Type SCADA Software

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Vendor »

Identifying all affected vendors is a good starting point for an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Product »

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

Access Vector »

The approach a vulnerability it becomes important to use the expected access vector. This is typically via the network, local, or physically even.

Authentication »

To exploit a vulnerability a certail level of authentication might be required. Vulnerabilities without such a requirement are much more popular.

User Interaction »

Some attack scenarios require some user interaction by a victim. This is typical for phishing, social engineering and cross site scripting attacks.

C3BM Index »

Our unique C3BM Index (CVSSv3 Base Meta Index) cumulates the CVSSv3 Meta Base Scores of all entries over time. Comparing this index to the amount of disclosed vulnerabilities helps to pinpoint the most important events.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB »

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD »

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

Vendor »

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research »

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

Exploit Market Volume »

Our unique calculation of exploit prices makes it possible to forecast the expected exploit market volume. The calculated prices for all possible 0-day expoits are cumulated for this task. Comparing the volume to the amount of disclosed vulnerabilities helps to pinpoint the most important events.

🔴 CTI Activities »

Our unique Cyber Threat Intelligence aims to determine the ongoing research of actors to anticipiate their acitivities. Observing exploit markets on the Darknet, discussions of vulnerabilities on mailinglists, and exchanges on social media makes it possible to identify planned attacks. Monitored actors and activities are classified whether they are offensive or defensive. They are also weighted as some actors are well-known for certain products and technologies. And some of their disclosures might contain more or less details about technical aspects and personal context. The world map highlights active actors in real-time.

