Schneider-electric Ecostruxure_control_expert

26 CVEs affecting Schneider-electric Ecostruxure_control_expert. Latest disclosed: 2024-02-14. Critical: 5, High: 15.

Top CVEs affecting Schneider-electric Ecostruxure_control_expert
CVESeverityScorePublishedSummary
CVE-2022-37300Critical9.82022-09-12A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could cause unauthorized access in read and write mode to the cont…
CVE-2022-26507Critical9.82022-04-14A heap-based buffer overflow exists in XML Decompression DecodeTreeBlock in AT&T Labs Xmill 0.7. A crafted input file can lead to remote code execution. This i…
CVE-2020-28212Critical9.82020-11-19A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all…
CVE-2020-7475Critical9.82020-03-23A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'), reflective DLL, vulnerability exists in EcoStruxu…
CVE-2021-22779Critical9.12021-07-14Authentication Bypass by Spoofing vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), Ec…
CVE-2023-27976High8.82023-04-18 A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that could cause remote code execution when a valid user visits a malicious link provided…
CVE-2020-28213High8.82020-11-19A CWE-494: Download of Code Without Integrity Check vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that co…
CVE-2020-7560High8.62020-12-11A CWE-123: Write-what-where Condition vulnerability exists in EcoStruxure™ Control Expert (all versions) and Unity Pro (former name of EcoStruxure™ Control Exp…
CVE-2023-6408High8.12024-02-14 CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability exists that could cause a denial of service an…
CVE-2022-45789High8.12023-01-31A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause execution of unauthorized Modbus functions on the controller when hija…
CVE-2021-22797High7.82022-04-13A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal) vulnerability exists that could cause malicious script to be deployed i…
CVE-2020-28211High7.82020-11-19A CWE-863: Incorrect Authorization vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause bypass…
CVE-2023-6409High7.72024-02-14 CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause unauthorized access to a project file protected with application password when op…
CVE-2022-45788High7.52023-01-30A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause arbitrary code execution, denial of service and loss of c…
CVE-2020-7559High7.52020-11-19A CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Uni…
CVE-2020-7538High7.52020-11-19A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versi…
CVE-2019-6855High7.32020-01-06Incorrect Authorization vulnerability exists in EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions), Modicon M340 (all ve…
CVE-2023-27975High7.12024-02-14 CWE-522: Insufficiently Protected Credentials vulnerability exists that could cause unauthorized access to the project file in EcoStruxure Control Expert when…
CVE-2021-22780High7.12021-07-14Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro)…
CVE-2021-22778High7.12021-07-14Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro)…