cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2025-0327,https://securityvulnerability.io/vulnerability/CVE-2025-0327,Improper Privilege Management Vulnerability in Schneider Electric Services,"An improper privilege management vulnerability has been identified in Schneider Electric services, specifically in the services that manage audit trail data and client requests. This flaw allows an attacker with standard user privileges to modify the executable path of these Windows services. Exploiting this vulnerability requires a service restart, which can lead to significant risks involving the confidentiality, integrity, and availability of the engineering workstation involved.",Schneider Electric,"Ecostruxure Process Expert,Ecostruxure Process Expert For Aveva System Platform",8.5,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-13T06:20:26.852Z,0
CVE-2024-10083,https://securityvulnerability.io/vulnerability/CVE-2024-10083,Improper Input Validation in Schneider Electric's Engineering Workstation,"An improper input validation flaw has been identified in Schneider Electric's Engineering Workstation. This vulnerability may allow an authenticated user to exploit specific driver interfaces with crafted inputs, potentially resulting in a denial of service condition. Proper measures should be taken to ensure that only validated and expected input is processed by the system, mitigating the risk of disruption to services.",Schneider Electric,"Uni-telway Driver,Uni-telway Driver Used In Ecostruxure Control Expert,Uni-telway Driver Used In Ecostruxure Process Expert,Uni-telway Driver Used In Ecostruxure Process Expert For Aveva System Platform,Uni-telway Driver Used In Opc Factory Server",6.8,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-13T05:40:13.596Z,0
CVE-2023-27975,https://securityvulnerability.io/vulnerability/CVE-2023-27975,Unauthorized Access to Project File Due to Insufficiently Protected Credentials,"The vulnerability related to insufficiently protected credentials in EcoStruxure Control Expert poses a risk of unauthorized access. This flaw allows local users to manipulate the memory of the engineering workstation, potentially leading to unauthorized access to project files. Organizations utilizing EcoStruxure Control Expert should take precautions to mitigate this risk and ensure proper security measures are in place to protect sensitive information.",Schneider Electric,"EcoStruxure Control Expert,EcoStruxure Process Expert",7.1,HIGH,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-02-14T16:55:41.495Z,0
CVE-2023-6408,https://securityvulnerability.io/vulnerability/CVE-2023-6408,Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability,"A vulnerability exists in Schneider Electric's communication systems which allows for improper enforcement of message integrity during transmission, potentially enabling attackers to execute Man-in-the-Middle attacks. This flaw raises serious concerns for the confidentiality and integrity of data as unauthorized entities might intercept and manipulate communications. If exploited, this vulnerability can result in significant disruptions and a dangerous compromise of sensitive information within the affected systems.",Schneider Electric,"Modicon M340 Cpu (part Numbers Bmxp34*),Modicon M580 Cpu (part Numbers Bmep* And Bmeh*, Excluding M580 Cpu Safety),Modicon M580 Cpu Safety (part Numbers Bmep58*s And Bmeh58*s),Ecostruxure Control Expert,Ecostruxure Process Expert",8.1,HIGH,0.0016599999507889152,false,,false,false,false,,,false,false,,2024-02-14T16:52:24.805Z,0
CVE-2023-6409,https://securityvulnerability.io/vulnerability/CVE-2023-6409,Unauthorized Access to Project File via Hard-coded Credentials,"A vulnerability exists in EcoStruxure Control Expert that involves the use of hard-coded credentials, leading to potential unauthorized access to projects secured by application passwords. This flaw allows attackers who exploit it to gain access to sensitive project files, compromising the overall security of the application and the integrity of the affected projects. It is crucial for users to evaluate their security measures and implement necessary updates to mitigate potential risks associated with this vulnerability.",Schneider Electric,"EcoStruxure Control Expert,EcoStruxure Process Expert",7.7,HIGH,0.0005300000193528831,false,,false,false,false,,,false,false,,2024-02-14T16:47:05.519Z,0