Affected Products (380): ABB CP635 HMI, ABB HMI, ABB MicroSCADA, ABB MicroSCADA Pro SYS600, ABB Programmable Logic Controller, Advantech HMI Designer, Advantech NMS, Advantech SCADA, Advantech WebAccess, Advantech WebAccess Dashboard, Advantech WebAccess HMI Designer, Advantech WebAccess Node, Advantech WebAccess SCADA, Advantech WebAccess Scada Node, AVEVA InduSoft Web Studio, AVEVA InTouch Edge HMI, Aveva InTouch Edge HMI, BLF-Tech VisualView HMI, C-More HMI EA9, C3-ilex EOScada, Certec atvise scada, CirCarLife Scada, Citect CitectSCADA, CODESYS Control V3, CODESYS HMI V3, Controlmicrosystems ClearSCADA, Ecava IntegraXor, Ecava IntegraXor SCADA Server, Emerson OpenEnterprise SCADA Server, FoxView HMI SCADA, Fultek WinTr Scada, GE Digital CIMPLICITY HMI-SCADA, GE Intelligent Platforms Proficy Hmi, GE Proficy HMI, GE SCADA-CIMPLICITY, GE scada Cimplicity, GE scada Ifix, General Electric Digital Proficy HMI, General Electric Proficy Historian, General Electric Proficy HMI, General Electric Proficy HMI-SCADA iFIX, General Electric SCADA CIMPLICITY, Geovap Reliance SCADA, HMI UCanCode, INDAS Web SCADA, InduSoft Web Studio, Intellicom Netbiter Webscada Ws200, LAquis SCADA, LAquis SCADA, LCDS LAquis SCADA, LCDS LTDA ME LAquis SCADA, LeviStudio HMI Editor, MatrikonOPC SCADA DNP3 OPC Server, Measuresoft ScadaPro, Measuresoft ScadaPro Server, Modicon , Modicon BMXNOR0200, Modicon Controller, Modicon EcoStruxure Control ExpertUnity Pro, Modicon Ethernet Module BMENOC0301, Modicon M218, Modicon M241, Modicon M251, Modicon M258, Modicon M340, Modicon M580, Modicon M580 CPU BMEP582040, Modicon Modicon M580, Modicon Premium, Modicon Quantum PLC, Modicon Quantum PLCs, mySCADA myPRO, Nordex Control 2 SCADA, Nordex Nordex Control 2 Scada, Omron Ns12 Hmi Terminal, Phoenix Contact Programmable Logic Controller, Rapid Scada, Red Lion HMI Panel, Reliance 4 HMI, Reliance 4 SCADA, RLE Nova-Wind Turbine HMI, Sauter NovaWeb web HMI, ScadaBR, Scadaengine BACnet OPC Client, Scadatec Procyon SCADA, SCADA Engine BACnet OPC, Schneider Electric 66074 MGE Network Management Card, Schneider Electric Andover Continuum, Schneider Electric ATV IMC Drive Controller, Schneider Electric BMXNOR0200, Schneider Electric BMXNOR0200H Ethernet Serial RTU Module, Schneider Electric CitectSCADA, Schneider Electric Citectscada Reports, Schneider Electric ClearSCADA, Schneider Electric ConneXium, Schneider Electric Cove, Schneider Electric Device Type Manager, Schneider Electric Easergy T300, Schneider Electric EcoStruxure Building Operation Enterprise Server Installer, Schneider Electric EcoStruxure Building Operation WebReports, Schneider Electric EcoStruxure Building Operation WebStation, Schneider Electric EcoStruxure Control Expert, Schneider Electric EcoStruxure Enterprise Central Installer, Schneider Electric EcoStruxure Geo SCADA Expert, Schneider Electric EcoStruxure Machine Expert, Schneider Electric EcoStruxure Operator Terminal Expert, Schneider Electric ETG3000, Schneider Electric Floating License Manager, Schneider Electric GUIcon, Schneider Electric HMI Panel HMIGTO, Schneider Electric HMI Panel HMIGTU, Schneider Electric HMI Panel HMIGTUX, Schneider Electric HMI Panel HMIGXO, Schneider Electric HMI Panel HMIGXU, Schneider Electric HMI Panel HMISCU, Schneider Electric HMI Panel HMISTO, Schneider Electric HMI Panel HMISTU, Schneider Electric HMI Panel XBTGH, Schneider Electric HMI Panel XBTGT, Schneider Electric homeLYnk, Schneider Electric IGSS Definition, Schneider Electric IGSS Mobile Application, Schneider Electric InduSoft Web Studio, Schneider Electric Interactive Graphical SCADA System, Schneider Electric InTouch Machine Edition, Schneider Electric ION73XX, Schneider Electric ION75XX, Schneider Electric ION76XX, Schneider Electric ION8650, Schneider Electric ION8800, Schneider Electric IOS Smart Meter, Schneider Electric Kerweb, Schneider Electric LANDAC II-2, Schneider Electric Magelis, Schneider Electric Magelis XBT HMI, Schneider Electric MiCOM Px4x, Schneider Electric MiCOM S1 