Product:

Somachine

(Schneider\-Electric)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 7
Date Id Summary Products Score Patch Annotated
2020-04-22 CVE-2020-7487 A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists which could allow the attacker to execute malicious code on the Modicon M218, M241, M251, and M258 controllers. Ecostruxure_machine_expert, Modicon_m218_firmware, Modicon_m241_firmware, Modicon_m251_firmware, Modicon_m258_firmware, Somachine, Somachine_motion 9.8
2020-04-22 CVE-2020-7488 A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists which could leak sensitive information transmitted between the software and the Modicon M218, M241, M251, and M258 controllers. Ecostruxure_machine_expert, Modicon_m218_firmware, Modicon_m241_firmware, Modicon_m251_firmware, Modicon_m258_firmware, Somachine, Somachine_motion 7.5
2020-12-11 CVE-2020-28220 A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Modicon M258 Firmware (All versions prior to V5.0.4.11) and SoMachine/SoMachine Motion software (All versions), that could cause a buffer overflow when the length of a file transferred to the webserver is not verified. Modicon_m258_firmware, Somachine, Somachine_motion 6.8
2017-04-06 CVE-2017-7574 Schneider Electric SoMachine Basic 1.4 SP1 and Schneider Electric Modicon TM221CE16R 1.3.3.3 devices have a hardcoded-key vulnerability. The Project Protection feature is used to prevent unauthorized users from opening an XML protected project file, by prompting the user for a password. This XML file is AES-CBC encrypted; however, the key used for encryption (SoMachineBasicSoMachineBasicSoMa) cannot be changed. After decrypting the XML file with this key, the user password can be found in... Modicon_tm221ce16r_firmware, Somachine 9.8
2014-04-01 CVE-2013-0662 Multiple stack-based buffer overflows in ModbusDrv.exe in Schneider Electric Modbus Serial Driver 1.10 through 3.2 allow remote attackers to execute arbitrary code via a large buffer-size value in a Modbus Application Header. Concept, Modbus_serial_driver, Modbuscommdtm_sl, Opc_factory_server, Pl7, Powersuite, Sft2841, Somachine, Somove, Twidosuite, Unity_pro, Unityloader, Somachine N/A
2017-06-07 CVE-2017-7966 A DLL Hijacking vulnerability in the programming software in Schneider Electric's SoMachine HVAC v2.1.0 allows a remote attacker to execute arbitrary code on the targeted system. The vulnerability exists due to the improper loading of a DLL. Somachine 8.8
2015-02-01 CVE-2014-9200 Stack-based buffer overflow in an unspecified DLL file in a DTM development kit in Schneider Electric Unity Pro, SoMachine, SoMove, SoMove Lite, Modbus Communication Library 2.2.6 and earlier, CANopen Communication Library 1.0.2 and earlier, EtherNet/IP Communication Library 1.0.0 and earlier, EM X80 Gateway DTM (MB TCP/SL), Advantys DTM for OTB, Advantys DTM for STB, KINOS DTM, SOLO DTM, and Xantrex DTMs allows remote attackers to execute arbitrary code via unspecified vectors. Somachine, Somove, Somove_lite, Unity_pro N/A