99 matches found
Schneider Electric EcoStruxure Process Expert security vulnerabilities
Schneider Electric EcoStruxure Process Expert is a next-generation process automation system developed by Schneider Electric of France. It is used for designing, operating, and maintaining entire factories. Schneider Electric EcoStruxure Process Expert has a security vulnerability. This...
PT-2026-4356
Name of the Vulnerable Software and Affected Versions Schneider Electric EcoStruxure Process Expert versions prior to 2025 Description An incorrect default permissions issue can lead to privilege escalation via a reverse shell. A local user with normal privileges can modify executable service...
CVE-2021-22781
Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert all versions prior to V15.0 SP1, including all versions of Unity Pro, EcoStruxure Process Expert all versions, including all versions of EcoStruxure Hybrid DCS, and SCADAPack RemoteConnect for x70, all version...
CVE-2021-22790
A CWE-125: Out-of-bounds Read vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU part numbers BMEP and BMEH, all versions, Modicon M340 CPU part...
CVE-2021-22789
A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU part numbers BM...
CVE-2021-22791
A CWE-787: Out-of-bounds Write vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU part numbers BMEP and BMEH, all versions, Modicon M340 CPU part...
CVE-2021-22782
Missing Encryption of Sensitive Data vulnerability exists in EcoStruxure Control Expert all versions prior to V15.0 SP1, including all versions of Unity Pro, EcoStruxure Process Expert all versions, including all versions of EcoStruxure Hybrid DCS, and SCADAPack RemoteConnect for x70, all version...
EUVD-2022-29221
Malicious code in bioql PyPI...
EUVD-2021-9932
Malicious code in bioql PyPI...
EUVD-2021-9913
Malicious code in bioql PyPI...
CVE-2022-24323
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause a disruption of communication between the Modicon controller and the engineering software, when an attacker is able to intercept and manipulate specific Modbus response data. Affected Product:...
PT-2025-6780 · Schneider Electric · Ecostruxure Process Expert
Name of the Vulnerable Software and Affected Versions: EcoStruxure Process Expert version 2020R2 Description: The issue is related to improper privilege management, affecting two services, one of which manages audit trail data and the other acts as a server managing client requests. This could le...
Schneider Electric EcoStruxure Control Expert、EcoStruxure Process Expert和OPC Factory Server 输入验证错误漏洞
Schneider Electric EcoStruxure Control Expert formerly known as Unity Pro, among others, is a product of Schneider Electric, France.Schneider Electric EcoStruxure Control Expert is a suite of programming software for Schneider Electric logic controller products. Schneider Electric EcoStruxure...
Schneider Electric EcoStruxure Process Expert 安全漏洞
Schneider Electric EcoStruxure Process Expert is a next-generation process automation system for designing, operating, and maintaining entire plants from Schneider Electric, France. A security vulnerability exists in Schneider Electric EcoStruxure Process Expert that stems from the inclusion of a...
CVE-2021-22797
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal vulnerability exists that could cause malicious script to be deployed in an unauthorized location and may result in code execution on the engineering workstation when a malicious project file is loaded in the...
Schneider Electric EcoStruxure Control Expert, EcoStruxure Process Expert, and Modicon M340, M580 and M580 Safety PLCs Improper Enforcement of Message Integrity During Transmission in a Communication Channel (CVE-2023-6408)
CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability exists that could cause a denial of service and loss of confidentiality, integrity of controllers when conducting a Man in the Middle attack. This plugin only works with Tenable.ot...
The vulnerability of the programming tools for programmable logic controllers (PLCs), EcoStruxure Control Expert and EcoStruxure Process Expert, arises from insufficient protection of registration data. This allows a malicious individual to gain unauthorized access to the project file.
The vulnerability of the programming tools for programmable logic controllers PLCs, EcoStruxure Control Expert and EcoStruxure Process Expert, is related to insufficient protection of registration data. Exploiting this vulnerability can allow an intruder to gain unauthorized access to the project...
The vulnerability of the programming tools for PLCs (programmable logic controllers), namely EcoStruxure Control Expert and EcoStruxure Process Expert, arises from the use of strictly encrypted audit data. This vulnerability allows a malicious individual to gain unauthorized access to the project file.
The vulnerability of the programming interfaces for PLCs programmable logic controllers, namely EcoStruxure Control Expert and EcoStruxure Process Expert, lies in the use of strictly encrypted configuration data. Exploiting this vulnerability could allow an intruder to gain unauthorized access to...
PT-2024-1606 · Schneider Electric · M580 Cpu Bmeh +4
Name of the Vulnerable Software and Affected Versions: Schneider Electric Modicon M340 CPU BMXP34, M580 CPU BMEP, M580 CPU BMEH, M580 CPU Safety BMEP58S, M580 CPU Safety BMEH58S versions affected versions not specified EcoStruxure Control Expert versions affected versions not specified EcoStruxur...
PT-2024-2808 · Schneider Electric · Ecostruxure Process Expert +1
Name of the Vulnerable Software and Affected Versions: EcoStruxure Control Expert affected versions not specified EcoStruxure Process Expert affected versions not specified Description: A Use of Hard-coded Credentials issue exists that could cause unauthorized access to a project file protected...