VYPR
Vendor

Modicon

Products
11
CVEs
10
Across products
16
Status
Private

Products

11

Recent CVEs

10
  • CVE-2021-22731CriMay 26, 2021
    risk 0.64cvss 9.8epss 0.01

    Weak Password Recovery Mechanism for Forgotten Password vulnerability exists on Modicon Managed Switch MCSESM* and MCSESP* V8.21 and prior which could cause an unauthorized password change through HTTP / HTTPS when basic user information is known by a remote attacker.

  • CVE-2019-6816CriMay 22, 2019
    risk 0.59cvss 9.1epss 0.01

    In Modicon Quantum all firmware versions, a CWE-94: Code Injection vulnerability could cause an unauthorized firmware modification with possible Denial of Service when using Modbus protocol.

  • CVE-2019-6815CriMay 22, 2019
    risk 0.59cvss 9.1epss 0.01

    In Modicon Quantum all firmware versions, CWE-264: Permissions, Privileges, and Access Control vulnerabilities could cause a denial of service or unauthorized modifications of the PLC configuration when using Ethernet/IP protocol.

  • CVE-2019-6820HigMay 22, 2019
    risk 0.53cvss 8.2epss 0.01

    A CWE-306: Missing Authentication for Critical Function vulnerability exists which could cause a modification of device IP configuration (IP address, network mask and gateway IP address) when a specific Ethernet frame is received in all versions of: Modicon M100, Modicon M200,…

  • CVE-2022-22724HigFeb 4, 2022
    risk 0.49cvss 7.5epss 0.01

    A CWE-400: Uncontrolled Resource Consumption vulnerability exists that could cause a denial of service on ports 80 (HTTP) and 502 (Modbus), when sending a large number of TCP RST or FIN packets to any open TCP port of the PLC. Affected Product: Modicon M340 CPUs: BMXP34 (All…

  • CVE-2019-6829HigSep 17, 2019
    risk 0.49cvss 7.5epss 0.02

    A CWE-248: Uncaught Exception vulnerability exists in Modicon M580 (firmware version prior to V2.90) and Modicon M340 (firmware version prior to V3.10), which could cause a possible denial of service when writing to specific memory addresses in the controller over Modbus.

  • CVE-2019-6811HigSep 17, 2019
    risk 0.49cvss 7.5epss 0.01

    An Improper Check for Unusual or Exceptional Conditions (CWE-754) vulnerability exists in Modicon Quantum 140 NOE771x1 version 6.9 and earlier, which could cause denial of service when the module receives an IP fragmented packet with a length greater than 65535 bytes. The module…

  • CVE-2018-7830HigNov 30, 2018
    risk 0.49cvss 7.5epss 0.02

    Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where a denial of service can occur for ~1 minute by sending a specially crafted HTTP…

  • CVE-2018-7788MedMay 22, 2019
    risk 0.42cvss 6.5epss 0.01

    A CWE-255 Credentials Management vulnerability exists in Modicon Quantum with firmware versions prior to V2.40. which could cause a Denial Of Service when using a Telnet connection.

  • CVE-2020-28214MedDec 11, 2020
    risk 0.36cvss 5.5epss 0.01

    A CWE-760: Use of a One-Way Hash with a Predictable Salt vulnerability exists in Modicon M221 (all references, all versions), that could allow an attacker to pre-compute the hash value using dictionary attack technique such as rainbow tables, effectively disabling the protection…