Schneider-electric Bmxnoc0401

13 CVEs affecting Schneider-electric Bmxnoc0401. Latest disclosed: 2022-02-11. Critical: 2, High: 6.

Top CVEs affecting Schneider-electric Bmxnoc0401
CVESeverityScorePublishedSummary
CVE-2020-7540Critical9.82020-12-11A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premi…
CVE-2020-7533Critical9.82020-12-01CWE-287: Improper Authentication vulnerability exists which could cause the execution of commands on the webserver without authentication when sending speciall…
CVE-2020-7534High8.82022-02-04A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists on the web server used, that could cause a leak of sensitive data or unauthorized actions on…
CVE-2021-22788High7.52022-02-11A CWE-787: Out-of-bounds Write vulnerability exists that could cause denial of service when an attacker sends a specially crafted HTTP request to the web serve…
CVE-2021-22787High7.52022-02-11A CWE-20: Improper Input Validation vulnerability exists that could cause denial of service of the device when an attacker sends a specially crafted HTTP reque…
CVE-2021-22785High7.52022-02-11A CWE-200: Information Exposure vulnerability exists that could cause sensitive information of files located in the web root directory to leak when an attacker…
CVE-2020-7539High7.52020-12-11A CWE-754 Improper Check for Unusual or Exceptional Conditions vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modico…
CVE-2017-6017High7.52017-06-30A Resource Exhaustion issue was discovered in Schneider Electric Modicon M340 PLC BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP341000, BMX…
CVE-2015-6462Medium5.42019-03-21Reflected Cross-Site Scripting (nonpersistent) allows an attacker to craft a specific URL, which contains Java script that will be executed on the Schneider El…
CVE-2015-6461Medium5.42019-03-21Remote file inclusion allows an attacker to craft a specific URL referencing the Schneider Electric Modicon BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BM…
CVE-2020-7549Medium5.32020-12-11A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modic…
CVE-2020-7541Medium5.32020-12-11A CWE-425: Direct Request ('Forced Browsing') vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and ass…
CVE-2015-79372015-12-21Stack-based buffer overflow in the GoAhead Web Server on Schneider Electric Modicon M340 PLC BMXNOx and BMXPx devices allows remote attackers to execute arbitr…