CVE-2024-8937

CVE-2024-8937 affects Schneider Electric’s Modicon M340, MC80, and Momentum Unity M1E PLCs. The vulnerability is described as CWE-119: Improper restriction of operations within the bounds of a memory buffer, potentially enabling arbitrary code execution. The attack scenario reported involves a su...

CVE-2024-50956

A buffer overflow in the RecvSocketData function of Inovance HCPLCAM401-CPU1608TPTN 21.38.0.0, HCPLCAM402-CPU1608TPTN 41.38.0.0, and HCPLCAM403-CPU1608TN 81.38.0.0 allows attackers to cause a Denial of Service DoS or execute arbitrary code via a crafted Modbus message...

Schneider Electric Modicon M340 缓冲区错误漏洞

The Schneider Electric Modicon M340 is a mid-range PLC Programmable Logic Controller for industrial processes and infrastructure from Schneider Electric France. The Schneider Electric Modicon M340 suffers from a buffer error vulnerability that originates from improperly restricted memory buffer...

Schneider Electric Modicon M340 缓冲区错误漏洞

The Schneider Electric Modicon M340 is a mid-range PLC Programmable Logic Controller for industrial processes and infrastructure from Schneider Electric France. The Schneider Electric Modicon M340 suffers from a buffer error vulnerability that originates from improperly constrained memory buffer...

PT-2024-34471 · Inovance · Inovance Hcplc Am402-Cpu1608Tptn +2

Name of the Vulnerable Software and Affected Versions: Inovance HCPLC AM401-CPU1608TPTN version 21.38.0.0 Inovance HCPLC AM402-CPU1608TPTN version 41.38.0.0 Inovance HCPLC AM403-CPU1608TN version 81.38.0.0 Description: A buffer overflow in the RecvSocketData function allows attackers to cause a...

CVE-2024-50956

A buffer overflow in the RecvSocketData function of Inovance HCPLCAM401-CPU1608TPTN 21.38.0.0, HCPLCAM402-CPU1608TPTN 41.38.0.0, and HCPLCAM403-CPU1608TN 81.38.0.0 allows attackers to cause a Denial of Service DoS or execute arbitrary code via a crafted Modbus message...

Schneider Electric Modicon M340 输入验证错误漏洞

The Schneider Electric Modicon M340 is a mid-range PLC Programmable Logic Controller for industrial processes and infrastructure from Schneider Electric France. An input validation error vulnerability exists in the Schneider Electric Modicon M340, which stems from the presence of an improper inpu...

CVE-2024-50956

This CVE affects Inovance HCPLC AM401-CPU1608TPTN (v21.38.0.0), HCPLC_AM402-CPU1608TPTN (v41.38.0.0), and HCPLC_AM403-CPU1608TN (v81.38.0.0). A buffer overflow in the RecvSocketData function can be triggered by a crafted Modbus message, leading to Denial of Service or arbitrary code execution. Pu...

PT-2024-9212 · Schneider Electric · Modicon M340 Cpu Bmxp34

Name of the Vulnerable Software and Affected Versions: Schneider Electric Modicon M340 CPU BMXP34 affected versions not specified Description: The issue is related to insufficient input validation in the Modbus protocol implementation of the Schneider Electric Modicon M340 CPU BMXP34 programmable...

PT-2024-8142 · Schneider Electric · Schneider Electric Modicon Mc80 Bmkc80 +2

Name of the Vulnerable Software and Affected Versions: Schneider Electric Modicon M340 CPU BMXP34 versions affected versions not specified Schneider Electric Modicon MC80 BMKC80 versions affected versions not specified Schneider Electric Modicon Momentum Unity M1E Processor 171CBU versions affect...

PT-2024-9213 · Schneider Electric · Modicon Mc80 Bmkc80 +2

Name of the Vulnerable Software and Affected Versions: Schneider Electric Modicon M340 CPU BMXP34, Modicon MC80 BMKC80, and Modicon Momentum Unity M1E Processor 171CBU affected versions not specified Description: A vulnerability exists that could cause a potential arbitrary code execution after a...

The vulnerability of Moxa EDS-P510 microcontroller software, related to the lack of protection for service data, allows a intruder to disclose the protected information.

The vulnerability of Moxa EDS-P510 microcontroller-based software lies in the lack of protection for service data. Exploiting this vulnerability allows an attacker to disclose protected information through Modbus MEI read requests...

The vulnerability of Moxa EDS-P510 microcontroller software-related microprogramming systems, related to access control errors, allows attackers to escalate their privileges.

The vulnerability of Moxa EDS-P510 microcontroller software-related systems is related to errors in access control for the Modbus/TCP interface. Exploiting this vulnerability allows an attacker to enhance their privileges and alter the device’s functions in SCADA and DCS environments...

The vulnerability of the Modbus TCP interface of the microprogramming software used in multifunctional measuring instruments for measuring electrical network parameters from Siemens SENTRON 7KM PAC3200 allows a perpetrator to circumvent existing security restrictions and gain unauthorized access to protected information.

The vulnerability of the Modbus TCP interface of Siemens SENTRON 7KM PAC3200 multifunctional measuring instruments for measuring electrical network parameters lies in improper authentication mechanisms. This includes insufficient security measures, such as a weak 4-digit PIN code, and the absence...

PT-2024-41476 · Moxa · Moxa Eds-P510

Уязвимость микропрограммного обеспечения коммутаторов Moxa EDS-P510 связана с ошибками разграничения доступа к катушке Modbus/TCP. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, повысить свои привилегии и изменить функции устройства в средах SCADA и DCS...

PT-2024-41475 · Moxa · Moxa Eds-P510

Уязвимость микропрограммного обеспечения коммутаторов Moxa EDS-P510 связана с отсутствием защиты служебных данных. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, раскрыть защищаемую информацию с помощью запросов на чтение Modbus MEI...

PT-2024-10219 · Schneider Electric · Powerlogic Hdpm6000

Name of the Vulnerable Software and Affected Versions: Schneider Electric PowerLogic HDPM6000 versions up to 0.62.7 Description: The issue is related to an Improper Restriction of Operations within the Bounds of a Memory Buffer, which could allow an unauthorized attacker to modify configuration...

Siemens SENTRON PAC Meter Authentication Error Vulnerability

The SENTRON PAC Meter is a power measurement device for precise energy management and transparent information acquisition. An authentication error vulnerability exists in the Siemens SENTRON PAC Meter, which can be exploited by an attacker to bypass authentication via brute force attack or by...

CVE-2024-41798

A vulnerability has been identified in SENTRON 7KM PAC3200 All versions. Affected devices only provide a 4-digit PIN to protect from administrative access via Modbus TCP interface. Attackers with access to the Modbus TCP interface could easily bypass this protection by brute-force attacks or by...

CVE-2024-41798

A vulnerability has been identified in SENTRON 7KM PAC3200 All versions. Affected devices only provide a 4-digit PIN to protect from administrative access via Modbus TCP interface. Attackers with access to the Modbus TCP interface could easily bypass this protection by brute-force attacks or by...