Schneider Electric Modicon M241, M251, and M262 Improper Resource Shutdown or Release (CVE-2025-13901)

CWE-404 Improper Resource Shutdown or Release vulnerability exists that could cause partial Denial of Service on Machine Expert protocol when an unauthenticated attacker sends malicious payload to occupy active communication channels. This plugin only works with Tenable.ot. Please visit...

Schneider Electric多款产品 跨站脚本漏洞

Schneider Electric Modicon M258 is a product of the French company Schneider Electric. Schneider Electric Modicon M258 is a programmable automation controller. Schneider Electric Modicon M241 is a programmable logic controller. Schneider Electric Modicon M251 is also a programmable logic...

Schneider Electric多款产品 安全漏洞

Schneider Electric Modicon M241, among others, are programmable logic controllers produced by Schneider Electric, a French company. Several products from Schneider Electric have security vulnerabilities. These vulnerabilities stem from improper resource closure or release procedures, which may...

CVE-2021-22699

Improper Input Validation vulnerability exists in Modicon M241/M251 logic controllers firmware prior to V5.1.9.1 that could cause denial of service when specific crafted requests are sent to the controller over HTTP...

EUVD-2019-16374

Malware in sbrugna...

EUVD-2021-9834

Malicious code in bioql PyPI...

The vulnerability of the microprogramming software for Schneider Electric’s programmable logic controllers (PLC) models M241, M251, M258, and LMC058 is related to errors in processing input data. This vulnerability allows attackers to trigger maintenance failures and compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the microprogrammed software of Schneider Electric’s programmable logic controllers PLC models M241, M251, M258, and LMC058 is related to errors in processing input data. Exploiting this vulnerability can allow an attacker to trigger maintenance failures and compromise the...

Schneider Electric Modicon Controllers Improper Neutralization of Input During Web Page Generation (CVE-2024-6528)

CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists that could cause a vulnerability leading to a cross-site scripting condition where attackers can have a victim's browser run arbitrary JavaScript when they visit a page containing the...

Schneider Electric Modicon Cleartext Transmission of Sensitive Information (CVE-2020-7488)

A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists which could leak sensitive information transmitted between the software and the Modicon M218, M241, M251, and M258 controllers. This plugin only works with Tenable.ot. Please visit...

Schneider Electric Modicon Improper Input Validation (CVE-2021-22699)

Improper Input Validation vulnerability exists in Modicon M241/M251 logic controllers firmware prior to V5.1.9.1 that could cause denial of service when specific crafted requests are sent to the controller over HTTP. This plugin only works with Tenable.ot. Please visit...

The vulnerability of the microprogrammed software of Modicon M241 and Modicon M251 control units lies in the insufficient protection of registration data, allowing attackers to intercept login credentials and access the web application.

The vulnerability of the microprogrammed logic controllers Modicon M241 and Modicon M251 is related to insufficient protection for registration data. Exploiting this vulnerability can allow an attacker, operating remotely, to intercept login credentials and gain access to the web application...

Vulnerabilities fixed in Schneider Electric Modicon M241/M251

Schneider Electric has fixed vulnerabilities in the CODESYS web server and gateway components of Modicon M241 and M251 controllers. An unauthenticated remote malicious person could potentially exploit the vulnerabilities to cause a denial-of-service cause or execute arbitrary code with the...

The vulnerability of microprogrammed software in Logic Controllers Modicon M218, Modicon M251, Modicon M241, and Modicon M258 lies in the lack of protection for transmitted data. This allows attackers to gain unauthorized access to the protected information.

The vulnerability of microprogrammed software in Logic Controllers Modicon M218, Modicon M251, Modicon M241, and Modicon M258 lies in the lack of protection for transmitted data. Exploiting this vulnerability can allow an intruder operating remotely to gain unauthorized access to protected...

CVE-2021-22699

Improper Input Validation vulnerability exists in Modicon M241/M251 logic controllers firmware prior to V5.1.9.1 that could cause denial of service when specific crafted requests are sent to the controller over HTTP...

CVE-2021-22699

Improper Input Validation vulnerability exists in Modicon M241/M251 logic controllers firmware prior to V5.1.9.1 that could cause denial of service when specific crafted requests are sent to the controller over HTTP...

Input validation

Improper Input Validation vulnerability exists in Modicon M241/M251 logic controllers firmware prior to V5.1.9.1 that could cause denial of service when specific crafted requests are sent to the controller over HTTP...

CVE-2021-22699

Improper Input Validation vulnerability exists in Modicon M241/M251 logic controllers firmware prior to V5.1.9.1 that could cause denial of service when specific crafted requests are sent to the controller over HTTP...

CVE-2021-22699

CVE-2021-22699 affects Schneider Electric Modicon M241/M251 PLCs. The issue is an improper input validation in firmware prior to v5.1.9.1, which could cause a denial of service when specific crafted HTTP requests are received. Red Hat and Tenable references corroborate this description. Impact is...

Schneider Electric 输入验证错误漏洞

An input validation error vulnerability exists in Schneider Electric that stems from an incorrect input validation vulnerability in the Modicon M241/M251 Logic Controller firmware prior to V5.1.9.1, which could result in a denial of service when an attacker sends a carefully crafted request to th...

CVE-2020-7487

A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists which could allow the attacker to execute malicious code on the Modicon M218, M241, M251, and M258 controllers...