The vulnerability of the Modbus protocol implementation in Schneider Electric Modicon M340 CPU BMXP34 programmable logic controllers allows a perpetrator to carry out a “man-in-the-middle” attack.

The vulnerability of the Modbus protocol implementation in Schneider Electric Modicon M340 CPU BMXP34 programmable logic controllers is related to insufficient verification of input data. Exploiting this vulnerability can allow an attacker to carry out a “man-in-the-middle” attack remotely...

The vulnerability of the Modbus protocol implementation in Schneider Electric’s programmable logic controllers (PLCs), such as the Modicon M340 CPU BMXP34, Modicon MC80 BMKC80, and Modicon Momentum Unity M1E Processor 171CBU, allows a attacker to execute a “man-in-the-middle” attack.

The vulnerability of the Modbus protocol implementation in Schneider Electric’s programmable logic controllers PLCs such as Modicon M340 CPU BMXP34, Modicon MC80 BMKC80, and Modicon Momentum Unity M1E Processor 171CBU lies in the execution of operations outside the buffer in memory. Exploiting th...

PT-2024-9214 · Schneider Electric · Schneider Electric Modicon M340 Cpu Bmxp34

Name of the Vulnerable Software and Affected Versions: Schneider Electric Modicon M340 CPU BMXP34 affected versions not specified Description: The issue is related to an authentication bypass vulnerability in the Diffie-Hellman algorithm, which can be exploited to conduct a Man-In-The-Middle atta...

PT-2024-9212 · Schneider Electric · Modicon M340 Cpu Bmxp34

Name of the Vulnerable Software and Affected Versions: Schneider Electric Modicon M340 CPU BMXP34 affected versions not specified Description: The issue is related to insufficient input validation in the Modbus protocol implementation of the Schneider Electric Modicon M340 CPU BMXP34 programmable...

PT-2024-1606 · Schneider Electric · M580 Cpu Bmeh +4

Name of the Vulnerable Software and Affected Versions: Schneider Electric Modicon M340 CPU BMXP34, M580 CPU BMEP, M580 CPU BMEH, M580 CPU Safety BMEP58S, M580 CPU Safety BMEH58S versions affected versions not specified EcoStruxure Control Expert versions affected versions not specified EcoStruxur...

Schneider Electric Modicon Out-of-bounds Write (CVE-2021-22788)

A CWE-787: Out-of-bounds Write vulnerability exists that could cause denial of service when an attacker sends a specially crafted HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 Versions prior to V3.40, Modicon M340 X80 Ethernet Communication Modules:...

CVE-2022-45788

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause arbitrary code execution, denial of service and loss of confidentiality & integrity when a malicious project file is loaded onto the controller. Affected Products: EcoStruxure Control Expert All...

CVE-2021-22788

A CWE-787: Out-of-bounds Write vulnerability exists that could cause denial of service when an attacker sends a specially crafted HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 Versions prior to V3.40, Modicon M340 X80 Ethernet Communication Modules:...

CVE-2022-22724

A CWE-400: Uncontrolled Resource Consumption vulnerability exists that could cause a denial of service on ports 80 HTTP and 502 Modbus, when sending a large number of TCP RST or FIN packets to any open TCP port of the PLC. Affected Product: Modicon M340 CPUs: BMXP34 All Versions...

CVE-2020-7534

CVE-2020-7534 is a CSRF vulnerability affecting Schneider Electric Modicon web servers. Affected products include M340 BMXP34, Quantum CPUs 140CPU65, Premium CPUs TSXP57, M340 ethernet modules BMXNOC0401/BMXNOE01/BMXNOR0200H, and Quantum/Premium factory cast modules 140NOE77111, 140NOC78*00, TSXE...

Schneider Electric Modicon M340 Code Issue Vulnerability

The Schneider Electric Modicon M340 is a mid-range PLC Programmable Logic Controller for industrial processes and infrastructure from Schneider Electric France. A security vulnerability exists in the Modicon that could be exploited by an attacker to cause a denial of service on the device. The...