Studio, Schneider Electric Modbus Serial Driver, Schneider Electric Modicon 140CRA, Schneider Electric Modicon BMENOC 0311, Schneider Electric Modicon BMENOC 0321, Schneider Electric Modicon BMxCRA, Schneider Electric Modicon BMXNOC0401, Schneider Electric Modicon BMXNOE0100, Schneider Electric Modicon BMXNOE0110, Schneider Electric Modicon BMXNOE0110H, Schneider Electric Modicon BMXNOR0200H, Schneider Electric Modicon BMXP342020, Schneider Electric Modicon BMXP342020H, Schneider Electric Modicon BMXP342030, Schneider Electric Modicon BMXP342030H, Schneider Electric Modicon BMXP3420302, Schneider Electric Modicon BMXP3420302H, Schneider Electric Modicon LMC058, Schneider Electric Modicon LMC078, Schneider Electric Modicon M100, Schneider Electric Modicon M200, Schneider Electric Modicon M218 Logic Controller, Schneider Electric Modicon M221, Schneider Electric Modicon M241, Schneider Electric Modicon M251, Schneider Electric Modicon M258, Schneider Electric Modicon M340, Schneider Electric Modicon M340 BMX, Schneider Electric Modicon M340 Communication Module, Schneider Electric Modicon M340 CPU, Schneider Electric Modicon M580, Schneider Electric Modicon Modbus Protocol, Schneider Electric Modicon PLC, Schneider Electric Modicon PLC Ethernet module, Schneider Electric Modicon Premium , Schneider Electric Modicon Premium, Schneider Electric Modicon Premium Communication Module, Schneider Electric Modicon Premium CPU, Schneider Electric Modicon Premium Legacy, Schneider Electric Modicon Quantum, Schneider Electric Modicon Quantum 140 NOE771x1, Schneider Electric Modicon Quantum Communication Module, Schneider Electric Modicon Quantum CPU, Schneider Electric Modicon Quantum PLC, Schneider Electric Modicon Quantum Plc, Schneider Electric Modicon TM221CE16R, Schneider Electric OFS, Schneider Electric PacDrive Eco , Schneider Electric PacDrive Pro, Schneider Electric PacDrive Pro2, Schneider Electric Pelco Endura NET55XX Encoder, Schneider Electric Pelco Sarix Professional, Schneider Electric PM5XXX, Schneider Electric PowerChute Business Edition, Schneider Electric PowerLogic PM8ECC, Schneider Electric PowerLogic PM5560, Schneider Electric PowerSCADA Anywhere, Schneider Electric Power SCADA Operation, Schneider Electric ProClima, Schneider Electric Programmable Logic Controller, Schneider Electric Quantum Ethernet Module 140noe77100, Schneider Electric SCADAPack 7x Remote Connect, Schneider Electric SCADAPack x70 Security Administrator, Schneider Electric SCADA Expert ClearSCADA, Schneider Electric SCADA Software, Schneider Electric SFAPV9601 APC Easy UPS On-Line Software, Schneider Electric Software Update Utility, Schneider Electric SoMachine, Schneider Electric SoMachine Basic, Schneider Electric SoMachine HVAC, Schneider Electric SoMove, Schneider Electric SoMove Software, Schneider Electric spaceLYnk, Schneider Electric StruxureOn Gateway, Schneider Electric StruxureWare Building Expert MPM, Schneider Electric StruxureWare Data Center Expert, Schneider Electric Tableau Desktop, Schneider Electric Tableau Server, Schneider Electric TCM, Schneider Electric Telemecanique Driver Pack, Schneider Electric Telvent Sage, Schneider Electric Telvent Sage 3030, Schneider Electric Triconex Tricon MP 3008, Schneider Electric TriStation, Schneider Electric TriStation 1131, Schneider Electric Unity Pro, Schneider Electric VAMPSET, Schneider Electric Vijeo Citect, Schneider Electric Vijeo Designer, Schneider Electric Vijeo Designer Basic, Schneider Electric Wiser for KNX, Schneider Electric Wonderware Historian, Schneider Electric Wonderware Historian Client, Schneider Electric Wonderware InTouch, Schneider Electric ZelioSoft2, Sielco Sistemi Winlog Lite SCADA, Sielco Sistemi Winlog Pro SCADA, Siemens CP1604, Siemens CP1616, Siemens dp, Siemens dp Cpu, Siemens HMI Mobile Panel, Siemens HMI Multi Panel, Siemens KTK ATE530S, Siemens L, Siemens Opcenter Execution Discrete, Siemens Opcenter Execution Foundation, Siemens Opcenter Execution Process, Siemens Opcenter Intelligence, Siemens