Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
Schneider-electricModicon M340 Firmware

32 matches found

CVE
CVEadded 2019/09/17 8:15 p.m.115 views

CVE-2019-6813

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in BMXNOR0200H Ethernet / Serial RTU module (all firmware versions) and Modicon M340 controller (all firmware versions), which could cause denial of service when truncated SNMP packets on port 161/UDP are received ...

7.8CVSS7.5AI score0.0051EPSS
CVE
CVEadded 2019/09/17 8:15 p.m.114 views

CVE-2019-6829

A CWE-248: Uncaught Exception vulnerability exists in Modicon M580 (firmware version prior to V2.90) and Modicon M340 (firmware version prior to V3.10), which could cause a possible denial of service when writing to specific memory addresses in the controller over Modbus.

7.8CVSS7.3AI score0.00367EPSS
CVE
CVEadded 2019/09/17 8:15 p.m.107 views

CVE-2019-6828

A CWE-248: Uncaught Exception vulnerability exists Modicon M580 (firmware version prior to V2.90), Modicon M340 (firmware version prior to V3.10), Modicon Premium (all versions), and Modicon Quantum (all versions), which could cause a possible denial of service when reading specific coils and regis...

7.8CVSS7.3AI score0.00367EPSS
CVE
CVEadded 2019/09/17 8:15 p.m.98 views

CVE-2019-6809

A CWE-248: Uncaught Exception vulnerability exists in Modicon M580 (firmware versions prior to V2.90), Modicon M340 (firmware versions prior to V3.10), Modicon Premium (all versions), Modicon Quantum (all versions), which could cause a possible denial of service when reading invalid data from the c...

7.8CVSS7.2AI score0.00552EPSS
CVE
CVEadded 2019/05/22 8:29 p.m.81 views

CVE-2018-7845

A CWE-125: Out-of-bounds Read vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause the disclosure of unexpected data from the controller when reading specific memory blocks in the controller over Modbus.

7.5CVSS7.3AI score0.04366EPSS
CVE
CVEadded 2019/10/29 7:15 p.m.81 views

CVE-2019-6842

A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause a Denial of Service attack on the PLC when upgrading the firmware with a missing web server image inside the packag...

4.9CVSS5.1AI score0.00382EPSS
CVE
CVEadded 2019/05/22 8:29 p.m.76 views

CVE-2018-7846

A CWE-501: Trust Boundary Violation vulnerability on connection to the Controller exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum and Modicon Premium which could cause unauthorized access by conducting a brute force attack on Modbus protocol to the controller.

9.8CVSS9.2AI score0.38192EPSS
CVE
CVEadded 2019/05/22 9:29 p.m.72 views

CVE-2018-7844

A CWE-200: Information Exposure vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause the disclosure of SNMP information when reading memory blocks from the controller over Modbus.

7.5CVSS7.2AI score0.13834EPSS
CVE
CVEadded 2019/05/22 8:29 p.m.69 views

CVE-2019-6819

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists which could cause a possible Denial of Service when specific Modbus frames are sent to the controller in the products: Modicon M340 - firmware versions prior to V3.01, Modicon M580 - firmware versions prior to V2.8...

7.5CVSS7.4AI score0.00468EPSS
CVE
CVEadded 2019/10/29 7:15 p.m.68 views

CVE-2019-6843

A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580 with firmware (version prior to V3.10), Modicon M340 (all firmware versions), and Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause a Denial of Service attack on the PLC when upgra...

4.9CVSS4.9AI score0.00382EPSS
CVE
CVEadded 2019/10/29 7:15 p.m.68 views

CVE-2019-6847

A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause a Denial of Service attack on the FTP service when upgrading the firmware with a version incompatible with the appl...

4.9CVSS5AI score0.00382EPSS
CVE
CVEadded 2019/10/29 7:15 p.m.65 views

CVE-2019-6846

A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause information disclosure when using the FTP protocol.

6.5CVSS6.2AI score0.00216EPSS
CVE
CVEadded 2019/05/22 9:29 p.m.62 views

CVE-2019-6808

A CWE-284: Improper Access Control vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a remote code execution by overwriting configuration settings of the controller over Modbus.

9.8CVSS9.6AI score0.03835EPSS
CVE
CVEadded 2019/05/22 9:29 p.m.61 views

CVE-2019-6807

A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a possible denial of service when writing sensitive application variables to the controller over Modbus.

7.5CVSS7.2AI score0.00141EPSS
CVE
CVEadded 2019/10/29 7:15 p.m.60 views

CVE-2019-6851

A CWE-538: File and Directory Information Exposure vulnerability exists in Modicon M580, Modicon M340, Modicon Premium , Modicon Quantum (all firmware versions), which could cause the disclosure of information from the controller when using TFTP protocol.

