CVE-2020-28211

A CWE-863: Incorrect Authorization vulnerability exists in PLC Simulator on EcoStruxureª Control Expert now Unity Pro all versions that could cause bypass of authentication when overwriting memory using a debugger...

CVE-2020-28213

A CWE-494: Download of Code Without Integrity Check vulnerability exists in PLC Simulator on EcoStruxureª Control Expert now Unity Pro all versions that could cause unauthorized command execution when sending specially crafted requests over Modbus...

Authentication flaw

A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists in PLC Simulator on EcoStruxureª Control Expert now Unity Pro all versions that could cause unauthorized command execution when a brute force attack is done over Modbus...

Design/Logic Flaw

A CWE-494: Download of Code Without Integrity Check vulnerability exists in PLC Simulator on EcoStruxureª Control Expert now Unity Pro all versions that could cause unauthorized command execution when sending specially crafted requests over Modbus...

Design/Logic Flaw

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in PLC Simulator on EcoStruxureª Control Expert now Unity Pro all versions that could cause a crash of the PLC simulator present in EcoStruxureª Control Expert software when receiving a specially crafted request...

Buffer overflow

A CWE-120: Buffer Copy without Checking Size of Input 'Classic Buffer Overflow' vulnerability exists in PLC Simulator on EcoStruxureª Control Expert now Unity Pro all versions that could cause a crash of the PLC simulator present in EcoStruxureª Control Expert software when receiving a specially...

CVE-2020-7559

Schneider Electric EcoStruxure Control Expert PLC Simulator Modbus processing vulnerability (CVE-2020-7559) is a stack-based buffer overflow in the Modbus message handling path. In the TALOS report, a large Modbus request can be written into a stack buffer of 0x8000 bytes via memcpy without lengt...

CVE-2020-7559

A CWE-120: Buffer Copy without Checking Size of Input 'Classic Buffer Overflow' vulnerability exists in PLC Simulator on EcoStruxureª Control Expert now Unity Pro all versions that could cause a crash of the PLC simulator present in EcoStruxureª Control Expert software when receiving a specially...

CVE-2020-7538

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in PLC Simulator on EcoStruxureª Control Expert now Unity Pro all versions that could cause a crash of the PLC simulator present in EcoStruxureª Control Expert software when receiving a specially crafted request...

CVE-2020-7538

CVE-2020-7538 affects the PLC Simulator for EcoStruxure Control Expert (Unity Pro) across all versions. The flaw is CWE-754: Improper Check for Unusual or Exceptional Conditions, which could crash the PLC simulator when it receives a specially crafted Modbus request. Affected: PLC Simulator for E...

CVE-2020-28213

A CWE-494: Download of Code Without Integrity Check vulnerability exists in PLC Simulator on EcoStruxureª Control Expert now Unity Pro all versions that could cause unauthorized command execution when sending specially crafted requests over Modbus...

CVE-2020-28213

Across multiple sources, CVE-2020-28213 affects Schneider Electric EcoStruxure Control Expert (Unity Pro) PLC Simulator, with the flaw lying in downloading code without integrity checking via Modbus. The vulnerability allows unauthorized command execution on all versions, as reported in CVE recor...

CVE-2020-28212

CVE-2020-28212 describes an authentication- bypass risk in EcoStruxure Control Expert PLC Simulator (Unity Pro) via brute-forcing Modbus sessions. Root cause: CWE-307 improper restriction of excessive authentication attempts, enabling a remote attacker to gain unauthorized command execution with ...

CVE-2020-28212

A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists in PLC Simulator on EcoStruxureª Control Expert now Unity Pro all versions that could cause unauthorized command execution when a brute force attack is done over Modbus...

CVE-2020-28211

A CWE-863: Incorrect Authorization vulnerability exists in PLC Simulator on EcoStruxureª Control Expert now Unity Pro all versions that could cause bypass of authentication when overwriting memory using a debugger...

Schneider Electric EcoStruxure Control Expert 授权问题漏洞

EcoStruxure Control Expert is the universal programming, debugging and operating software for the Modicon M340, M580, M580S, Premium, Momentum and Quantum series. A security vulnerability exists in PLC Simulator in EcoStruxure Control Expert. The vulnerability can be exploited by an attacker to...

Schneider Electric Unity Pro 安全漏洞

Schneider Electric EcoStruxure Control Expert is the universal programming, commissioning and operating software for the Modicon M340, M580, M580S, Premium, Momentum and Quantum series. A command execution vulnerability exists in Schneider Electric EcoStruxure Control Expert. The vulnerability...

Schneider Electric EcoStruxure Control Expert Security Vulnerability

Schneider Electric EcoStruxure Control Expert formerly known as Unity Pro is a suite of programming software for Schneider Electric logic controller products from Schneider Electric, France. A security vulnerability exists in EcoStruxure Control Expert that stems from a specially crafted request...

Schneider Electric EcoStruxure Control Expert 权限许可和访问控制问题漏洞

Schneider Electric EcoStruxure Control Expert is the universal programming, commissioning and operating software for the Modicon M340, M580, M580S, Premium, Momentum and Quantum series. An incorrect authorization vulnerability exists in PLC Simulator in Schneider Electric EcoStruxure Control...

Vulnerability fixed in EcoStruxure Control Expert

A vulnerability has been fixed that could cause a crash of the PLC simulator in EcoStruxure Control Expert software when a specially crafted request is received via Modbus. Schneider Electric has made available a firmware update that fixes the vulnerability. For more information, see:...