Known Vulnerabilities
CVE-2023-27975
CWE-522: Insufficiently Protected Credentials vulnerability exists that could cause unauthorized access to the project file in EcoStruxure Control Expert when a local user tampers with the memory of the engineering workstation.
HIGH
CVSS 7.1
Published Feb 14, 2024
CVE-2023-6408
CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability exists that could cause a denial of service and loss of confidentiality, integrity of controllers when conducting a Man in the Middle attack.
HIGH
CVSS 8.1
Published Feb 14, 2024
CVE-2023-6409
CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause unauthorized access to a project file protected with application password when opening the file with EcoStruxure Control Expert.
HIGH
CVSS 7.7
Published Feb 14, 2024