EUVD-2012-0953

Malware in sbrugna...

Schneider Electric Modicon Improper Authentication (CVE-2018-7760)

An authorization bypass vulnerability exists in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200. Requests to CGI functions allow malicious users to bypass authorization. This plugin only works with Tenable.ot. Please visit...

Schneider Electric Modicon Cross-site Scripting (CVE-2012-0930)

Cross-site scripting XSS vulnerability in Schneider Electric Modicon Quantum PLC allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...

Schneider Electric Modicon Improper Authentication (CVE-2012-0931)

Schneider Electric Modicon Quantum PLC does not perform authentication between the Unity software and PLC, which allows remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors. This plugin only works with Tenable.ot. Please visit...

Schneider Electric Modicon Improper Restriction of Operations within the Bounds of a Memory Buffer (CVE-2012-0929)

Multiple buffer overflows in Schneider Electric Modicon Quantum PLC allow remote attackers to cause a denial of service via malformed requests to the 1 FTP server or 2 HTTP server. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more informatio...

The vulnerability of the microprogrammed programmable logic controller Modicon Quantum, related to errors in access control mechanisms, allows a intruder to trigger a service failure or alter the controller’s configuration.

The vulnerability of the microprogrammed programmable logic controller Modicon Quantum is related to errors in the access control mechanisms. Exploiting this vulnerability could allow an attacker to cause service failures or modify the controller’s configuration using the Ethernet/IP protocol...

Schneider Electric Modicon Quantum PLC Detection

Binary data 34.prm...

The vulnerability of the built-in web server of Schneider Electric’s Modicon Premium, Modicon Quantum PLC, Modicon M340, and Modicon BMXNOR0200 allows a perpetrator to execute arbitrary code.

The vulnerability of Schneider Electric Modicon BMXNOR0200 embedded web servers is related to an error in HTTP request analysis. Exploiting this vulnerability allows a remote attacker to execute arbitrary code on the web server using specially crafted HTTP requests...

Buffer overflow

A vulnerability exists in the web services to process SOAP requests in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200 which could allow result in a buffer overflow...

Authorization

An authorization bypass vulnerability exists in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200. Requests to CGI functions allow malicious users to bypass authorization...

CVE-2018-7759

A buffer overflow vulnerability exists in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200. The buffer overflow vulnerability is caused by the length of the source string specified instead of the buffer size as the number of bytes to be copied...

Design/Logic Flaw

A vulnerability exists in the HTTP request parser in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200 which could allow arbitrary code execution...

CVE-2018-7761

A vulnerability exists in the HTTP request parser in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200 which could allow arbitrary code execution...

CVE-2018-7760

An authorization bypass vulnerability exists in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200. Requests to CGI functions allow malicious users to bypass authorization...

CVE-2018-7759

CVE-2018-7759 describes a buffer overflow in Schneider Electric Modicon M340, Premium, Quantum PLCs and BMXNOR0200 caused by using the length of the source string (not the buffer size) as the copy size. This vulnerability can enable a remote attacker to cause a denial of service. A vendor advisor...

PT-2017-3703 · Schneider Electric · Modicon Premium +3

Name of the Vulnerable Software and Affected Versions: Schneider Electric Modicon BMXNOR0200 affected versions not specified Schneider Electric Modicon M340 affected versions not specified Schneider Electric Modicon Premium affected versions not specified Schneider Electric Modicon Quantum PLC...

CVE-2012-0929

Multiple buffer overflows in Schneider Electric Modicon Quantum PLC allow remote attackers to cause a denial of service via malformed requests to the 1 FTP server or 2 HTTP server...

CVE-2012-0931

Schneider Electric Modicon Quantum PLC does not perform authentication between the Unity software and PLC, which allows remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors...

Cross site scripting

Cross-site scripting XSS vulnerability in Schneider Electric Modicon Quantum PLC allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Authentication flaw

Schneider Electric Modicon Quantum PLC does not perform authentication between the Unity software and PLC, which allows remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors...