cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2021-22782,https://securityvulnerability.io/vulnerability/CVE-2021-22782,Missing Encryption of Sensitive Data Vulnerability in EcoStruxure Control Expert and Process Expert from Schneider Electric,"A vulnerability in EcoStruxure Control Expert and EcoStruxure Process Expert allows unauthorized access to sensitive data, including network and process information, as well as credentials and intellectual property. This occurs due to missing encryption when an attacker gains access to project files, leading to potential data breaches and disclosure of confidential information.",Schneider Electric,"Ecostruxure Control Expert (all Versions Prior To V15.0 Sp1, Including All Versions Of Unity Pro), Ecostruxure Process Expert (all Versions, Including All Versions Of Ecostruxure Hybrid Dcs), And Scadapack Remoteconnect For X70, All Versions",5.5,MEDIUM,0.00046999999904073775,false,,false,false,false,,,false,false,,2021-07-14T14:26:56.000Z,0
CVE-2021-22781,https://securityvulnerability.io/vulnerability/CVE-2021-22781,Insufficiently Protected Credentials in EcoStruxure Control Expert and EcoStruxure Process Expert,"The vulnerability involves insufficient protection of SMTP credentials used for mailbox authentication within Schneider Electric's EcoStruxure Control Expert, EcoStruxure Process Expert, and related products. When an attacker gains access to a project file, they can potentially expose sensitive credentials, allowing unauthorized access to email communication channels. This incident underscores the importance of implementing robust security measures to safeguard sensitive information within automation software.",Schneider Electric,"Ecostruxure Control Expert (all Versions Prior To V15.0 Sp1, Including All Versions Of Unity Pro), Ecostruxure Process Expert (all Versions, Including All Versions Of Ecostruxure Hybrid Dcs), And Scadapack Remoteconnect For X70, All Versions",5.5,MEDIUM,0.00046999999904073775,false,,false,false,false,,,false,false,,2021-07-14T14:26:51.000Z,0
CVE-2021-22780,https://securityvulnerability.io/vulnerability/CVE-2021-22780,Insufficiently Protected Credentials in EcoStruxure Control Expert and Process Expert by Schneider Electric,"A vulnerability in Schneider Electric's EcoStruxure Control Expert and Process Expert allows unauthorized users to bypass password protection on project files. When these files are shared with untrusted sources, attackers can exploit insufficiently protected credentials to gain access, view, and modify sensitive information. This poses significant security risks, particularly in environments where data integrity and confidentiality are paramount.",Schneider Electric,"Ecostruxure Control Expert (all Versions Prior To V15.0 Sp1, Including All Versions Of Unity Pro), Ecostruxure Process Expert (all Versions, Including All Versions Of Ecostruxure Hybrid Dcs), And Scadapack Remoteconnect For X70, All Versions",7.1,HIGH,0.00046999999904073775,false,,false,false,false,,,false,false,,2021-07-14T14:26:46.000Z,0
CVE-2021-22779,https://securityvulnerability.io/vulnerability/CVE-2021-22779,Authentication Bypass Vulnerability in Schneider Electric EcoStruxure Products,"A significant vulnerability exists in various Schneider Electric EcoStruxure products, enabling attackers to exploit an authentication bypass by spoofing the Modbus communication. This flaw allows unauthorized individuals to gain read and write access to controllers, raising critical security concerns for industrial environments. The vulnerability affects multiple product lines, including EcoStruxure Control Expert, Unity Pro, and various Modicon CPUs, emphasizing the need for prompt action to mitigate risks.",Schneider Electric,"Ecostruxure Control Expert (all Versions Prior To V15.0 Sp1, Including All Versions Of Unity Pro), Ecostruxure Control Expert V15.0 Sp1, Ecostruxure Process Expert (all Versions, Including All Versions Of Ecostruxure Hybrid Dcs), Scadapack Remoteconnect For X70 (all Versions), Modicon M580 Cpu (all Versions - Part Numbers Bmep* And Bmeh*), Modicon M340 Cpu (all Versions - Part Numbers Bmxp34*)",9.1,CRITICAL,0.0016499999910593033,false,,false,false,false,,,false,false,,2021-07-14T14:26:41.000Z,0
CVE-2021-22778,https://securityvulnerability.io/vulnerability/CVE-2021-22778,Insufficiently Protected Credentials in EcoStruxure Control Expert and Process Expert by Schneider Electric,"A vulnerability in EcoStruxure Control Expert and EcoStruxure Process Expert allows unauthorized users to access and potentially modify protected derived function blocks. This issue affects all versions of EcoStruxure Control Expert prior to V15.0 SP1, all versions of Unity Pro, as well as all iterations of EcoStruxure Process Expert, EcoStruxure Hybrid DCS, and SCADAPack RemoteConnect for x70. The flaw may lead to unauthorized users gaining access to sensitive project files, posing serious safety and operational risks.",Schneider Electric,"Ecostruxure Control Expert (all Versions Prior To V15.0 Sp1, Including All Versions Of Unity Pro), Ecostruxure Process Expert (all Versions, Including All Versions Of Ecostruxure Hybrid Dcs), And Scadapack Remoteconnect For X70, All Versions",7.1,HIGH,0.00046999999904073775,false,,false,false,false,,,false,false,,2021-07-14T14:26:35.000Z,0