码问题漏洞

Schneider Electric RemoteConnect and SCADAPack is a single software tool from Schneider Electric, France, for users to monitor, configure, program, and debug SCADAPack Smart RTUs. A code issue vulnerability exists in Schneider Electric RemoteConnect and SCADAPack that stems from the inclusion of ...

The vulnerability of the PLC programming software EcoStruxure Control Expert, the automation system ProcessExpert, and the configuration software SCADAPack RemoteConnect lies in the insufficient protection of registration data, allowing unauthorized access by attackers to the device.

The vulnerabilities of the PLC programming software EcoStruxure Control Expert, the automation system ProcessExpert, and the configuration software SCADAPack RemoteConnect are related to insufficient protection for registration data. Exploiting these vulnerabilities can allow attackers to gain...

The vulnerabilities of the programming software for PLCs (programmable logic controllers), the configuration software SCADAPack RemoteConnect, and the automation system for technological processes EcoStruxure Process Expert allow a intruder to gain unauthorized access to project files.

The vulnerabilities of the programming software for PLCs programmable logic controllers, the configuration software SCADAPack RemoteConnect, and the automation system for technological processes EcoStruxure Process Expert are related to insufficient protection of registration data. Exploiting the...

The vulnerability of the PLC programming software EcoStruxure Control Expert, the automation system ProcessExpert, and the configuration software SCADAPack RemoteConnect lies in the insufficient protection of registration data, allowing unauthorized access by attackers to the device.

The vulnerabilities of the PLC programming software EcoStruxure Control Expert, the automation system ProcessExpert, and the configuration software SCADAPack RemoteConnect are related to insufficient protection for registration data. Exploiting these vulnerabilities can allow attackers to gain...

The vulnerability of the programming software for PLCs (programmable logic controllers), namely EcoStruxure Control Expert, and the configuration software SCADAPack RemoteConnect, along with the automation system EcoStruxure Process Expert, is related to writing data beyond the buffer boundaries in memory. This allows a intruder to execute arbitrary code.

The vulnerabilities of the programming software for PLCs programmable logic controllers, the configuration software SCADAPack RemoteConnect, and the automation system for technological processes EcoStruxure Process Expert are related to writing beyond the buffer boundaries in memory. Exploiting...

The vulnerability of the programming software simulator PLC EcoStruxure Control Expert, the automation system ProcessExpert, the configuration software SCADAPack RemoteConnect, and the micro-software for programmable logic controllers Modicon M580 and Modicon M340 relates to the bypassing of authentication procedures. This allows a perpetrator to gain access in read-only and write mode.

The vulnerabilities of the EcoStruxure Control Expert programming tool, the ProcessExpert automation system, the SCADAPack RemoteConnect configuration tool, and the Modicon M580 and Modicon M340 programmable logic controllers are related to the ability to bypass authentication through spoofing...

AT&T Labs Xmill 缓冲区错误漏洞

AT&T Labs Xmill is a new tool for efficiently compressing XML data from AT&T Labs. A buffer error vulnerability exists in AT&T Labs' Compressor XMilI and decompressor XDemill, which could be exploited by an attacker to cause code execution with elevated privileges on an engineering workstation. T...

PT-2022-3587 · Schneider Electric · Ecostruxure Process Expert +2

Name of the Vulnerable Software and Affected Versions: EcoStruxure Control Expert affected versions not specified EcoStruxure Process Expert affected versions not specified SCADAPack RemoteConnect affected versions not specified Description: The issue is related to a buffer overflow in memory,...

CVE-2021-22797

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal vulnerability exists that could cause malicious script to be deployed in an unauthorized location and may result in code execution on the engineering workstation when a malicious project file is loaded in the...

Path traversal

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal vulnerability exists that could cause malicious script to be deployed in an unauthorized location and may result in code execution on the engineering workstation when a malicious project file is loaded in the...

CVE-2021-22797

CVE-2021-22797 is a CWE-22 path traversal vulnerability in Schneider Electric EcoStruxure Control Expert (incl. Unity Pro), EcoStruxure Process Expert, and SCADAPack RemoteConnect for x70. The root cause is improper validation of a user-supplied path when loading a malicious project file, which c...

CVE-2021-22797

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal vulnerability exists that could cause malicious script to be deployed in an unauthorized location and may result in code execution on the engineering workstation when a malicious project file is loaded in the...

Schneider Electric Modicon Controllers and Software Authentication Bypass By Spoofing (CVE-2021-22779)

Authentication Bypass by Spoofing vulnerability exists in EcoStruxure Control Expert all versions prior to V15.0 SP1, including all versions of Unity Pro, EcoStruxure Control Expert V15.0 SP1, EcoStruxure Process Expert all versions, including all versions of EcoStruxure Hybrid DCS, SCADAPack...