CVE-2022-45789,https://securityvulnerability.io/vulnerability/CVE-2022-45789,Authentication Bypass Vulnerability in EcoStruxure Controllers by Schneider Electric,"An authentication bypass vulnerability allows unauthorized execution of Modbus functions on Schneider Electric controllers. By hijacking an authenticated Modbus session, attackers can exploit this flaw, enabling them to execute unauthorized commands across various EcoStruxure products, including EcoStruxure Control Expert and EcoStruxure Process Expert, as well as Modicon CPUs. This poses significant risks to industrial control systems and requires immediate attention to secure affected systems.",Schneider Electric,"Ecostruxure Control Expert,Ecostruxure Process Expert,Modicon M340 Cpu (part Numbers Bmxp34*),Modicon M580 Cpu (part Numbers Bmep* And Bmeh*),Modicon M580 Cpu Safety (part Numbers Bmep58*s And Bmeh58*s)",8.1,HIGH,0.0025100000202655792,false,,false,false,false,,,false,false,,2023-01-31T00:00:00.000Z,0
CVE-2022-45788,https://securityvulnerability.io/vulnerability/CVE-2022-45788,Improper Condition Check in EcoStruxure Control Expert and Modicon Products,"A vulnerability exists within Schneider Electric's EcoStruxure Control Expert and various Modicon products due to improper checks for unusual or exceptional conditions. When a malicious project file is loaded onto the controller, it can lead to extensive security risks, including arbitrary code execution, potential denial of service, and a compromise of confidentiality and integrity. The scope of this vulnerability spans multiple versions of several products, indicating a widespread potential impact across Schneider Electric's portfolio.",Schneider Electric,"Ecostruxure Control Expert,Ecostruxure Process Expert,Modicon M340 Cpu (part Numbers Bmxp34*),Modicon M580 Cpu (part Numbers Bmep* And Bmeh*),Modicon M580 Cpu Safety (part Numbers Bmep58*s And Bmeh58*s),Modicon Momentum Unity M1e Processor (171cbu*),Modicon Mc80 (bmkc80),Legacy Modicon Quantum (140cpu65*) And Premium Cpus (tsxp57*)",7.5,HIGH,0.0018400000408291817,false,,false,false,false,,,false,false,,2023-01-30T00:00:00.000Z,0
CVE-2022-37300,https://securityvulnerability.io/vulnerability/CVE-2022-37300,Weak Password Recovery Mechanism in EcoStruxure Control Expert and Modicon CPUs,"A vulnerability exists due to a weak password recovery mechanism that enables unauthorized access with read and write capabilities to the controller through Modbus communication. This can compromise the integrity and security of industrial control systems, affecting products like EcoStruxure Control Expert and various Modicon CPUs, posing significant risks for operational technology environments.",Schneider Electric,"Ecostruxure Control Expert,Ecostruxure Process Expert,Modicon M340 Cpu,Modicon M580 Cpu",9.8,CRITICAL,0.002630000002682209,false,,false,false,false,,,false,false,,2022-09-12T17:40:10.000Z,0
CVE-2021-22797,https://securityvulnerability.io/vulnerability/CVE-2021-22797,Path Traversal Vulnerability in EcoStruxure Control Expert and Related Products from Schneider Electric,"A path traversal vulnerability exists in Schneider Electric's EcoStruxure Control Expert and other related products. This flaw allows an attacker to exploit the software by deploying malicious scripts to unauthorized locations on the engineering workstation. The issue arises when a malicious project file is loaded, potentially leading to code execution within the system, compromising its integrity and security. Affected versions include EcoStruxure Control Expert up to V15.0 SP1, EcoStruxure Process Expert up to 2020, and all versions of SCADAPack RemoteConnect for x70.",Schneider Electric,"Ecostruxure Control Expert,Ecostruxure Process Expert,Scadapack Remoteconnect For X70",7.8,HIGH,0.004269999917596579,false,,false,false,false,,,false,false,,2022-04-13T16:15:00.000Z,0
CVE-2022-24323,https://securityvulnerability.io/vulnerability/CVE-2022-24323,Improper Condition Checks in EcoStruxure Controllers by Schneider Electric,"A vulnerability exists in the communication between EcoStruxure controllers and their engineering software, where improper checks during certain conditions may allow attackers to intercept and manipulate Modbus response data. This could lead to potential disruptions, making devices vulnerable to unauthorized control and exposing critical system operations to risks.",Schneider Electric,"Ecostruxure Process Expert,Ecostruxure Control Expert",5.3,MEDIUM,0.0008399999933317304,false,,false,false,false,,,false,false,,2022-03-09T23:05:14.000Z,0
CVE-2021-22782,https://securityvulnerability.io/vulnerability/CVE-2021-22782,Missing Encryption of Sensitive Data Vulnerability in EcoStruxure Control Expert and Process Expert from Schneider Electric,"A vulnerability in EcoStruxure Control Expert and EcoStruxure Process Expert allows unauthorized access to sensitive data, including network and process information, as well as credentials and intellectual property. This occurs due to missing encryption when an attacker gains access to project files, leading to potential data breaches and disclosure of confidential information.",Schneider Electric,"Ecostruxure Control Expert (all Versions Prior To V15.0 Sp1, Including All Versions Of Unity Pro), Ecostruxure Process Expert (all Versions, Including All Versions Of Ecostruxure Hybrid Dcs), And Scadapack Remoteconnect For X70, All Versions",5.5,MEDIUM,0.00046999999904073775,false,,false,false,false,,,false,false,,2021-07-14T14:26:56.000Z,0
