Schneider-electric Modicon_m340_bmxp342020h

19 CVEs affecting Schneider-electric Modicon_m340_bmxp342020h. Latest disclosed: 2024-02-14. Critical: 5, High: 9.

Top CVEs affecting Schneider-electric Modicon_m340_bmxp342020h
CVESeverityScorePublishedSummary
CVE-2022-37300Critical9.82022-09-12A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could cause unauthorized access in read and write mode to the cont…
CVE-2018-7761Critical9.82018-04-18A vulnerability exists in the HTTP request parser in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200 which could allow arbi…
CVE-2018-7760Critical9.82018-04-18An authorization bypass vulnerability exists in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200. Requests to CGI functions…
CVE-2018-7242Critical9.82018-04-18Vulnerable hash algorithms exists in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the com…
CVE-2018-7241Critical9.82018-04-18Hard coded accounts exist in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communicati…
CVE-2023-6408High8.12024-02-14 CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability exists that could cause a denial of service an…
CVE-2022-45789High8.12023-01-31A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause execution of unauthorized Modbus functions on the controller when hija…
CVE-2021-22786High7.52023-02-01A CWE-200: Information Exposure vulnerability exists that could cause the exposure of sensitive information stored on the memory of the controller when communi…
CVE-2022-45788High7.52023-01-30A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause arbitrary code execution, denial of service and loss of c…
CVE-2022-0222High7.52022-11-22A CWE-269: Improper Privilege Management vulnerability exists that could cause a denial of service of the Ethernet communication of the controller when sending…
CVE-2019-6819High7.52019-05-22A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists which could cause a possible Denial of Service when specific Modbus frames…
CVE-2018-7762High7.52018-04-18A vulnerability exists in the web services to process SOAP requests in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200 whic…
CVE-2018-7759High7.52018-04-18A buffer overflow vulnerability exists in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200. The buffer overflow vulnerabilit…
CVE-2017-6017High7.52017-06-30A Resource Exhaustion issue was discovered in Schneider Electric Modicon M340 PLC BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP341000, BMX…
CVE-2018-7851Medium6.52019-05-22CWE-119: Buffer errors vulnerability exists in Modicon M580 with firmware prior to V2.50, Modicon M340 with firmware prior to V3.01, BMxCRA312xx with firmware…
CVE-2015-6462Medium5.42019-03-21Reflected Cross-Site Scripting (nonpersistent) allows an attacker to craft a specific URL, which contains Java script that will be executed on the Schneider El…
CVE-2015-6461Medium5.42019-03-21Remote file inclusion allows an attacker to craft a specific URL referencing the Schneider Electric Modicon BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BM…
CVE-2015-79372015-12-21Stack-based buffer overflow in the GoAhead Web Server on Schneider Electric Modicon M340 PLC BMXNOx and BMXPx devices allows remote attackers to execute arbitr…
CVE-2014-07542014-10-03Directory traversal vulnerability in SchneiderWEB on Schneider Electric Modicon PLC Ethernet modules 140CPU65x Exec before 5.5, 140NOC78x Exec before 1.62, 140…