1659 matches found
CVE-2022-37301
A CWE-191: Integer Underflow Wrap or Wraparound vulnerability exists that could cause a denial of service of the controller due to memory access violations when using the Modbus TCP protocol. Affected products: Modicon M340 CPU part numbers BMXP34V3.40 and prior, Modicon M580 CPU part numbers BME...
CVE-2022-37301
A CWE-191: Integer Underflow Wrap or Wraparound vulnerability exists that could cause a denial of service of the controller due to memory access violations when using the Modbus TCP protocol. Affected products: Modicon M340 CPU part numbers BMXP34V3.40 and prior, Modicon M580 CPU part numbers BME...
Integer overflow
A CWE-191: Integer Underflow Wrap or Wraparound vulnerability exists that could cause a denial of service of the controller due to memory access violations when using the Modbus TCP protocol. Affected products: Modicon M340 CPU part numbers BMXP34V3.40 and prior, Modicon M580 CPU part numbers BME...
CVE-2022-37301
A CWE-191: Integer Underflow Wrap or Wraparound vulnerability exists that could cause a denial of service of the controller due to memory access violations when using the Modbus TCP protocol. Affected products: Modicon M340 CPU part numbers BMXP34V3.40 and prior, Modicon M580 CPU part numbers BME...
CVE-2022-37301
A CWE-191: Integer Underflow Wrap or Wraparound vulnerability exists that could cause a denial of service of the controller due to memory access violations when using the Modbus TCP protocol. Affected products: Modicon M340 CPU part numbers BMXP34V3.40 and prior, Modicon M580 CPU part numbers BME...
CVE-2022-37301
CVE-2022-37301 is an integer underflow (wraparound) vulnerability in Schneider Electric Modicon Modbus TCP handling that can cause DoS via memory access violations. Affected: Modicon M340 CPU BMXP34* (V3.40 and prior); M580 CPU BMEP*/BMEH* (V3.22 and prior); Legacy Modicon Quantum/Premium (all ve...
GLSA-202210-04 : Wireshark: Multiple Vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202210-04 Wireshark: Multiple Vulnerabilities - Crash in DNP dissector in Wireshark 3.4.0 to 3.4.6 and 3.2.0 to 3.2.14 allows denial of service via packet injection or crafted capture file CVE-2021-22235 - NULL pointer exception i...
The secrets of Schneider Electric’s UMAS protocol
UMAS Unified Messaging Application Services is a proprietary Schneider Electric SE protocol used to configure and monitor Schneider Electric PLCs. Schneider Electric controllers that use UMAS include Modicon M580 CPU part numbers BMEP and BMEH and Modicon M340 CPU part numbers BMXP34. Controllers...
Schneider Electric Modicon Weak Password Recovery Mechanism for Forgotten Password (CVE-2022-37300)
A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could cause unauthorized access in read and write mode to the controller when communicating over Modbus. Affected Products: EcoStruxure Control Expert Including all Unity Pro versions former name of...
CVE-2022-37300
A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could cause unauthorized access in read and write mode to the controller when communicating over Modbus. Affected Products: EcoStruxure Control Expert Including all Unity Pro versions former name of...
CVE-2022-37300
A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could cause unauthorized access in read and write mode to the controller when communicating over Modbus. Affected Products: EcoStruxure Control Expert Including all Unity Pro versions former name of...
CVE-2022-37300
A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could cause unauthorized access in read and write mode to the controller when communicating over Modbus. Affected Products: EcoStruxure Control Expert Including all Unity Pro versions former name of...
Design/Logic Flaw
A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could cause unauthorized access in read and write mode to the controller when communicating over Modbus. Affected Products: EcoStruxure Control Expert Including all Unity Pro versions former name of...
CVE-2022-37300
CVE-2022-37300 is a CWE-640 weakness (Weak Password Recovery Mechanism) that could allow unauthorized read/write access to Schneider Electric controllers over Modbus. Affected products and versions include EcoStruxure Control Expert (Unity Pro lineage) up to V15.0 SP1, EcoStruxure Process Expert ...
CVE-2022-37300
A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could cause unauthorized access in read and write mode to the controller when communicating over Modbus. Affected Products: EcoStruxure Control Expert Including all Unity Pro versions former name of...
Hitachi Energy RTU500 series
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: RTU500 series Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could cause an internal buffer overflow, which can...
DEBIAN-CVE-2022-0367
A heap-based buffer overflow flaw was found in libmodbus in function modbusreply in src/modbus.c...
CVE-2022-0367
A heap-based buffer overflow flaw was found in libmodbus in function modbusreply in src/modbus.c...
libmodbus 缓冲区错误漏洞
libmodbus is a library written in C that can send/receive data according to the Modbus protocol. A security vulnerability exists in libmodbus, which stems from a heap-based buffer overflow flaw found in the function modbusreply in src/modbus.c. The vulnerability is caused by a heap-based buffer...
Hitachi Energy RTU500 series CMU firmware buffer overflow vulnerability
RTU500 is a series of industrial control components from Hitachi, Japan, mainly used in industrial control systems. A buffer overflow vulnerability exists in the Hitachi Energy RTU500 series CMU firmware HCI Modbus TCP function. The vulnerability, which originates when HCI Modbus TCP is enabled a...