69 matches found
Schneider Electric Modicon Exposure of Sensitive Information to an Unauthorized Actor (CVE-2021-22785)
A CWE-200: Information Exposure vulnerability exists that could cause sensitive information of files located in the web root directory to leak when an attacker sends a HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 Versions prior to V3.40, Modicon M340 X...
Schneider Electric Modicon Premium, Modicon Quantum, Modicon M340, and Modicon BMXNOR0200 Use of a Broken or Risky Cryptographic Algorithm (CVE-2018-7242)
Vulnerable hash algorithms exists in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules. The algorithm used to encrypt the password is vulnerable to hash collision attacks. This plugin only works with...
Schneider Electric Modicon Insufficient Verification of Data Authenticity (CVE-2022-34763)
A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists that could cause loading of unauthorized firmware images due to improper verification of the firmware signature. Affected Products: X80 advanced RTU Communication Module BMENOR2200H V2.01 and later, OPC UA Modicon...
AutomationDirect DirectLOGIC with Ethernet
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: AutomationDirect Equipment: DirectLOGIC with Ethernet Communication Modules Vulnerabilities: Uncontrolled Resource Consumption, Cleartext Transmission of Sensitive Information 2. UPDATE OR REPOSTED...
CVE-2021-22787
A CWE-20: Improper Input Validation vulnerability exists that could cause denial of service of the device when an attacker sends a specially crafted HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 Versions prior to V3.40, Modicon M340 X80 Ethernet...
Information disclosure
A CWE-200: Information Exposure vulnerability exists that could cause sensitive information of files located in the web root directory to leak when an attacker sends a HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 Versions prior to V3.40, Modicon M340 X...
Out-of-bounds
A CWE-787: Out-of-bounds Write vulnerability exists that could cause denial of service when an attacker sends a specially crafted HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 Versions prior to V3.40, Modicon M340 X80 Ethernet Communication Modules:...
CVE-2021-22788
A CWE-787: Out-of-bounds Write vulnerability exists that could cause denial of service when an attacker sends a specially crafted HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 Versions prior to V3.40, Modicon M340 X80 Ethernet Communication Modules:...
Schneider Electric Web Server on Modicon M340 Out-of-Bounds Write (CVE-2020-7563)
A CWE-787: Out-of-bounds Write vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules see notification for details which could cause corruption of data, a crash, or code execution when uploading a specially crafted...
PT-2021-7529
Name of the Vulnerable Software and Affected Versions Modicon M340 CPUs versions prior to V3.40 Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 H, BMXNOE0110 H, BMXNOC0401, BMXNOR0200H RTU All Versions Modicon Premium Processors with integrated Ethernet Copro: TSXP574634, TSXP575634,...
CVE-2020-7540
A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules see security notification for affected versions, that could cause unauthenticated command executio...
CVE-2020-7539
A CWE-754 Improper Check for Unusual or Exceptional Conditions vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules see security notification for affected versions, that could cause a denial of service...
CVE-2020-7541
A CWE-425: Direct Request 'Forced Browsing' vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules see security notification for affected versions, that could cause disclosure of sensitive data when sending a...
CVE-2020-7549
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules see security notification for affected versions, that could cause denial of HTTP and FTP...
Design/Logic Flaw
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules see security notification for affected versions, that could cause denial of HTTP and FTP...
Spoofing
A CWE-425: Direct Request 'Forced Browsing' vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules see security notification for affected versions, that could cause disclosure of sensitive data when sending a...
Authentication flaw
A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules see security notification for affected versions, that could cause unauthenticated command executio...
CVE-2020-7541
A CWE-425: Direct Request 'Forced Browsing' vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules see security notification for affected versions, that could cause disclosure of sensitive data when sending a...
CVE-2020-7533
CWE-287: Improper Authentication vulnerability exists which could cause the execution of commands on the webserver without authentication when sending specially crafted HTTP requests...
CVE-2020-7563
A CWE-787: Out-of-bounds Write vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules see notification for details which could cause corruption of data, a crash, or code execution when uploading a specially crafted...