Modicon M258 Firmware Security Vulnerabilities
A CWE-306: Missing Authentication for Critical Function vulnerability exists which could cause a modification of device IP configuration (IP address, network mask and gateway IP address) when a specific Ethernet frame is received in all versions of: Modicon M100, Modicon M200, Modicon M221, ATV IMC...
8.2CVSS
8.1AI Score
0.001EPSS
A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Modicon M258 Firmware (All versions prior to V5.0.4.11) and SoMachine/SoMachine Motion software (All versions), that could cause a buffer overflow when the length of a file transferred to the ...
6.8CVSS
6.8AI Score
0.0005EPSS
A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists which could allow the attacker to execute malicious code on the Modicon M218, M241, M251, and M258 controllers.
9.8CVSS
9.5AI Score
0.002EPSS
A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists which could leak sensitive information transmitted between the software and the Modicon M218, M241, M251, and M258 controllers.
7.5CVSS
7.3AI Score
0.002EPSS
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-siteScripting') vulnerability exists that could cause a vulnerability leading to a cross-site scriptingcondition where attackers can have a victimβs browser run arbitrary JavaScript when they visit apage containing the inje...
6.1CVSS
5.5AI Score
0.0005EPSS