Ecostruxure machine expert
This hub aggregates every CVE we track for Ecostruxure machine expert, a product in the ics ot iot space. Use it to gauge the current risk picture and drill into individual advisories.
18
CVEs tracked
4
Critical
13
High
0
In CISA KEV
Severity distribution
HIGH13CRITICAL4MEDIUM1
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Ecostruxure machine expert.
- CVE-2025-5296CWE-59: Improper Link Resolution Before File Access ('Link Following') vulnerability exists that could cause arbitrary data to be written to protected locations, potentially leading to escalation ...7.3
- CVE-2022-2988A CWE-787: Out-of-bounds Write vulnerability exists that could cause sensitive information leakage when accessing a malicious web page from the commissioning software. Affected Products: SoMachine ...4.3
- CVE-2021-22704A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists in Harmony/HMI Products Configured by Vijeo Designer (all versions prior to V6.2 SP11 ), Vijeo Designer Ba...9.1
- CVE-2021-21869An unsafe deserialization vulnerability exists in the Engine.plugin ProfileInformation ProfileData functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted fi...7.8
- CVE-2021-21868An unsafe deserialization vulnerability exists in the ObjectManager.plugin Project.get_MissingTypes() functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted...7.8
- CVE-2021-21863A unsafe deserialization vulnerability exists in the ComponentModel Profile.FromFile() functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead ...7.8
- CVE-2021-21866A unsafe deserialization vulnerability exists in the ObjectManager.plugin ProfileInformation.ProfileData functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially craf...7.8
- CVE-2021-21865A unsafe deserialization vulnerability exists in the PackageManagement.plugin ExtensionMethods.Clone() functionality of CODESYS GmbH CODESYS Development System 3.5.16. A specially crafted file can ...7.8
- CVE-2021-21864A unsafe deserialization vulnerability exists in the ComponentModel ComponentManager.StartupCultureSettings functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially c...7.8
- CVE-2021-22705Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause denial of service or unauthorized access to system information when interacting directl...7.8
- CVE-2021-29241CODESYS Gateway 3 before 3.5.16.70 has a NULL pointer dereference that may result in a denial of service (DoS).7.5
- CVE-2020-7488A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists which could leak sensitive information transmitted between the software and the Modicon M218, M241, M251, and M258 co...7.5
- CVE-2020-7487A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists which could allow the attacker to execute malicious code on the Modicon M218, M241, M251, and M258 controllers.9.8
- CVE-2020-7489A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability exists on EcoStruxure Machine Expert – Basic or SoMachine Basic programm...9.8
- CVE-2018-20034A Denial of Service vulnerability related to adding an item to a list in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier allows a remote attacker to send a com...7.5
Product normalization is registry-driven with AI assist and human review. How it works