Lucene search
+L

29 matches found

Securelist
Securelist
added 2022/09/29 8:0 a.m.85 views

The secrets of Schneider Electric’s UMAS protocol

UMAS Unified Messaging Application Services is a proprietary Schneider Electric SE protocol used to configure and monitor Schneider Electric PLCs. Schneider Electric controllers that use UMAS include Modicon M580 CPU part numbers BMEP and BMEH and Modicon M340 CPU part numbers BMXP34. Controllers...

7.5CVSS9.6AI score0.02642EPSS
Exploits0
Talos
Talos
added 2019/10/08 12:0 a.m.183 views

Schneider Electric Modicon M580 UMAS REST API getcominfo denial-of-service vulnerability

Summary An exploitable denial of service vulnerability exists in the UMAS REST API getcominfo functionality of the Schneider Electric Modicon M580 Programmable Automation Controller firmware version SV2.80. A specially crafted HTTP request can cause the device to enter a non-recoverable fault...

8.6CVSS8.6AI score0.32974EPSS
Exploits0
Talos
Talos
added 2019/10/08 12:0 a.m.50 views

Schneider Electric Modicon M580 UMAS REST API getcominfo information disclosure vulnerability

Summary An exploitable information disclosure vulnerability exists in the UMAS REST API getcominfo functionality of the Schneider Electric Modicon M580 Programmable Automation Controller firmware version SV2.80. A specially crafted HTTP request can cause the device to return arbitrary memory,...

7.5CVSS7.3AI score0.01709EPSS
Exploits0
Talos
Talos
added 2019/10/08 12:0 a.m.66 views

Schneider Electric Modicon M580 UMAS cleartext data transmission vulnerability

Summary An exploitable information disclosure vulnerability exists in the UMAS functionality of the Schneider Electric Modicon M580 Programmable Automation Controller, firmware version SV2.80. An attacker can sniff network traffic to exploit this vulnerability. Tested Versions Schneider Electric...

7.5CVSS7.1AI score0.01064EPSS
Exploits0
Talos
Talos
added 2019/10/08 12:0 a.m.57 views

Schneider Electric Modicon M580 TFTP server information disclosure vulnerability

Summary An exploitable information disclosure vulnerability exists in the TFTP server functionality of the Schneider Electric Modicon M580 Programmable Automation Controller. A specially crafted TFTP get request can cause a file download, resulting in disclosure of sensitive information. An...

7.5CVSS7.4AI score0.29895EPSS
Exploits0
Talos
Talos
added 2019/10/08 12:0 a.m.60 views

Schneider Electric Modicon M580 UMAS REST API readbolarray information disclosure vulnerability

Summary An exploitable information disclosure vulnerability exists in the UMAS REST API readbolarray functionality of the Schneider Electric Modicon M580 Programmable Automation Controller firmware version SV2.80. A specially crafted HTTP request can cause the device to return blocks of program...

7.5CVSS7.5AI score0.01709EPSS
Exploits0
Talos
Talos
added 2019/08/13 12:0 a.m.61 views

Schneider Electric Modicon M580 UMAS read strategy denial-of-service vulnerability

Summary An exploitable denial-of-service vulnerability exists in the UMAS read strategy functionality of the Schneider Electric Modicon M580 programmable automation controller, firmware version SV2.70. A specially crafted set of UMAS commands can cause the device to enter a non-recoverable fault...

7.8CVSS7.7AI score0.01757EPSS
Exploits0
Talos
Talos
added 2019/08/13 12:0 a.m.49 views

Schneider Electric Modicon M580 UMAS Function Code 0x29 Denial of Service Vulnerability

Summary An exploitable denial of service vulnerability exists in the UMAS function code 0x29 functionality of the Schneider Electric Modicon M580 Programmable Automation Controller firmware version SV2.70. A specially crafted UMAS command can cause the device to enter a non-recoverable fault stat...

7.8CVSS7.8AI score0.01609EPSS
Exploits1
Talos
Talos
added 2019/08/13 12:0 a.m.67 views

Schneider Electric Modicon M580 UMAS Read System Coils and Registers Denial of Service Vulnerability

Summary An exploitable denial of service vulnerability exists in the UMAS Read System Coils and Registers functionality of the Schneider Electric Modicon M580 Programmable Automation Controller firmware version SV2.80. A specially crafted UMAS command can cause the device to enter a non-recoverab...

7.8CVSS7.8AI score0.01526EPSS
Exploits0
Check Point Advisories
Check Point Advisories
added 2019/07/07 12:0 a.m.97 views

Schneider Electric Modicon Multiple Denial Of Service Vulnerabilities (CVE-2018-7843; CVE-2018-7852; CVE-2018-7853; CVE-2018-7854; CVE-2018-7855; CVE-2018-7856; CVE-2018-7857; CVE-2019-6807)

Multiple denial of service vulnerabilities exist in Schneider Electric Modicon. A remote unauthenticated attacker could send crafted UMAS command packets to cause denial of service conditions...

