cvedb.io
CVE-2016-8354
HIGH · CVSS 7
EPSS exploitation probability: 0%
Published 2017-02-13T21:59:00.860 · Last modified 2026-06-17T00:54:12.450

Summary

An issue was discovered in Schneider Electric Unity PRO prior to V11.1. Unity projects can be compiled as x86 instructions and loaded onto the PLC Simulator delivered with Unity PRO. These x86 instructions are subsequently executed directly by the simulator. A specially crafted patched Unity project file can make the simulator execute malicious code by redirecting the control flow of these instructions.

Affected products

schneider-electric — unity_pro

Does this affect you?

Add your gear to cvedb and we'll alert you only when schneider-electric ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.