Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
schneider-electric ecostruxure control expert vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2022-24323
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause a disruption of communication between the Modicon controller and the engineering software, when an attacker is able to intercept and manipulate specific Modbus response data. Aff...
Schneider-electric Ecostruxure Control Expert
Schneider-electric Ecostruxure Control Expert 15.0
Schneider-electric Ecostruxure Process Expert
320
VMScore
CVE-2021-22778
Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect...
Schneider-electric Ecostruxure Control Expert
Schneider-electric Ecostruxure Control Expert 15.0
Schneider-electric Ecostruxure Process Expert
Schneider-electric Remoteconnect
187
VMScore
CVE-2021-22781
Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect...
Schneider-electric Ecostruxure Control Expert
Schneider-electric Ecostruxure Control Expert 15.0
Schneider-electric Ecostruxure Process Expert
Schneider-electric Remoteconnect
187
VMScore
CVE-2021-22782
Missing Encryption of Sensitive Data vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect...
Schneider-electric Ecostruxure Control Expert
Schneider-electric Ecostruxure Control Expert 15.0
Schneider-electric Ecostruxure Process Expert
Schneider-electric Remoteconnect
320
VMScore
CVE-2021-22780
Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect...
Schneider-electric Ecostruxure Control Expert
Schneider-electric Ecostruxure Control Expert 15.0
Schneider-electric Ecostruxure Process Expert
Schneider-electric Remoteconnect
NA
CVE-2022-37302
A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause a crash of the Control Expert software when an incorrect project file is opened. Affected Products: EcoStruxure Control Expert(V15.1 HF001 and prior).
Schneider-electric Ecostruxure Control Expert
Schneider-electric Ecostruxure Control Expert 15.1
383
VMScore
CVE-2022-24322
A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause a disruption of communication between the Modicon controller and the engineering software when an attacker is able to intercept and manipulate specific Modbus ...
Schneider-electric Ecostruxure Control Expert
Schneider-electric Ecostruxure Control Expert 15.0
668
VMScore
CVE-2022-26507
A heap-based buffer overflow exists in XML Decompression DecodeTreeBlock in AT&T Labs Xmill 0.7. A crafted input file can lead to remote code execution. This is not the same as any of: CVE-2021-21810, CVE-2021-21811, CVE-2021-21812, CVE-2021-21815, CVE-2021-21825, CVE-2021-21...
Att Xmill 0.7
Schneider-electric Ecostruxure Process Expert
Schneider-electric Ecostruxure Control Expert
Schneider-electric Ecostruxure Control Expert 15.1
Schneider-electric Remoteconnect -
828
VMScore
CVE-2021-22797
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal) vulnerability exists that could cause malicious script to be deployed in an unauthorized location and may result in code execution on the engineering workstation when a malicious project ...
Schneider-electric Ecostruxure Control Expert
Schneider-electric Ecostruxure Process Expert
Schneider-electric Remoteconnect -
NA
CVE-2023-1548
A CWE-269: Improper Privilege Management vulnerability exists that could cause a local user to perform a denial of service through the console server service that is part of EcoStruxure Control Expert. Affected Products: EcoStruxure Control Expert (V15.1 and above)
Schneider-electric Ecostruxure Control Expert
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
XXE
CVE-2024-34490
SQL injection
CVE-2024-34488
CVE-2024-4507
CVE-2023-7028
CVE-2024-23187
TCP
CVE-2024-4439
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »