2019-03-21
|
CVE-2015-6461
|
Remote file inclusion allows an attacker to craft a specific URL referencing the Schneider Electric Modicon BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, or BMXP342030H PLC web server, which, when launched, will result in the browser redirecting to a remote file via a Java script loaded with the web page.
|
Bmxnoc0401_firmware, Bmxnoe0100_firmware, Bmxnoe0110_firmware, Bmxnoe0110h_firmware, Bmxnor0200h_firmware, Modicon_m340_bmxp342020_firmware, Modicon_m340_bmxp342020h_firmware, Modicon_m340_bmxp3420302_firmware, Modicon_m340_bmxp3420302h_firmware, Modicon_m340_bmxp342030_firmware, Modicon_m340_bmxp342030h_firmware
|
5.4
|
|
|
2018-04-18
|
CVE-2018-7241
|
Hard coded accounts exist in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules.
|
140cpu31110_firmware, 140cpu31110c_firmware, 140cpu43412u_firmware, 140cpu43412uc_firmware, 140cpu65150_firmware, 140cpu65150c_firmware, 140cpu65160_firmware, 140cpu65160c_firmware, 140cpu65160s_firmware, 140cpu65260_firmware, 140cpu65260c_firmware, 140cpu65860_firmware, 140cpu65860c_firmware, Bmxnor0200_firmware, Bmxnor0200h_firmware, Modicon_m340_bmxp341000_firmware, Modicon_m340_bmxp341000h_firmware, Modicon_m340_bmxp342000_firmware, Modicon_m340_bmxp3420102_firmware, Modicon_m340_bmxp3420102cl_firmware, Modicon_m340_bmxp342020_firmware, Modicon_m340_bmxp342020h_firmware, Modicon_m340_bmxp3420302_firmware, Modicon_m340_bmxp3420302cl_firmware, Modicon_m340_bmxp3420302h_firmware, Tsxh5724m_firmware, Tsxh5724mc_firmware, Tsxh5744m_firmware, Tsxh5744mc_firmware, Tsxp57104m_firmware, Tsxp57104mc_firmware, Tsxp57154m_firmware, Tsxp57154mc_firmware, Tsxp571634m_firmware, Tsxp571634mc_firmware, Tsxp57204m_firmware, Tsxp57204mc_firmware, Tsxp57254m_firmware, Tsxp57254mc_firmware, Tsxp572634m_firmware, Tsxp572634mc_firmware, Tsxp57304m_firmware, Tsxp57304mc_firmware, Tsxp57354m_firmware, Tsxp57354mc_firmware, Tsxp573634m_firmware, Tsxp573634mc_firmware, Tsxp57454m_firmware, Tsxp57454mc_firmware, Tsxp574634m_firmware, Tsxp574634mc_firmware, Tsxp57554m_firmware, Tsxp57554mc_firmware, Tsxp575634m_firmware, Tsxp575634mc_firmware, Tsxp576634m_firmware, Tsxp576634mc_firmware
|
9.8
|
|
|
2017-06-30
|
CVE-2017-6017
|
A Resource Exhaustion issue was discovered in Schneider Electric Modicon M340 PLC BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP341000, BMXP342000, BMXP3420102, BMXP3420102CL, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, and BMXP342030H. A remote attacker could send a specially crafted set of packets to the PLC causing it to freeze, requiring the operator to physically press the reset button on the PLC in order to recover.
|
Bmxnoc0401_firmware, Bmxnoe0100_firmware, Bmxnoe0110_firmware, Bmxnoe0110h_firmware, Bmxnor0200h_firmware, Modicon_m340_bmxp341000_firmware, Modicon_m340_bmxp342000_firmware, Modicon_m340_bmxp3420102_firmware, Modicon_m340_bmxp3420102cl_firmware, Modicon_m340_bmxp342020_firmware, Modicon_m340_bmxp342020h_firmware, Modicon_m340_bmxp3420302_firmware, Modicon_m340_bmxp3420302h_firmware, Modicon_m340_bmxp342030_firmware, Modicon_m340_bmxp342030h_firmware
|
7.5
|
|
|
2019-03-21
|
CVE-2015-6462
|
Reflected Cross-Site Scripting (nonpersistent) allows an attacker to craft a specific URL, which contains Java script that will be executed on the Schneider Electric Modicon BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, or BMXP342030H PLC client browser.
