Ecostruxure_process_expert - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Ecostruxure_process_expert
(Schneider\-Electric)

Repositories	Unknown: This might be proprietary software.
#Vulnerabilities	14

Date	Id	Summary	Products	Score	Patch	Annotated
2024-02-14	CVE-2023-6408	CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability exists that could cause a denial of service and loss of confidentiality, integrity of controllers when conducting a Man in the Middle attack.	Ecostruxure_control_expert, Ecostruxure_process_expert, Modicon_m340_bmxp341000_firmware, Modicon_m340_bmxp341000h_firmware, Modicon_m340_bmxp342000_firmware, Modicon_m340_bmxp3420102_firmware, Modicon_m340_bmxp3420102cl_firmware, Modicon_m340_bmxp342010_firmware, Modicon_m340_bmxp342020_firmware, Modicon_m340_bmxp342020h_firmware, Modicon_m340_bmxp3420302_firmware, Modicon_m340_bmxp3420302cl_firmware, Modicon_m340_bmxp3420302h_firmware, Modicon_m340_bmxp342030_firmware, Modicon_m340_bmxp342030h_firmware, Modicon_m580_bmeh582040_firmware, Modicon_m580_bmeh582040c_firmware, Modicon_m580_bmeh582040s_firmware, Modicon_m580_bmeh584040_firmware, Modicon_m580_bmeh584040c_firmware, Modicon_m580_bmeh584040s_firmware, Modicon_m580_bmeh586040_firmware, Modicon_m580_bmeh586040c_firmware, Modicon_m580_bmeh586040s_firmware, Modicon_m580_bmep581020_firmware, Modicon_m580_bmep581020h_firmware, Modicon_m580_bmep582020_firmware, Modicon_m580_bmep582020h_firmware, Modicon_m580_bmep582040_firmware, Modicon_m580_bmep582040h_firmware, Modicon_m580_bmep582040s_firmware, Modicon_m580_bmep583020_firmware, Modicon_m580_bmep583040_firmware, Modicon_m580_bmep584020_firmware, Modicon_m580_bmep584040_firmware, Modicon_m580_bmep584040s_firmware, Modicon_m580_bmep585040_firmware, Modicon_m580_bmep585040c_firmware, Modicon_m580_bmep586040_firmware, Modicon_m580_bmep586040c_firmware, Modicon_mc80_bmkc8020301_firmware, Modicon_mc80_bmkc8020310_firmware, Modicon_mc80_bmkc8030311, Modicon_momentum_171cbu78090_firmware, Modicon_momentum_171cbu98090_firmware, Modicon_momentum_171cbu98091_firmware	8.1
2024-02-14	CVE-2023-27975	CWE-522: Insufficiently Protected Credentials vulnerability exists that could cause unauthorized access to the project file in EcoStruxure Control Expert when a local user tampers with the memory of the engineering workstation.	Ecostruxure_control_expert, Ecostruxure_process_expert	7.1
2024-02-14	CVE-2023-6409	CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause unauthorized access to a project file protected with application password when opening the file with EcoStruxure Control Expert.	Ecostruxure_control_expert, Ecostruxure_process_expert	7.7
2021-07-14	CVE-2021-22778	Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all versions, that could cause protected derived function blocks to be read or modified by unauthorized users when accessing a project file.	Ecostruxure_control_expert, Ecostruxure_process_expert, Remoteconnect	7.1