A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'), reflective DLL, vulnerability exists in EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions), Modicon M340 (all versions prior to V3.20), Modicon M580 (all versions prior to V3.10), which, if exploited, could allow attackers to transfer malicious code to the controller.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HSchneider Electric Ecostruxure Control Expert
APPSchneider-Electric≤ 14.0Schneider Electric Modicon M340
HWSchneider-Electricwszystkie wersjeSchneider Electric Modicon M340 Firmware
OSSchneider-Electric< 3.20Schneider Electric Modicon M580
HWSchneider-Electricwszystkie wersjeSchneider Electric Modicon M580 Firmware
OSSchneider-Electric< 3.10Schneider Electric Unity Pro
APPSchneider-Electricwszystkie wersje
Related vulnerabilities
A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could cause unaut...
A heap-based buffer overflow exists in XML Decompression DecodeTreeBlock in AT&T Labs Xmill 0.7. A crafted inp...
Authentication Bypass by Spoofing vulnerability exists in EcoStruxure Control Expert (all versions prior to V1...
A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists in PLC Simulator on ...
A CWE-284: Improper Access Control vulnerability exists in all versions of the Modicon M580, Modicon M340, Mod...