88 matches found
Design/Logic Flaw
A CWE-123: Write-what-where Condition vulnerability exists in EcoStruxure™ Control Expert all versions and Unity Pro former name of EcoStruxure™ Control Expert all versions, that could cause a crash of the software or unexpected code execution when opening a malicious file in EcoStruxure™ Control...
CVE-2020-7560
CVE-2020-7560 affects Schneider Electric EcoStruxure Control Expert (and Unity Pro) across all versions. A CWE-123 Write-what-where flaw in APX/STA file parsing allows crafted APX data to overflow/overwrite heap memory via a manipulated RTE_offset and RTE_length, enabling arbitrary writes through...
CVE-2020-7560
A CWE-123: Write-what-where Condition vulnerability exists in EcoStruxure™ Control Expert all versions and Unity Pro former name of EcoStruxure™ Control Expert all versions, that could cause a crash of the software or unexpected code execution when opening a malicious file in EcoStruxure™ Control...
Schneider Electric EcoStruxure Control Expert 输入验证错误漏洞
Schneider Electric EcoStruxure Control Expert formerly Unity Pro is a suite of programming software for Schneider Electric logic controller products from Schneider Electric, France. A security vulnerability exists in Schneider Electric EcoStruxure Control Expert that arises from a failure to...
CVE-2020-7559
A CWE-120: Buffer Copy without Checking Size of Input 'Classic Buffer Overflow' vulnerability exists in PLC Simulator on EcoStruxureª Control Expert now Unity Pro all versions that could cause a crash of the PLC simulator present in EcoStruxureª Control Expert software when receiving a specially...
CVE-2020-28211
A CWE-863: Incorrect Authorization vulnerability exists in PLC Simulator on EcoStruxureª Control Expert now Unity Pro all versions that could cause bypass of authentication when overwriting memory using a debugger...
Authorization
A CWE-863: Incorrect Authorization vulnerability exists in PLC Simulator on EcoStruxureª Control Expert now Unity Pro all versions that could cause bypass of authentication when overwriting memory using a debugger...
Authentication flaw
A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists in PLC Simulator on EcoStruxureª Control Expert now Unity Pro all versions that could cause unauthorized command execution when a brute force attack is done over Modbus...
CVE-2020-7559
Schneider Electric EcoStruxure Control Expert PLC Simulator Modbus processing vulnerability (CVE-2020-7559) is a stack-based buffer overflow in the Modbus message handling path. In the TALOS report, a large Modbus request can be written into a stack buffer of 0x8000 bytes via memcpy without lengt...
CVE-2020-7538
CVE-2020-7538 affects the PLC Simulator for EcoStruxure Control Expert (Unity Pro) across all versions. The flaw is CWE-754: Improper Check for Unusual or Exceptional Conditions, which could crash the PLC simulator when it receives a specially crafted Modbus request. Affected: PLC Simulator for E...
CVE-2020-28212
A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists in PLC Simulator on EcoStruxureª Control Expert now Unity Pro all versions that could cause unauthorized command execution when a brute force attack is done over Modbus...
CVE-2020-28212
CVE-2020-28212 describes an authentication- bypass risk in EcoStruxure Control Expert PLC Simulator (Unity Pro) via brute-forcing Modbus sessions. Root cause: CWE-307 improper restriction of excessive authentication attempts, enabling a remote attacker to gain unauthorized command execution with ...
CVE-2020-28211
CVE-2020-28211 affects Schneider Electric EcoStruxure Control Expert (PLC Simulator) with an Incorrect Authorization weakness (CWE-863) that could allow authentication bypass by overwriting memory via a debugger. Affected software is EcoStruxure Control Expert (Unity Pro) across all versions; the...
CVE-2020-28211
A CWE-863: Incorrect Authorization vulnerability exists in PLC Simulator on EcoStruxureª Control Expert now Unity Pro all versions that could cause bypass of authentication when overwriting memory using a debugger...
CVE-2020-7475
A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection', reflective DLL, vulnerability exists in EcoStruxure Control Expert all versions prior to 14.1 Hot Fix, Unity Pro all versions, Modicon M340 all versions prior to V3.20, Modicon M580 all...
Design/Logic Flaw
A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection', reflective DLL, vulnerability exists in EcoStruxure Control Expert all versions prior to 14.1 Hot Fix, Unity Pro all versions, Modicon M340 all versions prior to V3.20, Modicon M580 all...
CVE-2020-7475
The CVE-2020-7475 issue affects Schneider Electric control software and PLCs: EcoStruxure Control Expert (Unity Pro) and related tools are vulnerable when running versions prior to 14.1 Hot Fix; Modicon M340 prior to V3.20; Modicon M580 prior to V3.10. The flaw is CWE-74 (Injection) due to improp...
CVE-2020-7475
A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection', reflective DLL, vulnerability exists in EcoStruxure Control Expert all versions prior to 14.1 Hot Fix, Unity Pro all versions, Modicon M340 all versions prior to V3.20, Modicon M580 all...
Schneider Electric EcoStruxure Control Expert and Unity Pro License Issue Vulnerability
Schneider Electric EcoStruxure Control Expert formerly Unity Pro and Unity Pro are both products of Schneider Electric, France. Schneider Electric EcoStruxure Control Expert is a suite of programming software for Schneider Electric's logic controller products, while Unity Pro is a general purpose...
CVE-2019-6855
Incorrect Authorization vulnerability exists in EcoStruxure Control Expert all versions prior to 14.1 Hot Fix, Unity Pro all versions, Modicon M340 all versions prior to V3.20 , and Modicon M580 all versions prior to V3.10, which could cause a bypass of the authentication process between...