Schneider-electric Ecostruxure Control Expert — known CVE vulnerabilities
Every CVE whose affected-product data names Schneider-electric Ecostruxure Control Expert, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (26)
CVE-2022-37300 — CVSS 9.8 (critical): A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could cause unauthorized access in read and…
CVE-2020-28212 — CVSS 9.8 (critical): A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists in PLC Simulator on EcoStruxureª Control Expert…
CVE-2022-26507 — CVSS 9.8 (critical): A heap-based buffer overflow exists in XML Decompression DecodeTreeBlock in AT&T Labs Xmill 0.7. A crafted input file can lead to remote…
CVE-2020-7475 — CVSS 9.8 (critical): A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'), reflective DLL, vulnerability…
CVE-2021-22779 — CVSS 9.1 (critical): Authentication Bypass by Spoofing vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all…
CVE-2023-27976 — CVSS 8.8 (high): A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that could cause remote code execution when a valid user visits a…
CVE-2020-28213 — CVSS 8.8 (high): A CWE-494: Download of Code Without Integrity Check vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro)…
CVE-2020-7560 — CVSS 8.6 (high): A CWE-123: Write-what-where Condition vulnerability exists in EcoStruxure™ Control Expert (all versions) and Unity Pro (former name of…
CVE-2022-45789 — CVSS 8.1 (high): A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause execution of unauthorized Modbus functions on the…
CVE-2023-6408 — CVSS 8.1 (high): CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability exists that could cause a…
CVE-2021-22797 — CVSS 7.8 (high): A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal) vulnerability exists that could cause malicious…
CVE-2020-28211 — CVSS 7.8 (high): A CWE-863: Incorrect Authorization vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions)…
CVE-2023-6409 — CVSS 7.7 (high): CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause unauthorized access to a project file protected with…
CVE-2022-45788 — CVSS 7.5 (high): A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause arbitrary code execution, denial of…
CVE-2020-7538 — CVSS 7.5 (high): A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now…
CVE-2020-7559 — CVSS 7.5 (high): A CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability exists in PLC Simulator on EcoStruxureª…
CVE-2019-6855 — CVSS 7.3 (high): Incorrect Authorization vulnerability exists in EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions)…
CVE-2021-22778 — CVSS 7.1 (high): Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all…
CVE-2023-27975 — CVSS 7.1 (high): CWE-522: Insufficiently Protected Credentials vulnerability exists that could cause unauthorized access to the project file in EcoStruxure…
CVE-2021-22780 — CVSS 7.1 (high): Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all…
CVE-2023-1548 — CVSS 5.5 (medium): A CWE-269: Improper Privilege Management vulnerability exists that could cause a local user to perform a denial of service through the…
CVE-2021-22782 — CVSS 5.5 (medium): Missing Encryption of Sensitive Data vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all…
CVE-2022-37302 — CVSS 5.5 (medium): A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause a crash of the…
CVE-2021-22781 — CVSS 5.5 (medium): Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all…
CVE-2022-24322 — CVSS 5.3 (medium): A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause a disruption of…
CVE-2022-24323 — CVSS 5.3 (medium): A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause a disruption of communication between…