Schneider-electric Modicon_m340_bmxp342030_firmware
13 CVEs affecting Schneider-electric Modicon_m340_bmxp342030_firmware. Latest disclosed: 2024-02-14. Critical: 2, High: 7.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-37300 | Critical | 9.8 | 2022-09-12 | A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could cause unauthorized access in read and write mode to the cont… |
CVE-2021-22779 | Critical | 9.1 | 2021-07-14 | Authentication Bypass by Spoofing vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), Ec… |
CVE-2023-6408 | High | 8.1 | 2024-02-14 | CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability exists that could cause a denial of service an… |
CVE-2022-45789 | High | 8.1 | 2023-01-31 | A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause execution of unauthorized Modbus functions on the controller when hija… |
CVE-2021-22786 | High | 7.5 | 2023-02-01 | A CWE-200: Information Exposure vulnerability exists that could cause the exposure of sensitive information stored on the memory of the controller when communi… |
CVE-2022-45788 | High | 7.5 | 2023-01-30 | A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause arbitrary code execution, denial of service and loss of c… |
CVE-2022-0222 | High | 7.5 | 2022-11-22 | A CWE-269: Improper Privilege Management vulnerability exists that could cause a denial of service of the Ethernet communication of the controller when sending… |
CVE-2022-22724 | High | 7.5 | 2022-02-04 | A CWE-400: Uncontrolled Resource Consumption vulnerability exists that could cause a denial of service on ports 80 (HTTP) and 502 (Modbus), when sending a larg… |
CVE-2017-6017 | High | 7.5 | 2017-06-30 | A Resource Exhaustion issue was discovered in Schneider Electric Modicon M340 PLC BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP341000, BMX… |
CVE-2015-6462 | Medium | 5.4 | 2019-03-21 | Reflected Cross-Site Scripting (nonpersistent) allows an attacker to craft a specific URL, which contains Java script that will be executed on the Schneider El… |
CVE-2015-6461 | Medium | 5.4 | 2019-03-21 | Remote file inclusion allows an attacker to craft a specific URL referencing the Schneider Electric Modicon BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BM… |
CVE-2014-0754 | | 2014-10-03 | Directory traversal vulnerability in SchneiderWEB on Schneider Electric Modicon PLC Ethernet modules 140CPU65x Exec before 5.5, 140NOC78x Exec before 1.62, 140… | |
CVE-2013-2763 | | 2013-04-04 | The Schneider Electric M340 PLC modules allow remote attackers to cause a denial of service (resource consumption) via unspecified vectors. NOTE: the vendor r… |