Lucene search
+L

48 matches found

NVD
NVD
added 2019/10/29 7:15 p.m.20 views

CVE-2019-6842

A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules all firmware versions, which could cause a Denial of Service attack on the PLC when upgrading the firmware with a missing web server image inside the packag...

4.9CVSS5.1AI score0.00959EPSS
Exploits0References1
Cvelist
Cvelist
added 2019/10/29 2:48 p.m.21 views

CVE-2019-6844

A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules all firmware versions, which could cause a Denial of Service atack on the PLC when upgrading the controller with a firmware package containing an invalid we...

5.1AI score0.00959EPSS
Exploits0References1
CVE
CVE
added 2019/10/29 2:48 p.m.84 views

CVE-2019-6843

CVE-2019-6843 affects Schneider Electric Modicon controllers: M580 (firmware before v3.10), M340 (all firmware versions), and BMxCRA/140CRA (all firmware). The root cause is an improper handling during FTP-based firmware upgrades, where an empty firmware image can trigger a recoverable fault, cau...

4.9CVSS4.9AI score0.00959EPSS
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2019/06/18 12:0 a.m.6 views

The vulnerability of the microprogrammed programmable logic controller Modicon, related to the disclosure of information, allows a intruder to gain access to confidential data.

The vulnerability of the microprogrammed programmable logic controller Modicon relates to the disclosure of information. Exploiting this vulnerability can allow an intruder, operating remotely, to gain access to confidential SNMP protocol information when reading variables in the controller using...

7.5CVSS5.5AI score0.02298EPSS
Exploits1References3
CVE
CVE
added 2019/05/22 8:1 p.m.73 views

CVE-2018-7852

CVE-2018-7852 affects Schneider Electric Modicon M580 family (M580, M340, Quantum, Premium). The issue is CWE-248 Uncaught Exception leading to denial of service when an invalid private command parameter is sent to the controller over Modbus/UMAS. Talos advisories describe multiple DoS scenarios ...

7.5CVSS7.4AI score0.03614EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2019/03/21 7:29 p.m.28 views

CVE-2015-6461

Remote file inclusion allows an attacker to craft a specific URL referencing the Schneider Electric Modicon BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, or BMXP342030H PLC web server, which, when launched, will resul...

5.5CVSS5.5AI score0.00871EPSS
Exploits0References1
Cvelist
Cvelist
added 2019/03/21 6:44 p.m.27 views

CVE-2015-6462

Reflected Cross-Site Scripting nonpersistent allows an attacker to craft a specific URL, which contains Java script that will be executed on the Schneider Electric Modicon BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H,...

5.3AI score0.0056EPSS
Exploits0References1
CVE
CVE
added 2019/03/21 6:17 p.m.69 views

CVE-2015-6461

CVE-2015-6461 affects Schneider Electric Modicon BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, and BMXP342030H PLC web servers. The vulnerability is a Remote File Inclusion that allows an attacker to craft a URL causi...

5.5CVSS5.4AI score0.00871EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/03/21 6:17 p.m.29 views

CVE-2015-6461

Remote file inclusion allows an attacker to craft a specific URL referencing the Schneider Electric Modicon BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, or BMXP342030H PLC web server, which, when launched, will resul...

5.5AI score0.00871EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2019/01/18 12:0 a.m.9 views

The vulnerability of the microprogramming software used in Schneider Electric Modicon programmable logic controllers stems from incorrect processing of data in the incoming HTTP headers. This allows attackers to cause malfunctions in the device’s operation.

The vulnerability of the microprogrammed logic controllers from Schneider Electric Modicon stems from the improper elimination of CR and LF characters before data is entered into the incoming HTTP headers. Exploiting this vulnerability can allow an attacker to cause a device failure...

5.3CVSS7.2AI score0.02423EPSS
Exploits1References3
Cvelist
Cvelist
added 2018/04/18 8:0 p.m.24 views

CVE-2018-7759

A buffer overflow vulnerability exists in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200. The buffer overflow vulnerability is caused by the length of the source string specified instead of the buffer size as the number of bytes to be copied...

