CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

129 matches found

CNVD•added 2025/06/23 12:0 a.m.•2 views

Schneider Electric Modicon Controllers Cross-Site Scripting Vulnerability

Schneider Electric Modicon Controllers are a series of Modicon series programmable logic controllers from Schneider Electric, France. A cross-site scripting vulnerability exists in Schneider Electric Modicon Controllers that originates from improper input neutralization during web page generation...

5.4CVSS6.5AI score0.00069EPSS

Exploits0References1

Positive Technologies•added 2025/06/10 12:0 a.m.•2 views

PT-2025-24635 · Schneider Electric · Modicon Controllers M241/M251 +1

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: A Cross-site Scripting issue exists due to improper neutralization of input during web page generation. This could allow an authenticated malicious user to inject unvalidated data, potential...

5.4CVSS5.7AI score0.00123EPSS

Exploits0References4

Positive Technologies•added 2025/06/10 12:0 a.m.•3 views

PT-2025-24628 · Schneider Electric · Modicon Controllers M241/M251 +1

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: A Denial of Service issue exists due to improper input validation. This occurs when an authenticated malicious user sends an HTTPS request containing an invalid data type to the web server...

7.1CVSS5.9AI score0.00271EPSS

Exploits0References4

CNNVD•added 2025/06/10 12:0 a.m.•2 views

Schneider Electric Modicon Controllers 输入验证错误漏洞

Schneider Electric Modicon Controllers are a series of Modicon series programmable logic controllers from Schneider Electric, France. An input validation error vulnerability exists in Schneider Electric Modicon Controllers that stems from improper input validation and can be exploited by an...

7.1CVSS6.7AI score0.00271EPSS

Exploits0References1

CNNVD•added 2025/06/10 12:0 a.m.•1 views

Schneider Electric Modicon Controllers 跨站脚本漏洞

Schneider Electric Modicon Controllers are a series of Modicon series programmable logic controllers from Schneider Electric France. A cross-site scripting vulnerability exists in Schneider Electric Modicon Controllers that originates from improper input neutralization during web page generation...

5.4CVSS6.2AI score0.00123EPSS

Exploits0References1

Positive Technologies•added 2025/06/10 12:0 a.m.•3 views

PT-2025-24626 · Schneider Electric · Modicon Controllers M241/M251

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: An Uncontrolled Resource Consumption issue exists, potentially causing Denial of Service. This occurs when an authenticated malicious user sends a manipulated HTTPS Content-Length header to...

7.1CVSS5.9AI score0.00271EPSS

Exploits0References4

CNNVD•added 2025/06/10 12:0 a.m.•1 views

Schneider Electric Modicon Controllers 跨站脚本漏洞

5.4CVSS6.1AI score0.00069EPSS

Exploits0References2

CNNVD•added 2025/06/10 12:0 a.m.•1 views

Schneider Electric Modicon Controllers 输入验证错误漏洞

7.1CVSS6.7AI score0.00271EPSS

Exploits0References2

Positive Technologies•added 2025/06/10 12:0 a.m.•2 views

PT-2025-24627 · Schneider Electric · Modicon Controllers M241/M251 +1

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: A Denial of Service issue exists due to improper input validation. This occurs when an authenticated malicious user sends a special malformed HTTPS request containing improperly formatted bo...

7.1CVSS5.9AI score0.00271EPSS

Exploits0References4

Positive Technologies•added 2025/06/10 12:0 a.m.•2 views

PT-2025-24630 · Schneider Electric · Modicon Controllers M241/M251 +1

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: A Cross-site Scripting issue exists, impacting system variables. This could allow an authenticated malicious user to inject unvalidated data, potentially modifying or reading data in a...

5.4CVSS5.7AI score0.00123EPSS

Exploits0References5

Tenable Nessus•added 2025/06/05 12:0 a.m.•20 views

Schneider Electric Modicon Controllers Externally Controlled Reference to a Resource in Another Sphere (CVE-2025-2875)

CWE-610: Externally Controlled Reference to a Resource in Another Sphere vulnerability exists that could cause a loss of confidentiality when an unauthenticated attacker manipulates controller's webserver URL to access resources. This plugin only works with Tenable.ot. Please visit...

8.7CVSS5.5AI score0.00522EPSS

Exploits0References4

RedhatCVE•added 2025/05/22 4:49 p.m.•14 views

CVE-2020-7543

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium see security notifications for affected versions, that could cause denial of service when a specially crafted Read Physical Memo...

7.5CVSS6.9AI score0.00389EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 4:48 p.m.•4 views

CVE-2020-7488

A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists which could leak sensitive information transmitted between the software and the Modicon M218, M241, M251, and M258 controllers...

7.5CVSS6.4AI score0.00187EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 3:8 p.m.•6 views

CVE-2020-7540

A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules see security notification for affected versions, that could cause unauthenticated command executio...

9.8CVSS7.4AI score0.00309EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 10:18 a.m.•8 views

CVE-2019-6852

A CWE-200: Information Exposure vulnerability exists in Modicon Controllers M340 CPUs, M340 communication modules, Premium CPUs, Premium communication modules, Quantum CPUs, Quantum communication modules - see security notification for specific versions, which could cause the disclosure of FTP...

7.5CVSS7AI score0.00348EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 9:17 a.m.•5 views

CVE-2019-6859

A CWE-798: Use of Hardcoded Credentials vulnerability exists in Modicon Controllers All versions of the following CPUs and Communication Module product references listed in the Security Notifications, which could cause the disclosure of FTP hardcoded credentials when using the Web server of the...

7.5CVSS6.9AI score0.00344EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 8:48 a.m.•11 views

CVE-2019-6845

A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists in Modicon M580, Modicon M340, Modicon Premium , Modicon Quantum all firmware versions, which could cause the disclosure of information when transferring applications to the controller using Modbus TCP protocol...

7.5CVSS6.5AI score0.00205EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 8:48 a.m.•17 views

CVE-2019-6851

A CWE-538: File and Directory Information Exposure vulnerability exists in Modicon M580, Modicon M340, Modicon Premium , Modicon Quantum all firmware versions, which could cause the disclosure of information from the controller when using TFTP protocol...

7.5CVSS6.6AI score0.02468EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 8:47 a.m.•4 views

CVE-2019-6808

A CWE-284: Improper Access Control vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a remote code execution by overwriting configuration settings of the controller over Modbus...

9.8CVSS7.7AI score0.04306EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 4:0 a.m.•3 views

CVE-2018-7857

A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a possible Denial of Service when writing out of bounds variables to the controller over Modbus...

7.5CVSS6.7AI score0.00566EPSS

Exploits1References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by