VYPR
Vendor

EcoStruxure

Products
13
CVEs
36
Across products
40
Status
Private

Products

13

Recent CVEs

36
View all 36 CVEs →
  • CVE-2020-28212CriNov 19, 2020
    risk 0.64cvss 9.8epss 0.03

    A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause unauthorized command execution when a brute force attack is done over Modbus.

  • CVE-2020-7497CriJun 16, 2020
    risk 0.64cvss 9.8epss 0.02

    A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD)which could cause arbitrary application execution when the computer…

  • CVE-2020-7475CriMar 23, 2020
    risk 0.64cvss 9.8epss 0.02

    A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'), reflective DLL, vulnerability exists in EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions), Modicon M340 (all versions prior to…

  • CVE-2023-27976HigApr 18, 2023
    risk 0.57cvss 8.8epss 0.01

    A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that could cause remote code execution when a valid user visits a malicious link provided through the web endpoints. Affected Products: EcoStruxure Control Expert (V15.1 and above)

  • CVE-2020-7572HigNov 19, 2020
    risk 0.57cvss 8.8epss 0.02

    A CWE-611 Improper Restriction of XML External Entity Reference vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause an authenticated remote user being able to inject arbitrary XML code and obtain disclosure of confidential data, denial…

  • CVE-2020-7569HigNov 19, 2020
    risk 0.57cvss 8.8epss 0.02

    A CWE-434 Unrestricted Upload of File with Dangerous Type vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause an authenticated remote user being able to upload arbitrary files due to incorrect verification of user supplied files and…

  • CVE-2020-7560HigDec 11, 2020
    risk 0.56cvss 8.6epss 0.01

    A CWE-123: Write-what-where Condition vulnerability exists in EcoStruxure™ Control Expert (all versions) and Unity Pro (former name of EcoStruxure™ Control Expert) (all versions), that could cause a crash of the software or unexpected code execution when opening a malicious…

  • CVE-2022-32747HigJan 30, 2023
    risk 0.52cvss 8.0epss 0.00

    A CWE-290: Authentication Bypass by Spoofing vulnerability exists that could cause legitimate users to be locked out of devices or facilitate backdoor account creation by spoofing a device on the local network. Affected Products: EcoStruxure™ Cybersecurity Admin Expert (CAE)…

  • CVE-2022-4062HigFeb 1, 2023
    risk 0.51cvss 7.8epss 0.00

    A CWE-285: Improper Authorization vulnerability exists that could cause unauthorized access to certain software functions when an attacker gets access to localhost interface of the EcoStruxure Power Commission application. Affected Products: EcoStruxure Power Commission…

  • CVE-2021-22698HigJan 26, 2021
    risk 0.51cvss 7.8epss 0.04

    A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists in the EcoStruxure Power Build - Rapsody software (V2.1.13 and prior) that could allow a stack-based buffer overflow to occur which could result in remote code execution when a malicious SSD file is…

  • CVE-2021-22697HigJan 26, 2021
    risk 0.51cvss 7.8epss 0.03

    A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists in the EcoStruxure Power Build - Rapsody software (V2.1.13 and prior) that could allow a use-after-free condition which could result in remote code execution when a malicious SSD file is uploaded and…

  • CVE-2020-28219HigDec 11, 2020
    risk 0.51cvss 7.8epss 0.00

    A CWE-522: Insufficiently Protected Credentials vulnerability exists in EcoStruxure Geo SCADA Expert 2019 (Original release and Monthly Updates to September 2020, from 81.7268.1 to 81.7578.1) and EcoStruxure Geo SCADA Expert 2020 (Original release and Monthly Updates to…

  • CVE-2020-7544HigNov 19, 2020
    risk 0.51cvss 7.8epss 0.00

    A CWE-269 Improper Privilege Management vulnerability exists in EcoStruxureª Operator Terminal Expert runtime (Vijeo XD) that could cause privilege escalation on the workstation when interacting directly with a driver installed by the runtime software of EcoStruxureª Operator…

  • CVE-2020-28211HigNov 19, 2020
    risk 0.51cvss 7.8epss 0.00

    A CWE-863: Incorrect Authorization vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause bypass of authentication when overwriting memory using a debugger.

  • CVE-2020-7496HigJun 16, 2020
    risk 0.51cvss 7.8epss 0.01

    A CWE-88: Argument Injection or Modification vulnerability exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD)which could cause unauthorized write access when opening the project file.

  • CVE-2020-7494HigJun 16, 2020
    risk 0.51cvss 7.8epss 0.01

    A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD) which could cause malicious code execution when opening the project…

  • CVE-2020-7493HigJun 16, 2020
    risk 0.51cvss 7.8epss 0.01

    A CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD) which could cause malicious code execution when opening the…

  • CVE-2023-22611HigJan 31, 2023
    risk 0.49cvss 7.5epss 0.01

    A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could cause information disclosure when specific messages are sent to the server over the database server TCP port. Affected Products: EcoStruxure Geo SCADA Expert 2019 - 2021…

  • CVE-2020-7559HigNov 19, 2020
    risk 0.49cvss 7.5epss 0.02

    A CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause a crash of the PLC simulator present in EcoStruxureª Control Expert software…

  • CVE-2019-6855HigJan 6, 2020
    risk 0.48cvss 7.3epss 0.01

    Incorrect Authorization vulnerability exists in EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions), Modicon M340 (all versions prior to V3.20) , and Modicon M580 (all versions prior to V3.10), which could cause a bypass of the…