Skip to main content

Ecostruxure Machine Expert

5 CVEs product

Monthly

CVE-2021-22704 CRITICAL Act Now

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists in Harmony/HMI Products Configured by Vijeo Designer (all versions prior to V6.2 SP11 ), Vijeo Designer. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Path Traversal Authentication Bypass Vijeo Designer Ecostruxure Machine Expert
NVD
CVSS 3.1
9.1
EPSS
1.3%
CVE-2021-22705 HIGH PATCH This Week

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause denial of service or unauthorized access to system information when interacting directly. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Authentication Bypass Vijeo Designer Ecostruxure Machine Expert
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-7489 CRITICAL PATCH Act Now

A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability exists on EcoStruxure Machine Expert - Basic or SoMachine Basic programming. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection Ecostruxure Machine Expert Somachine Basic Modicon M100 Firmware Modicon M200 Firmware +1
NVD VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2020-7488 HIGH This Week

A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists which could leak sensitive information transmitted between the software and the Modicon M218, M241, M251, and M258. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ecostruxure Machine Expert Somachine Somachine Motion Modicon M218 Firmware +3
NVD VulDB
CVSS 3.1
7.5
EPSS
0.2%
CVE-2020-7487 CRITICAL Act Now

A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists which could allow the attacker to execute malicious code on the Modicon M218, M241, M251, and M258 controllers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ecostruxure Machine Expert Somachine Somachine Motion Modicon M218 Firmware +3
NVD
CVSS 3.1
9.8
EPSS
0.7%
EPSS 1% CVSS 9.1
CRITICAL Act Now

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists in Harmony/HMI Products Configured by Vijeo Designer (all versions prior to V6.2 SP11 ), Vijeo Designer. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Path Traversal Authentication Bypass +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause denial of service or unauthorized access to system information when interacting directly. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Authentication Bypass +2
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability exists on EcoStruxure Machine Expert - Basic or SoMachine Basic programming. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection Ecostruxure Machine Expert Somachine Basic +3
NVD VulDB
EPSS 0% CVSS 7.5
HIGH This Week

A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists which could leak sensitive information transmitted between the software and the Modicon M218, M241, M251, and M258. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ecostruxure Machine Expert Somachine +5
NVD VulDB
EPSS 1% CVSS 9.8
CRITICAL Act Now

A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists which could allow the attacker to execute malicious code on the Modicon M218, M241, M251, and M258 controllers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ecostruxure Machine Expert Somachine +5
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy