204 matches found
CVE-2018-7846
CVE-2018-7846 affects Schneider Electric Modicon M580, M340, Quantum and Premium PLCs. The issue is a CWE-501 Trust Boundary Violation in the UMAS/Reservation mechanism: an unauthenticated brute-force attempt to the Modbus-based reservation session (one-byte session token) can allow unauthorized ...
CVE-2019-6816
In Modicon Quantum all firmware versions, a CWE-94: Code Injection vulnerability could cause an unauthorized firmware modification with possible Denial of Service when using Modbus protocol...
CVE-2019-6816
The CVE-2019-6816 entry concerns Schneider Electric Modicon Quantum controllers. A CWE-94 Code Injection flaw exists in all firmware versions, enabling unauthorized firmware modification and potential Denial of Service when operating over Modbus. The publicly documented impact is partial integrit...
PT-2019-11106
Name of the Vulnerable Software and Affected Versions: Modicon M580 affected versions not specified Modicon M340 affected versions not specified Modicon Quantum affected versions not specified Modicon Premium affected versions not specified Description: A denial of service issue exists due to an...
PT-2019-2342 · Schneider Electric · Modicon M580 +4
Name of the Vulnerable Software and Affected Versions: Modicon M580 versions prior to V2.50 Modicon M340 versions prior to V3.01 BMxCRA312xx versions prior to V2.40 Modicon Premium all firmware versions 140CRA312xxx all firmware versions Description: The issue is related to buffer errors in the...
Schneider Electric Modicon Modbus Protocol Violation of Secure Design Principles
Binary data 720117.prm...
Schneider Electric Modicon Modbus Protocol Authentication Bypass
Binary data 720119.prm...
Arbitrary Memory Read Vulnerability in Hologic LE5109L PLCs
HOLLIS Group is a professional automation company integrating R&D, production, sales and technical service. An arbitrary memory read vulnerability exists in the HELISE LE5109L PLC, which can be exploited to cause the value of any register in the PLC to be read arbitrarily by constructing a specif...
Arbitrary Memory Tampering Vulnerability in Hologic LE5109L PLCs
HOLLIS Group is a professional automation company integrating R&D, production, sales and technical service. A memory arbitrary tampering vulnerability exists in the HELISE LE5109L PLC, which can be exploited by an attacker to remotely tamper with PLC register values by constructing specific modbu...
Remote Controller Removal Vulnerability in HOLLYWOOD LE5109L PLCs
HOLLIS Group is a professional automation company integrating R&D, production, sales and technical service. A remote controller removal vulnerability exists in the Hologic LE5109L PLC, where an attacker can construct specific modbus packets to remotely remove all program and configuration...
Information Disclosure Vulnerability in Hologic LE5109L PLCs
HELISE Group is a professional automation company integrating R&D, production, sales and technical service. With integrated Ethernet, PROFIBUS-DP, RS232 and RS485 interfaces, HELISE's PLCs have been widely used in electric power, chemical industry, metallurgy, energy and other fields. An...
Denial of Service Vulnerability in the Hologic LE5109L PLC
HELISE Group is a professional automation company integrating R&D, production, sales and technical service. With integrated Ethernet, PROFIBUS-DP, RS232 and RS485 interfaces, HELISE's PLCs have been widely used in electric power, chemical industry, metallurgy, energy and other fields. A denial of...
Belden Hirschmann Tofino Xenon Security Appliance Protocol Filter Evasion Vulnerability
The Tofino Xenon security appliance is the ideal solution for segmenting control networks into secure zones. A protocol filter evasion vulnerability exists in the Tofino Xenon security appliance prior to version 03.2.00. The vulnerability arises because the ModBus DPI filter improperly handles th...
CVE-2017-11401
An issue has been discovered on the Belden Hirschmann Tofino Xenon Security Appliance before 03.2.00. Improper handling of the mbap.length field of ModBus packets in the ModBus DPI filter allows an attacker to send malformed/crafted packets to a protected asset, bypassing function code filtering...
CVE-2017-6032
A Violation of Secure Design Principles issue was discovered in Schneider Electric Modicon Modbus Protocol. The Modicon Modbus protocol has a session-related weakness making it susceptible to brute-force attacks...
CVE-2017-6032
A Violation of Secure Design Principles issue was discovered in Schneider Electric Modicon Modbus Protocol. The Modicon Modbus protocol has a session-related weakness making it susceptible to brute-force attacks...
CVE-2017-6034 Schneider Electric Modicon Modbus Protocol Authentication Bypass by Capture-replay
An authentication bypass by capture-replay issue was discovered in Schneider Electric Modicon Modbus Protocol. Sensitive information is transmitted in cleartext in the Modicon Modbus protocol, which may allow an attacker to replay the following commands: run, stop, upload, and download...
CVE-2017-6032
CVE-2017-6032 concerns Schneider Electric Modicon Modbus Protocol: a session-related weakness in Modbus that may allow brute-force-style access. Affected component: Modbus protocol in Schneider Electric Modicon PLCs; impact described as potential exposure of control commands with low to moderate ...
VulnCheck KEV: CVE-2015-5374
A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions V1.03; Firmware variant...
Schneider Electric Devices Detection (Modbus)
Modbus protocol-based detection of Schneider Electric devices. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...