Schneider Electric Modicon Out-of-bounds Write (CVE-2022-34759)

A CWE-787: Out-of-bounds Write vulnerability exists that could cause a denial of service of the webserver due to improper parsing of the HTTP Headers. Affected Products: X80 advanced RTU Communication Module BMENOR2200H V1.0, OPC UA Modicon Communication Module BMENUA0100 V1.10 and prior - A...

Schneider Electric Modicon NULL Pointer Dereference (CVE-2022-34761)

A CWE-476: NULL Pointer Dereference vulnerability exists that could cause a denial of service of the webserver when parsing JSON content type. Affected Products: X80 advanced RTU Communication Module BMENOR2200H V2.01 and later, OPC UA Modicon Communication Module BMENUA0100 V1.10 and prior - A...

Schneider Electric Modicon Improper Restriction of Operations within the Bounds of a Memory Buffer (CVE-2022-34764)

A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause denial of service when parsing the URL. Affected Products: X80 advanced RTU Communication Module BMENOR2200H V1.0, OPC UA Modicon Communication Module BMENUA0100 V1.10 and prio...

The vulnerabilities of the microprogramming software for the OPC UA Modicon Communication Module (BMENUA0100) and the X80 advanced RTU Communication Module (BMENOR2200H) allow attackers to cause service interruptions.

The vulnerability of the microprogramming software for the OPC UA Modicon Communication Module BMENUA0100 and the X80 advanced RTU Communication Module BMENOR2200H is related to insufficient verification of data authenticity. Exploiting this vulnerability can allow an attacker operating remotely ...

CVE-2022-34762

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists that could cause unauthorized firmware image loading when unsigned images are added to the firmware image path. Affected Products: X80 advanced RTU Communication Module BMENOR2200H V2.01 an...

CVE-2022-34765

A CWE-73: External Control of File Name or Path vulnerability exists that could cause loading of unauthorized firmware images when user-controlled data is written to the file path. Affected Products: X80 advanced RTU Communication Module BMENOR2200H V2.01 and later, OPC UA Modicon Communication...

CVE-2022-34761

A CWE-476: NULL Pointer Dereference vulnerability exists that could cause a denial of service of the webserver when parsing JSON content type. Affected Products: X80 advanced RTU Communication Module BMENOR2200H V2.01 and later, OPC UA Modicon Communication Module BMENUA0100 V1.10 and prior...

CVE-2022-34761

A CWE-476: NULL Pointer Dereference vulnerability exists that could cause a denial of service of the webserver when parsing JSON content type. Affected Products: X80 advanced RTU Communication Module BMENOR2200H V2.01 and later, OPC UA Modicon Communication Module BMENUA0100 V1.10 and prior...

CVE-2022-34765

A CWE-73: External Control of File Name or Path vulnerability exists that could cause loading of unauthorized firmware images when user-controlled data is written to the file path. Affected Products: X80 advanced RTU Communication Module BMENOR2200H V2.01 and later, OPC UA Modicon Communication...

CVE-2022-34764

A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause denial of service when parsing the URL. Affected Products: X80 advanced RTU Communication Module BMENOR2200H V1.0, OPC UA Modicon Communication Module BMENUA0100 V1.10 and prio...

CVE-2022-34764

CVE-2022-34764 describes a CWE-119 vulnerability (improper restriction of operations within the bounds of a memory buffer) that could cause a denial of service when parsing URLs. Affected Schneider Electric devices include the X80 advanced RTU Communication Module BMENOR2200H (V1.0) and the OPC U...

CVE-2022-34763

A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists that could cause loading of unauthorized firmware images due to improper verification of the firmware signature. Affected Products: X80 advanced RTU Communication Module BMENOR2200H V2.01 and later, OPC UA Modicon...

CVE-2022-34761

A CWE-476: NULL Pointer Dereference vulnerability exists that could cause a denial of service of the webserver when parsing JSON content type. Affected Products: X80 advanced RTU Communication Module BMENOR2200H V2.01 and later, OPC UA Modicon Communication Module BMENUA0100 V1.10 and prior...

CVE-2022-34760

The CVE-2022-34760 issue is a CWE-835 Infinite Loop affecting Schneider Electric devices: X80 advanced RTU Communication Module BMENOR2200H (V1.0) and OPC UA Modicon Communication Module BMENUA0100 (V1.10 and earlier). The vulnerability arises from improper handling of cookies, potentially causin...

CVE-2022-34759

CVE-2022-34759 describes a CWE-787Out-of-bounds Write vulnerability that could cause a denial of service to the webserver due to improper parsing of HTTP headers. Affected Schneider Electric devices include the X80 advanced RTU Communication Module BMENOR2200H (V1.0) and the OPC UA Modicon Commun...

多款Schneider Electric产品路径遍历漏洞

The Schneider Electric OPC UA Modicon Communication Module and the Schneider Electric X80 advanced RTU Communication Module are both products of the French company Schneider Electric. The Schneider Electric OPC UA Modicon Communication Module is an Ethernet communication module with an embedded O...