44 matches found
EUVD-2018-19542
Malware in sbrugna...
EUVD-2020-28623
Malware in sbrugna...
EUVD-2017-15096
Malware in sbrugna...
EUVD-2017-15098
Malware in sbrugna...
EUVD-2018-19522
Malware in sbrugna...
EUVD-2018-19523
Malware in sbrugna...
EUVD-2018-19543
Malware in sbrugna...
EUVD-2018-19516
Malware in sbrugna...
EUVD-2021-9926
Malicious code in bioql PyPI...
CVE-2020-7498
A CWE-798: Use of Hard-coded Credentials vulnerability exists in the Unity Loader and OS Loader Software all versions. The fixed credentials are used to simplify file transfer. Today the use of fixed credentials is considered a vulnerability, which could cause unauthorized access to the file...
CVE-2019-6843
A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580 with firmware version prior to V3.10, Modicon M340 all firmware versions, and Modicon BMxCRA and 140CRA modules all firmware versions, which could cause a Denial of Service attack on the PLC when upgrading...
Schneider Electric EcoStruxure Control Expert, EcoStruxure Process Expert, and Modicon M340, M580 and M580 Safety PLCs Improper Enforcement of Message Integrity During Transmission in a Communication Channel (CVE-2023-6408)
CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability exists that could cause a denial of service and loss of confidentiality, integrity of controllers when conducting a Man in the Middle attack. This plugin only works with Tenable.ot...
The vulnerabilities of the microprogramming software for Schneider Electric Modicon M340 CPU BMXP34, M580 CPU BMEP, M580 CPU BMEH, M580 CPU Safety BMEP58*S, and M580 CPU Safety BMEH58*S, as well as the programming tools EcoStruxure Control Expert and EcoStruxure Process Expert, allow a attacker to execute a “man-in-the-middle” attack.
The vulnerability of microprogrammed logic controllers PLCs from Schneider Electric, such as the Modicon M340 CPU BMXP34, M580 CPU BMEP, M580 CPU BMEH, M580 CPU Safety BMEP58S, and M580 CPU Safety BMEH58S, as well as the PLC programming software EcoStruxure Control Expert and EcoStruxure Process...
CISA Releases One Industrial Control Systems Advisory
CISA released one Industrial Control Systems ICS advisory on July 20, 2023. This advisory provides timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-201-01 Schneider Electric EcoStruxure Products, Modicon PLCs, and Programmable Automation...
Schneider Electric EcoStruxure Products, Modicon PLCs, and Programmable Automation Controllers
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: EcoStruxure Products, Modicon PLCs, and Programmable Automation Controllers Vulnerabilities: Improper Check for Unusual or Exceptional Conditions 2. RISK EVALUATION...
Schneider Electric EcoStruxure Products, Modicon PLCs, and Programmable Automation Controllers Improper Check For Unusual or Exceptional Conditions (CVE-2022-45788)
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause arbitrary code execution, denial of service and loss of confidentiality & integrity when a malicious project file is loaded onto the controller. Affected Products: EcoStruxure Control Expert All...
Schneider Electric Modicon PLCs Predictable Value Range From Previous Values (CVE-2017-6030)
A Predictable Value Range from Previous Values issue was discovered in Schneider Electric Modicon PLCs Modicon M221, firmware versions prior to Version 1.5.0.0, Modicon M241, firmware versions prior to Version 4.0.5.11, and Modicon M251, firmware versions prior to Version 4.0.5.11. The affected...
Researchers Warn of Critical Security Bugs in Schneider Electric Modicon PLCs
Security researchers have disclosed two new vulnerabilities affecting Schneider Electric Modicon programmable logic controllers PLCs that could allow for authentication bypass and remote code execution. The flaws, tracked as CVE-2022-45788 CVSS score: 7.5 and CVE-2022-45789 CVSS score: 8.1, are...
The vulnerability of the Web Server software on Schneider Electric’s programmable logic controllers, such as Modicon M340, Modicon Quantum, and Modicon Premium, allows attackers to disclose sensitive information or cause malfunctions in the equipment.
The vulnerability of the Web Server component of Schneider Electric’s programmable logic controllers—Modicon M340, Modicon Quantum, and Modicon Premium—is due to buffer overflow attacks. Exploiting this vulnerability allows an attacker to disclose sensitive information or cause service failures b...
The vulnerability of the Modbus TCP protocol implementation in microprogrammed software for programmable logic controllers from Schneider Electric, such as Modicon M340, M580, MC80, Modicon Momentum MDI, Legacy Modicon Quantum, allows a intruder to gain unauthorized access to protected information.
The vulnerability of the Modbus TCP protocol implementation in microprogrammed logic controllers from Schneider Electric, such as Modicon M340, M580, MC80, Modicon Momentum MDI, and Legacy Modicon Quantum, is related to errors in information processing. Exploiting this vulnerability can allow an...