7.7AI score0.01315EPSS
Exploits0References1
OSV
OSV
added 2017/06/30 3:29 a.m.3 views

CVE-2017-6030

A Predictable Value Range from Previous Values issue was discovered in Schneider Electric Modicon PLCs Modicon M221, firmware versions prior to Version 1.5.0.0, Modicon M241, firmware versions prior to Version 4.0.5.11, and Modicon M251, firmware versions prior to Version 4.0.5.11. The affected...

6.5CVSS5.8AI score0.02124EPSS
Exploits0References2
CNVD
CNVD
added 2015/09/07 12:0 a.m.8 views

Schneider Electric Modicon PLC File Containment Vulnerability

Modicon PLCs are programmable controller products used in industries such as dams, energy, food and agriculture, and more. Modicon PLCs are implemented with a file inclusion vulnerability that can be exploited by an attacker to construct a specific URL that can be used to load Java script through...

5.5CVSS6.9AI score0.00871EPSS
Exploits0References1
ICS
ICS
added 2015/06/06 6:0 a.m.39 views

Schneider Electric Modicon PLC Vulnerabilities

OVERVIEW This advisory is a follow-up to the alert titled ICS-ALERT-15-224-02 Schneider Electric Modicon M340 PLC Station P34 Module VulnerabilitiesICS-CERT ALERT, https://ics-cert.us-cert.gov/alerts/ICS-ALERT-15-224-02, web site last accessed September 3, 2015. that was published August 12, 2015...

6.2AI score
Exploits0References10
NVD
NVD
added 2014/10/03 6:55 p.m.25 views

CVE-2014-0754

Directory traversal vulnerability in SchneiderWEB on Schneider Electric Modicon PLC Ethernet modules 140CPU65x Exec before 5.5, 140NOC78x Exec before 1.62, 140NOE77x Exec before 6.2, BMXNOC0401 before 2.05, BMXNOE0100 before 2.9, BMXNOE0110x Exec before 6.0, TSXETC101 Exec before 2.04, TSXETY4103...

10CVSS6.7AI score0.08978EPSS
Exploits0References5
Prion
Prion
added 2014/10/03 6:55 p.m.20 views

Directory traversal

Directory traversal vulnerability in SchneiderWEB on Schneider Electric Modicon PLC Ethernet modules 140CPU65x Exec before 5.5, 140NOC78x Exec before 1.62, 140NOE77x Exec before 6.2, BMXNOC0401 before 2.05, BMXNOE0100 before 2.9, BMXNOE0110x Exec before 6.0, TSXETC101 Exec before 2.04, TSXETY4103...

10CVSS7.2AI score0.08978EPSS
Exploits0References3
Cvelist
Cvelist
added 2014/10/03 6:0 p.m.33 views

CVE-2014-0754 Schneider Electric

Directory traversal vulnerability in SchneiderWEB on Schneider Electric Modicon PLC Ethernet modules 140CPU65x Exec before 5.5, 140NOC78x Exec before 1.62, 140NOE77x Exec before 6.2, BMXNOC0401 before 2.05, BMXNOE0100 before 2.9, BMXNOE0110x Exec before 6.0, TSXETC101 Exec before 2.04, TSXETY4103...

10CVSS6.7AI score0.08978EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2014/10/03 12:0 a.m.9 views

PT-2014-3817 · Schneider Electric · Modicon Plc Ethernet Modules +1

Name of the Vulnerable Software and Affected Versions: Schneider Electric Modicon PLC Ethernet modules 140CPU65x Exec versions prior to 5.5 Schneider Electric Modicon PLC Ethernet modules 140NOC78x Exec versions prior to 1.62 Schneider Electric Modicon PLC Ethernet modules 140NOE77x Exec versions...

10CVSS7.3AI score0.08978EPSS
Exploits0References8
Metasploit
Metasploit
added 2012/04/05 5:35 p.m.47 views

Schneider Modicon Remote START/STOP Command

The Schneider Modicon with Unity series of PLCs use Modbus function code 90 0x5a to perform administrative commands without authentication. This module allows a remote user to change the state of the PLC between STOP and RUN, allowing an attacker to end process control by the PLC. This module is...

0.7AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2006/12/11 12:0 a.m.23 views

Modicon PLC CPU Type SNMP Request Model Type Remote Disclosure

Binary data scadamodiconsnmpcputype.nbin...

7.3AI score
Exploits0
Rows per page
Query Builder