129 matches found
CVE-2019-6859
A CWE-798: Use of Hardcoded Credentials vulnerability exists in Modicon Controllers All versions of the following CPUs and Communication Module product references listed in the Security Notifications, which could cause the disclosure of FTP hardcoded credentials when using the Web server of the...
CVE-2019-6859
The CVE-2019-6859 entry concerns Modicon Controllers with hardcoded FTP credentials exposed via the controller Web server on unsecure networks (CWE-798). Affected scope includes Modicon Controllers across all CPUs and Communication Module references listed in Security Notifications. Root cause is...
PT-2020-6298
Name of the Vulnerable Software and Affected Versions Modicon M218, M241, M251, and M258 controllers affected versions not specified Description A Cleartext Transmission of Sensitive Information issue exists, which could leak sensitive information transmitted between the software and the...
Schneider Electric Modicon Controllers (Update A)
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Schneider Electric Equipment: Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium Vulnerability: Improper Check for Unusual or Exceptional Conditions 2. UPDATE INFORMATION This updated...
CVE-2019-6857
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium see security notification for specific versions which could cause a Denial of Service of the controller when reading specific memory blocks using...
CVE-2018-7794
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium see security notification for specific versions which could cause a Denial of Service when reading data with invalid index using Modbus TCP...
The vulnerability of Modicon microprogrammed controllers lies in the lack of checks for the integrity of updates to the embedded software. This allows a malicious actor to download the updated embedded software with an empty file via FTP protocol, thereby causing a service failure.
The vulnerability of Modicon microprogrammed controllers lies in the lack of checks for the integrity of updates to the embedded software. Exploiting this vulnerability allows a malicious actor to download the embedded software update with an empty file via FTP protocol, thereby causing service...
The vulnerability of Modicon microprogrammed control devices, related to a data processing error in the REST API, allows a perpetrator to trigger a service failure.
The vulnerability of Modicon microprogrammed control devices is related to a data processing error in the REST API. Exploiting this vulnerability can allow an attacker, operating remotely, to cause service interruptions...
The vulnerability of Modicon microprogrammed controllers lies in the lack of version checking for installed software updates. This allows a malicious individual to download an unpatched version of the installed software via FTP, thereby causing a service failure.
The vulnerability of Modicon microprogrammed controllers lies in the lack of verification of the version of the embedded software updates. Exploiting this vulnerability allows a malicious actor to download an un-supported version of the embedded software via FTP protocol, thereby causing service...
The vulnerability of Modicon microprogrammed control devices relates to the use of REST API commands for reading registers, which allows attackers to disclose sensitive information.
The vulnerability of Modicon microprogrammed controllers relates to the use of read commands from the REST API registers. Exploiting this vulnerability can allow a malicious actor to disclose sensitive information...
The vulnerability of Modicon microprogrammed controllers lies in the lack of checks for the integrity of updates to the embedded software. This allows a malicious actor to download the updated embedded software with an invalid web server URL via FTP, thereby causing a service failure.
The vulnerability of Modicon microprogrammed controllers lies in the lack of checks for the integrity of updates to the embedded software. Exploiting this vulnerability allows a malicious actor to download updates to the embedded software via an FTP server without an active web server, thereby...
The vulnerability of Modicon microprogrammed controllers lies in the lack of checks for the integrity of updates to the embedded software. This allows a malicious entity to download the update without the presence of the software via FTP protocol, thereby causing service failure.
The vulnerability of Modicon microprogrammed controllers lies in the lack of checks for the integrity of updates to the embedded software. Exploiting this vulnerability allows a malicious actor to download updates to the embedded software without any interaction with the software via FTP protocol...
The vulnerability of Modicon microprogrammed controllers relates to the transmission of confidential information in open text using the FTP protocol, allowing a intruder to disclose the protected information.
The vulnerability of Modicon microprogrammed controllers relates to the transmission of confidential information in open text using the FTP protocol. Exploiting this vulnerability can allow a remote attacker to disclose the protected information...
The vulnerability of Modicon microprogrammed controllers lies in the lack of checks for the integrity of updates to the embedded software. This allows a malicious actor to download the updated embedded software from a compromised FTP server, thereby causing malfunctions of the controller.
The vulnerability of Modicon microprogrammed controllers lies in the lack of checks for the integrity of updates to the embedded software. Exploiting this vulnerability allows a malicious actor to download updates to the embedded software from a compromised FTP server, thereby causing service...
The vulnerability of Modicon microprogrammed controllers, related to the use of the Modbus service provided by the REST API, allows a hacker to disclose protected information.
The vulnerability of Modicon controller’s microprogrammed software is related to the use of the Modbus service provided by the REST API. Exploiting this vulnerability can allow a malicious actor to disclose protected information remotely...
CVE-2019-6852
A CWE-200: Information Exposure vulnerability exists in Modicon Controllers M340 CPUs, M340 communication modules, Premium CPUs, Premium communication modules, Quantum CPUs, Quantum communication modules - see security notification for specific versions, which could cause the disclosure of FTP...
Hardcoded credentials
A CWE-200: Information Exposure vulnerability exists in Modicon Controllers M340 CPUs, M340 communication modules, Premium CPUs, Premium communication modules, Quantum CPUs, Quantum communication modules - see security notification for specific versions, which could cause the disclosure of FTP...
CVE-2019-6852
A CWE-200: Information Exposure vulnerability exists in Modicon Controllers M340 CPUs, M340 communication modules, Premium CPUs, Premium communication modules, Quantum CPUs, Quantum communication modules - see security notification for specific versions, which could cause the disclosure of FTP...
CVE-2019-6852
CVE-2019-6852 refers to an information-exposure vulnerability affecting Schneider Electric Modicon Controllers (M340 CPUs, M340 communication modules, Premium CPUs, Premium communication modules, Quantum CPUs, Quantum communication modules). The issue arises from the controller Web server over an...
PT-2019-6021
Name of the Vulnerable Software and Affected Versions Modicon Controllers versions affected versions not specified Description A vulnerability exists in Modicon Controllers, which could cause the disclosure of FTP hardcoded credentials when using the Web server of the controller on an unsecure...