VYPR

Modicon M340

by Schneider Electric

CVEs (72)

  • CVE-2018-7853May 22, 2019
    risk 0.00cvss epss 0.02

    A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service when reading invalid physical memory blocks in the controller over Modbus

  • CVE-2018-7845May 22, 2019
    risk 0.00cvss epss 0.03

    A CWE-125: Out-of-bounds Read vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause the disclosure of unexpected data from the controller when reading specific memory blocks in the controller over Modbus.

  • CVE-2018-7850May 22, 2019
    risk 0.00cvss epss 0.02

    A CWE-807: Reliance on Untrusted Inputs in a Security Decision vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause invalid information displayed in Unity Pro software.

  • CVE-2018-7851May 22, 2019
    risk 0.00cvss epss 0.01

    CWE-119: Buffer errors vulnerability exists in Modicon M580 with firmware prior to V2.50, Modicon M340 with firmware prior to V3.01, BMxCRA312xx with firmware prior to V2.40, All firmware versions of Modicon Premium and 140CRA312xxx when sending a specially crafted Modbus…

  • CVE-2019-6821May 22, 2019
    risk 0.00cvss epss 0.02

    CWE-330: Use of Insufficiently Random Values vulnerability, which could cause the hijacking of the TCP connection when using Ethernet communication in Modicon M580 firmware versions prior to V2.30, and all firmware versions of Modicon M340, Modicon Premium, Modicon Quantum.

  • CVE-2018-7812Dec 17, 2018
    risk 0.00cvss epss 0.04

    An Information Exposure through Discrepancy vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where the web server sends different responses in a way that exposes security-relevant information about the state of the…

  • CVE-2018-7804Dec 17, 2018
    risk 0.00cvss epss 0.01

    A URL Redirection to Untrusted Site vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where a user clicking on a specially crafted link can be redirected to a URL of the attacker's choosing.

  • CVE-2018-7811Nov 30, 2018
    risk 0.00cvss epss 0.04

    An Unverified Password Change vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 which could allow an unauthenticated remote user to access the change password function of the web server

  • CVE-2018-7809Nov 30, 2018
    risk 0.00cvss epss 0.02

    An Unverified Password Change vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 which could allow an unauthenticated remote user to access the password delete function of the web server.

  • CVE-2018-7810Nov 30, 2018
    risk 0.00cvss epss 0.01

    An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 allowing an attacker to craft a URL containing JavaScript that will be executed…

  • CVE-2013-2761Apr 4, 2013
    risk 0.00cvss epss 0.01

    The Schneider Electric M340 BMXNOE01xx and BMXP3420xx PLC modules allow remote authenticated users to cause a denial of service (module crash) via crafted FTP traffic, as demonstrated by the FileZilla FTP client.

  • CVE-2013-0664Apr 4, 2013
    risk 0.00cvss epss 0.04

    The FactoryCast service on the Schneider Electric Quantum 140NOE77111 and 140NWM10000, M340 BMXNOE0110x, and Premium TSXETY5103 PLC modules allows remote authenticated users to send Modbus messages, and consequently execute arbitrary code, by embedding these messages in SOAP…

Page 4 of 4