Opcenter Quality, Siemens Opcenter RD, Siemens OpenPCS, Siemens OpenPCS 7, Siemens Programmable Logic Controller, Siemens RFID 181-EIP, Siemens RuggedCom WiMAX, Siemens Scalance X-200, Siemens SCALANCE X-200, Siemens SCALANCE X-200IRT, Siemens Scalance X-200 IRT, Siemens Scalance X-204RNA, Siemens SCALANCE X-300, Siemens Scalance X-300, Siemens Scalance X-408, Siemens Scalance X-414, Siemens SCALANCE X-443-1, Siemens SIAMTIC RF185C, Siemens SIDOOR ATD430W, Siemens SIDOOR ATE530S COATED, Siemens SIDOOR ATE531S, Siemens SIMATIC, Siemens SIMATIC BATCH, Siemens SIMATIC CP343-1 Advanced, Siemens SIMATIC CP443-1, Siemens SIMATIC CP443-1 Advanced, Siemens SIMATIC CP443-1 OPC, Siemens SIMATIC CP443-1 OPC UA, Siemens SIMATIC CP 44x-1 RNA, Siemens SIMATIC CP 343-1, Siemens SIMATIC CP 443-1, Siemens SIMATIC CP 443-1 Advanced, Siemens SIMATIC CP 1543-1, Siemens SIMATIC ET, Siemens SIMATIC ET200MP IM155-5 PN HF, Siemens SIMATIC ET 200SP Interfacemodul IM 155-6 MF HF, Siemens SIMATIC ET 200SP Open Controller CPU 1515SP PC, Siemens SIMATIC ET 200SP Open Controller CPU 1515SP PC2, Siemens SIMATIC ET 200 Open Controller CPU 1515SP PC2, Siemens SIMATIC ET 200 SP Open Controller CPU 1515SP PC, Siemens SIMATIC ET 200 SP Open Controller CPU 1515SP PC2, Siemens SIMATIC HMI Basic Panel, Siemens SIMATIC HMI Comfort Outdoor Panel, Siemens SIMATIC HMI Comfort Panel, Siemens SIMATIC HMI KTP700F Mobile Arctic, Siemens SIMATIC HMI KTP Mobile Panel, Siemens SIMATIC HMI Mobile Panel, Siemens SIMATIC HMI panel, Siemens SIMATIC HMI United Comfort Panel, Siemens SIMATIC Ident MV420, Siemens SIMATIC Ident MV440, Siemens SIMATIC IPC DiagMonitor, Siemens SIMATIC IT LMS, Siemens SIMATIC IT Production Suite, Siemens SIMATIC IT UADM, Siemens SIMATIC IT UA Discrete Manufacturing, Siemens SIMATIC Logon, Siemens SIMATIC NET PC-Software, Siemens SIMATIC NET PC Software, Siemens SIMATIC Notifier Server for Windows, Siemens SIMATIC PCS7, Siemens SIMATIC PCS 7, Siemens SIMATIC PCS neo, Siemens SIMATIC PDM, Siemens SIMATIC Prosave, Siemens SIMATIC RF-MANAGER 2008, Siemens SIMATIC RF180C, Siemens SIMATIC RF182C, Siemens SIMATIC RF188C, Siemens Simatic RF192C, Siemens SIMATIC RF600R, Siemens SIMATIC RTLS Locating Manager, Siemens SIMATIC S7, Siemens SIMATIC S7-200 SMART CPU, Siemens SIMATIC S7-300, Siemens SIMATIC S7-300 Cpu, Siemens SIMATIC S7-300 CPU, Siemens SIMATIC S7-300 PN, Siemens SIMATIC S7-300 PN-DP CPU, Siemens SIMATIC S7-400, Siemens SIMATIC S7-400H, Siemens SIMATIC S7-400H V6, Siemens SIMATIC S7-400 CPU, Siemens SIMATIC S7-400 Cpu 414-3 Pn, Siemens SIMATIC S7-400 Cpu 414f-3 Pn, Siemens SIMATIC S7-400 PN, Siemens SIMATIC S7-400 PN-DP V7, Siemens SIMATIC S7-400 PN-DP V7 CPU, Siemens SIMATIC S7-410, Siemens SIMATIC S7-1200, Siemens SIMATIC S7-1200 CPU, Siemens SIMATIC S7-1200 Plc, Siemens SIMATIC S7-1200 PLC, Siemens SIMATIC S7-1500, Siemens SIMATIC S7-1500 Cpu, Siemens SIMATIC S7-1500 CPU, Siemens SIMATIC S7-1500 Software Controller, Siemens SIMATIC S7-1518-4 Pn, Siemens SIMATIC S7-PLCSIM Advanced, Siemens SIMATIC S7 1200 Cpu, Siemens SIMATIC S7 Cpu-1211c, Siemens SIMATIC S7 Cpu 1200, Siemens SIMATIC STEP 7, Siemens SIMATIC Step 7, Siemens SIMATIC TDC CP51M1, Siemens SIMATIC Tiaportal, Siemens SIMATIC WinCC, Siemens SIMATIC WinCC Flexible, Siemens SIMATIC WinCC OA, Siemens SIMATIC Wincc Open Architecture, Siemens SIMATIC WinCC Professional, Siemens SIMATIC Wincc Runtime, Siemens SIMATIC WinCC Runtime Advanced, Siemens SIMATIC WinCC Runtime Professional, Siemens SIMATIC WinCC Sm@rtClient, Siemens SIMOCODE ES, Siemens SINAMICS, Siemens SINAMICS STARTER, Siemens SINEC, Siemens SINEMA, Siemens SINUMERIK, Siemens SINUMERIK 840D sl, Siemens Soft Starter ES, Siemens SPPA-T3000 MS3000 Migration Server, Siemens WinCC, SIMPlight SCADA Software, SpiderControl SCADA MicroBrowser, Trianglemicroworks SCADA Data Gateway, Triangle MicroWorks SCADA Data Gateway, Trihedral VTScada, WECON LeviStudio HMI, WECON LEVI Studio HMI Editor, WECON Technology PI Studio, WECON Technology PI Studio HMI, WellinTech KingSCADA

