Lucene search
+L

129 matches found

CNVD
CNVD
added 2025/06/23 12:0 a.m.3 views

Schneider Electric Modicon Controllers Cross-Site Scripting Vulnerability

Schneider Electric Modicon Controllers are a series of Modicon series programmable logic controllers from Schneider Electric, France. A cross-site scripting vulnerability exists in Schneider Electric Modicon Controllers that originates from improper input neutralization during web page generation...

5.4CVSS6.5AI score0.0014EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/06/10 12:0 a.m.6 views

Schneider Electric Modicon Controllers 输入验证错误漏洞

Schneider Electric Modicon Controllers are a series of Modicon series programmable logic controllers from Schneider Electric, France. An input validation error vulnerability exists in Schneider Electric Modicon Controllers that stems from improper input validation and can be exploited by an...

7.1CVSS6.7AI score0.00442EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/06/10 12:0 a.m.5 views

Schneider Electric Modicon Controllers 跨站脚本漏洞

Schneider Electric Modicon Controllers are a series of Modicon series programmable logic controllers from Schneider Electric France. A cross-site scripting vulnerability exists in Schneider Electric Modicon Controllers that originates from improper input neutralization during web page generation...

5.4CVSS6.2AI score0.00252EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/06/10 12:0 a.m.10 views

PT-2025-24626 · Schneider Electric · Modicon Controllers M241/M251

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: An Uncontrolled Resource Consumption issue exists, potentially causing Denial of Service. This occurs when an authenticated malicious user sends a manipulated HTTPS Content-Length header to...

7.1CVSS5.9AI score0.00526EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/06/10 12:0 a.m.5 views

Schneider Electric Modicon Controllers 输入验证错误漏洞

Schneider Electric Modicon Controllers are a series of Modicon series programmable logic controllers from Schneider Electric, France. An input validation error vulnerability exists in Schneider Electric Modicon Controllers that stems from improper input validation and can be exploited by an...

7.1CVSS6.7AI score0.00385EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/06/10 12:0 a.m.7 views

PT-2025-24627 · Schneider Electric · Modicon Controllers M241/M251 +1

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: A Denial of Service issue exists due to improper input validation. This occurs when an authenticated malicious user sends a special malformed HTTPS request containing improperly formatted bo...

7.1CVSS5.9AI score0.00385EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/06/10 12:0 a.m.11 views

PT-2025-24635 · Schneider Electric · Modicon Controllers M241/M251 +1

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: A Cross-site Scripting issue exists due to improper neutralization of input during web page generation. This could allow an authenticated malicious user to inject unvalidated data, potential...

5.4CVSS5.7AI score0.00191EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/06/10 12:0 a.m.7 views

PT-2025-24630 · Schneider Electric · Modicon Controllers M241/M251 +1

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: A Cross-site Scripting issue exists, impacting system variables. This could allow an authenticated malicious user to inject unvalidated data, potentially modifying or reading data in a...

5.4CVSS5.7AI score0.00252EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/06/10 12:0 a.m.7 views

Schneider Electric Modicon Controllers 跨站脚本漏洞

Schneider Electric Modicon Controllers are a series of Modicon series programmable logic controllers from Schneider Electric, France. A cross-site scripting vulnerability exists in Schneider Electric Modicon Controllers that originates from improper input neutralization during web page generation...

5.4CVSS6.1AI score0.0014EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/06/10 12:0 a.m.7 views

PT-2025-24628 · Schneider Electric · Modicon Controllers M241/M251 +1

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: A Denial of Service issue exists due to improper input validation. This occurs when an authenticated malicious user sends an HTTPS request containing an invalid data type to the web server...

7.1CVSS5.9AI score0.00442EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/06/05 12:0 a.m.21 views

Schneider Electric Modicon Controllers Externally Controlled Reference to a Resource in Another Sphere (CVE-2025-2875)

CWE-610: Externally Controlled Reference to a Resource in Another Sphere vulnerability exists that could cause a loss of confidentiality when an unauthenticated attacker manipulates controller's webserver URL to access resources. This plugin only works with Tenable.ot. Please visit...

8.7CVSS5.5AI score0.00357EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/22 4:49 p.m.17 views

CVE-2020-7543

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium see security notifications for affected versions, that could cause denial of service when a specially crafted Read Physical Memo...

7.5CVSS6.9AI score0.01311EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:48 p.m.10 views

CVE-2020-7488

A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists which could leak sensitive information transmitted between the software and the Modicon M218, M241, M251, and M258 controllers...

7.5CVSS6.4AI score0.00847EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:8 p.m.11 views

CVE-2020-7540

A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules see security notification for affected versions, that could cause unauthenticated command executio...

9.8CVSS7.4AI score0.0222EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:18 a.m.11 views

CVE-2019-6852

A CWE-200: Information Exposure vulnerability exists in Modicon Controllers M340 CPUs, M340 communication modules, Premium CPUs, Premium communication modules, Quantum CPUs, Quantum communication modules - see security notification for specific versions, which could cause the disclosure of FTP...

7.5CVSS7AI score0.01379EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:17 a.m.8 views

CVE-2019-6859

A CWE-798: Use of Hardcoded Credentials vulnerability exists in Modicon Controllers All versions of the following CPUs and Communication Module product references listed in the Security Notifications, which could cause the disclosure of FTP hardcoded credentials when using the Web server of the...

7.5CVSS6.9AI score0.0115EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:48 a.m.14 views

CVE-2019-6845

A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists in Modicon M580, Modicon M340, Modicon Premium , Modicon Quantum all firmware versions, which could cause the disclosure of information when transferring applications to the controller using Modbus TCP protocol...

7.5CVSS6.5AI score0.01064EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:48 a.m.19 views

CVE-2019-6851

A CWE-538: File and Directory Information Exposure vulnerability exists in Modicon M580, Modicon M340, Modicon Premium , Modicon Quantum all firmware versions, which could cause the disclosure of information from the controller when using TFTP protocol...

7.5CVSS6.6AI score0.29895EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:47 a.m.7 views

CVE-2019-6808

A CWE-284: Improper Access Control vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a remote code execution by overwriting configuration settings of the controller over Modbus...

9.8CVSS7.7AI score0.08161EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:0 a.m.6 views

CVE-2018-7857

A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a possible Denial of Service when writing out of bounds variables to the controller over Modbus...

7.5CVSS6.7AI score0.01582EPSS
Exploits1References1
Rows per page
Query Builder