Ecostruxure Control Expert Security Vulnerabilities and Issues — Ecostruxure Control Expert CVE List

Lucene search

Schneider-electricEcostruxure Control Expert

5 matches found

CVE•added 2020/11/19 10:15 p.m.•53 views

CVE-2020-7559

A CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause a crash of the PLC simulator present in EcoStruxureª Control Expert software when receiving a specia...

7.5CVSS7.4AI score0.00505EPSS

CVE•added 2020/11/19 10:15 p.m.•47 views

CVE-2020-28211

A CWE-863: Incorrect Authorization vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause bypass of authentication when overwriting memory using a debugger.

7.8CVSS7.7AI score0.00055EPSS

CVE•added 2020/11/19 10:15 p.m.•42 views

CVE-2020-7538

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause a crash of the PLC simulator present in EcoStruxureª Control Expert software when receiving a specially crafted reques...

7.5CVSS7.5AI score0.00457EPSS

CVE•added 2020/11/19 10:15 p.m.•41 views

CVE-2020-28212

A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause unauthorized command execution when a brute force attack is done over Modbus.

9.8CVSS9.5AI score0.01398EPSS

CVE•added 2020/11/19 10:15 p.m.•39 views

CVE-2020-28213

A CWE-494: Download of Code Without Integrity Check vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause unauthorized command execution when sending specially crafted requests over Modbus.

8.8CVSS8.8AI score0.00349EPSS