Schneider Electric Modicon Controllers 输入验证错误漏洞

Schneider Electric Modicon Controllers is a Modicon family of programmable logic controllers from Schneider Electric France. An input validation error vulnerability exists in Schneider Electric Modicon Controllers that stems from incorrect input validation. When unauthenticated specially crafted...

The vulnerability of the Modbus protocol implementation in Schneider Electric Modicon M340 CPU BMXP34 programmable logic controllers allows a perpetrator to carry out a “man-in-the-middle” attack.

The vulnerability of the Modbus protocol implementation in Schneider Electric Modicon M340 CPU BMXP34 programmable logic controllers is related to insufficient verification of input data. Exploiting this vulnerability can allow an attacker to carry out a “man-in-the-middle” attack remotely...

The vulnerability of the Modbus protocol implementation in Schneider Electric’s programmable logic controllers (PLCs), such as the Modicon M340 CPU BMXP34, Modicon MC80 BMKC80, and Modicon Momentum Unity M1E Processor 171CBU, allows a attacker to execute a “man-in-the-middle” attack.

The vulnerability of the Modbus protocol implementation in Schneider Electric’s programmable logic controllers PLCs such as Modicon M340 CPU BMXP34, Modicon MC80 BMKC80, and Modicon Momentum Unity M1E Processor 171CBU lies in the execution of operations outside the buffer in memory. Exploiting th...

The vulnerability of the implementations of CIP/Modbus programmable logic controllers of the Micro850/870 series allows a intruder to trigger a service failure.

The vulnerability of CIP/Modbus programmable logic controllers of the Micro850/870 series lies in the uncontrollable consumption of resources. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...

Schneider Electric Modicon M340, MC80, and Momentum Unity M1E Improper Restriction of Operations Within the Bounds of a Memory Buffer (CVE-2024-8937)

Arbitrary code execution can potentially be achieved after a successful Man-In-The Middle attack followed by sending a crafted Modbus function call to tamper with memory area involved in the authentication process. This plugin only works with Tenable.ot. Please visit...

CVE-2022-20685

A vulnerability in the Modbus preprocessor of the Snort detection engine could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to an integer overflow while processing Modbus traffic. An attacker could exploit th...

CVE-2022-20685

A vulnerability in the Modbus preprocessor of the Snort detection engine could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to an integer overflow while processing Modbus traffic. An attacker could exploit th...

CVE-2022-20685 Multiple Cisco Products Snort Modbus Denial of Service Vulnerability

A vulnerability in the Modbus preprocessor of the Snort detection engine could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to an integer overflow while processing Modbus traffic. An attacker could exploit th...

CVE-2022-20685 Multiple Cisco Products Snort Modbus Denial of Service Vulnerability

A vulnerability in the Modbus preprocessor of the Snort detection engine could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to an integer overflow while processing Modbus traffic. An attacker could exploit th...

CVE-2024-50956

A buffer overflow in the RecvSocketData function of Inovance HCPLCAM401-CPU1608TPTN 21.38.0.0, HCPLCAM402-CPU1608TPTN 41.38.0.0, and HCPLCAM403-CPU1608TN 81.38.0.0 allows attackers to cause a Denial of Service DoS or execute arbitrary code via a crafted Modbus message...

CVE-2024-8938

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause a potential arbitrary code execution after a successful Man-In-The-Middle attack followed by sending a crafted Modbus function call to tamper with memory area involved in memory...

CVE-2024-8937

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause a potential arbitrary code execution after a successful Man-In-The Middle attack followed by sending a crafted Modbus function call to tamper with memory area involved in the...

CVE-2024-8936

CWE-20: Improper Input Validation vulnerability exists that could lead to loss of confidentiality of controller memory after a successful Man-In-The-Middle attack followed by sending a crafted Modbus function call used to tamper with memory...

CVE-2024-8936

CWE-20: Improper Input Validation vulnerability exists that could lead to loss of confidentiality of controller memory after a successful Man-In-The-Middle attack followed by sending a crafted Modbus function call used to tamper with memory...

CVE-2024-8936

CWE-20: Improper Input Validation vulnerability exists that could lead to loss of confidentiality of controller memory after a successful Man-In-The-Middle attack followed by sending a crafted Modbus function call used to tamper with memory...

CVE-2024-8936

The CVE-2024-8936 issue affects Schneider Electric Modicon M340 family devices (including M340, MC80, Momentum Unity M1E) via an improper input validation in the Modbus handling. The root cause is insufficient input validation that enables a MITM scenario, after which a crafted Modbus function ca...

CVE-2024-8938

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause a potential arbitrary code execution after a successful Man-In-The-Middle attack followed by sending a crafted Modbus function call to tamper with memory area involved in memory...

CVE-2024-8938

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause a potential arbitrary code execution after a successful Man-In-The-Middle attack followed by sending a crafted Modbus function call to tamper with memory area involved in memory...

CVE-2024-8938

CVE-2024-8938 affects Schneider Electric Modicon M340, MC80, and Momentum Unity M1E hardware. The root cause is a memory buffer handling flaw (CWE-119) that can enable arbitrary code execution after a Man-In-The-Middle attack, by crafting a Modbus function to tamper with memory areas involved in ...

CVE-2024-8937

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause a potential arbitrary code execution after a successful Man-In-The Middle attack followed by sending a crafted Modbus function call to tamper with memory area involved in the...