VYPR

Modicon M580 CPU

by Schneider Electric

CVEs (54)

  • CVE-2019-6855HigJan 6, 2020
    risk 0.48cvss 7.3epss 0.01

    Incorrect Authorization vulnerability exists in EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions), Modicon M340 (all versions prior to V3.20) , and Modicon M580 (all versions prior to V3.10), which could cause a bypass of the…

  • CVE-2021-22791MedSep 2, 2021
    risk 0.42cvss 6.5epss 0.01

    A CWE-787: Out-of-bounds Write vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions),…

  • CVE-2021-22790MedSep 2, 2021
    risk 0.42cvss 6.5epss 0.01

    A CWE-125: Out-of-bounds Read vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions),…

  • CVE-2021-22789MedSep 2, 2021
    risk 0.42cvss 6.5epss 0.01

    A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580…

  • CVE-2019-6846MedOct 29, 2019
    risk 0.42cvss 6.5epss 0.01

    A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause information disclosure when using the FTP protocol.

  • CVE-2019-6821MedMay 22, 2019
    risk 0.42cvss 6.5epss 0.02

    CWE-330: Use of Insufficiently Random Values vulnerability, which could cause the hijacking of the TCP connection when using Ethernet communication in Modicon M580 firmware versions prior to V2.30, and all firmware versions of Modicon M340, Modicon Premium, Modicon Quantum.

  • CVE-2018-7851MedMay 22, 2019
    risk 0.42cvss 6.5epss 0.01

    CWE-119: Buffer errors vulnerability exists in Modicon M580 with firmware prior to V2.50, Modicon M340 with firmware prior to V3.01, BMxCRA312xx with firmware prior to V2.40, All firmware versions of Modicon Premium and 140CRA312xxx when sending a specially crafted Modbus…

  • CVE-2019-6830MedSep 17, 2019
    risk 0.38cvss 5.9epss 0.01

    A CWE-248: Uncaught Exception vulnerability exists IN Modicon M580 all versions prior to V2.80, which could cause a possible denial of service when sending an appropriately timed HTTP request to the controller.

  • CVE-2018-7850MedMay 22, 2019
    risk 0.35cvss 5.3epss 0.02

    A CWE-807: Reliance on Untrusted Inputs in a Security Decision vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause invalid information displayed in Unity Pro software.

  • CVE-2019-6841MedOct 29, 2019
    risk 0.34cvss 4.9epss 0.24

    A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580 with firmware (version prior to V3.10), Modicon M340 (all firmware versions), and Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause a Denial of Service attack…

  • CVE-2019-6847MedOct 29, 2019
    risk 0.32cvss 4.9epss 0.01

    A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause a Denial of Service attack on the FTP service when upgrading the firmware with a version…

  • CVE-2019-6844MedOct 29, 2019
    risk 0.32cvss 4.9epss 0.01

    A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause a Denial of Service atack on the PLC when upgrading the controller with a firmware package…

  • CVE-2019-6843MedOct 29, 2019
    risk 0.32cvss 4.9epss 0.01

    A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580 with firmware (version prior to V3.10), Modicon M340 (all firmware versions), and Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause a Denial of Service attack…

  • CVE-2019-6842MedOct 29, 2019
    risk 0.32cvss 4.9epss 0.01

    A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause a Denial of Service attack on the PLC when upgrading the firmware with a missing web server…

Page 3 of 3