Schneider-electric Bmxnoe0100
15 CVEs affecting Schneider-electric Bmxnoe0100. Latest disclosed: 2024-06-12. Critical: 2, High: 7.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2020-7540 | Critical | 9.8 | 2020-12-11 | A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premi… |
CVE-2020-7533 | Critical | 9.8 | 2020-12-01 | CWE-287: Improper Authentication vulnerability exists which could cause the execution of commands on the webserver without authentication when sending speciall… |
CVE-2021-22788 | High | 7.5 | 2022-02-11 | A CWE-787: Out-of-bounds Write vulnerability exists that could cause denial of service when an attacker sends a specially crafted HTTP request to the web serve… |
CVE-2021-22787 | High | 7.5 | 2022-02-11 | A CWE-20: Improper Input Validation vulnerability exists that could cause denial of service of the device when an attacker sends a specially crafted HTTP reque… |
CVE-2021-22785 | High | 7.5 | 2022-02-11 | A CWE-200: Information Exposure vulnerability exists that could cause sensitive information of files located in the web root directory to leak when an attacker… |
CVE-2020-7539 | High | 7.5 | 2020-12-11 | A CWE-754 Improper Check for Unusual or Exceptional Conditions vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modico… |
CVE-2020-7536 | High | 7.5 | 2020-12-11 | A CWE-754:Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M340 CPUs (BMXP34* versions prior to V3.30) Modicon M340 Communi… |
CVE-2020-7535 | High | 7.5 | 2020-12-11 | A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal' Vulnerability Type) vulnerability exists in the Web Server on Modicon M… |
CVE-2017-6017 | High | 7.5 | 2017-06-30 | A Resource Exhaustion issue was discovered in Schneider Electric Modicon M340 PLC BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP341000, BMX… |
CVE-2024-5056 | Medium | 6.5 | 2024-06-12 | CWE-552: Files or Directories Accessible to External Parties vulnerability exists which may prevent user to update the device firmware and prevent proper behav… |
CVE-2015-6462 | Medium | 5.4 | 2019-03-21 | Reflected Cross-Site Scripting (nonpersistent) allows an attacker to craft a specific URL, which contains Java script that will be executed on the Schneider El… |
CVE-2015-6461 | Medium | 5.4 | 2019-03-21 | Remote file inclusion allows an attacker to craft a specific URL referencing the Schneider Electric Modicon BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BM… |
CVE-2020-7549 | Medium | 5.3 | 2020-12-11 | A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modic… |
CVE-2020-7541 | Medium | 5.3 | 2020-12-11 | A CWE-425: Direct Request ('Forced Browsing') vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and ass… |
CVE-2015-7937 | | 2015-12-21 | Stack-based buffer overflow in the GoAhead Web Server on Schneider Electric Modicon M340 PLC BMXNOx and BMXPx devices allows remote attackers to execute arbitr… |