Modicon M340 Bmxp342010 Firmware Security Vulnerabilities and Issues — Modicon M340 Bmxp342010 Firmware CVE List

Lucene search

Schneider-electricModicon M340 Bmxp342010 Firmware

9 matches found

CVE•added 2021/07/14 3:15 p.m.•82 views

CVE-2021-22779

Authentication Bypass by Spoofing vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Control Expert V15.0 SP1, EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), SCADAPack R...

9.1CVSS9AI score0.00101EPSS

CVE•added 2023/01/31 6:15 a.m.•73 views

CVE-2022-45789

A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause execution of unauthorized Modbus functions on the controller when hijacking an authenticated Modbus session. Affected Products: EcoStruxure Control Expert (All Versions), EcoStruxure Process Expert (All Version...

9.8CVSS9.3AI score0.00057EPSS

CVE•added 2022/09/12 6:15 p.m.•64 views

CVE-2022-37300

A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could cause unauthorized access in read and write mode to the controller when communicating over Modbus. Affected Products: EcoStruxure Control Expert Including all Unity Pro versions (former name of EcoStr...

9.8CVSS9.1AI score0.00288EPSS

CVE•added 2023/01/30 1:15 p.m.•63 views

CVE-2022-45788

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause arbitrary code execution, denial of service and loss of confidentiality & integrity when a malicious project file is loaded onto the controller. Affected Products: EcoStruxure Control Expert (All V...

9.8CVSS9.5AI score0.00293EPSS

CVE•added 2013/04/04 11:58 a.m.•61 views

CVE-2013-2763

The Schneider Electric M340 PLC modules allow remote attackers to cause a denial of service (resource consumption) via unspecified vectors. NOTE: the vendor reportedly disputes this issue because it "could not be duplicated" and "an attacker could not remotely exploit this observed behavior to deny...

5CVSS6.8AI score0.00878EPSS

CVE•added 2022/11/22 1:15 p.m.•57 views

CVE-2022-0222

A CWE-269: Improper Privilege Management vulnerability exists that could cause a denial of service of the Ethernet communication of the controller when sending a specific request over SNMP. Affected products: Modicon M340 CPUs(BMXP34* versions prior to V3.40), Modicon M340 X80 Ethernet Communicatio...

7.5CVSS7.3AI score0.00159EPSS

CVE•added 2022/02/04 11:15 p.m.•54 views

CVE-2022-22724

A CWE-400: Uncontrolled Resource Consumption vulnerability exists that could cause a denial of service on ports 80 (HTTP) and 502 (Modbus), when sending a large number of TCP RST or FIN packets to any open TCP port of the PLC. Affected Product: Modicon M340 CPUs: BMXP34 (All Versions)

7.5CVSS7.4AI score0.00482EPSS

CVE•added 2023/02/01 4:15 a.m.•49 views

CVE-2021-22786

A CWE-200: Information Exposure vulnerability exists that could cause the exposure of sensitive information stored on the memory of the controller when communicating over the Modbus TCP protocol. Affected Products: Modicon M340 CPU (part numbers BMXP34*) (Versions prior to V3.30), Modicon M580 CPU ...

7.5CVSS7.2AI score0.00175EPSS

CVE•added 2024/02/14 5:15 p.m.•36 views

CVE-2023-6408

CWE-924: Improper Enforcement of Message Integrity During Transmission in aCommunication Channel vulnerability exists that could cause a denial of service and loss ofconfidentiality, integrity of controllers when conducting a Man in the Middle attack.

8.1CVSS7.8AI score0.00157EPSS