88 matches found
CVE-2019-6855
Incorrect Authorization vulnerability exists in EcoStruxure Control Expert all versions prior to 14.1 Hot Fix, Unity Pro all versions, Modicon M340 all versions prior to V3.20 , and Modicon M580 all versions prior to V3.10, which could cause a bypass of the authentication process between...
Authorization
Incorrect Authorization vulnerability exists in EcoStruxure Control Expert all versions prior to 14.1 Hot Fix, Unity Pro all versions, Modicon M340 all versions prior to V3.20 , and Modicon M580 all versions prior to V3.10, which could cause a bypass of the authentication process between...
CVE-2019-6855
CVE-2019-6855 affects Schneider Electric EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions), Modicon M340 (all versions prior to V3.20) and Modicon M580 (all versions prior to V3.10). The vulnerability is an Incorrect Authorization issue that could cause a b...
CVE-2019-6855
Incorrect Authorization vulnerability exists in EcoStruxure Control Expert all versions prior to 14.1 Hot Fix, Unity Pro all versions, Modicon M340 all versions prior to V3.20 , and Modicon M580 all versions prior to V3.10, which could cause a bypass of the authentication process between...
Authentication Bypass Vulnerability in Unity Pro XL
Unity Pro XL is a PLC programming software from Schneider Electric. An authentication bypass vulnerability exists in Unity Pro XL, which can be exploited by an unauthorized attacker to gain access to the PLC...
CVE-2018-7850
A CWE-807: Reliance on Untrusted Inputs in a Security Decision vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause invalid information displayed in Unity Pro software...
Design/Logic Flaw
A CWE-807: Reliance on Untrusted Inputs in a Security Decision vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause invalid information displayed in Unity Pro software...
CVE-2018-7850
CVE-2018-7850 affects Schneider Electric Modicon controllers (M580, M340, Quantum, Premium) and relates to CWE-807 (Reliance on Untrusted Inputs in a Security Decision). The vulnerability could cause invalid information displayed in Unity Pro software due to a trust boundary issue in input handli...
CVE-2018-7850
A CWE-807: Reliance on Untrusted Inputs in a Security Decision vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause invalid information displayed in Unity Pro software...
CVE-2016-8354
An issue was discovered in Schneider Electric Unity PRO prior to V11.1. Unity projects can be compiled as x86 instructions and loaded onto the PLC Simulator delivered with Unity PRO. These x86 instructions are subsequently executed directly by the simulator. A specially crafted patched Unity...
Code injection
An issue was discovered in Schneider Electric Unity PRO prior to V11.1. Unity projects can be compiled as x86 instructions and loaded onto the PLC Simulator delivered with Unity PRO. These x86 instructions are subsequently executed directly by the simulator. A specially crafted patched Unity...
CVE-2016-8354
An issue was discovered in Schneider Electric Unity PRO prior to V11.1. Unity projects can be compiled as x86 instructions and loaded onto the PLC Simulator delivered with Unity PRO. These x86 instructions are subsequently executed directly by the simulator. A specially crafted patched Unity...
CVE-2016-8354
An issue was discovered in Schneider Electric Unity PRO prior to V11.1. Unity projects can be compiled as x86 instructions and loaded onto the PLC Simulator delivered with Unity PRO. These x86 instructions are subsequently executed directly by the simulator. A specially crafted patched Unity...
CVE-2016-8354
CVE-2016-8354 affects Schneider Electric Unity PRO (before v11.1). Unity projects can be compiled to x86 instructions and loaded into the Unity PRO PLC Simulator; a specially crafted patched project can redirect control flow and cause the simulator to execute malicious code. Public vulnerability ...
CVE-2016-8354
An issue was discovered in Schneider Electric Unity PRO prior to V11.1. Unity projects can be compiled as x86 instructions and loaded onto the PLC Simulator delivered with Unity PRO. These x86 instructions are subsequently executed directly by the simulator. A specially crafted patched Unity...
Schneider Electric Unity Pro Remote Code Execution Vulnerability
Schneider Electric Unity Pro is a suite of development software for testing, debugging and managing applications from the French company Schneider Electric. A remote code execution vulnerability exists in versions of Schneider Electric Unity Pro prior to V11.1. A remote attacker can exploit the...
Mitigations Available for PanelShock Vulnerabilities in Schneider HMIs
One week after addressing a critical vulnerability in its industrial controller management software, Schneider Electric is in the midst of handling two more serious flaws in a number of its Magelis HMI products. HMI is short for human machine interface, a graphical visualization of an industrial...
Schneider Electric Unity PRO Remote Code Execution Vulnerability
Unity Pro is the universal IEC61131-3 programming, debugging and runtime software package for Premium, Atrium and Quantum PLCs. A remote code execution vulnerability exists in Schneider Electric Unity PRO in an insecure file download, which can be exploited by a remote attacker to execute arbitra...
Major Security Vulnerability Found In Schneider Electric ICS Gear
Schneider Electric is grappling with a critical vulnerability found in its flagship industrial controller management software called Unity Pro that allows hackers to remotely execute code on industrial networks. The warning comes from Indegy, an industrial cybersecurity firm. Indegy discovered th...
Schneider Electric Unity PRO Control Flow Management Vulnerability
OVERVIEW Avihay Kain and Mille Gandelsman of Indegy have identified a vulnerability in Schneider Electric Unity PRO Software product. Schneider Electric has released a security notification with instructions to mitigate this vulnerability. This vulnerability could be exploited remotely. AFFECTED...