1659 matches found
Schneider Electric Modicon Exposure of Sensitive Information to an Unauthorized Actor (CVE-2021-22786)
A CWE-200: Information Exposure vulnerability exists that could cause the exposure of sensitive information stored on the memory of the controller when communicating over the Modbus TCP protocol. Affected Products: Modicon M340 CPU part numbers BMXP34 Versions prior to V3.30, Modicon M580 CPU par...
Moxa SDS-3008 Series Industrial Ethernet Switch web application information disclosure vulnerability
Talos Vulnerability Report TALOS-2022-1621 Moxa SDS-3008 Series Industrial Ethernet Switch web application information disclosure vulnerability February 2, 2023 CVE Number CVE-2022-40691 SUMMARY An information disclosure vulnerability exists in the web application functionality of Moxa SDS-3008...
CVE-2021-22786
A CWE-200: Information Exposure vulnerability exists that could cause the exposure of sensitive information stored on the memory of the controller when communicating over the Modbus TCP protocol. Affected Products: Modicon M340 CPU part numbers BMXP34 Versions prior to V3.30, Modicon M580 CPU par...
CVE-2021-22786
A CWE-200: Information Exposure vulnerability exists that could cause the exposure of sensitive information stored on the memory of the controller when communicating over the Modbus TCP protocol. Affected Products: Modicon M340 CPU part numbers BMXP34 Versions prior to V3.30, Modicon M580 CPU par...
Information disclosure
A CWE-200: Information Exposure vulnerability exists that could cause the exposure of sensitive information stored on the memory of the controller when communicating over the Modbus TCP protocol. Affected Products: Modicon M340 CPU part numbers BMXP34 Versions prior to V3.30, Modicon M580 CPU par...
CVE-2021-22786
A CWE-200: Information Exposure vulnerability exists that could cause the exposure of sensitive information stored on the memory of the controller when communicating over the Modbus TCP protocol. Affected Products: Modicon M340 CPU part numbers BMXP34 Versions prior to V3.30, Modicon M580 CPU par...
多款Schneider Electric产品 信息泄露漏洞
The Schneider Electric Modicon M580 and Schneider Electric Modicon M340 are both products of the French company Schneider Electric.The Schneider Electric Modicon M580 is a programmable automation The Schneider Electric Modicon M340 is a medium-range PLC programmable logic controller for industria...
CVE-2021-22786
Schneider Electric CVE-2021-22786 is an information-exposure vulnerability in Modicon controllers over Modbus TCP. Affected products/versions: Modicon M340 CPU (BMXP34*) prior to V3.30, M580 CPU (BMEP*/BMEH*) prior to SV3.20, MC80 (BMKC80) prior to V1.6, M580 Safety (BMEP58*/BMEH58*) all versions...
CVE-2022-45789
A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause execution of unauthorized Modbus functions on the controller when hijacking an authenticated Modbus session. Affected Products: EcoStruxure Control Expert All Versions, EcoStruxure Process Expert All Versions...
CVE-2022-45789
A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause execution of unauthorized Modbus functions on the controller when hijacking an authenticated Modbus session. Affected Products: EcoStruxure Control Expert All Versions, EcoStruxure Process Expert All Versions...
CVE-2022-45789
A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause execution of unauthorized Modbus functions on the controller when hijacking an authenticated Modbus session. Affected Products: EcoStruxure Control Expert All Versions, EcoStruxure Process Expert All Versions...
Authentication flaw
A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause execution of unauthorized Modbus functions on the controller when hijacking an authenticated Modbus session. Affected Products: EcoStruxure Control Expert All Versions, EcoStruxure Process Expert All Versions...
CVE-2022-45789
A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause execution of unauthorized Modbus functions on the controller when hijacking an authenticated Modbus session. Affected Products: EcoStruxure Control Expert All Versions, EcoStruxure Process Expert All Versions...
CVE-2022-45789
CVE-2022-45789 is a concrete vulnerability in Schneider Electric EcoStruxure Control Expert, EcoStruxure Process Expert, Modicon M340/M580 CPUs (and variants) where an authenticated Modbus session can be hijacked to bypass authentication and execute unauthorized Modbus functions. Root cause: CWE-...
CVE-2022-45789
A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause execution of unauthorized Modbus functions on the controller when hijacking an authenticated Modbus session. Affected Products: EcoStruxure Control Expert All Versions, EcoStruxure Process Expert All Versions...
Schneider Electric EcoStruxure Control Expert, Process Expert, Modicon M340, M580 and M580 CPU (Update A)
1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely Vendor: Schneider Electric Equipment: EcoStruxure Control Expert, EcoStruxure Process Expert, Modicon M340 CPU, Modicon M580 CPU, Modicon Momentum Unity M1E Processor, Modicon MC80 Vulnerability: Authentication Bypass by...
CVE-2022-2967
Prosys OPC UA Simulation Server version prior to v5.3.0-64 and UA Modbus Server versions 1.4.18-5 and prior do not sufficiently protect credentials, which could allow an attacker to obtain user credentials and gain access to system data...
CVE-2022-2967
Prosys OPC UA Simulation Server version prior to v5.3.0-64 and UA Modbus Server versions 1.4.18-5 and prior do not sufficiently protect credentials, which could allow an attacker to obtain user credentials and gain access to system data...
Design/Logic Flaw
Prosys OPC UA Simulation Server version prior to v5.3.0-64 and UA Modbus Server versions 1.4.18-5 and prior do not sufficiently protect credentials, which could allow an attacker to obtain user credentials and gain access to system data...
CVE-2022-2967
Prosys OPC UA Simulation Server version prior to v5.3.0-64 and UA Modbus Server versions 1.4.18-5 and prior do not sufficiently protect credentials, which could allow an attacker to obtain user credentials and gain access to system data...