Product:

Ecostruxure_control_expert

(Schneider\-Electric)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 25
Date Id Summary Products Score Patch Annotated
2024-02-14 CVE-2023-27975 CWE-522: Insufficiently Protected Credentials vulnerability exists that could cause unauthorized access to the project file in EcoStruxure Control Expert when a local user tampers with the memory of the engineering workstation. Ecostruxure_control_expert, Ecostruxure_process_expert 7.1
2024-02-14 CVE-2023-6409 CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause unauthorized access to a project file protected with application password when opening the file with EcoStruxure Control Expert. Ecostruxure_control_expert, Ecostruxure_process_expert 7.7
2020-03-23 CVE-2020-7475 A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'), reflective DLL, vulnerability exists in EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions), Modicon M340 (all versions prior to V3.20), Modicon M580 (all versions prior to V3.10), which, if exploited, could allow attackers to transfer malicious code to the controller. Ecostruxure_control_expert, Modicon_m340_firmware, Modicon_m580_firmware, Unity_pro 9.8
2020-11-19 CVE-2020-28211 A CWE-863: Incorrect Authorization vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause bypass of authentication when overwriting memory using a debugger. Ecostruxure_control_expert 7.8
2020-11-19 CVE-2020-28212 A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause unauthorized command execution when a brute force attack is done over Modbus. Ecostruxure_control_expert 9.8
2020-11-19 CVE-2020-28213 A CWE-494: Download of Code Without Integrity Check vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause unauthorized command execution when sending specially crafted requests over Modbus. Ecostruxure_control_expert 8.8
2020-11-19 CVE-2020-7538 A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause a crash of the PLC simulator present in EcoStruxureª Control Expert software when receiving a specially crafted request over Modbus. Ecostruxure_control_expert 7.5
2020-11-19 CVE-2020-7559 A CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause a crash of the PLC simulator present in EcoStruxureª Control Expert software when receiving a specially crafted request over Modbus. Ecostruxure_control_expert 7.5
2020-12-11 CVE-2020-7560 A CWE-123: Write-what-where Condition vulnerability exists in EcoStruxure™ Control Expert (all versions) and Unity Pro (former name of EcoStruxure™ Control Expert) (all versions), that could cause a crash of the software or unexpected code execution when opening a malicious file in EcoStruxure™ Control Expert software. Ecostruxure_control_expert, Unity_pro 8.6
2021-07-14 CVE-2021-22778 Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all versions, that could cause protected derived function blocks to be read or modified by unauthorized users when accessing a project file. Ecostruxure_control_expert, Ecostruxure_process_expert, Remoteconnect 7.1