VYPR

Modicon M580 CPU

by Schneider Electric

CVEs (54)

  • CVE-2018-7842CriMay 22, 2019
    risk 0.67cvss 9.8epss 0.35

    A CWE-290: Authentication Bypass by Spoofing vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause an elevation of privilege by conducting a brute force attack on Modbus parameters sent to the controller.

  • CVE-2018-7846CriMay 22, 2019
    risk 0.66cvss 9.8epss 0.30

    A CWE-501: Trust Boundary Violation vulnerability on connection to the Controller exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum and Modicon Premium which could cause unauthorized access by conducting a brute force attack on Modbus protocol to the…

  • CVE-2022-37300CriSep 12, 2022
    risk 0.64cvss 9.8epss 0.01

    A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could cause unauthorized access in read and write mode to the controller when communicating over Modbus. Affected Products: EcoStruxure Control Expert Including all Unity Pro versions…

  • CVE-2020-7475CriMar 23, 2020
    risk 0.64cvss 9.8epss 0.02

    A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'), reflective DLL, vulnerability exists in EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions), Modicon M340 (all versions prior to…

  • CVE-2019-6808CriMay 22, 2019
    risk 0.64cvss 9.8epss 0.08

    A CWE-284: Improper Access Control vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a remote code execution by overwriting configuration settings of the controller over Modbus.

  • CVE-2018-7847CriMay 22, 2019
    risk 0.64cvss 9.8epss 0.04

    A CWE-284: Improper Access Control vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service or potential code execution by overwriting configuration settings of the controller over Modbus.

  • CVE-2021-22779CriJul 14, 2021
    risk 0.59cvss 9.1epss 0.01

    Authentication Bypass by Spoofing vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Control Expert V15.0 SP1, EcoStruxure Process Expert (all versions, including all versions of EcoStruxure…

  • CVE-2019-6848HigOct 29, 2019
    risk 0.59cvss 8.6epss 0.33

    A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580 CPU (BMEx58*) and Modicon M580 communication module (BMENOC0311, BMENOC0321) (see notification for version info), which could cause a Denial of Service attack on the PLC when sending…

  • CVE-2022-45789HigJan 31, 2023
    risk 0.53cvss 8.1epss 0.01

    A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause execution of unauthorized Modbus functions on the controller when hijacking an authenticated Modbus session. Affected Products: EcoStruxure Control Expert (All Versions), EcoStruxure Process…

  • CVE-2019-6851HigOct 29, 2019
    risk 0.51cvss 7.5epss 0.30

    A CWE-538: File and Directory Information Exposure vulnerability exists in Modicon M580, Modicon M340, Modicon Premium , Modicon Quantum (all firmware versions), which could cause the disclosure of information from the controller when using TFTP protocol.

  • CVE-2021-22786HigFeb 1, 2023
    risk 0.49cvss 7.5epss 0.01

    A CWE-200: Information Exposure vulnerability exists that could cause the exposure of sensitive information stored on the memory of the controller when communicating over the Modbus TCP protocol. Affected Products: Modicon M340 CPU (part numbers BMXP34*) (Versions prior to…

  • CVE-2022-45788HigJan 30, 2023
    risk 0.49cvss 7.5epss 0.01

    A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause arbitrary code execution, denial of service and loss of confidentiality & integrity when a malicious project file is loaded onto the controller. Affected Products: EcoStruxure…

  • CVE-2022-37301HigNov 22, 2022
    risk 0.49cvss 7.5epss 0.01

    A CWE-191: Integer Underflow (Wrap or Wraparound) vulnerability exists that could cause a denial of service of the controller due to memory access violations when using the Modbus TCP protocol. Affected products: Modicon M340 CPU (part numbers BMXP34*)(V3.40 and prior), Modicon…

  • CVE-2021-22792HigSep 2, 2021
    risk 0.49cvss 7.5epss 0.01

    A CWE-476: NULL Pointer Dereference vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU (part numbers BMEP* and BMEH*, all…

  • CVE-2020-7543HigDec 11, 2020
    risk 0.49cvss 7.5epss 0.01

    A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see security notifications for affected versions), that could cause denial of service when a specially…

  • CVE-2020-7542HigDec 11, 2020
    risk 0.49cvss 7.5epss 0.01

    A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see security notifications for affected versions), that could cause denial of service when a specially…

  • CVE-2020-7537HigDec 11, 2020
    risk 0.49cvss 7.5epss 0.01

    A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see security notifications for affected versions), that could cause denial of service when a specially…

  • CVE-2019-6857HigJan 6, 2020
    risk 0.49cvss 7.5epss 0.02

    A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service of the controller when reading specific…

  • CVE-2019-6856HigJan 6, 2020
    risk 0.49cvss 7.5epss 0.02

    A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service when writing specific physical memory…

  • CVE-2018-7794HigJan 6, 2020
    risk 0.49cvss 7.5epss 0.01

    A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service when reading data with invalid index using…

Page 1 of 3