EcoStruxure Process Expert

CVEs (8)

CVE	Vendor / Product	CVSS	EPSS	Published	Description
CVE-2023-27975	Schneider Electric EcoStruxure Control Expert	—	0.00	Feb 14, 2024	CWE-522: Insufficiently Protected Credentials vulnerability exists that could cause unauthorized access to the project file in EcoStruxure Control Expert when a local user tampers with the memory of the engineering workstation.
CVE-2023-6408	Schneider Electric EcoStruxure Control Expert	—	0.00	Feb 14, 2024	CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability exists that could cause a denial of service and loss of confidentiality, integrity of controllers when conducting a Man in the Middle attack.
CVE-2023-6409	Schneider Electric EcoStruxure Control Expert	—	0.00	Feb 14, 2024	CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause unauthorized access to a project file protected with application password when opening the file with EcoStruxure Control Expert.
CVE-2022-45789	Schneider Electric Modicon M340 CPUs	—	0.00	Jan 31, 2023	A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause execution of unauthorized Modbus functions on the controller when hijacking an authenticated Modbus session. Affected Products: EcoStruxure Control Expert (All Versions), EcoStruxure Process…
CVE-2022-45788	Schneider Electric Modicon M340 CPUs	—	0.00	Jan 30, 2023	A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause arbitrary code execution, denial of service and loss of confidentiality & integrity when a malicious project file is loaded onto the controller. Affected Products: EcoStruxure…
CVE-2022-37300	Schneider Electric Modicon M340	—	0.01	Sep 12, 2022	A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could cause unauthorized access in read and write mode to the controller when communicating over Modbus. Affected Products: EcoStruxure Control Expert Including all Unity Pro versions…
CVE-2021-22797	Schneider Electric EcoStruxure Control Expert	—	0.01	Mar 28, 2022	A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal) vulnerability exists that could cause malicious script to be deployed in an unauthorized location and may result in code execution on the engineering workstation when a malicious project file…
CVE-2022-24323	Schneider Electric EcoStruxure Control Expert	—	0.00	Mar 9, 2022	A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause a disruption of communication between the Modicon controller and the engineering software, when an attacker is able to intercept and manipulate specific Modbus response data.…

CVE-2023-27975Feb 14, 2024
Schneider Electric
EcoStruxure Control Expert
risk 0.00cvss —epss 0.00
CWE-522: Insufficiently Protected Credentials vulnerability exists that could cause unauthorized access to the project file in EcoStruxure Control Expert when a local user tampers with the memory of the engineering workstation.
CVE-2023-6408Feb 14, 2024
Schneider Electric
EcoStruxure Control Expert
risk 0.00cvss —epss 0.00
CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability exists that could cause a denial of service and loss of confidentiality, integrity of controllers when conducting a Man in the Middle attack.
CVE-2023-6409Feb 14, 2024
Schneider Electric
EcoStruxure Control Expert
risk 0.00cvss —epss 0.00
CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause unauthorized access to a project file protected with application password when opening the file with EcoStruxure Control Expert.
CVE-2022-45789Jan 31, 2023
Schneider Electric
Modicon M340 CPUs
risk 0.00cvss —epss 0.00
A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause execution of unauthorized Modbus functions on the controller when hijacking an authenticated Modbus session. Affected Products: EcoStruxure Control Expert (All Versions), EcoStruxure Process…
CVE-2022-45788Jan 30, 2023
Schneider Electric
Modicon M340 CPUs
risk 0.00cvss —epss 0.00
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause arbitrary code execution, denial of service and loss of confidentiality & integrity when a malicious project file is loaded onto the controller. Affected Products: EcoStruxure…
CVE-2022-37300Sep 12, 2022
Schneider Electric
Modicon M340
risk 0.00cvss —epss 0.01
A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could cause unauthorized access in read and write mode to the controller when communicating over Modbus. Affected Products: EcoStruxure Control Expert Including all Unity Pro versions…
CVE-2021-22797Mar 28, 2022
Schneider Electric
EcoStruxure Control Expert
risk 0.00cvss —epss 0.01
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal) vulnerability exists that could cause malicious script to be deployed in an unauthorized location and may result in code execution on the engineering workstation when a malicious project file…
CVE-2022-24323Mar 9, 2022
Schneider Electric
EcoStruxure Control Expert
risk 0.00cvss —epss 0.00
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause a disruption of communication between the Modicon controller and the engineering software, when an attacker is able to intercept and manipulate specific Modbus response data.…