Schneider-electric

Ecostruxure Control Expert

26 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.3

CVE-2021-22797

  • EPSS 0.45%
  • Veröffentlicht 13.04.2022 16:15:09
  • Zuletzt bearbeitet 21.11.2024 05:50:41

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal) vulnerability exists that could cause malicious script to be deployed in an unauthorized location and may result in code execution on the engineering workstation ...

5.9

CVE-2022-24322

  • EPSS 0.22%
  • Veröffentlicht 09.03.2022 23:15:07
  • Zuletzt bearbeitet 21.11.2024 06:50:10

A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause a disruption of communication between the Modicon controller and the engineering software when an attacker is able to intercept a...

5.9

CVE-2022-24323

  • EPSS 0.22%
  • Veröffentlicht 09.03.2022 23:15:07
  • Zuletzt bearbeitet 21.11.2024 06:50:10

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause a disruption of communication between the Modicon controller and the engineering software, when an attacker is able to intercept and manipulate spec...

5.5

CVE-2021-22782

  • EPSS 0.02%
  • Veröffentlicht 14.07.2021 15:15:08
  • Zuletzt bearbeitet 21.11.2024 05:50:39

Missing Encryption of Sensitive Data vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS...

5.5

CVE-2021-22781

  • EPSS 0.05%
  • Veröffentlicht 14.07.2021 15:15:08
  • Zuletzt bearbeitet 21.11.2024 05:50:39

Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS...

7.1

CVE-2021-22780

  • EPSS 0.05%
  • Veröffentlicht 14.07.2021 15:15:08
  • Zuletzt bearbeitet 21.11.2024 05:50:39

Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS...

9.1

CVE-2021-22779

  • EPSS 0.12%
  • Veröffentlicht 14.07.2021 15:15:08
  • Zuletzt bearbeitet 21.11.2024 05:50:38

Authentication Bypass by Spoofing vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Control Expert V15.0 SP1, EcoStruxure Process Expert (all versions, including all...

7.1

CVE-2021-22778

  • EPSS 0.05%
  • Veröffentlicht 14.07.2021 15:15:08
  • Zuletzt bearbeitet 21.11.2024 05:50:38

Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS...

8.6

CVE-2020-7560

  • EPSS 0.42%
  • Veröffentlicht 11.12.2020 01:15:12
  • Zuletzt bearbeitet 21.11.2024 05:37:22

A CWE-123: Write-what-where Condition vulnerability exists in EcoStruxure™ Control Expert (all versions) and Unity Pro (former name of EcoStruxure™ Control Expert) (all versions), that could cause a crash of the software or unexpected code execution ...

7.5

CVE-2020-7559

Exploit
  • EPSS 0.51%
  • Veröffentlicht 19.11.2020 22:15:14
  • Zuletzt bearbeitet 21.11.2024 05:37:22

A CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause a crash of the PLC simulator present in EcoStruxure...