1669 matches found
CVE-2018-7845
CVE-2018-7845 affects Schneider Electric Modicon M580, M340, Quantum, and Premium PLCs. The vulnerability is CWE-125: Out-of-bounds Read, allowing disclosure of unexpected data when reading specific memory blocks over Modbus. Impact is data disclosure; no exploitation details are provided in the ...
CVE-2018-7847
A CWE-284: Improper Access Control vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service or potential code execution by overwriting configuration settings of the controller over Modbus...
CVE-2018-7847
CVE-2018-7847 affects Schneider Electric Modicon M580/M340/Quantum/Premium PLCs via Modbus; Talos confirms an unauthenticated UMAS file-write vulnerability in Modicon M580 firmware SV2.70 that can overwrite the device strategy/configuration, potentially enabling code execution and wide impact. Th...
CVE-2018-7842
A CWE-290: Authentication Bypass by Spoofing vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause an elevation of privilege by conducting a brute force attack on Modbus parameters sent to the controller...
CVE-2018-7848
A CWE-200: Information Exposure vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause the disclosure of SNMP information when reading files from the controller over Modbus...
CVE-2018-7848
CVE-2018-7848 is an information-disclosure flaw in Schneider Electric Modicon controllers (M580, M340, Quantum, Premium) exploitable via the UMAS strategy read path. A specially crafted UMAS read of the programmed strategy (function code 0x34) can reveal plaintext SNMP community strings and other...
CVE-2018-7843
A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service when reading memory blocks with an invalid data size or with an invalid data offset in the controller over Modbus...
CVE-2018-7843
CVE-2018-7843 concerns Schneider Electric Modicon PLCs (M580, M340, Quantum, Premium) with a flaw in the UMAS memory block read path over Modbus. The public Talos analysis describes an out-of-bounds memory read in the MEMORY_BLOCK_READ function that can trigger a non-recoverable fault, potentiall...
CVE-2018-7849
The CVE-2018-7849 vulnerability affects Schneider Electric Modicon M580, M340, Quantum and Premium PLCs. A CWE-248 Uncaught Exception could trigger a Denial of Service due to improper data integrity checks when sending files via Modbus. Affected firmware observed in Modicon M580 SV2.70 (e.g., BME...
CVE-2018-7849
A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum and Modicon Premium which could cause a possible Denial of Service due to improper data integrity check when sending files the controller over Modbus...
CVE-2018-7846
A CWE-501: Trust Boundary Violation vulnerability on connection to the Controller exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum and Modicon Premium which could cause unauthorized access by conducting a brute force attack on Modbus protocol to the controller...
CVE-2018-7846
CVE-2018-7846 affects Schneider Electric Modicon M580, M340, Quantum and Premium PLCs. The issue is a CWE-501 Trust Boundary Violation in the UMAS/Reservation mechanism: an unauthenticated brute-force attempt to the Modbus-based reservation session (one-byte session token) can allow unauthorized ...
CVE-2018-7851
CVE-2018-7851 involves buffer errors (CWE-119) in Schneider Electric Modicon PLCs. Affected products and firmware histories include: Modicon M580 with firmware prior to v2.50, Modicon M340 prior to v3.01, BMxCRA312xx prior to v2.40, and all firmware versions of Modicon Premium and 140CRA312xxx. T...
CVE-2019-6816
The CVE-2019-6816 entry concerns Schneider Electric Modicon Quantum controllers. A CWE-94 Code Injection flaw exists in all firmware versions, enabling unauthorized firmware modification and potential Denial of Service when operating over Modbus. The publicly documented impact is partial integrit...
CVE-2019-6816
In Modicon Quantum all firmware versions, a CWE-94: Code Injection vulnerability could cause an unauthorized firmware modification with possible Denial of Service when using Modbus protocol...
CVE-2019-6819
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists which could cause a possible Denial of Service when specific Modbus frames are sent to the controller in the products: Modicon M340 - firmware versions prior to V3.01, Modicon M580 - firmware versions prior to...
CVE-2019-6819
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists which could cause a possible Denial of Service when specific Modbus frames are sent to the controller in the products: Modicon M340 - firmware versions prior to V3.01, Modicon M580 - firmware versions prior to...
CVE-2018-7824
The CVE-2018-7824 entry concerns Schneider Electric Modbus Serial Driver. Affected components are the Modbus Serial Driver for 64‑bit Windows (V3.17 IE37 and prior) and 32‑bit Windows (V2.17 IE27 and prior), including the Driver Suite (V14.12 and prior). The vulnerability is an External Control o...
CVE-2018-7824
An Externally Controlled Reference to a Resource CWE-610 vulnerability exists in Schneider Electric Modbus Serial Driver For 64-bit Windows OS:V3.17 IE 37 and prior , For 32-bit Windows OS:V2.17 IE 27 and prior, and as part of the Driver Suite version:V14.12 and prior which could allow write acce...
Modicon M580/M340/Premium/Quantum Improper Exception Checking Vulnerability
Modicon M340 is a programmable controller PLC for complex devices and small to medium-sized projects.Modicon Premium is a programmable controller PLC for complex control.Modicon Quantum is a programmable controller PLC for process control.Modicon M580 is a programmable automation controller PAC...