CVE-2018-7848

A CWE-200: Information Exposure vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause the disclosure of SNMP information when reading files from the controller over Modbus...

CVE-2018-7844

A CWE-200: Information Exposure vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause the disclosure of SNMP information when reading memory blocks from the controller over Modbus...

CVE-2018-7846

A CWE-501: Trust Boundary Violation vulnerability on connection to the Controller exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum and Modicon Premium which could cause unauthorized access by conducting a brute force attack on Modbus protocol to the controller...

CISA Releases Thirteen Industrial Control Systems Advisories

CISA released thirteen Industrial Control Systems ICS advisories on May 20, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-140-01 ABUP IoT Cloud Platform ICSA-25-140-02 National Instruments Circuit Design Sui...

Schneider Electric多款产品 安全漏洞

Schneider Electric Modicon Controllers M241 and others are products of Schneider Electric, a French company.Schneider Electric Modicon Controllers M241 is a micro PLC. Schneider Electric Modicon Controllers M251 is a micro PLC.Schneider Electric Modicon Controllers M258 is a micro PLC.Schneider...

PT-2025-21143 · Schneider Electric · Modicon Controllers M241 +3

Name of the Vulnerable Software and Affected Versions: Modicon Controllers M241 / M251 versions prior to 5.3.12.48 Modicon Controllers M258 / LMC058 all versions Description: A vulnerability exists that could cause a loss of confidentiality when an unauthenticated attacker manipulates the...

Schneider Electric Modicon Controllers 输入验证错误漏洞

Schneider Electric Modicon Controllers is a Modicon family of programmable logic controllers from Schneider Electric France. An input validation error vulnerability exists in Schneider Electric Modicon Controllers that stems from incorrect input validation. When unauthenticated specially crafted...

PT-2024-9215 · Schneider Electric · Modicon Mc80 Bmkc80 +2

Name of the Vulnerable Software and Affected Versions: Schneider Electric Modicon M340 CPU BMXP34, Modicon MC80 BMKC80, and Modicon Momentum Unity M1E Processor 171CBU affected versions not specified Description: The issue is related to the lack of message integrity checks during transmission ove...

The vulnerability of microprogrammed software in Modicon Controllers allows a hacker to perform a cross-site scripting attack.

The vulnerability of Microprogrammed Software on Modicon Controllers is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform a cross-site scripting attack remotely...

Schneider Electric Modicon Controllers Improper Neutralization of Input During Web Page Generation (CVE-2024-6528)

CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists that could cause a vulnerability leading to a cross-site scripting condition where attackers can have a victim's browser run arbitrary JavaScript when they visit a page containing the...

PT-2024-5156 · Schneider Electric · Modicon Controllers

Name of the Vulnerable Software and Affected Versions: Modicon Controllers affected versions not specified Description: A cross-site scripting condition exists due to improper neutralization of input during web page generation. This could allow an attacker to have a victim's browser run arbitrary...

Schneider Electric Modicon Exposure of Sensitive Information to an Unauthorized Actor (CVE-2019-6852)

A CWE-200: Information Exposure vulnerability exists in Modicon Controllers M340 CPUs, M340 communication modules, Premium CPUs, Premium communication modules, Quantum CPUs, Quantum communication modules - see security notification for specific versions, which could cause the disclosure of FTP...

The vulnerabilities of microprogrammed logic controllers such as Modicon M580, Modicon M340, Modicon MC80, Modicon Momentum Ethernet, Modicon Quantum, Modicon Premium, and the programming software for these controllers—EcoStruxure Control Expert and EcoStruxure Process Expert—allow a hacker to trigger malfunctions during maintenance operations.

The vulnerability of microprogrammed logic controllers such as Modicon M580, Modicon M340, Modicon MC80, Modicon Momentum Ethernet, Modicon Quantum, Modicon Premium, and the programming software for these controllers—EcoStruxure Control Expert and EcoStruxure Process Expert—is related to reading...

The vulnerability of the Modbus TCP protocol implementation in Schneider Electric Modicon programmable logic controllers allows a intruder to trigger a service failure.

The vulnerability of the Modbus TCP protocol implementation in Schneider Electric Modicon programmable logic controllers is related to insufficient checking of unusual or exceptional states. Exploiting this vulnerability could allow a malicious actor to cause malfunctions in the service operation...

Researchers Warn of Critical Security Bugs in Schneider Electric Modicon PLCs

Security researchers have disclosed two new vulnerabilities affecting Schneider Electric Modicon programmable logic controllers PLCs that could allow for authentication bypass and remote code execution. The flaws, tracked as CVE-2022-45788 CVSS score: 7.5 and CVE-2022-45789 CVSS score: 8.1, are...

CVE-2022-45789

A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause execution of unauthorized Modbus functions on the controller when hijacking an authenticated Modbus session. Affected Products: EcoStruxure Control Expert All Versions, EcoStruxure Process Expert All Versions...

CVE-2022-37301

A CWE-191: Integer Underflow Wrap or Wraparound vulnerability exists that could cause a denial of service of the controller due to memory access violations when using the Modbus TCP protocol. Affected products: Modicon M340 CPU part numbers BMXP34V3.40 and prior, Modicon M580 CPU part numbers BME...

CVE-2022-37301

A CWE-191: Integer Underflow Wrap or Wraparound vulnerability exists that could cause a denial of service of the controller due to memory access violations when using the Modbus TCP protocol. Affected products: Modicon M340 CPU part numbers BMXP34V3.40 and prior, Modicon M580 CPU part numbers BME...

PT-2022-4155 · Schneider Electric · Modicon Quantum/Premium +4

Name of the Vulnerable Software and Affected Versions: Modicon M340 CPU versions V3.40 and prior Modicon M580 CPU versions V3.22 and prior Legacy Modicon Quantum/Premium All Versions Modicon Momentum MDI 171CBU All Versions Modicon MC80 BMKC80 versions V1.7 and prior Description: A CWE-191: Integ...

Schneider Electric EcoStruxure Control Experta 缓冲区错误漏洞

Schneider Electric EcoStruxure Control Expert formerly Unity Pro is a suite of programming software for Schneider Electric logic controller products from Schneider Electric, France. A security vulnerability exists in Schneider Electric EcoStruxure Control Expert V15.0 SP1 and earlier versions tha...