cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-12703,https://securityvulnerability.io/vulnerability/CVE-2024-12703,Deserialization Vulnerability in Schneider Electric Products,"A deserialization vulnerability exists in Schneider Electric products that could allow an authenticated non-admin user to inadvertently execute malicious code. This occurs when the user opens a compromised project file, potentially resulting in exposure to confidential data and integrity risks. Attackers can exploit this vulnerability to manipulate the execution flow, leading to unauthorized access and control over the affected workstation systems.",Schneider Electric,Remoteconnect And Scadapack X70 Utilities,8.5,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-17T10:23:52.108Z,0
CVE-2021-22797,https://securityvulnerability.io/vulnerability/CVE-2021-22797,Path Traversal Vulnerability in EcoStruxure Control Expert and Related Products from Schneider Electric,"A path traversal vulnerability exists in Schneider Electric's EcoStruxure Control Expert and other related products. This flaw allows an attacker to exploit the software by deploying malicious scripts to unauthorized locations on the engineering workstation. The issue arises when a malicious project file is loaded, potentially leading to code execution within the system, compromising its integrity and security. Affected versions include EcoStruxure Control Expert up to V15.0 SP1, EcoStruxure Process Expert up to 2020, and all versions of SCADAPack RemoteConnect for x70.",Schneider Electric,"Ecostruxure Control Expert,Ecostruxure Process Expert,Scadapack Remoteconnect For X70",7.8,HIGH,0.004269999917596579,false,,false,false,false,,,false,false,,2022-04-13T16:15:00.000Z,0
CVE-2021-22782,https://securityvulnerability.io/vulnerability/CVE-2021-22782,Missing Encryption of Sensitive Data Vulnerability in EcoStruxure Control Expert and Process Expert from Schneider Electric,"A vulnerability in EcoStruxure Control Expert and EcoStruxure Process Expert allows unauthorized access to sensitive data, including network and process information, as well as credentials and intellectual property. This occurs due to missing encryption when an attacker gains access to project files, leading to potential data breaches and disclosure of confidential information.",Schneider Electric,"Ecostruxure Control Expert (all Versions Prior To V15.0 Sp1, Including All Versions Of Unity Pro), Ecostruxure Process Expert (all Versions, Including All Versions Of Ecostruxure Hybrid Dcs), And Scadapack Remoteconnect For X70, All Versions",5.5,MEDIUM,0.00046999999904073775,false,,false,false,false,,,false,false,,2021-07-14T14:26:56.000Z,0
CVE-2021-22781,https://securityvulnerability.io/vulnerability/CVE-2021-22781,Insufficiently Protected Credentials in EcoStruxure Control Expert and EcoStruxure Process Expert,"The vulnerability involves insufficient protection of SMTP credentials used for mailbox authentication within Schneider Electric's EcoStruxure Control Expert, EcoStruxure Process Expert, and related products. When an attacker gains access to a project file, they can potentially expose sensitive credentials, allowing unauthorized access to email communication channels. This incident underscores the importance of implementing robust security measures to safeguard sensitive information within automation software.",Schneider Electric,"Ecostruxure Control Expert (all Versions Prior To V15.0 Sp1, Including All Versions Of Unity Pro), Ecostruxure Process Expert (all Versions, Including All Versions Of Ecostruxure Hybrid Dcs), And Scadapack Remoteconnect For X70, All Versions",5.5,MEDIUM,0.00046999999904073775,false,,false,false,false,,,false,false,,2021-07-14T14:26:51.000Z,0
CVE-2021-22780,https://securityvulnerability.io/vulnerability/CVE-2021-22780,Insufficiently Protected Credentials in EcoStruxure Control Expert and Process Expert by Schneider Electric,"A vulnerability in Schneider Electric's EcoStruxure Control Expert and Process Expert allows unauthorized users to bypass password protection on project files. When these files are shared with untrusted sources, attackers can exploit insufficiently protected credentials to gain access, view, and modify sensitive information. This poses significant security risks, particularly in environments where data integrity and confidentiality are paramount.",Schneider Electric,"Ecostruxure Control Expert (all Versions Prior To V15.0 Sp1, Including All Versions Of Unity Pro), Ecostruxure Process Expert (all Versions, Including All Versions Of Ecostruxure Hybrid Dcs), And Scadapack Remoteconnect For X70, All Versions",7.1,HIGH,0.00046999999904073775,false,,false,false,false,,,false,false,,2021-07-14T14:26:46.000Z,0
CVE-2021-22779,https://securityvulnerability.io/vulnerability/CVE-2021-22779,Authentication Bypass Vulnerability in Schneider Electric EcoStruxure Products,"A significant vulnerability exists in various Schneider Electric EcoStruxure products, enabling attackers to exploit an authentication bypass by spoofing the Modbus communication. This flaw allows unauthorized individuals to gain read and write access to controllers, raising critical security concerns for industrial environments. The vulnerability affects multiple product lines, including EcoStruxure Control Expert, Unity Pro, and various Modicon CPUs, emphasizing the need for prompt action to mitigate risks.",Schneider Electric,"Ecostruxure Control Expert (all Versions Prior To V15.0 Sp1, Including All Versions Of Unity Pro), Ecostruxure Control Expert V15.0 Sp1, Ecostruxure Process Expert (all Versions, Including All Versions Of Ecostruxure Hybrid Dcs), Scadapack Remoteconnect For X70 (all Versions), Modicon M580 Cpu (all Versions - Part Numbers Bmep* And Bmeh*), Modicon M340 Cpu (all Versions - Part Numbers Bmxp34*)",9.1,CRITICAL,0.0016499999910593033,false,,false,false,false,,,false,false,,2021-07-14T14:26:41.000Z,0
CVE-2021-22778,https://securityvulnerability.io/vulnerability/CVE-2021-22778,Insufficiently Protected Credentials in EcoStruxure Control Expert and Process Expert by Schneider Electric,"A vulnerability in EcoStruxure Control Expert and EcoStruxure Process Expert allows unauthorized users to access and potentially modify protected derived function blocks. This issue affects all versions of EcoStruxure Control Expert prior to V15.0 SP1, all versions of Unity Pro, as well as all iterations of EcoStruxure Process Expert, EcoStruxure Hybrid DCS, and SCADAPack RemoteConnect for x70. The flaw may lead to unauthorized users gaining access to sensitive project files, posing serious safety and operational risks.",Schneider Electric,"Ecostruxure Control Expert (all Versions Prior To V15.0 Sp1, Including All Versions Of Unity Pro), Ecostruxure Process Expert (all Versions, Including All Versions Of Ecostruxure Hybrid Dcs), And Scadapack Remoteconnect For X70, All Versions",7.1,HIGH,0.00046999999904073775,false,,false,false,false,,,false,false,,2021-07-14T14:26:35.000Z,0