33 matches found
Schneider Electric EcoStruxure Automation Expert Code Injection Vulnerability
Schneider Electric EcoStruxure Automation Expert is a software platform for industrial automation systems from the French company Schneider Electric Schneider Electric. A code injection vulnerability exists in Schneider Electric EcoStruxure Automation Expert, which can be exploited by an attacker...
EUVD-2026-10571
CWE-94: Improper Control of Generation of Code 'Code Injection' vulnerability exist that could cause execution of untrusted commands on the engineering workstation which could result in a limited compromise of the workstation and a potential loss of Confidentiality, Integrity and Availability of...
EUVD-2026-10572
CWE-94: Improper Control of Generation of Code 'Code Injection' vulnerability exist that could cause execution of untrusted commands on the engineering workstation which could result in a limited compromise of the workstation and a potential loss of Confidentiality, Integrity and Availability of...
CVE-2026-2273
CWE-94: Improper Control of Generation of Code 'Code Injection' vulnerability exist that could cause execution of untrusted commands on the engineering workstation which could result in a limited compromise of the workstation and a potential loss of Confidentiality, Integrity and Availability of...
CVE-2026-2273
CWE-94: Improper Control of Generation of Code 'Code Injection' vulnerability exist that could cause execution of untrusted commands on the engineering workstation which could result in a limited compromise of the workstation and a potential loss of Confidentiality, Integrity and Availability of...
CVE-2026-2273
CWE-94: Improper Control of Generation of Code 'Code Injection' vulnerability exist that could cause execution of untrusted commands on the engineering workstation which could result in a limited compromise of the workstation and a potential loss of Confidentiality, Integrity and Availability of...
PT-2026-24261
CWE-94: Improper Control of Generation of Code 'Code Injection' vulnerability exist that could cause execution of untrusted commands on the engineering workstation which could result in a limited compromise of the workstation and a potential loss of Confidentiality, Integrity and Availability of...
EUVD-2023-31701
Malicious code in bioql PyPI...
EUVD-2025-4922
Malicious code in bioql PyPI...
CVE-2023-27975
CWE-522: Insufficiently Protected Credentials vulnerability exists that could cause unauthorized access to the project file in EcoStruxure Control Expert when a local user tampers with the memory of the engineering workstation...
CVE-2022-30316
Honeywell Experion PKS Safety Manager 5.02 has Insufficient Verification of Data Authenticity. According to FSCT-2022-0054, there is a Honeywell Experion PKS Safety Manager unauthenticated firmware update issue. The affected components are characterized as: Firmware update functionality. The...
CVE-2025-2223
CWE-20: Improper Input Validation vulnerability exists that could cause a loss of Confidentiality, Integrity and Availability of engineering workstation when a malicious project file is loaded by a user from the local system...
CVE-2025-2223
CWE-20: Improper Input Validation vulnerability exists that could cause a loss of Confidentiality, Integrity and Availability of engineering workstation when a malicious project file is loaded by a user from the local system...
CVE-2025-2223
CVE-2025-2223 affects Schneider Electric ConneXium Network Manager. The root cause is improper input validation in the software, enabling a malicious local user to load a crafted project file that can compromise confidentiality, integrity, and availability on engineering workstations. CVSS metric...
CVE-2025-2223
CWE-20: Improper Input Validation vulnerability exists that could cause a loss of Confidentiality, Integrity and Availability of engineering workstation when a malicious project file is loaded by a user from the local system...
CVE-2024-10083
CWE-20: Improper Input Validation vulnerability exists that could cause denial of service of engineering workstation when specific driver interface is invoked locally by an authenticated user with crafted input...
CVE-2025-0327
CWE-269: Improper Privilege Management vulnerability exists for two services of which one managing audit trail data and the other acting as server managing client request that could cause a loss of Confidentiality, Integrity and Availability of engineering workstation when an attacker with standa...
CVE-2024-10083
CWE-20: Improper Input Validation vulnerability exists that could cause denial of service of engineering workstation when specific driver interface is invoked locally by an authenticated user with crafted input...
CVE-2024-10083
CWE-20: Improper Input Validation vulnerability exists that could cause denial of service of engineering workstation when specific driver interface is invoked locally by an authenticated user with crafted input...
CVE-2024-10083
CVE-2024-10083 describes an improper input validation (CWE-20) in Schneider Electric Uni-Telway driver integrated with EcoStruxure Control Expert, EcoStruxure Process Expert, and OPC Factory Server. The vulnerability can allow a locally authenticated user to cause denial of service on an engineer...