Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

schneider-electric ecostruxure process expert vulnerabilities and exploits

(subscribe to this query)
4.3
CVSSv2
CVE-2022-24323
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause a disruption of communication between the Modicon controller and the engineering software, when an attacker is able to intercept and manipulate specific Modbus response data. Aff...
Schneider-electric Ecostruxure Control ExpertSchneider-electric Ecostruxure Control Expert 15.0Schneider-electric Ecostruxure Process Expert
3.6
CVSSv2
CVE-2021-22780
Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect...
Schneider-electric Ecostruxure Control ExpertSchneider-electric Ecostruxure Control Expert 15.0Schneider-electric Ecostruxure Process ExpertSchneider-electric Remoteconnect
2.1
CVSSv2
CVE-2021-22782
Missing Encryption of Sensitive Data vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect...
Schneider-electric Ecostruxure Control ExpertSchneider-electric Ecostruxure Control Expert 15.0Schneider-electric Ecostruxure Process ExpertSchneider-electric Remoteconnect
3.6
CVSSv2
CVE-2021-22778
Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect...
Schneider-electric Ecostruxure Control ExpertSchneider-electric Ecostruxure Control Expert 15.0Schneider-electric Ecostruxure Process ExpertSchneider-electric Remoteconnect
2.1
CVSSv2
CVE-2021-22781
Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect...
Schneider-electric Ecostruxure Control ExpertSchneider-electric Ecostruxure Control Expert 15.0Schneider-electric Ecostruxure Process ExpertSchneider-electric Remoteconnect
9.3
CVSSv2
CVE-2021-22797
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal) vulnerability exists that could cause malicious script to be deployed in an unauthorized location and may result in code execution on the engineering workstation when a malicious project ...
Schneider-electric Ecostruxure Control ExpertSchneider-electric Ecostruxure Process ExpertSchneider-electric Remoteconnect -
7.5
CVSSv2
CVE-2022-26507
A heap-based buffer overflow exists in XML Decompression DecodeTreeBlock in AT&T Labs Xmill 0.7. A crafted input file can lead to remote code execution. This is not the same as any of: CVE-2021-21810, CVE-2021-21811, CVE-2021-21812, CVE-2021-21815, CVE-2021-21825, CVE-2021-21...
Att Xmill 0.7Schneider-electric Ecostruxure Process ExpertSchneider-electric Ecostruxure Control ExpertSchneider-electric Ecostruxure Control Expert 15.1Schneider-electric Remoteconnect -
NA
CVE-2023-1049
A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause execution of malicious code when an unsuspicious user loads a project file from the local filesystem into the HMI.
Schneider-electric Ecostruxure Operator Terminal Expert 3.3Schneider-electric Ecostruxure Operator Terminal ExpertSchneider-electric Pro-face Blue 3.3Schneider-electric Pro-face Blue
6.4
CVSSv2
CVE-2021-22779
Authentication Bypass by Spoofing vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Control Expert V15.0 SP1, EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybri...
Schneider-electric Ecostruxure Control ExpertSchneider-electric Ecostruxure Control Expert 15.0Schneider-electric Ecostruxure Process ExpertSchneider-electric RemoteconnectSchneider-electric Modicon M580 Bmep581020 FirmwareSchneider-electric Modicon M580 Bmep581020h FirmwareSchneider-electric Modicon M580 Bmep582020 FirmwareSchneider-electric Modicon M580 Bmep582020h FirmwareSchneider-electric Modicon M580 Bmep582040 FirmwareSchneider-electric Modicon M580 Bmep582040h FirmwareSchneider-electric Modicon M580 Bmep582040s FirmwareSchneider-electric Modicon M580 Bmep583020 FirmwareSchneider-electric Modicon M580 Bmep583040 FirmwareSchneider-electric Modicon M580 Bmep584020 FirmwareSchneider-electric Modicon M580 Bmep584040 FirmwareSchneider-electric Modicon M580 Bmep584040s FirmwareSchneider-electric Modicon M580 Bmep585040 FirmwareSchneider-electric Modicon M580 Bmep585040c FirmwareSchneider-electric Modicon M580 Bmep586040 FirmwareSchneider-electric Modicon M580 Bmep586040c FirmwareSchneider-electric Modicon M580 Bmeh582040 FirmwareSchneider-electric Modicon M580 Bmeh582040c Firmware
7.5
CVSSv2
CVE-2019-6855
Incorrect Authorization vulnerability exists in EcoStruxure Control Expert (all versions before 14.1 Hot Fix), Unity Pro (all versions), Modicon M340 (all versions prior to V3.20) , and Modicon M580 (all versions prior to V3.10), which could cause a bypass of the authentication p...
Schneider-electric Unity ProSchneider-electric Ecostruxure Control ExpertSchneider-electric Ecostruxure Control Expert 14.1Schneider-electric Modicon M580 Bmep584040 FirmwareSchneider-electric Modicon M580 Bmeh584040 FirmwareSchneider-electric Modicon M580 Bmep586040 FirmwareSchneider-electric Modicon M580 Bmeh586040 FirmwareSchneider-electric Modicon M580 Bmep581020 FirmwareSchneider-electric Modicon M580 Bmep582020 FirmwareSchneider-electric Modicon M580 Bmep582040 FirmwareSchneider-electric Modicon M580 Bmep583020 FirmwareSchneider-electric Modicon M580 Bmep583040 FirmwareSchneider-electric Modicon M580 Bmep584020 FirmwareSchneider-electric Modicon M580 Bmep585040 FirmwareSchneider-electric Modicon M580 Bmeh582040 FirmwareSchneider-electric Modicon M580 Bmep584040s FirmwareSchneider-electric Modicon M580 Bmeh584040s FirmwareSchneider-electric Modicon M580 Bmeh586040s FirmwareSchneider-electric Modicon M580 Bmep582040s FirmwareSchneider-electric Modicon M340 Bmxp3420302 FirmwareSchneider-electric Modicon M340 Bmxp342020 FirmwareSchneider-electric Modicon M340 Bmxp342000 Firmware
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2021-35000CVE-2024-4439unauthorizedCVE-2024-0042CVE-2024-31848CVE-2023-40694cache poisoningCVE-2024-23707firmware
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook