Schneider Electric Modicon Controllers Reliance On Untrusted Inputs in a Security Decision (CVE-2018-7850)

A CWE-807: Reliance on Untrusted Inputs in a Security Decision vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause invalid information displayed in Unity Pro software. This plugin only works with Tenable.ot. Please visit...

Schneider Electric Modicon Out-of-bounds Read (CVE-2021-22790)

A CWE-125: Out-of-bounds Read vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU part numbers BMEP and BMEH, all versions, Modicon M340 CPU part...

Schneider Electric Modicon NULL Pointer Dereference (CVE-2021-22792)

A CWE-476: NULL Pointer Dereference vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU part numbers BMEP and BMEH, all versions, Modicon M340 CPU par...

Schneider Electric Modicon Injection (CVE-2020-7475)

A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection', reflective DLL, vulnerability exists in EcoStruxure Control Expert all versions prior to 14.1 Hot Fix, Unity Pro all versions, Modicon M340 all versions prior to V3.20, Modicon M580 all...

CVE-2021-22789

A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU part numbers BM...

CVE-2021-22790

A CWE-125: Out-of-bounds Read vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU part numbers BMEP and BMEH, all versions, Modicon M340 CPU part...

CVE-2021-22792

A CWE-476: NULL Pointer Dereference vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU part numbers BMEP and BMEH, all versions, Modicon M340 CPU par...

Out-of-bounds

A CWE-787: Out-of-bounds Write vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU part numbers BMEP and BMEH, all versions, Modicon M340 CPU part...

Design/Logic Flaw

A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU part numbers BM...

CVE-2021-22792

A CWE-476: NULL Pointer Dereference vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU part numbers BMEP and BMEH, all versions, Modicon M340 CPU par...

CVE-2021-22791

A CWE-787: Out-of-bounds Write vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU part numbers BMEP and BMEH, all versions, Modicon M340 CPU part...

CVE-2021-22790

CVE-2021-22790 is an out-of-bounds read (CWE-125) vulnerability affecting Schneider Electric Modicon/M580/M340/MC80/Momentum Ethernet/Quantum/Premium CPUs and PLC simulators, triggered by a specially crafted project file. Root cause: out-of-bounds read could cause Denial of Service on Modicon PLC...

CVE-2021-22790

A CWE-125: Out-of-bounds Read vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU part numbers BMEP and BMEH, all versions, Modicon M340 CPU part...

CVE-2021-22782

Missing Encryption of Sensitive Data vulnerability exists in EcoStruxure Control Expert all versions prior to V15.0 SP1, including all versions of Unity Pro, EcoStruxure Process Expert all versions, including all versions of EcoStruxure Hybrid DCS, and SCADAPack RemoteConnect for x70, all version...

CVE-2021-22781

Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert all versions prior to V15.0 SP1, including all versions of Unity Pro, EcoStruxure Process Expert all versions, including all versions of EcoStruxure Hybrid DCS, and SCADAPack RemoteConnect for x70, all version...

CVE-2021-22779

Authentication Bypass by Spoofing vulnerability exists in EcoStruxure Control Expert all versions prior to V15.0 SP1, including all versions of Unity Pro, EcoStruxure Control Expert V15.0 SP1, EcoStruxure Process Expert all versions, including all versions of EcoStruxure Hybrid DCS, SCADAPack...

Schneider Electric EcoStruxure Control Expert 安全漏洞

Schneider Electric EcoStruxure Control Expert formerly known as Unity Pro is a suite of programming software for Schneider Electric logic controller products from Schneider Electric, France. A security vulnerability exists in a number of Schneider Electric EcoStruxure Control Expert products, whi...

CVE-2021-22779

Authentication Bypass by Spoofing vulnerability exists in EcoStruxure Control Expert all versions prior to V15.0 SP1, including all versions of Unity Pro, EcoStruxure Control Expert V15.0 SP1, EcoStruxure Process Expert all versions, including all versions of EcoStruxure Hybrid DCS, SCADAPack...

Schneider Electric Modicon Controllers and Software (Update A)

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor : Schneider Electric Equipment : EcoStruxure Control Expert, EcoStruxure Process Expert, SCADAPack RemoteConnect x70, SCADAPack x70 RTUs, and Modicon M580 and M340 control products Vulnerabilities :...

CVE-2020-7560

A CWE-123: Write-what-where Condition vulnerability exists in EcoStruxure™ Control Expert all versions and Unity Pro former name of EcoStruxure™ Control Expert all versions, that could cause a crash of the software or unexpected code execution when opening a malicious file in EcoStruxure™ Control...