55 matches found
CVE-2026-6332
CVE-2026-6332 describes a plaintext storage of sensitive information vulnerability in Schneider Electric’s EcoStruxure Machine Expert HVAC platform. The issue centers on how sensitive data (potentially including protected source code) is stored, which could lead to confidentiality loss if an auth...
CVE-2026-6332 Clear Text Storage of Sensitive Information on EcoStruxure™ Machine Expert HVAC
CWE-312: Cleartext Storage of Sensitive Information vulnerability exists that could cause the disclosure of a sensitive information which could result in revealing protected source code and loss of confidentiality, When an authorized attacker accesses the source code for editing or compiling it...
Schneider Electric Ecostruxure Machine Expert HVAC 安全漏洞
Schneider Electric Ecostruxure Machine Expert HVAC is a software platform developed by Schneider Electric, a French company, dedicated to the control and automation of heating, ventilation, and air conditioning equipment. Schneider Electric Ecostruxure Machine Expert HVAC has a security...
CVE-2021-22705
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause denial of service or unauthorized access to system information when interacting directly with a driver installed by Vijeo Designer or EcoStruxure Machine Expert...
CVE-2020-7566
A CWE-334: Small Space of Random Values vulnerability exists in Modicon M221 all references, all versions that could allow the attacker to break the encryption keys when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller...
EUVD-2020-28614
Malware in sbrugna...
EUVD-2020-28691
Malware in sbrugna...
EUVD-2020-28690
Malware in sbrugna...
EUVD-2020-28692
Malware in sbrugna...
EUVD-2020-28693
Malware in sbrugna...
EUVD-2022-35208
Malicious code in bioql PyPI...
EUVD-2021-9840
Malicious code in bioql PyPI...
CVE-2022-2988
A CWE-787: Out-of-bounds Write vulnerability exists that could cause sensitive information leakage when accessing a malicious web page from the commissioning software. Affected Products: SoMachine HVAC Versions prior to V2.1.0, EcoStruxure Machine Expert – HVAC Versions prior to V1.4.0...
CVE-2021-22704
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists in Harmony/HMI Products Configured by Vijeo Designer all versions prior to V6.2 SP11 , Vijeo Designer Basic all versions prior to V1.2, or EcoStruxure Machine Expert all versions prior to V2.0 that could...
CVE-2020-7489
A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' vulnerability exists on EcoStruxure Machine Expert – Basic or SoMachine Basic programming software versions in security notification. The result of this vulnerability, DLL substitution, coul...
The vulnerabilities of the software products for developing HMI/SCADA systems such as EcoStruxure Machine SCADA Expert and Pro-face BLUE Open Studio allow attackers to execute arbitrary code.
The vulnerability of the software products for developing HMI/SCADA systems such as EcoStruxure Machine SCADA Expert and Pro-face BLUE Open Studio is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability could allow an attacker to execute arbitrary code...
Schneider Electric Modicon M221 Programmable Logic Controller Inadequate Encryption Strength (CVE-2020-7565)
A CWE-326: Inadequate Encryption Strength vulnerability exists in Modicon M221 all references, all versions that could allow the attacker to break the encryption key when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller. This plugin on...
Wago PLC Cycle Time Influences Uncontrolled Resource Consumption (CVE-2019-10953)
ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - Programmable Logic Controllers, multiple versions. Researchers have found some controllers are susceptible to a denial-of-service attack due to a flood of network packets. This plugin only works with Tenable.ot. Please visit...
Schneider Electric Modicon M221 Programmable Logic Controller Exposure of Sensitive Information to an Unauthorized Actor (CVE-2020-7568)
A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Modicon M221 all references, all versions that could allow non sensitive information disclosure when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221...
CVE-2022-2988
A CWE-787: Out-of-bounds Write vulnerability exists that could cause sensitive information leakage when accessing a malicious web page from the commissioning software. Affected Products: SoMachine HVAC Versions prior to V2.1.0, EcoStruxure Machine Expert – HVAC Versions prior to V1.4.0...