Skip to main content

Ecostruxure Control Expert

19 CVEs product

Monthly

CVE-2023-27976 HIGH This Week

A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that could cause remote code execution when a valid user visits a malicious link provided through the web endpoints. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Information Disclosure Ecostruxure Control Expert
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-1548 MEDIUM This Month

A CWE-269: Improper Privilege Management vulnerability exists that could cause a local user to perform a denial of service through the console server service that is part of EcoStruxure Control. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Denial Of Service Ecostruxure Control Expert
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-37302 MEDIUM PATCH This Month

A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause a crash of the Control Expert software when an incorrect project file is. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Ecostruxure Control Expert
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-37300 CRITICAL PATCH Act Now

A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could cause unauthorized access in read and write mode to the controller when communicating over Modbus. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Ecostruxure Control Expert Ecostruxure Process Expert Modicon M340 Bmxp341000 Firmware Modicon M340 Bmxp342000 Firmware +32
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-26507 CRITICAL Act Now

A heap-based buffer overflow exists in XML Decompression DecodeTreeBlock in AT&T Labs Xmill 0.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Xmill Ecostruxure Control Expert +2
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2022-24323 MEDIUM This Month

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause a disruption of communication between the Modicon controller and the engineering software, when. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Ecostruxure Control Expert Ecostruxure Process Expert
NVD
CVSS 3.1
5.9
EPSS
0.8%
CVE-2022-24322 MEDIUM This Month

A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause a disruption of communication between the Modicon controller and the. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow Ecostruxure Control Expert
NVD
CVSS 3.1
5.9
EPSS
0.6%
CVE-2021-22782 MEDIUM This Month

Missing Encryption of Sensitive Data vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ecostruxure Control Expert Ecostruxure Process Expert Remoteconnect
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2021-22781 MEDIUM This Month

Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ecostruxure Control Expert Ecostruxure Process Expert Remoteconnect
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-22780 HIGH This Week

Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Ecostruxure Control Expert Ecostruxure Process Expert Remoteconnect
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2021-22779 CRITICAL Act Now

Authentication Bypass by Spoofing vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Control Expert V15.0 SP1,. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ecostruxure Control Expert Ecostruxure Process Expert Remoteconnect Modicon M580 Bmep581020 Firmware +28
NVD VulDB
CVSS 3.1
9.1
EPSS
0.2%
CVE-2021-22778 HIGH This Week

Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Ecostruxure Control Expert Ecostruxure Process Expert Remoteconnect
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2020-7560 HIGH This Week

A CWE-123: Write-what-where Condition vulnerability exists in EcoStruxure™ Control Expert (all versions) and Unity Pro (former name of EcoStruxure™ Control Expert) (all versions), that could cause a. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Ecostruxure Control Expert Unity Pro
NVD
CVSS 3.1
8.6
EPSS
1.4%
CVE-2020-7559 HIGH POC PATCH This Week

A CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Ecostruxure Control Expert
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2020-7538 HIGH PATCH This Week

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause a crash of the PLC. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Ecostruxure Control Expert
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-28213 HIGH PATCH This Week

A CWE-494: Download of Code Without Integrity Check vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause unauthorized command execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Ecostruxure Control Expert
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2020-28212 CRITICAL PATCH Act Now

A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause unauthorized. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Ecostruxure Control Expert
NVD
CVSS 3.1
9.8
EPSS
2.6%
CVE-2020-28211 HIGH PATCH This Week

A CWE-863: Incorrect Authorization vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause bypass of authentication when overwriting. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Authentication Bypass Ecostruxure Control Expert
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-7475 CRITICAL Act Now

A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'), reflective DLL, vulnerability exists in EcoStruxure Control Expert (all versions prior to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Ecostruxure Control Expert Unity Pro Modicon M340 Firmware Modicon M580 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.5%
EPSS 1% CVSS 8.8
HIGH This Week

A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that could cause remote code execution when a valid user visits a malicious link provided through the web endpoints. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Information Disclosure Ecostruxure Control Expert
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A CWE-269: Improper Privilege Management vulnerability exists that could cause a local user to perform a denial of service through the console server service that is part of EcoStruxure Control. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Denial Of Service Ecostruxure Control Expert
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause a crash of the Control Expert software when an incorrect project file is. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Ecostruxure Control Expert
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could cause unauthorized access in read and write mode to the controller when communicating over Modbus. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Ecostruxure Control Expert Ecostruxure Process Expert +34
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

A heap-based buffer overflow exists in XML Decompression DecodeTreeBlock in AT&T Labs Xmill 0.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow +4
NVD
EPSS 1% CVSS 5.9
MEDIUM This Month

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause a disruption of communication between the Modicon controller and the engineering software, when. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Ecostruxure Control Expert Ecostruxure Process Expert
NVD
EPSS 1% CVSS 5.9
MEDIUM This Month

A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause a disruption of communication between the Modicon controller and the. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow Ecostruxure Control Expert
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Missing Encryption of Sensitive Data vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ecostruxure Control Expert Ecostruxure Process Expert +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ecostruxure Control Expert Ecostruxure Process Expert +1
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Ecostruxure Control Expert Ecostruxure Process Expert +1
NVD
EPSS 0% CVSS 9.1
CRITICAL Act Now

Authentication Bypass by Spoofing vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Control Expert V15.0 SP1,. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ecostruxure Control Expert Ecostruxure Process Expert +30
NVD VulDB
EPSS 0% CVSS 7.1
HIGH This Week

Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Ecostruxure Control Expert Ecostruxure Process Expert +1
NVD
EPSS 1% CVSS 8.6
HIGH This Week

A CWE-123: Write-what-where Condition vulnerability exists in EcoStruxure™ Control Expert (all versions) and Unity Pro (former name of EcoStruxure™ Control Expert) (all versions), that could cause a. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Ecostruxure Control Expert Unity Pro
NVD
EPSS 2% CVSS 7.5
HIGH POC PATCH This Week

A CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Ecostruxure Control Expert
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause a crash of the PLC. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Ecostruxure Control Expert
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

A CWE-494: Download of Code Without Integrity Check vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause unauthorized command execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Ecostruxure Control Expert
NVD
EPSS 3% CVSS 9.8
CRITICAL PATCH Act Now

A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause unauthorized. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Ecostruxure Control Expert
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A CWE-863: Incorrect Authorization vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause bypass of authentication when overwriting. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Authentication Bypass Ecostruxure Control Expert
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'), reflective DLL, vulnerability exists in EcoStruxure Control Expert (all versions prior to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Ecostruxure Control Expert Unity Pro +2
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy