Schneider-electric Ecostruxure_control_expert
26 CVEs affecting Schneider-electric Ecostruxure_control_expert. Latest disclosed: 2024-02-14. Critical: 5, High: 15.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-37300 | Critical | 9.8 | 2022-09-12 | A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could cause unauthorized access in read and write mode to the cont… |
CVE-2022-26507 | Critical | 9.8 | 2022-04-14 | A heap-based buffer overflow exists in XML Decompression DecodeTreeBlock in AT&T Labs Xmill 0.7. A crafted input file can lead to remote code execution. This i… |
CVE-2020-28212 | Critical | 9.8 | 2020-11-19 | A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all… |
CVE-2020-7475 | Critical | 9.8 | 2020-03-23 | A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'), reflective DLL, vulnerability exists in EcoStruxu… |
CVE-2021-22779 | Critical | 9.1 | 2021-07-14 | Authentication Bypass by Spoofing vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), Ec… |
CVE-2023-27976 | High | 8.8 | 2023-04-18 | A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that could cause remote code execution when a valid user visits a malicious link provided… |
CVE-2020-28213 | High | 8.8 | 2020-11-19 | A CWE-494: Download of Code Without Integrity Check vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that co… |
CVE-2020-7560 | High | 8.6 | 2020-12-11 | A CWE-123: Write-what-where Condition vulnerability exists in EcoStruxure™ Control Expert (all versions) and Unity Pro (former name of EcoStruxure™ Control Exp… |
CVE-2023-6408 | High | 8.1 | 2024-02-14 | CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability exists that could cause a denial of service an… |
CVE-2022-45789 | High | 8.1 | 2023-01-31 | A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause execution of unauthorized Modbus functions on the controller when hija… |
CVE-2021-22797 | High | 7.8 | 2022-04-13 | A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal) vulnerability exists that could cause malicious script to be deployed i… |
CVE-2020-28211 | High | 7.8 | 2020-11-19 | A CWE-863: Incorrect Authorization vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause bypass… |
CVE-2023-6409 | High | 7.7 | 2024-02-14 | CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause unauthorized access to a project file protected with application password when op… |
CVE-2022-45788 | High | 7.5 | 2023-01-30 | A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause arbitrary code execution, denial of service and loss of c… |
CVE-2020-7559 | High | 7.5 | 2020-11-19 | A CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Uni… |
CVE-2020-7538 | High | 7.5 | 2020-11-19 | A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versi… |
CVE-2019-6855 | High | 7.3 | 2020-01-06 | Incorrect Authorization vulnerability exists in EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions), Modicon M340 (all ve… |
CVE-2023-27975 | High | 7.1 | 2024-02-14 | CWE-522: Insufficiently Protected Credentials vulnerability exists that could cause unauthorized access to the project file in EcoStruxure Control Expert when… |
CVE-2021-22780 | High | 7.1 | 2021-07-14 | Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro)… |
CVE-2021-22778 | High | 7.1 | 2021-07-14 | Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro)… |