PublishedBaseTempVulnerabilityProdExpRemCTICVE
11/20/20206.36.3Schneider Electric EcoStruxure Building Operation WebReports Access Control access controlEcoStruxure Building Operation WebReportsNot DefinedNot Defined0.20CVE-2020-7573
11/20/20206.36.3Schneider Electric EcoStruxure Building Operation WebReports XML External Entity xml external entity referenceEcoStruxure Building Operation WebReportsNot DefinedNot Defined0.00CVE-2020-7572
11/20/20203.53.5Schneider Electric EcoStruxure Building Operation WebReports Web Page Generation cross site scriptingEcoStruxure Building Operation WebReportsNot DefinedNot Defined0.06CVE-2020-7571
11/20/20203.53.5Schneider Electric EcoStruxure Building Operation WebReports Web Page Generation cross site scriptingEcoStruxure Building Operation WebReportsNot DefinedNot Defined0.06CVE-2020-7570
11/20/20206.36.3Schneider Electric EcoStruxure Building Operation WebReports unrestricted uploadEcoStruxure Building Operation WebReportsNot DefinedNot Defined0.06CVE-2020-7569
11/20/20203.53.5Schneider Electric Modicon M221 information disclosureModicon M221Not DefinedNot Defined0.00CVE-2020-7568
11/20/20203.53.5Schneider Electric Modicon M221 missing encryptionModicon M221Not DefinedNot Defined0.06CVE-2020-7567
11/20/20203.53.5Schneider Electric Modicon M221 random valuesModicon M221Not DefinedNot Defined0.06CVE-2020-7566
11/20/20203.13.1Schneider Electric Modicon M221 inadequate encryptionModicon M221Not DefinedNot Defined0.06CVE-2020-7565
11/20/20206.36.3Schneider Electric Easergy T300 access controlEasergy T300Not DefinedNot Defined0.06CVE-2020-7561
11/20/20205.55.5Schneider Electric EcoStruxure Control Expert PLC Simulator buffer overflowEcoStruxure Control ExpertNot DefinedNot Defined0.04CVE-2020-7559
11/20/20206.36.3Schneider Electric IGSS Definition Configuration Group File Def.exe out-of-bounds writeIGSS DefinitionNot DefinedNot Defined0.07CVE-2020-7558
11/20/20204.34.3Schneider Electric IGSS Definition Configuration Group File Def.exe out-of-bounds readIGSS DefinitionNot DefinedNot Defined0.04CVE-2020-7557
11/20/20206.36.3Schneider Electric IGSS Definition Configuration Group File Def.exe out-of-bounds writeIGSS DefinitionNot DefinedNot Defined0.00CVE-2020-7556
11/20/20206.36.3Schneider Electric IGSS Definition Configuration Group File Def.exe out-of-bounds writeIGSS DefinitionNot DefinedNot Defined0.04CVE-2020-7555
11/20/20206.36.3Schneider Electric IGSS Definition Configuration Group File Def.exe memory corruptionIGSS DefinitionNot DefinedNot Defined0.07CVE-2020-7554
11/20/20206.36.3Schneider Electric IGSS Definition Configuration Group File Def.exe out-of-bounds writeIGSS DefinitionNot DefinedNot Defined0.00CVE-2020-7553
11/20/20206.36.3Schneider Electric IGSS Definition Configuration Def.exe memory corruptionIGSS DefinitionNot DefinedNot Defined0.00CVE-2020-7552
11/20/20206.36.3Schneider Electric IGSS Definition Configuration Def.exe memory corruptionIGSS DefinitionNot DefinedNot Defined0.00CVE-2020-7551
11/20/20206.36.3Schneider Electric IGSS Definition Def.exe memory corruptionIGSS DefinitionNot DefinedNot Defined0.00CVE-2020-7550
11/20/20205.55.5Schneider Electric EcoStruxure Operator Terminal Expert privileges managementEcoStruxure Operator Terminal ExpertNot DefinedNot Defined0.04CVE-2020-7544
11/20/20203.53.5Schneider Electric EcoStruxure Control Expert PLC Simulator improper check for unusual conditionsEcoStruxure Control ExpertNot DefinedNot Defined0.04CVE-2020-7538
11/20/20203.53.5Schneider Electric EcoStruxure Control Expert PLC Simulator code downloadEcoStruxure Control ExpertNot DefinedNot Defined0.00CVE-2020-28213
11/20/20205.35.3Schneider Electric EcoStruxure Control Expert PLC Simulator excessive authenticationEcoStruxure Control ExpertNot DefinedNot Defined0.04CVE-2020-28212
11/20/20206.36.3Schneider Electric EcoStruxure Control Expert PLC Simulator authorizationEcoStruxure Control ExpertNot DefinedNot Defined0.00CVE-2020-28211

Do you know our Splunk app?

Download it now for free!