Lucene search
K

69 matches found

Tenable Nessus
Tenable Nessus
added 2023/06/29 12:0 a.m.20 views

Schneider Electric Modicon Exposure of Sensitive Information to an Unauthorized Actor (CVE-2021-22785)

A CWE-200: Information Exposure vulnerability exists that could cause sensitive information of files located in the web root directory to leak when an attacker sends a HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 Versions prior to V3.40, Modicon M340 X...

7.5CVSS7.4AI score0.00954EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/06/29 12:0 a.m.23 views

Schneider Electric Modicon Premium, Modicon Quantum, Modicon M340, and Modicon BMXNOR0200 Use of a Broken or Risky Cryptographic Algorithm (CVE-2018-7242)

Vulnerable hash algorithms exists in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules. The algorithm used to encrypt the password is vulnerable to hash collision attacks. This plugin only works with...

9.8CVSS8.4AI score0.01946EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2022/07/27 12:0 a.m.31 views

Schneider Electric Modicon Insufficient Verification of Data Authenticity (CVE-2022-34763)

A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists that could cause loading of unauthorized firmware images due to improper verification of the firmware signature. Affected Products: X80 advanced RTU Communication Module BMENOR2200H V2.01 and later, OPC UA Modicon...

7.5CVSS7.1AI score0.00251EPSS
Exploits0References2
ICS
ICS
added 2022/06/16 12:0 a.m.58 views

AutomationDirect DirectLOGIC with Ethernet

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: AutomationDirect Equipment: DirectLOGIC with Ethernet Communication Modules Vulnerabilities: Uncontrolled Resource Consumption, Cleartext Transmission of Sensitive Information 2. UPDATE OR REPOSTED...

9.1CVSS9AI score0.00858EPSS
Exploits0References4
NVD
NVD
added 2022/02/11 6:15 p.m.32 views

CVE-2021-22787

A CWE-20: Improper Input Validation vulnerability exists that could cause denial of service of the device when an attacker sends a specially crafted HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 Versions prior to V3.40, Modicon M340 X80 Ethernet...

7.5CVSS0.01028EPSS
Exploits0References1
Prion
Prion
added 2022/02/11 6:15 p.m.21 views

Information disclosure

A CWE-200: Information Exposure vulnerability exists that could cause sensitive information of files located in the web root directory to leak when an attacker sends a HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 Versions prior to V3.40, Modicon M340 X...

5CVSS7.2AI score0.00954EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2022/02/11 6:15 p.m.14 views

Out-of-bounds

A CWE-787: Out-of-bounds Write vulnerability exists that could cause denial of service when an attacker sends a specially crafted HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 Versions prior to V3.40, Modicon M340 X80 Ethernet Communication Modules:...

5CVSS7.3AI score0.01028EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/02/11 5:40 p.m.28 views

CVE-2021-22788

A CWE-787: Out-of-bounds Write vulnerability exists that could cause denial of service when an attacker sends a specially crafted HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 Versions prior to V3.40, Modicon M340 X80 Ethernet Communication Modules:...

7.6AI score0.01028EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2022/02/07 12:0 a.m.14 views

Schneider Electric Web Server on Modicon M340 Out-of-Bounds Write (CVE-2020-7563)

A CWE-787: Out-of-bounds Write vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules see notification for details which could cause corruption of data, a crash, or code execution when uploading a specially crafted...

8.8CVSS8.3AI score0.01073EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2021/09/14 12:0 a.m.5 views

PT-2021-7529

Name of the Vulnerable Software and Affected Versions Modicon M340 CPUs versions prior to V3.40 Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 H, BMXNOE0110 H, BMXNOC0401, BMXNOR0200H RTU All Versions Modicon Premium Processors with integrated Ethernet Copro: TSXP574634, TSXP575634,...

7.8CVSS7.2AI score0.00954EPSS
Exploits0References6
NVD
NVD
added 2020/12/11 1:15 a.m.25 views

CVE-2020-7540

A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules see security notification for affected versions, that could cause unauthenticated command executio...

9.8CVSS9.7AI score0.0222EPSS
Exploits0References1
OSV
OSV
added 2020/12/11 1:15 a.m.4 views

CVE-2020-7539

A CWE-754 Improper Check for Unusual or Exceptional Conditions vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules see security notification for affected versions, that could cause a denial of service...

7.5CVSS7.1AI score0.01181EPSS
Exploits0References1
NVD
NVD
added 2020/12/11 1:15 a.m.31 views

CVE-2020-7541

A CWE-425: Direct Request 'Forced Browsing' vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules see security notification for affected versions, that could cause disclosure of sensitive data when sending a...

5.3CVSS5.3AI score0.00898EPSS
Exploits0References1
OSV
OSV
added 2020/12/11 1:15 a.m.2 views

CVE-2020-7549

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules see security notification for affected versions, that could cause denial of HTTP and FTP...

5.3CVSS5.8AI score0.01056EPSS
Exploits0References1
Prion
Prion
added 2020/12/11 1:15 a.m.20 views

Design/Logic Flaw

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules see security notification for affected versions, that could cause denial of HTTP and FTP...

5CVSS5.3AI score0.01056EPSS
Exploits0References1Affected Software10
Prion
Prion
added 2020/12/11 1:15 a.m.27 views

Spoofing

A CWE-425: Direct Request 'Forced Browsing' vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules see security notification for affected versions, that could cause disclosure of sensitive data when sending a...

5CVSS5.3AI score0.00898EPSS
Exploits0References1Affected Software20
Prion
Prion
added 2020/12/11 1:15 a.m.19 views

Authentication flaw

A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules see security notification for affected versions, that could cause unauthenticated command executio...

7.5CVSS9.6AI score0.0222EPSS
Exploits0References1Affected Software22
Cvelist
Cvelist
added 2020/12/11 12:52 a.m.34 views

CVE-2020-7541

A CWE-425: Direct Request 'Forced Browsing' vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules see security notification for affected versions, that could cause disclosure of sensitive data when sending a...

5.2AI score0.00898EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/12/01 2:47 p.m.17 views

CVE-2020-7533

CWE-287: Improper Authentication vulnerability exists which could cause the execution of commands on the webserver without authentication when sending specially crafted HTTP requests...

9.9AI score0.02301EPSS
Exploits0References1
NVD
NVD
added 2020/11/18 2:15 p.m.19 views

CVE-2020-7563

A CWE-787: Out-of-bounds Write vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules see notification for details which could cause corruption of data, a crash, or code execution when uploading a specially crafted...

8.8CVSS9AI score0.01073EPSS
Exploits0References1
Rows per page
Query Builder