5CVSS3.8AI score0.03614EPSS
Exploits8
Talos Blog
Talos Blog
added 2019/06/20 6:8 a.m.341 views

Vulnerability Spotlight: Multiple vulnerabilities in Schneider Electric Modicon M580

Jared Rittle of Cisco Talos discovered these vulnerabilities. Executive summary There are several vulnerabilities in the Schneider Electric Modicon M580 that could lead to a variety of conditions, including denial of service and the disclosure of sensitive information. The Modicon M580 is the...

7.5CVSS8.7AI score0.35039EPSS
Exploits17
Talos
Talos
added 2019/06/10 12:0 a.m.159 views

Schneider Electric Modicon M580 UMAS strategy read information disclosure vulnerability

Summary An exploitable information disclosure vulnerability exists in the UMAS strategy read functionality of the Schneider Electric Modicon M580 Programmable Automation Controller firmware version SV2.70. A specially crafted UMAS command can cause the device to return blocks of the programmed...

7.5CVSS7.6AI score0.03413EPSS
Exploits1
Talos
Talos
added 2019/06/10 12:0 a.m.193 views

Schneider Electric Modicon M580 UMAS function code 0x65 denial-of-service vulnerability

Summary An exploitable denial-of-service vulnerability exists in the UMAS function code 0x65 functionality of the Schneider Electric Modicon M580 Programmable Automation Controller, firmware version SV2.70. A specially crafted UMAS command can cause the device to enter a non-recoverable fault...

7.5CVSS7.7AI score0.02304EPSS
Exploits1
Talos
Talos
added 2019/06/10 12:0 a.m.207 views

Schneider Electric Modicon M580 UMAS Improper Authentication Vulnerability

Summary An exploitable improper authentication vulnerability exists in the UMAS PLC reservation function of the Schneider Electric Modicon M580 Programmable Automation Controller, firmware version SV2.70. A specially crafted UMAS command can allow an attacker to masquerade as an authenticated use...

9.8CVSS9.9AI score0.35039EPSS
Exploits1
Talos
Talos
added 2019/06/10 12:0 a.m.197 views

Schneider Electric Modicon M580 UMAS write system bits and blocks denial-of-service vulnerability

Summary An exploitable denial-of-service vulnerability exists in the UMAS write system bits and blocks functionality of the Schneider Electric Modicon M580 Programmable Automation Controller, firmware version SV2.70. A specially crafted set of UMAS commands can cause the device to enter a...

7.5CVSS7.6AI score0.02236EPSS
Exploits1
Talos
Talos
added 2019/06/10 12:0 a.m.205 views

Schneider Electric Modicon M580 UMAS memory block read denial-of-service vulnerability

Summary An exploitable denial-of-service vulnerability exists in the UMAS memory block read function of the Schneider Electric Modicon M580 programmable automation controller, firmware version SV2.70. A specially crafted UMAS command can cause the device to enter a non-recoverable fault state,...

7.5CVSS7.7AI score0.03289EPSS
Exploits1
Talos
Talos
added 2019/06/10 12:0 a.m.219 views

Schneider Electric UnityPro PLC simulator remote code execution vulnerability

Summary An exploitable remote code execution vulnerability exists in the UMAS strategy programming functionality of the Schneider Electric Unity Pro L Programming Software PLC Simulator. A specially crafted sequence of UMAS commands sent to the software’s PLC simulator can cause a modified strate...

9.8CVSS9.9AI score0.08161EPSS
Exploits1
Talos
Talos
added 2019/06/10 12:0 a.m.225 views

Schneider Electric Modicon M580 UMAS Strategy File Write Vulnerability

Summary An exploitable unauthenticated file write vulnerability exists in the UMAS strategy programming functionality of the Schneider Electric Modicon M580 Programmable Automation Controller firmware version SV2.70. A specially crafted sequence of UMAS commands can cause the device to overwrite...

9.8CVSS9.7AI score0.03808EPSS
Exploits1
Talos
Talos
added 2019/06/10 12:0 a.m.227 views

Schneider Electric Modicon M580 UMAS release reservation denial-of-service vulnerability

Summary An exploitable denial-of-service vulnerability exists in the UMAS Release PLC Reservation function of the Schneider Electric Modicon M580 Programmable Automation Controller, firmware version SV2.70. A specially crafted UMAS command can cause the device to invalidate a session without...

9.8CVSS9.7AI score0.29575EPSS
Exploits1
Talos
Talos
added 2019/06/10 12:0 a.m.211 views

Schneider Electric Modicon M580 UMAS read system blocks and bits information disclosure vulnerability

Summary An exploitable information disclosure vulnerability exists in the UMAS Read System Blocks and Bits functionality of the Schneider Electric Modicon M580 Programmable Automation Controller, firmware version SV2.70. A specially crafted UMAS command can cause the device to return blocks of...

7.5CVSS7.6AI score0.02298EPSS
Exploits1
Rows per page
Query Builder