Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Ecostruxure_control_expert
(Schneider\-Electric)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 26 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-02-14 | CVE-2023-6408 | CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability exists that could cause a denial of service and loss of confidentiality, integrity of controllers when conducting a Man in the Middle attack. | Ecostruxure_control_expert, Ecostruxure_process_expert, Modicon_m340_bmxp341000_firmware, Modicon_m340_bmxp341000h_firmware, Modicon_m340_bmxp342000_firmware, Modicon_m340_bmxp3420102_firmware, Modicon_m340_bmxp3420102cl_firmware, Modicon_m340_bmxp342010_firmware, Modicon_m340_bmxp342020_firmware, Modicon_m340_bmxp342020h_firmware, Modicon_m340_bmxp3420302_firmware, Modicon_m340_bmxp3420302cl_firmware, Modicon_m340_bmxp3420302h_firmware, Modicon_m340_bmxp342030_firmware, Modicon_m340_bmxp342030h_firmware, Modicon_m580_bmeh582040_firmware, Modicon_m580_bmeh582040c_firmware, Modicon_m580_bmeh582040s_firmware, Modicon_m580_bmeh584040_firmware, Modicon_m580_bmeh584040c_firmware, Modicon_m580_bmeh584040s_firmware, Modicon_m580_bmeh586040_firmware, Modicon_m580_bmeh586040c_firmware, Modicon_m580_bmeh586040s_firmware, Modicon_m580_bmep581020_firmware, Modicon_m580_bmep581020h_firmware, Modicon_m580_bmep582020_firmware, Modicon_m580_bmep582020h_firmware, Modicon_m580_bmep582040_firmware, Modicon_m580_bmep582040h_firmware, Modicon_m580_bmep582040s_firmware, Modicon_m580_bmep583020_firmware, Modicon_m580_bmep583040_firmware, Modicon_m580_bmep584020_firmware, Modicon_m580_bmep584040_firmware, Modicon_m580_bmep584040s_firmware, Modicon_m580_bmep585040_firmware, Modicon_m580_bmep585040c_firmware, Modicon_m580_bmep586040_firmware, Modicon_m580_bmep586040c_firmware, Modicon_mc80_bmkc8020301_firmware, Modicon_mc80_bmkc8020310_firmware, Modicon_mc80_bmkc8030311, Modicon_momentum_171cbu78090_firmware, Modicon_momentum_171cbu98090_firmware, Modicon_momentum_171cbu98091_firmware | 8.1 | ||
| 2024-02-14 | CVE-2023-27975 | CWE-522: Insufficiently Protected Credentials vulnerability exists that could cause unauthorized access to the project file in EcoStruxure Control Expert when a local user tampers with the memory of the engineering workstation. | Ecostruxure_control_expert, Ecostruxure_process_expert | 7.1 | ||
| 2024-02-14 | CVE-2023-6409 | CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause unauthorized access to a project file protected with application password when opening the file with EcoStruxure Control Expert. | Ecostruxure_control_expert, Ecostruxure_process_expert | 7.7 | ||
| 2020-03-23 | CVE-2020-7475 | A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'), reflective DLL, vulnerability exists in EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions), Modicon M340 (all versions prior to V3.20), Modicon M580 (all versions prior to V3.10), which, if exploited, could allow attackers to transfer malicious code to the controller. | Ecostruxure_control_expert, Modicon_m340_firmware, Modicon_m580_firmware, Unity_pro | 9.8 | ||
| 2020-11-19 | CVE-2020-28211 | A CWE-863: Incorrect Authorization vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause bypass of authentication when overwriting memory using a debugger. | Ecostruxure_control_expert | 7.8 | ||
| 2020-11-19 | CVE-2020-28212 | A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause unauthorized command execution when a brute force attack is done over Modbus. | Ecostruxure_control_expert | 9.8 |