CVE-2021-22781,https://securityvulnerability.io/vulnerability/CVE-2021-22781,Insufficiently Protected Credentials in EcoStruxure Control Expert and EcoStruxure Process Expert,"The vulnerability involves insufficient protection of SMTP credentials used for mailbox authentication within Schneider Electric's EcoStruxure Control Expert, EcoStruxure Process Expert, and related products. When an attacker gains access to a project file, they can potentially expose sensitive credentials, allowing unauthorized access to email communication channels. This incident underscores the importance of implementing robust security measures to safeguard sensitive information within automation software.",Schneider Electric,"Ecostruxure Control Expert (all Versions Prior To V15.0 Sp1, Including All Versions Of Unity Pro), Ecostruxure Process Expert (all Versions, Including All Versions Of Ecostruxure Hybrid Dcs), And Scadapack Remoteconnect For X70, All Versions",5.5,MEDIUM,0.00046999999904073775,false,,false,false,false,,,false,false,,2021-07-14T14:26:51.000Z,0
CVE-2021-22780,https://securityvulnerability.io/vulnerability/CVE-2021-22780,Insufficiently Protected Credentials in EcoStruxure Control Expert and Process Expert by Schneider Electric,"A vulnerability in Schneider Electric's EcoStruxure Control Expert and Process Expert allows unauthorized users to bypass password protection on project files. When these files are shared with untrusted sources, attackers can exploit insufficiently protected credentials to gain access, view, and modify sensitive information. This poses significant security risks, particularly in environments where data integrity and confidentiality are paramount.",Schneider Electric,"Ecostruxure Control Expert (all Versions Prior To V15.0 Sp1, Including All Versions Of Unity Pro), Ecostruxure Process Expert (all Versions, Including All Versions Of Ecostruxure Hybrid Dcs), And Scadapack Remoteconnect For X70, All Versions",7.1,HIGH,0.00046999999904073775,false,,false,false,false,,,false,false,,2021-07-14T14:26:46.000Z,0
CVE-2021-22779,https://securityvulnerability.io/vulnerability/CVE-2021-22779,Authentication Bypass Vulnerability in Schneider Electric EcoStruxure Products,"A significant vulnerability exists in various Schneider Electric EcoStruxure products, enabling attackers to exploit an authentication bypass by spoofing the Modbus communication. This flaw allows unauthorized individuals to gain read and write access to controllers, raising critical security concerns for industrial environments. The vulnerability affects multiple product lines, including EcoStruxure Control Expert, Unity Pro, and various Modicon CPUs, emphasizing the need for prompt action to mitigate risks.",Schneider Electric,"Ecostruxure Control Expert (all Versions Prior To V15.0 Sp1, Including All Versions Of Unity Pro), Ecostruxure Control Expert V15.0 Sp1, Ecostruxure Process Expert (all Versions, Including All Versions Of Ecostruxure Hybrid Dcs), Scadapack Remoteconnect For X70 (all Versions), Modicon M580 Cpu (all Versions - Part Numbers Bmep* And Bmeh*), Modicon M340 Cpu (all Versions - Part Numbers Bmxp34*)",9.1,CRITICAL,0.0016499999910593033,false,,false,false,false,,,false,false,,2021-07-14T14:26:41.000Z,0
CVE-2021-22778,https://securityvulnerability.io/vulnerability/CVE-2021-22778,Insufficiently Protected Credentials in EcoStruxure Control Expert and Process Expert by Schneider Electric,"A vulnerability in EcoStruxure Control Expert and EcoStruxure Process Expert allows unauthorized users to access and potentially modify protected derived function blocks. This issue affects all versions of EcoStruxure Control Expert prior to V15.0 SP1, all versions of Unity Pro, as well as all iterations of EcoStruxure Process Expert, EcoStruxure Hybrid DCS, and SCADAPack RemoteConnect for x70. The flaw may lead to unauthorized users gaining access to sensitive project files, posing serious safety and operational risks.",Schneider Electric,"Ecostruxure Control Expert (all Versions Prior To V15.0 Sp1, Including All Versions Of Unity Pro), Ecostruxure Process Expert (all Versions, Including All Versions Of Ecostruxure Hybrid Dcs), And Scadapack Remoteconnect For X70, All Versions",7.1,HIGH,0.00046999999904073775,false,,false,false,false,,,false,false,,2021-07-14T14:26:35.000Z,0