Schneider-electric Modicon_m340_bmxp341000_firmware
27 CVEs affecting Schneider-electric Modicon_m340_bmxp341000_firmware. Latest disclosed: 2024-02-14. Critical: 8, High: 16.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-37300 | Critical | 9.8 | 2022-09-12 | A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could cause unauthorized access in read and write mode to the cont… |
CVE-2020-7540 | Critical | 9.8 | 2020-12-11 | A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premi… |
CVE-2020-7533 | Critical | 9.8 | 2020-12-01 | CWE-287: Improper Authentication vulnerability exists which could cause the execution of commands on the webserver without authentication when sending speciall… |
CVE-2018-7761 | Critical | 9.8 | 2018-04-18 | A vulnerability exists in the HTTP request parser in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200 which could allow arbi… |
CVE-2018-7760 | Critical | 9.8 | 2018-04-18 | An authorization bypass vulnerability exists in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200. Requests to CGI functions… |
CVE-2018-7242 | Critical | 9.8 | 2018-04-18 | Vulnerable hash algorithms exists in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the com… |
CVE-2018-7241 | Critical | 9.8 | 2018-04-18 | Hard coded accounts exist in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communicati… |
CVE-2021-22779 | Critical | 9.1 | 2021-07-14 | Authentication Bypass by Spoofing vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), Ec… |
CVE-2023-6408 | High | 8.1 | 2024-02-14 | CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability exists that could cause a denial of service an… |
CVE-2022-45789 | High | 8.1 | 2023-01-31 | A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause execution of unauthorized Modbus functions on the controller when hija… |
CVE-2021-22786 | High | 7.5 | 2023-02-01 | A CWE-200: Information Exposure vulnerability exists that could cause the exposure of sensitive information stored on the memory of the controller when communi… |
CVE-2022-45788 | High | 7.5 | 2023-01-30 | A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause arbitrary code execution, denial of service and loss of c… |
CVE-2022-0222 | High | 7.5 | 2022-11-22 | A CWE-269: Improper Privilege Management vulnerability exists that could cause a denial of service of the Ethernet communication of the controller when sending… |
CVE-2022-22724 | High | 7.5 | 2022-02-04 | A CWE-400: Uncontrolled Resource Consumption vulnerability exists that could cause a denial of service on ports 80 (HTTP) and 502 (Modbus), when sending a larg… |
CVE-2020-7543 | High | 7.5 | 2020-12-11 | A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modico… |
CVE-2020-7542 | High | 7.5 | 2020-12-11 | A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modico… |
CVE-2020-7539 | High | 7.5 | 2020-12-11 | A CWE-754 Improper Check for Unusual or Exceptional Conditions vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modico… |
CVE-2020-7537 | High | 7.5 | 2020-12-11 | A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modico… |
CVE-2020-7536 | High | 7.5 | 2020-12-11 | A CWE-754:Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M340 CPUs (BMXP34* versions prior to V3.30) Modicon M340 Communi… |
CVE-2020-7535 | High | 7.5 | 2020-12-11 | A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal' Vulnerability Type) vulnerability exists in the Web Server on Modicon M… |