CVE-2022-30937

CVE-2022-30937 affects Siemens EN100 Ethernet Module variants: DNP3 IP, IEC 104, IEC 61850 (all versions prior to 4.37), Modbus TCP, and PROFINET IO. The issue is a memory corruption vulnerability in the HTTP parsing of the /txtrace endpoint, which could crash the affected application and cause a...

PT-2022-20395 · Unknown · En100 Ethernet Module Modbus Tcp Variant +4

Name of the Vulnerable Software and Affected Versions: EN100 Ethernet module DNP3 IP variant All versions EN100 Ethernet module IEC 104 variant All versions EN100 Ethernet module IEC 61850 variant All versions prior to V4.37 EN100 Ethernet module Modbus TCP variant All versions EN100 Ethernet...

Siemens EN100 Ethernet Module

1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: EN100 Ethernet Module Vulnerability: Improper Restriction of Operations within the Bounds of a Memory Buffer 2. RISK EVALUATION Successful exploitation of this vulnerability could...

Siemens SIPROTEC Information Disclosure (CVE-2016-4784)

A vulnerability has been identified in firmware variant PROFINET IO for EN100 Ethernet module : All versions V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions V1.03; Firmware variant IEC 104...

Schneider Electric Modicon Improper Restriction of Operations within the Bounds of a Memory Buffer (CVE-2018-7838)

A CWE-119 Buffer Errors vulnerability exists in Modicon M580 CPU - BMEP582040, all versions before V2.90, and Modicon Ethernet Module BMENOC0301, all versions before V2.16, which could cause denial of service on the FTP service of the controller or the Ethernet BMENOC module when it receives a FT...

Siemens SIPROTEC Information Disclosure (CVE-2016-4785)

A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions V1.03; Firmware variant IEC 104...

Siemens (CVE-2016-7112) (deprecated)

Plugin deprecated because en ethernetmodule is not detectable in this way This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. @DEPRECATED@ Disabled on 2023/03/10. Deprecated...

Siemens EN100 Ethernet Module Improper Neutralization of Input During Web Page Generation (CVE-2019-13943)

A vulnerability has been identified in EN100 Ethernet module DNP3 variant All versions, EN100 Ethernet module IEC 61850 variant All versions V4.37, EN100 Ethernet module IEC104 variant All versions, EN100 Ethernet module Modbus TCP variant All versions, EN100 Ethernet module PROFINET IO variant A...

Schneider Electric Quantum Ethernet Module Improper Authentication (CVE-2011-4860)

The ComputePassword function in the Schneider Electric Quantum Ethernet Module on the NOE 771 device aka the Quantum 140NOE771 module generates the password for the fwupgrade account by performing a calculation on the MAC address, which makes it easier for remote attackers to obtain access via a ...

Schneider Electric Quantum Ethernet Module Permissions, Privileges, and Access Controls (CVE-2011-4861)

The modbus125handler function in the Schneider Electric Quantum Ethernet Module on the NOE 771 device aka the Quantum 140NOE771 module allows remote attackers to install arbitrary firmware updates via a MODBUS 125 function code to TCP port 502. This plugin only works with Tenable.ot. Please visit...

Mitsubishi Electric MELSEC-Q Series Ethernet Module Uncontrolled Resource Consumption (CVE-2019-10977)

In Mitsubishi Electric MELSEC-Q series Ethernet module QJ71E71-100 serial number 20121 and prior, an attacker could send crafted TCP packets against the FTP service, forcing the target devices to enter an error mode and cause a denial-of-service condition. This plugin only works with Tenable.ot...

Siemens SIPROTEC 4, SIPROTEC Compact, DIGSI 4, and EN100 Ethernet Module Missing Authentication For Critical Function (CVE-2018-4840)

A vulnerability has been identified in DIGSI 4 All versions V4.92, EN100 Ethernet module DNP3 variant All versions V1.05.00, EN100 Ethernet module IEC 104 variant All versions, EN100 Ethernet module IEC 61850 variant All versions V4.30, EN100 Ethernet module Modbus TCP variant All versions, EN100...

Siemens EN100 Ethernet Communication Module and SIPROTEC 5 Relays Improper Input Validation (CVE-2018-16563)

A vulnerability has been identified in Firmware variant IEC 61850 for EN100 Ethernet module All versions V4.35, Firmware variant MODBUS TCP for EN100 Ethernet module All versions, Firmware variant DNP3 TCP for EN100 Ethernet module All versions, Firmware variant IEC104 for EN100 Ethernet module A...

Schneider Electric Quantum Ethernet Module Hard-Coded Credentials (CVE-2011-4859)

The Schneider Electric Quantum Ethernet Module, as used in the Quantum 140NOE771 and 140CPU65 modules, the Premium TSXETY and TSXP57 modules, the M340 BMXNOE01 and BMXP3420 modules, and the STB DIO STBNIC2212 and STBNIP2 modules, uses hardcoded passwords for the 1 AUTCSE, 2 AUTCSE, 3 fdrusers, 4...

The vulnerability of the WISE-4060 Ethernet module’s microprogramming software, related to shortcomings in password change procedures via the web server, allows a hacker to gain full access to the device with administrator privileges.

The vulnerability of the WISE-4060 Ethernet module’s microprogramming software is related to deficiencies in the password change process via the web server. Exploiting this vulnerability could allow an attacker to gain full access to the device with administrator privileges...

The vulnerability of the WISE-4060 Ethernet module’s microprogramming software, related to session management errors, allows a intruder to gain unauthorized access to the device.

The vulnerability of the WISE-4060 Ethernet module’s microprogramming software is related to session management errors. Exploiting this vulnerability could allow an attacker to gain unauthorized access to the device remotely...

Denial of Service Vulnerability in MITSUBISHI FX3U-ENET-L

FX3U-ENET-L has 4 communication channels. Mitsubishi PLC Ethernet Module FX3U-ENET-L supports fixed buffer storage area communication, connection to MELSOFT, communication via MC series, and e-mail delivery. When connecting to MELSOFT, remote maintenance of PLC programs can be realized through GX...

CVE-2020-7477

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Quantum Ethernet Network module 140NOE771x1 Versions 7.0 and prior, Quantum processors with integrated Ethernet – 140CPU65xxxxx all Versions, and Premium processors with integrated Ethernet all Versions, which...

PT-2020-19604

Name of the Vulnerable Software and Affected Versions Quantum Ethernet Network module 140NOE771x1 versions 7.0 and prior Quantum processors with integrated Ethernet – 140CPU65xxxxx all versions Premium processors with integrated Ethernet all versions Description A vulnerability exists due to...

CVE-2020-6986

In all versions of Omron PLC CJ Series, an attacker can send a series of specific data packets within a short period, causing a service error on the PLC Ethernet module, which in turn causes a PLC service denied result...