CVSS: 6.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-10083
https://notcve.org/view.php?id=CVE-2024-10083
13 Feb 2025 — CWE-20: Improper Input Validation vulnerability exists that could cause denial of service of engineering workstation when specific driver interface is invoked locally by an authenticated user with crafted input. CWE-20: Improper Input Validation vulnerability exists that could cause denial of service of engineering workstation when specific driver interface is invoked locally by an authenticated user with crafted input. • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-042-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-042-02.pdf • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-1548
https://notcve.org/view.php?id=CVE-2023-1548
18 Apr 2023 — A CWE-269: Improper Privilege Management vulnerability exists that could cause a local user to perform a denial of service through the console server service that is part of EcoStruxure Control Expert. Affected Products: EcoStruxure Control Expert (V15.1 and above) A CWE-269: Improper Privilege Management vulnerability exists that could cause a local user to perform a denial of service through the console server service that is part of EcoStruxure Control Expert. Affected Products: EcoStruxure Control Exper... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-101-03.pdf • CWE-269: Improper Privilege Management •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27976
https://notcve.org/view.php?id=CVE-2023-27976
18 Apr 2023 — A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that could cause remote code execution when a valid user visits a malicious link provided through the web endpoints. Affected Products: EcoStruxure Control Expert (V15.1 and above) A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that could cause remote code execution when a valid user visits a malicious link provided through the web endpoints. Affected Products: EcoStruxure Control Expert (V15.1 and above) • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-101-03.pdf • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 10.0EPSS: 0%CPEs: 72EXPL: 0CVE-2022-45789
https://notcve.org/view.php?id=CVE-2022-45789
31 Jan 2023 — A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause execution of unauthorized Modbus functions on the controller when hijacking an authenticated Modbus session. Affected Products: EcoStruxure Control Expert (All Versions), EcoStruxure Process Expert (All Versions), Modicon M340 CPU - part numbers BMXP34* (All Versions), Modicon M580 CPU - part numbers BMEP* and BMEH* (All Versions), Modicon M580 CPU Safety - part numbers BMEP58*S and BMEH58*S (All Versions) • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-010-06&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-010-06_Modicon_Controllers_Security_Notification.pdf • CWE-294: Authentication Bypass by Capture-replay •
CVSS: 10.0EPSS: 0%CPEs: 108EXPL: 0CVE-2022-45788
https://notcve.org/view.php?id=CVE-2022-45788
30 Jan 2023 — A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause arbitrary code execution, denial of service and loss of confidentiality & integrity when a malicious project file is loaded onto the controller. Affected Products: EcoStruxure Control Expert (All Versions), EcoStruxure Process Expert (All Versions), Modicon M340 CPU - part numbers BMXP34* (All Versions), Modicon M580 CPU - part numbers BMEP* and BMEH* (All Versions), Modicon M580 CPU Safety - part numbers B... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-010-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-010-05_Modicon_Controllers_Security_Notification.pdf • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-37302
https://notcve.org/view.php?id=CVE-2022-37302
13 Sep 2022 — A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause a crash of the Control Expert software when an incorrect project file is opened. Affected Products: EcoStruxure Control Expert(V15.1 HF001 and prior). Una CWE-119: Se presenta una vulnerabilidad de Restricción Inapropiada de Operaciones dentro de los Límites de un Búfer de Memoria que podría causar un bloqueo del software Control Expert cuando es abierto un archivo de proyecto incorrecto.... • https://www.se.com/us/en/download/document/SEVD-2022-221-03 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 0%CPEs: 70EXPL: 0CVE-2022-37300
https://notcve.org/view.php?id=CVE-2022-37300
12 Sep 2022 — A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could cause unauthorized access in read and write mode to the controller when communicating over Modbus. Affected Products: EcoStruxure Control Expert Including all Unity Pro versions (former name of EcoStruxure Control Expert) (V15.0 SP1 and prior), EcoStruxure Process Expert, Including all versions of EcoStruxure Hybrid DCS (former name of EcoStruxure Process Expert) (V2021 and prior), Modicon M340 CPU (part numbe... • https://www.se.com/us/en/download/document/SEVD-2022-221-01 • CWE-640: Weak Password Recovery Mechanism for Forgotten Password •
CVSS: 9.8EPSS: 3%CPEs: 10EXPL: 0CVE-2022-26507
https://notcve.org/view.php?id=CVE-2022-26507
14 Apr 2022 — A heap-based buffer overflow exists in XML Decompression DecodeTreeBlock in AT&T Labs Xmill 0.7. A crafted input file can lead to remote code execution. This is not the same as any of: CVE-2021-21810, CVE-2021-21811, CVE-2021-21812, CVE-2021-21815, CVE-2021-21825, CVE-2021-21826, CVE-2021-21828, CVE-2021-21829, or CVE-2021-21830. NOTE: This vulnerability only affects products that are no longer supported by the maintainer Se presenta un desbordamiento de búfer en la región heap de la memoria en XML Decompre... • https://Claroty.com • CWE-787: Out-of-bounds Write •
CVSS: 5.9EPSS: 0%CPEs: 4EXPL: 0CVE-2022-24323
https://notcve.org/view.php?id=CVE-2022-24323
09 Mar 2022 — A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause a disruption of communication between the Modicon controller and the engineering software, when an attacker is able to intercept and manipulate specific Modbus response data. Affected Product: EcoStruxure Process Expert (V2021 and prior), EcoStruxure Control Expert (V15.0 SP1 and prior) Una CWE-754: Se presenta una vulnerabilidad de Comprobación Inapropiada de Condiciones no Usuales o Excepcionales que podr... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-067-01 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 0CVE-2022-24322
https://notcve.org/view.php?id=CVE-2022-24322
09 Mar 2022 — A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause a disruption of communication between the Modicon controller and the engineering software when an attacker is able to intercept and manipulate specific Modbus response data. Affected Product: EcoStruxure Control Expert (V15.0 SP1 and prior) Una CWE-119: Se presenta una vulnerabilidad de Restricción Inapropiada de las Operaciones dentro de los límites de un Búfer de Memoria que podría caus... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-067-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •