Authentication Bypass by Spoofing vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Control Expert V15.0 SP1, EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), SCADAPack RemoteConnect for x70 (all versions), Modicon M580 CPU (all versions - part numbers BMEP* and BMEH*), Modicon M340 CPU (all versions - part numbers BMXP34*), that could cause unauthorized access in read and write mode to the controller by spoofing the Modbus communication between the engineering software and the controller.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NSchneider Electric Ecostruxure Control Expert
APPSchneider-Electric15.0< 15.0Schneider Electric Ecostruxure Process Expert
APPSchneider-Electricwszystkie wersjeSchneider Electric Modicon M340 Bmxp341000
HWSchneider-Electricwszystkie wersjeSchneider Electric Modicon M340 Bmxp341000 Firmware
OSSchneider-Electricwszystkie wersjeSchneider Electric Modicon M340 Bmxp342010
HWSchneider-Electricwszystkie wersjeSchneider Electric Modicon M340 Bmxp342010 Firmware
OSSchneider-Electricwszystkie wersjeSchneider Electric Modicon M340 Bmxp342020
HWSchneider-Electricwszystkie wersjeSchneider Electric Modicon M340 Bmxp342020 Firmware
OSSchneider-Electricwszystkie wersjeSchneider Electric Modicon M340 Bmxp342030
HWSchneider-Electricwszystkie wersjeSchneider Electric Modicon M340 Bmxp342030 Firmware
OSSchneider-Electricwszystkie wersjeSchneider Electric Modicon M580 Bmeh582040
HWSchneider-Electricwszystkie wersjeSchneider Electric Modicon M580 Bmeh582040c
HWSchneider-Electricwszystkie wersjeSchneider Electric Modicon M580 Bmeh582040c Firmware
OSSchneider-Electricwszystkie wersjeSchneider Electric Modicon M580 Bmeh582040 Firmware
OSSchneider-Electricwszystkie wersjeSchneider Electric Modicon M580 Bmeh582040s
HWSchneider-Electricwszystkie wersjeSchneider Electric Modicon M580 Bmeh582040s Firmware
OSSchneider-Electricwszystkie wersjeSchneider Electric Modicon M580 Bmeh584040
HWSchneider-Electricwszystkie wersjeSchneider Electric Modicon M580 Bmeh584040c
HWSchneider-Electricwszystkie wersjeSchneider Electric Modicon M580 Bmeh584040c Firmware
OSSchneider-Electricwszystkie wersjeSchneider Electric Modicon M580 Bmeh584040 Firmware
OSSchneider-Electricwszystkie wersjeSchneider Electric Modicon M580 Bmeh584040s
HWSchneider-Electricwszystkie wersjeSchneider Electric Modicon M580 Bmeh584040s Firmware
OSSchneider-Electricwszystkie wersjeSchneider Electric Modicon M580 Bmeh586040
HWSchneider-Electricwszystkie wersjeSchneider Electric Modicon M580 Bmeh586040c
HWSchneider-Electricwszystkie wersjeSchneider Electric Modicon M580 Bmeh586040c Firmware
OSSchneider-Electricwszystkie wersjeSchneider Electric Modicon M580 Bmeh586040 Firmware
OSSchneider-Electricwszystkie wersjeSchneider Electric Modicon M580 Bmeh586040s
HWSchneider-Electricwszystkie wersjeSchneider Electric Modicon M580 Bmeh586040s Firmware
OSSchneider-Electricwszystkie wersjeSchneider Electric Modicon M580 Bmep581020
HWSchneider-Electricwszystkie wersjeSchneider Electric Modicon M580 Bmep581020 Firmware
OSSchneider-Electricwszystkie wersje
Related vulnerabilities
A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could cause unaut...
A heap-based buffer overflow exists in XML Decompression DecodeTreeBlock in AT&T Labs Xmill 0.7. A crafted inp...
A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Web Server on Modicon M340...
CWE-287: Improper Authentication vulnerability exists which could cause the execution of commands on the webse...
A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists in PLC Simulator on ...