Modicon Lmc058 Firmware Security Vulnerabilities - May

CVE-2019-6820

A CWE-306: Missing Authentication for Critical Function vulnerability exists which could cause a modification of device IP configuration (IP address, network mask and gateway IP address) when a specific Ethernet frame is received in all versions of: Modicon M100, Modicon M200, Modicon M221, ATV IMC...

CVE-2024-6528

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-siteScripting') vulnerability exists that could cause a vulnerability leading to a cross-site scriptingcondition where attackers can have a victim’s browser run arbitrary JavaScript when they visit apage containing the inje...