Vulnerabilities > Schneider Electric > Unity PRO
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-11 | CVE-2020-7560 | Unspecified vulnerability in Schneider-Electric Ecostruxure Control Expert and Unity PRO A CWE-123: Write-what-where Condition vulnerability exists in EcoStruxure™ Control Expert (all versions) and Unity Pro (former name of EcoStruxure™ Control Expert) (all versions), that could cause a crash of the software or unexpected code execution when opening a malicious file in EcoStruxure™ Control Expert software. | 8.6 |
| 2020-03-23 | CVE-2020-7475 | Injection vulnerability in Schneider-Electric products A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'), reflective DLL, vulnerability exists in EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions), Modicon M340 (all versions prior to V3.20), Modicon M580 (all versions prior to V3.10), which, if exploited, could allow attackers to transfer malicious code to the controller. | 9.8 |
| 2020-01-06 | CVE-2019-6855 | Incorrect Authorization vulnerability in Schneider-Electric products Incorrect Authorization vulnerability exists in EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions), Modicon M340 (all versions prior to V3.20) , and Modicon M580 (all versions prior to V3.10), which could cause a bypass of the authentication process between EcoStruxure Control Expert and the M340 and M580 controllers. | 7.3 |
| 2017-02-13 | CVE-2016-8354 | Code Injection vulnerability in Schneider-Electric Unity PRO 11.0/6.0/7.0 An issue was discovered in Schneider Electric Unity PRO prior to V11.1. | 7.0 |