EcoStruxure™ Operator Terminal Expert and Pro-face BLUE Modicon Premium CPU (part numbers TSXP5*, All versions).Modicon Quantum CPU (part numbers 140CPU*, All versions).PLC Simulator for EcoStruxure™ Process Expert including all HDCS versions (All versions).PLC Simulator for EcoStruxure™ Control Expert, including all Unity Pro versions (All versions).Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions).Modicon MC80 (part numbers BMKC80*, all versions).Modicon M340 CPU (part numbers BMXP34*, all versions).Modicon M580 CPU Safety (part numbers BMEP58*S and BMEH58*S, All Versions).Modicon M580 CPU (part numbers BMEP* and BMEH*, prior to SV3.20).Modicon PAC Controllers and PLC Simulator for EcoStruxure™ Control Expert and EcoStruxure™ Process ExpertĬVE-2021-22789, CVE-2021-22790, CVE-2021-22791, CVE-2021-22792ĬWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer, CWE-125: Out-of-Bounds Read, CWE-787: Out-of-Bounds Write, CWE-476: NULL Pointer Dereference See Security Notification for offer specific information. The impact of a successful exploitation of the vulnerabilities may result in denial of service, or remote code execution, depending on the context. Schneider Electric is aware of multiple memory allocation vulnerabilities dubbed ‘BadAlloc’, disclosed by Microsoft on April 29, 2021. See Security Notification for specific CVEs. Legacy Modicon Quantum (140CPU65*) and Premium CPUs (TSXP57*) (All Versions).Modicon Momentum Unity M1E Processor (171CBU*) (All Versions).Modicon M580 CPU Safety (part numbers BMEP58*S and BMEH58*S) (All Versions).Modicon M580 CPU (part numbers BMEP* and BMEH*) (All Versions).Modicon M340 CPU (part numbers BMXP34*) (All Versions).EcoStruxure™ Process Expert (Version V2020 & prior).EcoStruxure™ Control Expert (All Versions).EcoStruxure™ Power Monitoring Expert 2022ĮcoStruxure™ Control Expert, EcoStruxure™ Process Expert and Modicon PLCs (Programmable Logic Controllers) and PACs (Programmable Automation Controllers)ĬWE-754: Improper Check for Unusual or Exceptional Conditions.See Security Notification for offer specific information.Schneider Electric is aware of multiple vulnerabilities disclosed on CODESYS runtime system V3 communication server.
Accutech Manager (Version 2.7 and prior).EcoStruxure™ OPC UA Server Expert (Versions prior to SV2.01 SP2)ĬWE-120: Buffer Copy without Checking Size of Input (Classic Buffer Overflow).StruxureWare Data Center Expert (now known as EcoStruxure™ IT Data Center Expert) (v7.9.3 and earlier)ĬWE-611: Improper Restriction of XML External Entity Reference.
0 kommentar(er)
