Lucene search
K

1669 matches found

CVE
CVE
added 2019/05/22 8:0 p.m.103 views

CVE-2018-7845

CVE-2018-7845 affects Schneider Electric Modicon M580, M340, Quantum, and Premium PLCs. The vulnerability is CWE-125: Out-of-bounds Read, allowing disclosure of unexpected data when reading specific memory blocks over Modbus. Impact is data disclosure; no exploitation details are provided in the ...

7.5CVSS7.3AI score0.03413EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2019/05/22 8:0 p.m.24 views

CVE-2018-7847

A CWE-284: Improper Access Control vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service or potential code execution by overwriting configuration settings of the controller over Modbus...

9.6AI score0.03808EPSS
Exploits1References3
CVE
CVE
added 2019/05/22 8:0 p.m.69 views

CVE-2018-7847

CVE-2018-7847 affects Schneider Electric Modicon M580/M340/Quantum/Premium PLCs via Modbus; Talos confirms an unauthenticated UMAS file-write vulnerability in Modicon M580 firmware SV2.70 that can overwrite the device strategy/configuration, potentially enabling code execution and wide impact. Th...

9.8CVSS9.4AI score0.03808EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2019/05/22 7:59 p.m.36 views

CVE-2018-7842

A CWE-290: Authentication Bypass by Spoofing vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause an elevation of privilege by conducting a brute force attack on Modbus parameters sent to the controller...

9.5AI score0.35039EPSS
Exploits1References2
Cvelist
Cvelist
added 2019/05/22 7:59 p.m.23 views

CVE-2018-7848

A CWE-200: Information Exposure vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause the disclosure of SNMP information when reading files from the controller over Modbus...

7.3AI score0.03413EPSS
Exploits1References2
CVE
CVE
added 2019/05/22 7:59 p.m.78 views

CVE-2018-7848

CVE-2018-7848 is an information-disclosure flaw in Schneider Electric Modicon controllers (M580, M340, Quantum, Premium) exploitable via the UMAS strategy read path. A specially crafted UMAS read of the programmed strategy (function code 0x34) can reveal plaintext SNMP community strings and other...

7.5CVSS7.2AI score0.03413EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2019/05/22 7:58 p.m.17 views

CVE-2018-7843

A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service when reading memory blocks with an invalid data size or with an invalid data offset in the controller over Modbus...

7.4AI score0.03289EPSS
Exploits1References2
CVE
CVE
added 2019/05/22 7:58 p.m.71 views

CVE-2018-7843

CVE-2018-7843 concerns Schneider Electric Modicon PLCs (M580, M340, Quantum, Premium) with a flaw in the UMAS memory block read path over Modbus. The public Talos analysis describes an out-of-bounds memory read in the MEMORY_BLOCK_READ function that can trigger a non-recoverable fault, potentiall...

7.5CVSS7.3AI score0.03289EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2019/05/22 7:58 p.m.72 views

CVE-2018-7849

The CVE-2018-7849 vulnerability affects Schneider Electric Modicon M580, M340, Quantum and Premium PLCs. A CWE-248 Uncaught Exception could trigger a Denial of Service due to improper data integrity checks when sending files via Modbus. Affected firmware observed in Modicon M580 SV2.70 (e.g., BME...

7.5CVSS7.3AI score0.03289EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2019/05/22 7:58 p.m.21 views

CVE-2018-7849

A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum and Modicon Premium which could cause a possible Denial of Service due to improper data integrity check when sending files the controller over Modbus...

7.4AI score0.03289EPSS
Exploits1References2
Cvelist
Cvelist
added 2019/05/22 7:57 p.m.23 views

CVE-2018-7846

A CWE-501: Trust Boundary Violation vulnerability on connection to the Controller exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum and Modicon Premium which could cause unauthorized access by conducting a brute force attack on Modbus protocol to the controller...

9.3AI score0.29575EPSS
Exploits1References2
CVE
CVE
added 2019/05/22 7:57 p.m.93 views

CVE-2018-7846

CVE-2018-7846 affects Schneider Electric Modicon M580, M340, Quantum and Premium PLCs. The issue is a CWE-501 Trust Boundary Violation in the UMAS/Reservation mechanism: an unauthenticated brute-force attempt to the Modbus-based reservation session (one-byte session token) can allow unauthorized ...

9.8CVSS9.2AI score0.29575EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2019/05/22 7:56 p.m.76 views

CVE-2018-7851

CVE-2018-7851 involves buffer errors (CWE-119) in Schneider Electric Modicon PLCs. Affected products and firmware histories include: Modicon M580 with firmware prior to v2.50, Modicon M340 prior to v3.01, BMxCRA312xx prior to v2.40, and all firmware versions of Modicon Premium and 140CRA312xxx. T...

6.8CVSS6.3AI score0.01189EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2019/05/22 7:54 p.m.56 views

CVE-2019-6816

The CVE-2019-6816 entry concerns Schneider Electric Modicon Quantum controllers. A CWE-94 Code Injection flaw exists in all firmware versions, enabling unauthorized firmware modification and potential Denial of Service when operating over Modbus. The publicly documented impact is partial integrit...

9.1CVSS9.2AI score0.0145EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/05/22 7:54 p.m.25 views

CVE-2019-6816

In Modicon Quantum all firmware versions, a CWE-94: Code Injection vulnerability could cause an unauthorized firmware modification with possible Denial of Service when using Modbus protocol...

9.4AI score0.0145EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2019/05/22 7:45 p.m.5 views

CVE-2019-6819

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists which could cause a possible Denial of Service when specific Modbus frames are sent to the controller in the products: Modicon M340 - firmware versions prior to V3.01, Modicon M580 - firmware versions prior to...

7.1AI score0.01129EPSS
Exploits0References2
Cvelist
Cvelist
added 2019/05/22 7:45 p.m.19 views

CVE-2019-6819

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists which could cause a possible Denial of Service when specific Modbus frames are sent to the controller in the products: Modicon M340 - firmware versions prior to V3.01, Modicon M580 - firmware versions prior to...

7.5AI score0.01129EPSS
Exploits0References2
CVE
CVE
added 2019/05/22 7:27 p.m.53 views

CVE-2018-7824

The CVE-2018-7824 entry concerns Schneider Electric Modbus Serial Driver. Affected components are the Modbus Serial Driver for 64‑bit Windows (V3.17 IE37 and prior) and 32‑bit Windows (V2.17 IE27 and prior), including the Driver Suite (V14.12 and prior). The vulnerability is an External Control o...

6.8CVSS5.2AI score0.00892EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/05/22 7:27 p.m.15 views

CVE-2018-7824

An Externally Controlled Reference to a Resource CWE-610 vulnerability exists in Schneider Electric Modbus Serial Driver For 64-bit Windows OS:V3.17 IE 37 and prior , For 32-bit Windows OS:V2.17 IE 27 and prior, and as part of the Driver Suite version:V14.12 and prior which could allow write acce...

5.2AI score0.00892EPSS
Exploits0References1
CNVD
CNVD
added 2019/05/22 12:0 a.m.2 views

Modicon M580/M340/Premium/Quantum Improper Exception Checking Vulnerability

Modicon M340 is a programmable controller PLC for complex devices and small to medium-sized projects.Modicon Premium is a programmable controller PLC for complex control.Modicon Quantum is a programmable controller PLC for process control.Modicon M580 is a programmable automation controller PAC...

7.5CVSS6.7AI score0.01129EPSS
Exploits0References1
Rows per page
Query Builder