48 matches found
CVE-2019-6842
A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules all firmware versions, which could cause a Denial of Service attack on the PLC when upgrading the firmware with a missing web server image inside the packag...
CVE-2019-6844
A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules all firmware versions, which could cause a Denial of Service atack on the PLC when upgrading the controller with a firmware package containing an invalid we...
CVE-2019-6843
CVE-2019-6843 affects Schneider Electric Modicon controllers: M580 (firmware before v3.10), M340 (all firmware versions), and BMxCRA/140CRA (all firmware). The root cause is an improper handling during FTP-based firmware upgrades, where an empty firmware image can trigger a recoverable fault, cau...
The vulnerability of the microprogrammed programmable logic controller Modicon, related to the disclosure of information, allows a intruder to gain access to confidential data.
The vulnerability of the microprogrammed programmable logic controller Modicon relates to the disclosure of information. Exploiting this vulnerability can allow an intruder, operating remotely, to gain access to confidential SNMP protocol information when reading variables in the controller using...
CVE-2018-7852
CVE-2018-7852 affects Schneider Electric Modicon M580 family (M580, M340, Quantum, Premium). The issue is CWE-248 Uncaught Exception leading to denial of service when an invalid private command parameter is sent to the controller over Modbus/UMAS. Talos advisories describe multiple DoS scenarios ...
CVE-2015-6461
Remote file inclusion allows an attacker to craft a specific URL referencing the Schneider Electric Modicon BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, or BMXP342030H PLC web server, which, when launched, will resul...
CVE-2015-6462
Reflected Cross-Site Scripting nonpersistent allows an attacker to craft a specific URL, which contains Java script that will be executed on the Schneider Electric Modicon BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H,...
CVE-2015-6461
CVE-2015-6461 affects Schneider Electric Modicon BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, and BMXP342030H PLC web servers. The vulnerability is a Remote File Inclusion that allows an attacker to craft a URL causi...
CVE-2015-6461
Remote file inclusion allows an attacker to craft a specific URL referencing the Schneider Electric Modicon BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, or BMXP342030H PLC web server, which, when launched, will resul...
The vulnerability of the microprogramming software used in Schneider Electric Modicon programmable logic controllers stems from incorrect processing of data in the incoming HTTP headers. This allows attackers to cause malfunctions in the device’s operation.
The vulnerability of the microprogrammed logic controllers from Schneider Electric Modicon stems from the improper elimination of CR and LF characters before data is entered into the incoming HTTP headers. Exploiting this vulnerability can allow an attacker to cause a device failure...
CVE-2018-7759
A buffer overflow vulnerability exists in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200. The buffer overflow vulnerability is caused by the length of the source string specified instead of the buffer size as the number of bytes to be copied...
CVE-2017-6030
A Predictable Value Range from Previous Values issue was discovered in Schneider Electric Modicon PLCs Modicon M221, firmware versions prior to Version 1.5.0.0, Modicon M241, firmware versions prior to Version 4.0.5.11, and Modicon M251, firmware versions prior to Version 4.0.5.11. The affected...
Schneider Electric Modicon PLC File Containment Vulnerability
Modicon PLCs are programmable controller products used in industries such as dams, energy, food and agriculture, and more. Modicon PLCs are implemented with a file inclusion vulnerability that can be exploited by an attacker to construct a specific URL that can be used to load Java script through...
Schneider Electric Modicon PLC Vulnerabilities
OVERVIEW This advisory is a follow-up to the alert titled ICS-ALERT-15-224-02 Schneider Electric Modicon M340 PLC Station P34 Module VulnerabilitiesICS-CERT ALERT, https://ics-cert.us-cert.gov/alerts/ICS-ALERT-15-224-02, web site last accessed September 3, 2015. that was published August 12, 2015...
CVE-2014-0754
Directory traversal vulnerability in SchneiderWEB on Schneider Electric Modicon PLC Ethernet modules 140CPU65x Exec before 5.5, 140NOC78x Exec before 1.62, 140NOE77x Exec before 6.2, BMXNOC0401 before 2.05, BMXNOE0100 before 2.9, BMXNOE0110x Exec before 6.0, TSXETC101 Exec before 2.04, TSXETY4103...
Directory traversal
Directory traversal vulnerability in SchneiderWEB on Schneider Electric Modicon PLC Ethernet modules 140CPU65x Exec before 5.5, 140NOC78x Exec before 1.62, 140NOE77x Exec before 6.2, BMXNOC0401 before 2.05, BMXNOE0100 before 2.9, BMXNOE0110x Exec before 6.0, TSXETC101 Exec before 2.04, TSXETY4103...
CVE-2014-0754 Schneider Electric
Directory traversal vulnerability in SchneiderWEB on Schneider Electric Modicon PLC Ethernet modules 140CPU65x Exec before 5.5, 140NOC78x Exec before 1.62, 140NOE77x Exec before 6.2, BMXNOC0401 before 2.05, BMXNOE0100 before 2.9, BMXNOE0110x Exec before 6.0, TSXETC101 Exec before 2.04, TSXETY4103...
PT-2014-3817 · Schneider Electric · Modicon Plc Ethernet Modules +1
Name of the Vulnerable Software and Affected Versions: Schneider Electric Modicon PLC Ethernet modules 140CPU65x Exec versions prior to 5.5 Schneider Electric Modicon PLC Ethernet modules 140NOC78x Exec versions prior to 1.62 Schneider Electric Modicon PLC Ethernet modules 140NOE77x Exec versions...
Schneider Modicon Remote START/STOP Command
The Schneider Modicon with Unity series of PLCs use Modbus function code 90 0x5a to perform administrative commands without authentication. This module allows a remote user to change the state of the PLC between STOP and RUN, allowing an attacker to end process control by the PLC. This module is...
Modicon PLC CPU Type SNMP Request Model Type Remote Disclosure
Binary data scadamodiconsnmpcputype.nbin...