Vulnerabilities > Schneider Electric > Ecostruxure Control Expert > 14.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-13 | CVE-2021-22797 | Path Traversal vulnerability in Schneider-Electric products A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal) vulnerability exists that could cause malicious script to be deployed in an unauthorized location and may result in code execution on the engineering workstation when a malicious project file is loaded in the engineering software. | 9.3 |
| 2022-03-09 | CVE-2022-24322 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Schneider-Electric Ecostruxure Control Expert 14.0/14.1/15.0 A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause a disruption of communication between the Modicon controller and the engineering software when an attacker is able to intercept and manipulate specific Modbus response data. | 4.3 |
| 2022-03-09 | CVE-2022-24323 | Improper Check for Unusual or Exceptional Conditions vulnerability in Schneider-Electric products A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause a disruption of communication between the Modicon controller and the engineering software, when an attacker is able to intercept and manipulate specific Modbus response data. | 4.3 |
| 2020-01-06 | CVE-2019-6855 | Incorrect Authorization vulnerability in Schneider-Electric products Incorrect Authorization vulnerability exists in EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions), Modicon M340 (all versions prior to V3.20) , and Modicon M580 (all versions prior to V3.10), which could cause a bypass of the authentication process between EcoStruxure Control Expert and the M340 and M580 controllers. | 7.5 |