Schneider-electric Modicon_m580_bmeh584040
12 CVEs affecting Schneider-electric Modicon_m580_bmeh584040. Latest disclosed: 2024-02-14. Critical: 2, High: 7.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-37300 | Critical | 9.8 | 2022-09-12 | A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could cause unauthorized access in read and write mode to the cont… |
CVE-2021-22779 | Critical | 9.1 | 2021-07-14 | Authentication Bypass by Spoofing vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), Ec… |
CVE-2023-6408 | High | 8.1 | 2024-02-14 | CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability exists that could cause a denial of service an… |
CVE-2022-45789 | High | 8.1 | 2023-01-31 | A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause execution of unauthorized Modbus functions on the controller when hija… |
CVE-2021-22786 | High | 7.5 | 2023-02-01 | A CWE-200: Information Exposure vulnerability exists that could cause the exposure of sensitive information stored on the memory of the controller when communi… |
CVE-2022-45788 | High | 7.5 | 2023-01-30 | A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause arbitrary code execution, denial of service and loss of c… |
CVE-2022-37301 | High | 7.5 | 2022-11-22 | A CWE-191: Integer Underflow (Wrap or Wraparound) vulnerability exists that could cause a denial of service of the controller due to memory access violations w… |
CVE-2021-22792 | High | 7.5 | 2021-09-02 | A CWE-476: NULL Pointer Dereference vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller a… |
CVE-2019-6855 | High | 7.3 | 2020-01-06 | Incorrect Authorization vulnerability exists in EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions), Modicon M340 (all ve… |
CVE-2021-22791 | Medium | 6.5 | 2021-09-02 | A CWE-787: Out-of-bounds Write vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller applic… |
CVE-2021-22790 | Medium | 6.5 | 2021-09-02 | A CWE-125: Out-of-bounds Read vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller applica… |
CVE-2021-22789 | Medium | 6.5 | 2021-09-02 | A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability that could cause a Denial of Service on the Modicon PLC contro… |