Ecostruxure Control Expert Security Vulnerabilities - 2023
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause arbitrary code execution, denial of service and loss of confidentiality & integrity when a malicious project file is loaded onto the controller. Affected Products: EcoStruxure Control Expert (All V...
9.8CVSS
9.5AI Score
0.002EPSS
A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause execution of unauthorized Modbus functions on the controller when hijacking an authenticated Modbus session. Affected Products: EcoStruxure Control Expert (All Versions), EcoStruxure Process Expert (All Version...
9.8CVSS
9.3AI Score
0.003EPSS
A CWE-269: Improper Privilege Management vulnerability exists that could cause a local user toperform a denial of service through the console server service that is part of EcoStruxure Control Expert. Affected Products: EcoStruxure Control Expert (V15.1 and above)
5.5CVSS
5.4AI Score
0.0004EPSS
A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that could causeremote code execution when a valid user visits a malicious link provided through the webendpoints. Affected Products: EcoStruxure Control Expert (V15.1 and above)
8.8CVSS
8.8AI Score
0.003EPSS