7.5CVSS7.2AI score0.00443EPSS
CVE
CVEadded 2019/05/22 8:29 p.m.59 views

CVE-2018-7842

A CWE-290: Authentication Bypass by Spoofing vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause an elevation of privilege by conducting a brute force attack on Modbus parameters sent to the controller.

9.8CVSS9.3AI score0.06468EPSS
CVE
CVEadded 2019/10/29 7:15 p.m.59 views

CVE-2019-6844

A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause a Denial of Service atack on the PLC when upgrading the controller with a firmware package containing an invalid we...

4.9CVSS5AI score0.00382EPSS
CVE
CVEadded 2019/05/22 9:29 p.m.58 views

CVE-2018-7854

A CWE-248 Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a denial of Service when sending invalid debug parameters to the controller over Modbus.

7.5CVSS7.2AI score0.01912EPSS
CVE
CVEadded 2019/05/22 9:29 p.m.58 views

CVE-2018-7855

A CWE-248 Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a Denial of Service when sending invalid breakpoint parameters to the controller over Modbus

7.5CVSS7.3AI score0.00591EPSS
CVE
CVEadded 2019/05/22 9:29 p.m.58 views

CVE-2019-6806

A CWE-200: Information Exposure vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause the disclosure of SNMP information when reading variables in the controller using Modbus.

7.5CVSS7.2AI score0.0034EPSS
CVE
CVEadded 2019/05/22 8:29 p.m.57 views

CVE-2018-7843

A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service when reading memory blocks with an invalid data size or with an invalid data offset in the controller over Modbus.

7.5CVSS7.3AI score0.14763EPSS
CVE
CVEadded 2019/05/22 8:29 p.m.57 views

CVE-2018-7847

A CWE-284: Improper Access Control vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service or potential code execution by overwriting configuration settings of the controller over Modbus.

9.8CVSS9.4AI score0.01223EPSS
CVE
CVEadded 2019/05/22 8:29 p.m.57 views

CVE-2018-7849

A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum and Modicon Premium which could cause a possible Denial of Service due to improper data integrity check when sending files the controller over Modbus.

7.5CVSS7.3AI score0.14763EPSS
CVE
CVEadded 2019/05/22 8:29 p.m.57 views

CVE-2018-7850

A CWE-807: Reliance on Untrusted Inputs in a Security Decision vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause invalid information displayed in Unity Pro software.

5.3CVSS5.3AI score0.00237EPSS
CVE
CVEadded 2019/05/22 9:29 p.m.56 views

CVE-2018-7853

A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service when reading invalid physical memory blocks in the controller over Modbus

7.5CVSS7.2AI score0.00494EPSS
CVE
CVEadded 2019/05/22 8:29 p.m.55 views

CVE-2018-7848

A CWE-200: Information Exposure vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause the disclosure of SNMP information when reading files from the controller over Modbus

7.5CVSS7.2AI score0.1323EPSS
CVE
CVEadded 2019/05/22 8:29 p.m.54 views

CVE-2019-6821

CWE-330: Use of Insufficiently Random Values vulnerability, which could cause the hijacking of the TCP connection when using Ethernet communication in Modicon M580 firmware versions prior to V2.30, and all firmware versions of Modicon M340, Modicon Premium, Modicon Quantum.

6.5CVSS6.5AI score0.00239EPSS
CVE
CVEadded 2019/10/29 7:15 p.m.54 views

CVE-2019-6841

A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580 with firmware (version prior to V3.10), Modicon M340 (all firmware versions), and Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause a Denial of Service attack on the PLC when upgra...

4.9CVSS5AI score0.00524EPSS
CVE
CVEadded 2019/05/22 9:29 p.m.53 views

CVE-2018-7856

A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a possible denial of Service when writing invalid memory blocks to the controller over Modbus.

7.5CVSS7.2AI score0.00494EPSS
CVE
CVEadded 2019/05/22 9:29 p.m.53 views

CVE-2018-7857

A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a possible Denial of Service when writing out of bounds variables to the controller over Modbus.

7.5CVSS7.3AI score0.00494EPSS
CVE
CVEadded 2019/05/22 8:29 p.m.52 views

CVE-2018-7852

A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service when an invalid private command parameter is sent to the controller over Modbus.

7.5CVSS7.4AI score0.14763EPSS
CVE
CVEadded 2019/10/29 7:15 p.m.52 views

CVE-2019-6845

A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists in Modicon M580, Modicon M340, Modicon Premium , Modicon Quantum (all firmware versions), which could cause the disclosure of information when transferring applications to the controller using Modbus TCP protocol.

7.5CVSS7.2AI score0.00205EPSS