Ecostruxure Control Expert Security Vulnerabilities - CVSS Score 5 - 6
Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all versi...
5.5CVSS
5.5AI Score
0.0005EPSS
Missing Encryption of Sensitive Data vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all versi...
5.5CVSS
5.3AI Score
0.0005EPSS
A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause a disruption of communication between the Modicon controller and the engineering software when an attacker is able to intercept and manipulate specific Modbus response data. Affe...
5.9CVSS
5.7AI Score
0.001EPSS
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause a disruption of communication between the Modicon controller and the engineering software, when an attacker is able to intercept and manipulate specific Modbus response data. Affected Product: EcoS...
5.9CVSS
5.7AI Score
0.001EPSS
A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause a crash of the Control Expert software when an incorrect project file is opened. Affected Products: EcoStruxure Control Expert(V15.1 HF001 and prior).
5.5CVSS
5.5AI Score
0.001EPSS
A CWE-269: Improper Privilege Management vulnerability exists that could cause a local user toperform a denial of service through the console server service that is part of EcoStruxure Control Expert. Affected Products: EcoStruxure Control Expert (V15.1 and above)
5.5CVSS
5.4AI Score
0.0004EPSS