Schneider Electric Modicon M580/M340/BMxCRA/140CRA Denial of Service Vulnerability (CNVD-2019-41493)

The Modicon M580/M340/BMxCRA/140CRA are programmable logic controllers from Schneider Electric. A denial of service vulnerability exists in the Schneider Electric Modicon M580/M340/BMxCRA/140CRA. An attacker can exploit this vulnerability to cause a denial of service by upgrading the controller v...

CVE-2019-6828

A CWE-248: Uncaught Exception vulnerability exists Modicon M580 firmware version prior to V2.90, Modicon M340 firmware version prior to V3.10, Modicon Premium all versions, and Modicon Quantum all versions, which could cause a possible denial of service when reading specific coils and registers i...

Schneider Electric Modicon Controllers Denial of Service (ICSA-19-183-01)

Binary data 720298.prm...

Schneider Electric Modicon Controllers (ICSA-19-136-01)

Binary data 720272.prm...

Schneider Electric Modicon Controllers

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Schneider Electric Equipment: Modicon Controllers Vulnerability: Improper Check for Unusual or Exceptional Conditions 2. RISK EVALUATION Successful exploitation of this vulnerability could result...

The vulnerability of the microprogrammed programmable logic controller Modicon, related to the violation of trust boundaries, allows a intruder to gain unauthorized access by performing a “forceful” attack against the Modbus protocol.

The vulnerability of the microprogrammed logic controllers from Modicon relates to the violation of trust boundaries during connection. Exploiting this vulnerability allows an attacker, operating remotely, to gain unauthorized access by performing a “forceful” attack using the Modbus protocol...

The vulnerability of the microprogrammed logic controllers from Modicon, related to access control errors, allows a intruder to trigger a service failure or execute arbitrary code.

The vulnerability of the programmable logic controller Modicon’s microprogramming software is related to access control errors. Exploiting this vulnerability could allow an intruder to cause service failures or execute arbitrary code by modifying the controller’s configuration using the Modbus...

Multiple Schneider Electric Products Input Validation Error Vulnerability (CNVD-2019-34827)

The Schneider Electric Modicon M580 is a programmable automation controller.The Schneider Electric Modicon Premium is a large programmable logic controller PLC for discrete or process applications.The Schneider Electric Modicon Quantum is a large programmable logic controller PLC for process...

CVE-2018-7855

A CWE-248 Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a Denial of Service when sending invalid breakpoint parameters to the controller over Modbus...

CVE-2018-7856

A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a possible denial of Service when writing invalid memory blocks to the controller over Modbus...

CVE-2019-6806

A CWE-200: Information Exposure vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause the disclosure of SNMP information when reading variables in the controller using Modbus...

CVE-2018-7853

A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service when reading invalid physical memory blocks in the controller over Modbus...

CVE-2019-6807

A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a possible denial of service when writing sensitive application variables to the controller over Modbus...

CVE-2019-6819

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists which could cause a possible Denial of Service when specific Modbus frames are sent to the controller in the products: Modicon M340 - firmware versions prior to V3.01, Modicon M580 - firmware versions prior to...

CVE-2018-7848

A CWE-200: Information Exposure vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause the disclosure of SNMP information when reading files from the controller over Modbus...

Spoofing

A CWE-290: Authentication Bypass by Spoofing vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause an elevation of privilege by conducting a brute force attack on Modbus parameters sent to the controller...

CVE-2018-7846

A CWE-501: Trust Boundary Violation vulnerability on connection to the Controller exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum and Modicon Premium which could cause unauthorized access by conducting a brute force attack on Modbus protocol to the controller...

Schneider Electric Modicon Multiple Controllers Hardcoded Credentials

Binary data 720149.prm...

Schneider Electric Modicon Multiple Controllers SOAP Requests Triggered Buffer Overflow

Binary data 720242.prm...

PT-2019-7202 · Schneider Electric · Modicon Bmxnoe0110 +6

Name of the Vulnerable Software and Affected Versions: Schneider Electric Modicon BMXNOC0401 Schneider Electric Modicon BMXNOE0100 Schneider Electric Modicon BMXNOE0110 Schneider Electric Modicon BMXNOE0110H Schneider Electric Modicon BMXNOR0200H Schneider Electric Modicon BMXP342020 Schneider...