VYPR

Modicon M340 Bmxp341000

by Schneider Electric

CVEs (6)

  • CVE-2021-22788HigFeb 11, 2022
    risk 0.49cvss 7.5epss 0.01

    A CWE-787: Out-of-bounds Write vulnerability exists that could cause denial of service when an attacker sends a specially crafted HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet…

  • CVE-2021-22792HigSep 2, 2021
    risk 0.49cvss 7.5epss 0.01

    A CWE-476: NULL Pointer Dereference vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU (part numbers BMEP* and BMEH*, all…

  • CVE-2021-22791MedSep 2, 2021
    risk 0.42cvss 6.5epss 0.01

    A CWE-787: Out-of-bounds Write vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions),…

  • CVE-2021-22790MedSep 2, 2021
    risk 0.42cvss 6.5epss 0.01

    A CWE-125: Out-of-bounds Read vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions),…

  • CVE-2021-22789MedSep 2, 2021
    risk 0.42cvss 6.5epss 0.01

    A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580…

  • CVE-2015-7937Dec 21, 2015
    risk 0.01cvss epss 0.07

    Stack-based buffer overflow in the GoAhead Web Server on Schneider Electric Modicon M340 PLC BMXNOx and BMXPx devices allows remote attackers to execute arbitrary code via a long password in HTTP Basic Authentication data.