Schneider Electric Modicon Controllers and Software Authentication Bypass By Spoofing (CVE-2021-22779)

Authentication Bypass by Spoofing vulnerability exists in EcoStruxure Control Expert all versions prior to V15.0 SP1, including all versions of Unity Pro, EcoStruxure Control Expert V15.0 SP1, EcoStruxure Process Expert all versions, including all versions of EcoStruxure Hybrid DCS, SCADAPack...

Schneider Electric Modicon Controllers Improper Check For Unusual or Exceptional Conditions (CVE-2019-6819)

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists which could cause a possible Denial of Service when specific Modbus frames are sent to the controller in the products: Modicon M340 - firmware versions prior to V3.01, Modicon M580 - firmware versions prior to...

Schneider Electric Modicon Controllers Improper Check For Unusual or Exceptional Conditions (CVE-2018-7794)

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium see security notification for specific versions which could cause a Denial of Service when reading data with invalid index using Modbus TCP. This...

Schneider Electric Modicon Controllers Use of Insufficiently Random Values (CVE-2019-6821)

CWE-330: Use of Insufficiently Random Values vulnerability, which could cause the hijacking of the TCP connection when using Ethernet communication in Modicon M580 firmware versions prior to V2.30, and all firmware versions of Modicon M340, Modicon Premium, Modicon Quantum. This plugin only works...

Schneider Electric Modicon Controllers Improper Check For Unusual or Exceptional Conditions (CVE-2019-6857)

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium see security notification for specific versions which could cause a Denial of Service of the controller when reading specific memory blocks using...

The vulnerability of microprogrammed software in Schneider Electric’s programmable logic controllers such as Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium lies in insufficient testing for unusual or exceptional states. This allows a intruder to trigger malfunctions during maintenance.

The vulnerability of microprogrammed software in Schneider Electric’s programmable logic controllers such as Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium lies in insufficient testing for unusual or exceptional states. Exploiting this vulnerability can allow an attacker operati...

The vulnerability of microprogrammed software in Schneider Electric’s programmable logic controllers such as Modicon M340, Modicon Quantum, and Modicon Premium lies in the absence of authentication for a critical function, allowing attackers to execute arbitrary commands.

The vulnerability of microprogrammed software in Schneider Electric’s programmable logic controllers such as Modicon M340, Modicon Quantum, and Modicon Premium lies in the absence of authentication for critical functions. Exploiting this vulnerability allows an attacker operating remotely to...

The vulnerability of the microprogrammed logic controllers from Schneider Electric, such as Modicon M221, M100, and M200, stems from insufficiently secure data encryption. This allows attackers to obtain the encryption key.

The vulnerability of the microprogrammed logic controllers from Schneider Electric, such as Modicon M221, M100, and M200, is related to insufficiently secure data encryption. Exploiting this vulnerability could allow a malicious actor to obtain the encryption key remotely...

The vulnerability of microprogrammed software for Modicon M218, M218, M241, M251, and M258 logic controllers lies in insufficient data authenticity checking, allowing attackers to execute arbitrary codes.

The vulnerability of microprogrammed software in Modicon M218, M218, M241, M251, and M258 logic controllers is related to insufficient verification of data authenticity. Exploiting this vulnerability can allow an attacker operating remotely to execute arbitrary codes...

The vulnerability of microprogrammed software in Schneider Electric’s programmable logic controllers such as Modicon M340, Modicon Quantum, and Modicon Premium arises from incorrect restrictions on path names in the restricted access catalog. This allows unauthorized access by intruders to protected information.

The vulnerability of microprogrammed software in Schneider Electric’s programmable logic controllers such as Modicon M340, Modicon Quantum, and Modicon Premium stems from incorrect restrictions on the path name in the restricted access catalog. Exploiting this vulnerability could allow an attacke...

CVE-2020-7542

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium see security notifications for affected versions, that could cause denial of service when a specially crafted Read Physical Memo...

CVE-2020-7537

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium see security notifications for affected versions, that could cause denial of service when a specially crafted Read Physical Memo...

CVE-2020-7541

A CWE-425: Direct Request 'Forced Browsing' vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules see security notification for affected versions, that could cause disclosure of sensitive data when sending a...

CVE-2020-7543

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium see security notifications for affected versions, that could cause denial of service when a specially crafted Read Physical Memo...

PT-2020-6348

Name of the Vulnerable Software and Affected Versions Modicon M221 all versions Modicon M100 affected versions not specified Modicon M200 affected versions not specified Description A CWE-326: Inadequate Encryption Strength issue exists that could allow an attacker to break the encryption key whe...

The vulnerability of Microprogrammed Software in Modicon Controllers arises from the existence of rigidly encrypted user data, which allows a intruder to execute any command against the Modicon Controllers.

The vulnerability of Microprogrammed Software in Modicon Controllers stems from the existence of rigidly encoded configuration data used to transmit configuration files to Modicon Controllers. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands on Modicon...

CVE-2019-6859

A CWE-798: Use of Hardcoded Credentials vulnerability exists in Modicon Controllers All versions of the following CPUs and Communication Module product references listed in the Security Notifications, which could cause the disclosure of FTP hardcoded credentials when using the Web server of the...

CVE-2020-7488

A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists which could leak sensitive information transmitted between the software and the Modicon M218, M241, M251, and M258 controllers...

CVE-2020-7488

A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists which could leak sensitive information transmitted between the software and the Modicon M218, M241, M251, and M258 controllers...

CVE-2020-7487

A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists which could allow the attacker to execute malicious code on the Modicon M218, M241, M251, and M258 controllers...