VYPR

Modicon MC80

by Schneider Electric

CVEs (9)

  • CVE-2023-25619HigApr 19, 2023
    risk 0.49cvss 7.5epss 0.01

    A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause denial of service of the controller when communicating over the Modbus TCP protocol.

  • CVE-2021-22786HigFeb 1, 2023
    risk 0.49cvss 7.5epss 0.01

    A CWE-200: Information Exposure vulnerability exists that could cause the exposure of sensitive information stored on the memory of the controller when communicating over the Modbus TCP protocol. Affected Products: Modicon M340 CPU (part numbers BMXP34*) (Versions prior to…

  • CVE-2022-45788HigJan 30, 2023
    risk 0.49cvss 7.5epss 0.01

    A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause arbitrary code execution, denial of service and loss of confidentiality & integrity when a malicious project file is loaded onto the controller. Affected Products: EcoStruxure…

  • CVE-2022-37301HigNov 22, 2022
    risk 0.49cvss 7.5epss 0.01

    A CWE-191: Integer Underflow (Wrap or Wraparound) vulnerability exists that could cause a denial of service of the controller due to memory access violations when using the Modbus TCP protocol. Affected products: Modicon M340 CPU (part numbers BMXP34*)(V3.40 and prior), Modicon…

  • CVE-2021-22792HigSep 2, 2021
    risk 0.49cvss 7.5epss 0.01

    A CWE-476: NULL Pointer Dereference vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU (part numbers BMEP* and BMEH*, all…

  • CVE-2023-25620MedApr 19, 2023
    risk 0.42cvss 6.5epss 0.01

    A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause denial of service of the controller when a malicious project file is loaded onto the controller by an authenticated user.

  • CVE-2021-22791MedSep 2, 2021
    risk 0.42cvss 6.5epss 0.01

    A CWE-787: Out-of-bounds Write vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions),…

  • CVE-2021-22790MedSep 2, 2021
    risk 0.42cvss 6.5epss 0.01

    A CWE-125: Out-of-bounds Read vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions),…

  • CVE-2021-22789MedSep 2, 2021
    risk 0.42cvss 6.5epss 0.01

    A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580…