Ecostruxure Control Expert Security Vulnerabilities and Issues — Ecostruxure Control Expert CVE List

Lucene search

Schneider-electricEcostruxure Control Expert

8 matches found

CVE•added 2020/01/06 11:15 p.m.•157 views

CVE-2019-6855

Incorrect Authorization vulnerability exists in EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions), Modicon M340 (all versions prior to V3.20) , and Modicon M580 (all versions prior to V3.10), which could cause a bypass of the authentication process between Ec...

7.5CVSS7.2AI score0.00191EPSS

CVE•added 2020/03/23 7:15 p.m.•63 views

CVE-2020-7475

A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'), reflective DLL, vulnerability exists in EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions), Modicon M340 (all versions prior to V3.20), Modicon M580 (...

9.8CVSS9.2AI score0.00571EPSS

CVE•added 2020/12/11 1:15 a.m.•56 views

CVE-2020-7560

A CWE-123: Write-what-where Condition vulnerability exists in EcoStruxure™ Control Expert (all versions) and Unity Pro (former name of EcoStruxure™ Control Expert) (all versions), that could cause a crash of the software or unexpected code execution when opening a malicious file in EcoStruxure™ Con...

8.6CVSS8.7AI score0.00418EPSS

CVE•added 2020/11/19 10:15 p.m.•53 views

CVE-2020-7559

A CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause a crash of the PLC simulator present in EcoStruxureª Control Expert software when receiving a specia...

7.5CVSS7.4AI score0.00505EPSS

CVE•added 2020/11/19 10:15 p.m.•47 views

CVE-2020-28211

A CWE-863: Incorrect Authorization vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause bypass of authentication when overwriting memory using a debugger.

7.8CVSS7.7AI score0.00055EPSS

CVE•added 2020/11/19 10:15 p.m.•42 views

CVE-2020-7538

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause a crash of the PLC simulator present in EcoStruxureª Control Expert software when receiving a specially crafted reques...

7.5CVSS7.5AI score0.00457EPSS

CVE•added 2020/11/19 10:15 p.m.•41 views

CVE-2020-28212

A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause unauthorized command execution when a brute force attack is done over Modbus.

9.8CVSS9.5AI score0.01398EPSS

CVE•added 2020/11/19 10:15 p.m.•39 views

CVE-2020-28213

A CWE-494: Download of Code Without Integrity Check vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause unauthorized command execution when sending specially crafted requests over Modbus.

8.8CVSS8.8AI score0.00349EPSS