Modicon M580 Bmep582020h Firmware Security Vulnerabilities and Issues — Modicon M580 Bmep582020h Firmware CVE List

Lucene search

Schneider-electricModicon M580 Bmep582020h Firmware

7 matches found

CVE•added 2021/07/14 3:15 p.m.•82 views

CVE-2021-22779

Authentication Bypass by Spoofing vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Control Expert V15.0 SP1, EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), SCADAPack R...

9.1CVSS9AI score0.00101EPSS

CVE•added 2023/01/31 6:15 a.m.•73 views

CVE-2022-45789

A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause execution of unauthorized Modbus functions on the controller when hijacking an authenticated Modbus session. Affected Products: EcoStruxure Control Expert (All Versions), EcoStruxure Process Expert (All Version...

9.8CVSS9.3AI score0.00057EPSS

CVE•added 2022/09/12 6:15 p.m.•64 views

CVE-2022-37300

A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could cause unauthorized access in read and write mode to the controller when communicating over Modbus. Affected Products: EcoStruxure Control Expert Including all Unity Pro versions (former name of EcoStr...

9.8CVSS9.1AI score0.00288EPSS

CVE•added 2023/01/30 1:15 p.m.•63 views

CVE-2022-45788

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause arbitrary code execution, denial of service and loss of confidentiality & integrity when a malicious project file is loaded onto the controller. Affected Products: EcoStruxure Control Expert (All V...

9.8CVSS9.5AI score0.00293EPSS

CVE•added 2022/11/22 12:15 p.m.•55 views

CVE-2022-37301

A CWE-191: Integer Underflow (Wrap or Wraparound) vulnerability exists that could cause a denial of service of the controller due to memory access violations when using the Modbus TCP protocol. Affected products: Modicon M340 CPU (part numbers BMXP34*)(V3.40 and prior), Modicon M580 CPU (part numbe...

7.5CVSS7.4AI score0.00244EPSS

CVE•added 2023/02/01 4:15 a.m.•49 views

CVE-2021-22786

A CWE-200: Information Exposure vulnerability exists that could cause the exposure of sensitive information stored on the memory of the controller when communicating over the Modbus TCP protocol. Affected Products: Modicon M340 CPU (part numbers BMXP34*) (Versions prior to V3.30), Modicon M580 CPU ...

7.5CVSS7.2AI score0.00175EPSS

CVE•added 2024/02/14 5:15 p.m.•36 views

CVE-2023-6408

CWE-924: Improper Enforcement of Message Integrity During Transmission in aCommunication Channel vulnerability exists that could cause a denial of service and loss ofconfidentiality, integrity of controllers when conducting a Man in the Middle attack.

8.1CVSS7.8AI score0.00157EPSS