Modicon M340 Bmxp341000 Firmware@* Security Vulnerabilities and Issues — Modicon M340 Bmxp341000 Firmware@* CVE List

Lucene search

Schneider-electricModicon M340 Bmxp341000 Firmware*

17 matches found

CVE•added 2020/01/06 11:15 p.m.•157 views

CVE-2019-6855

Incorrect Authorization vulnerability exists in EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions), Modicon M340 (all versions prior to V3.20) , and Modicon M580 (all versions prior to V3.10), which could cause a bypass of the authentication process between Ec...

7.5CVSS7.2AI score0.00191EPSS

CVE•added 2020/12/11 1:15 a.m.•146 views

CVE-2020-7535

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal' Vulnerability Type) vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions...

7.5CVSS7.2AI score0.00428EPSS

CVE•added 2021/07/14 3:15 p.m.•82 views

CVE-2021-22779

Authentication Bypass by Spoofing vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Control Expert V15.0 SP1, EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), SCADAPack R...

9.1CVSS9AI score0.00101EPSS

CVE•added 2023/01/31 6:15 a.m.•73 views

CVE-2022-45789

A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause execution of unauthorized Modbus functions on the controller when hijacking an authenticated Modbus session. Affected Products: EcoStruxure Control Expert (All Versions), EcoStruxure Process Expert (All Version...

9.8CVSS9.3AI score0.00057EPSS

CVE•added 2020/12/11 1:15 a.m.•68 views

CVE-2020-7549

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause denial of HTTP and FTP s...

5.3CVSS5.3AI score0.00526EPSS

CVE•added 2020/12/11 1:15 a.m.•67 views

CVE-2020-7537

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see security notifications for affected versions), that could cause denial of service when a specially crafted Read Physical Memo...

7.5CVSS7.4AI score0.00389EPSS

CVE•added 2020/12/11 1:15 a.m.•67 views

CVE-2020-7540

A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause unauthenticated command executio...

9.8CVSS9.7AI score0.00311EPSS

CVE•added 2020/12/11 1:15 a.m.•66 views

CVE-2020-7541

A CWE-425: Direct Request ('Forced Browsing') vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause disclosure of sensitive data when sending ...

5.3CVSS5.2AI score0.00313EPSS

CVE•added 2020/12/11 1:15 a.m.•64 views

CVE-2020-7542

7.5CVSS7.4AI score0.00389EPSS

CVE•added 2022/09/12 6:15 p.m.•64 views

CVE-2022-37300

A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could cause unauthorized access in read and write mode to the controller when communicating over Modbus. Affected Products: EcoStruxure Control Expert Including all Unity Pro versions (former name of EcoStr...

9.8CVSS9.1AI score0.00288EPSS

CVE•added 2020/12/01 3:15 p.m.•59 views

CVE-2020-7533

CWE-287: Improper Authentication vulnerability exists which could cause the execution ofcommands on the webserver without authentication when sending specially crafted HTTPrequests.

9.8CVSS9.8AI score0.00235EPSS

CVE•added 2020/12/11 1:15 a.m.•58 views

CVE-2020-7536

A CWE-754:Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M340 CPUs (BMXP34* versions prior to V3.30) Modicon M340 Communication Ethernet modules (BMXNOE0100 (H) versions prior to V3.4 BMXNOE0110 (H) versions prior to V6.6 BMXNOR0200H all versions), that could c...

7.8CVSS7.4AI score0.00483EPSS

CVE•added 2020/12/11 1:15 a.m.•58 views

CVE-2020-7539

A CWE-754 Improper Check for Unusual or Exceptional Conditions vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause a denial of service vulne...

7.5CVSS7.4AI score0.00318EPSS

CVE•added 2022/11/22 1:15 p.m.•57 views

CVE-2022-0222

A CWE-269: Improper Privilege Management vulnerability exists that could cause a denial of service of the Ethernet communication of the controller when sending a specific request over SNMP. Affected products: Modicon M340 CPUs(BMXP34* versions prior to V3.40), Modicon M340 X80 Ethernet Communicatio...

7.5CVSS7.3AI score0.00159EPSS

CVE•added 2020/12/11 1:15 a.m.•51 views

CVE-2020-7543

7.5CVSS7.4AI score0.00389EPSS

CVE•added 2023/02/01 4:15 a.m.•49 views

CVE-2021-22786

A CWE-200: Information Exposure vulnerability exists that could cause the exposure of sensitive information stored on the memory of the controller when communicating over the Modbus TCP protocol. Affected Products: Modicon M340 CPU (part numbers BMXP34*) (Versions prior to V3.30), Modicon M580 CPU ...

7.5CVSS7.2AI score0.00175EPSS

CVE•added 2024/02/14 5:15 p.m.•36 views

CVE-2023-6408

CWE-924: Improper Enforcement of Message Integrity During Transmission in aCommunication Channel vulnerability exists that could cause a denial of service and loss ofconfidentiality, integrity of controllers when conducting a Man in the Middle attack.

8.1CVSS7.8AI score0.00157EPSS