65 matches found
CVE-2021-22749
A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Modicon X80 BMXNOR0200H RTU SV1.70 IR22 and prior that could cause information leak concerning the current RTU configuration including communication parameters dedicated to telemetry, when a specially...
EUVD-2022-37710
Malicious code in bioql PyPI...
EUVD-2022-37713
Malicious code in bioql PyPI...
EUVD-2022-37708
Malicious code in bioql PyPI...
EUVD-2022-37711
Malicious code in bioql PyPI...
EUVD-2022-37709
Malicious code in bioql PyPI...
EUVD-2022-37712
Malicious code in bioql PyPI...
EUVD-2022-37707
Malicious code in bioql PyPI...
EUVD-2021-9884
Malicious code in bioql PyPI...
Schneider Electric Modicon X80 Exposure of Sensitive Information to an Unauthorized Actor (CVE-2021-22749)
A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Modicon X80 BMXNOR0200H RTU SV1.70 IR22 and prior that could cause information leak concerning the current RTU configuration including communication parameters dedicated to telemetry, when a specially...
Schneider Electric Modicon Improper Privilege Management (CVE-2022-0222)
A CWE-269: Improper Privilege Management vulnerability exists that could cause a denial of service of the Ethernet communication of the controller when sending a specific request over SNMP. Affected products: Modicon M340 CPUsBMXP34 versions prior to V3.40, Modicon M340 X80 Ethernet Communication...
Schneider Electric Modicon Path Traversal (CVE-2022-34762)
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists that could cause unauthorized firmware image loading when unsigned images are added to the firmware image path. Affected Products: X80 advanced RTU Communication Module BMENOR2200H V2.01 an...
Schneider Electric Modicon Out-of-bounds Write (CVE-2022-34759)
A CWE-787: Out-of-bounds Write vulnerability exists that could cause a denial of service of the webserver due to improper parsing of the HTTP Headers. Affected Products: X80 advanced RTU Communication Module BMENOR2200H V1.0, OPC UA Modicon Communication Module BMENUA0100 V1.10 and prior - A...
Schneider Electric Modicon Infinite Loop (CVE-2022-34760)
A CWE-835: Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability exists that could cause a denial of service of the webserver due to improper handling of the cookies. Affected Products: X80 advanced RTU Communication Module BMENOR2200H V1.0, OPC UA Modicon Communication Module...
Schneider Electric Modicon Insufficient Verification of Data Authenticity (CVE-2022-34763)
A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists that could cause loading of unauthorized firmware images due to improper verification of the firmware signature. Affected Products: X80 advanced RTU Communication Module BMENOR2200H V2.01 and later, OPC UA Modicon...
Schneider Electric Modicon NULL Pointer Dereference (CVE-2022-34761)
A CWE-476: NULL Pointer Dereference vulnerability exists that could cause a denial of service of the webserver when parsing JSON content type. Affected Products: X80 advanced RTU Communication Module BMENOR2200H V2.01 and later, OPC UA Modicon Communication Module BMENUA0100 V1.10 and prior - A...
Schneider Electric Modicon Improper Restriction of Operations within the Bounds of a Memory Buffer (CVE-2022-34764)
A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause denial of service when parsing the URL. Affected Products: X80 advanced RTU Communication Module BMENOR2200H V1.0, OPC UA Modicon Communication Module BMENUA0100 V1.10 and prio...
CVE-2022-34760
A CWE-835: Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability exists that could cause a denial of service of the webserver due to improper handling of the cookies. Affected Products: X80 advanced RTU Communication Module BMENOR2200H V1.0, OPC UA Modicon Communication Module...
CVE-2022-34764
A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause denial of service when parsing the URL. Affected Products: X80 advanced RTU Communication Module BMENOR2200H V1.0, OPC UA Modicon Communication Module BMENUA0100 V1.10 and prio...
CVE-2022-34763
A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists that could cause loading of unauthorized firmware images due to improper verification of the firmware signature. Affected Products: X80 advanced RTU Communication Module BMENOR2200H V2.01 and later, OPC UA Modicon...