Schneider Electric Modicon Cross-Site Request Forgery (CVE-2020-7534)

A CWE-352: Cross-Site Request Forgery CSRF vulnerability exists on the web server used, that could cause a leak of sensitive data or unauthorized actions on the web server during the time the user is logged in. Affected Products: Modicon M340 CPUs: BMXP34 All Versions, Modicon Quantum CPUs with...

The vulnerability of the microprogramming software of Schneider Electric’s Modicon M340 allows a intruder to execute any code they desire.

The vulnerability of the Factory Cast component of the microprogramming software for Schneider Electric’s Modicon M340 programmable logic controllers arises from insufficient validation of input data. Exploiting this vulnerability allows a malicious actor, who operates remotely and has passed...

Schneider Electric Modicon M340 PLC Station P34 Module HMI Vulnerabilities

Update Vulnerabilities in Schneider Electric SCADA gear remain unpatched close to two weeks after they were disclosed during DEF CON. The Industrial Control System Cyber Emergency Response Team ICS-CERT released an alert late last week and patches are currently being validated according to ICS-CE...