EUVD-2019-16374

Malware in sbrugna...

The vulnerability in the implementation of the SSH network protocol for the microprogramming-based software of industrial routers such as Billion M100, Billion M150, Billion M120N, and Billion M500 allows a hacker to execute arbitrary commands.

The vulnerability of the SSH network protocol implementation in the microprogramming-based software for industrial routers such as Billion M100, Billion M150, Billion M120N, and Billion M500 is related to the lack of measures to neutralize special elements used in operating system commands...

The vulnerability of the microprogrammed software of industrial routers Billion M100, Billion M150, Billion M120N, and Billion M500, related to the storage of passwords in an open manner, allows a intruder to gain unauthorized access to protected information.

The vulnerability of the microprogrammed software of industrial routers Billion M100, Billion M150, Billion M120N, and Billion M500 is related to the storage of passwords in an open manner. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access ...

Billion Electric多款产品 安全漏洞

Billion Electric M100 and others are a wireless router from China-based Shengda Electric Billion Electric. A security vulnerability exists in various Billion Electric products, which stems from storing passwords in plaintext, allowing a remote attacker with administrator privileges to access the...

Billion Electric多款产品 安全漏洞

Billion Electric M100 and others are a wireless router from China-based Shengda Electric Billion Electric. A security vulnerability exists in various Billion Electric products that stems from the presence of operating system command injection, which allows a remote attacker with administrator...

Billion Electric多款产品 安全漏洞

Billion Electric M100 and others are a wireless router from China-based Shengda Electric Billion Electric. A security vulnerability exists in various Billion Electric products that stems from an authentication bypass that could allow an unauthenticated attacker to retrieve the content of arbitrar...

The vulnerability of microprogrammed software in Schneider Electric’s programmable logic controllers Modicon M221, M100, and M200 relates to the disclosure of information, which allows unauthorized access to protected data by attackers.

The vulnerability of the microprogrammed software of Schneider Electric’s Modicon M221, M100, and M200 programmable logic controllers is related to the disclosure of information. Exploiting this vulnerability can allow an intruder operating remotely to gain unauthorized access to protected...

The vulnerability of microprogrammed software in Schneider Electric’s programmable logic controllers Modicon M221, M100, and M200 stems from the lack of encryption measures for protected data. This allows attackers to obtain the encryption key.

The vulnerability of the microprogrammed logic controllers from Schneider Electric, such as Modicon M221, M100, and M200, is related to the lack of encryption measures for protected data. Exploiting this vulnerability can allow a remote attacker to obtain the encryption key...

The vulnerability of microprogrammed software in Schneider Electric’s programmable logic controllers Modicon M221, M100, and M200 lies in the small number of possible random values. This allows attackers to circumvent existing security restrictions by using brute-force attacks.

The vulnerability of the microprogrammed logic controllers from Schneider Electric, such as Modicon M221, M100, and M200, is related to the small number of possible random values. Exploiting this vulnerability can allow a malicious actor to bypass existing security restrictions by using brute-for...

PT-2020-6349

Name of the Vulnerable Software and Affected Versions Modicon M221 all references, all versions Modicon M100 affected versions not specified Modicon M200 affected versions not specified Description A vulnerability exists due to a small space of random values, which could allow an attacker to brea...

Authentication flaw

A CWE-306: Missing Authentication for Critical Function vulnerability exists which could cause a modification of device IP configuration IP address, network mask and gateway IP address when a specific Ethernet frame is received in all versions of: Modicon M100, Modicon M200, Modicon M221, ATV IMC...

CVE-2019-6820

CVE-2019-6820 describes a CWE-306 vulnerability (Missing Authentication for a Critical Function) that could allow modification of device IP configuration (IP address, netmask, gateway) when a specific Ethernet frame is received on multiple Schneider Electric Modicon/drive products. Affected produ...

CVE-2019-6820

A CWE-306: Missing Authentication for Critical Function vulnerability exists which could cause a modification of device IP configuration IP address, network mask and gateway IP address when a specific Ethernet frame is received in all versions of: Modicon M100, Modicon M200, Modicon M221, ATV IMC...

Access Control Error Vulnerability in Multiple Schneider Electric Products

Schneider Electric Modicon M100 is a programmable logic controller, Schneider Electric Modicon LMC078 is a motion controller, and Schneider Electric ATV IMC drive controller is a drive controller. Schneider Electric Modicon M100 is a programmable logic controller.Schneider Electric Modicon LMC078...

PT-2019-2282

Name of the Vulnerable Software and Affected Versions Modicon M100 versions all Modicon M200 versions all Modicon M221 versions all ATV IMC drive controller versions all Modicon M241 versions all Modicon M251 versions all Modicon M258 versions all Modicon LMC058 versions all Modicon LMC078 versio...