CVE-2020-7539

A CWE-754 Improper Check for Unusual or Exceptional Conditions vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules see security notification for affected versions, that could cause a denial of service...

EUVD-2022-15423

Malicious code in bioql PyPI...

CVE-2025-8007

A security issue exists in the protected mode of 1756-EN4TR and 1756-EN2TR communication modules, where a Concurrent Forward Close operation can trigger a Major Non-Recoverable MNFR fault. This condition may lead to unexpected system crashes and loss of device availability...

CVE-2020-7562

A CWE-125: Out-of-Bounds Read vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules see notification for details which could cause a segmentation fault or a buffer overflow when uploading a specially crafted file ...

CVE-2012-6435

When an affected product receives a valid CIP message from an unauthorized or unintended source to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port 44818/UDP that instructs the CPU to stop logic execution and enter a fault state, a DoS can occur. This situation could cause loss of availabili...

CVE-2012-6440

The Web server password authentication mechanism used by the products is vulnerable to a MitM and Replay attack. Successful exploitation of this vulnerability will allow unauthorized access of the product’s Web server to view and alter product configuration and diagnostics information. Rockwell...

CVE-2019-10930

A vulnerability has been identified in All other SIPROTEC 5 device types with CPU variants CP300 and CP100 and the respective Ethernet communication modules All versions , DIGSI 5 engineering software All versions V7.90, SIPROTEC 5 device types 6MD85, 6MD86, 6MD89, 7UM85, 7SA87, 7SD87, 7SL87,...

CVE-2019-10931

A vulnerability has been identified in All other SIPROTEC 5 device types with CPU variants CP300 and CP100 and the respective Ethernet communication modules All versions , DIGSI 5 engineering software All versions V7.90, SIPROTEC 5 device types 6MD85, 6MD86, 6MD89, 7UM85, 7SA87, 7SD87, 7SL87,...

CVE-2012-6437

The device does not properly authenticate users and the potential exists for a remote user to upload a new firmware image to the Ethernet card, whether it is a corrupt or legitimate firmware image. Successful exploitation of this vulnerability could cause loss of availability, integrity, and...

Vulnerabilities fixed in Schneider Electric Modicon

Schneider Electric has fixed vulnerabilities in Modicon M340, M580 and various communication modules. A malicious party could exploit the vulnerabilities to cause a denial-of-service or gain access to system data and possibly affect the operation of the controllers. For successful abuse, the...

Rockwell Automation Select Logix Communication Modules

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely/low attack complexity Vendor : Rockwell Automation Equipment : 1756-EN2T, 1756-EN2TK, 1756-EN2TXT, 1756-EN2TP, 1756-EN2TPK, 1756-EN2TPXT, 1756-EN2TR, 1756-EN2TRK, 1756-EN2TRXT, 1756-EN2F, 1756-EN2FK, 1756-EN3TR,...

CVE-2023-3596 Rockwell Automation Allen-Bradley ControlLogix Communication Modules vulnerable to Denial of Service

Where this vulnerability exists in the Rockwell Automation 1756-EN4 Ethernet/IP communication products, it could allow a malicious user to cause a denial of service by asserting the target system through maliciously crafted CIP messages...

CVE-2023-3595 Rockwell Automation ControlLogix Communication Modules Vulnerable to Remote Code Execution

Where this vulnerability exists in the Rockwell Automation 1756 EN2 and 1756 EN3 ControlLogix communication products, it could allow a malicious user to perform remote code execution with persistence on the target system through maliciously crafted CIP messages. This includes the ability to modif...

CISA Releases One Industrial Control Systems Advisory

CISA released one Critical Industrial Control Systems ICS advisory on July 12, 2023. This advisory provides timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-193-01 Rockwell Automation Select Communication Modules CISA encourages users and...

Schneider Electric Modicon Cross-Site Request Forgery (CVE-2020-7534)

A CWE-352: Cross-Site Request Forgery CSRF vulnerability exists on the web server used, that could cause a leak of sensitive data or unauthorized actions on the web server during the time the user is logged in. Affected Products: Modicon M340 CPUs: BMXP34 All Versions, Modicon Quantum CPUs with...

Schneider Electric Modicon Improper Check for Unusual or Exceptional Conditions (CVE-2020-7549)

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules see security notification for affected versions, that could cause denial of HTTP and FTP...

Schneider Electric Modicon Exposure of Sensitive Information to an Unauthorized Actor (CVE-2021-22785)

A CWE-200: Information Exposure vulnerability exists that could cause sensitive information of files located in the web root directory to leak when an attacker sends a HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 Versions prior to V3.40, Modicon M340 X...

Schneider Electric Modicon Path Traversal (CVE-2020-7535)

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' Vulnerability Type vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules see security notification for affected versions,...

Schneider Electric Modicon Out-of-bounds Write (CVE-2021-22788)

A CWE-787: Out-of-bounds Write vulnerability exists that could cause denial of service when an attacker sends a specially crafted HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 Versions prior to V3.40, Modicon M340 X80 Ethernet Communication Modules:...

Schneider Electric Modicon Credentials Management Errors (CVE-2020-7533)

A CWE-255: Credentials Management vulnerability exists in Web Server on Modicon M340, Modicon Quantum and ModiconPremium Legacy offers and their Communication Modules see security notification for version information which could cause the execution of commands on the webserver without...