|
Bmxnoc0401_firmware, Bmxnoe0100_firmware, Bmxnoe0110_firmware, Bmxnoe0110h_firmware, Bmxnor0200h_firmware, Modicon_m340_bmxp342020_firmware, Modicon_m340_bmxp342020h_firmware, Modicon_m340_bmxp3420302_firmware, Modicon_m340_bmxp3420302h_firmware, Modicon_m340_bmxp342030_firmware, Modicon_m340_bmxp342030h_firmware
|
5.4
|
|
|
2018-04-18
|
CVE-2018-7759
|
A buffer overflow vulnerability exists in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200. The buffer overflow vulnerability is caused by the length of the source string specified (instead of the buffer size) as the number of bytes to be copied.
|
140cpu31110_firmware, 140cpu31110c_firmware, 140cpu43412u_firmware, 140cpu43412uc_firmware, 140cpu65150_firmware, 140cpu65150c_firmware, 140cpu65160_firmware, 140cpu65160c_firmware, 140cpu65160s_firmware, 140cpu65260_firmware, 140cpu65260c_firmware, 140cpu65860_firmware, 140cpu65860c_firmware, Bmxnor0200_firmware, Bmxnor0200h_firmware, Modicon_m340_bmxp341000_firmware, Modicon_m340_bmxp341000h_firmware, Modicon_m340_bmxp342000_firmware, Modicon_m340_bmxp3420102_firmware, Modicon_m340_bmxp3420102cl_firmware, Modicon_m340_bmxp342020_firmware, Modicon_m340_bmxp342020h_firmware, Modicon_m340_bmxp3420302_firmware, Modicon_m340_bmxp3420302cl_firmware, Modicon_m340_bmxp3420302h_firmware, Tsxh5724m_firmware, Tsxh5724mc_firmware, Tsxh5744m_firmware, Tsxh5744mc_firmware, Tsxp57104m_firmware, Tsxp57104mc_firmware, Tsxp57154m_firmware, Tsxp57154mc_firmware, Tsxp571634m_firmware, Tsxp571634mc_firmware, Tsxp57204m_firmware, Tsxp57204mc_firmware, Tsxp57254m_firmware, Tsxp57254mc_firmware, Tsxp572634m_firmware, Tsxp572634mc_firmware, Tsxp57304m_firmware, Tsxp57304mc_firmware, Tsxp57354m_firmware, Tsxp57354mc_firmware, Tsxp573634m_firmware, Tsxp573634mc_firmware, Tsxp57454m_firmware, Tsxp57454mc_firmware, Tsxp574634m_firmware, Tsxp574634mc_firmware, Tsxp57554m_firmware, Tsxp57554mc_firmware, Tsxp575634m_firmware, Tsxp575634mc_firmware, Tsxp576634m_firmware, Tsxp576634mc_firmware
|
7.5
|
|
|
2018-04-18
|
CVE-2018-7760
|
An authorization bypass vulnerability exists in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200. Requests to CGI functions allow malicious users to bypass authorization.
|
140cpu31110_firmware, 140cpu31110c_firmware, 140cpu43412u_firmware, 140cpu43412uc_firmware, 140cpu65150_firmware, 140cpu65150c_firmware, 140cpu65160_firmware, 140cpu65160c_firmware, 140cpu65160s_firmware, 140cpu65260_firmware, 140cpu65260c_firmware, 140cpu65860_firmware, 140cpu65860c_firmware, Bmxnor0200_firmware, Bmxnor0200h_firmware, Modicon_m340_bmxp341000_firmware, Modicon_m340_bmxp341000h_firmware, Modicon_m340_bmxp342000_firmware, Modicon_m340_bmxp3420102_firmware, Modicon_m340_bmxp3420102cl_firmware, Modicon_m340_bmxp342020_firmware, Modicon_m340_bmxp342020h_firmware, Modicon_m340_bmxp3420302_firmware, Modicon_m340_bmxp3420302cl_firmware, Modicon_m340_bmxp3420302h_firmware, Tsxh5724m_firmware, Tsxh5724mc_firmware, Tsxh5744m_firmware, Tsxh5744mc_firmware, Tsxp57104m_firmware, Tsxp57104mc_firmware, Tsxp57154m_firmware, Tsxp57154mc_firmware, Tsxp571634m_firmware, Tsxp571634mc_firmware, Tsxp57204m_firmware, Tsxp57204mc_firmware, Tsxp57254m_firmware, Tsxp57254mc_firmware, Tsxp572634m_firmware, Tsxp572634mc_firmware, Tsxp57304m_firmware, Tsxp57304mc_firmware, Tsxp57354m_firmware, Tsxp57354mc_firmware, Tsxp573634m_firmware, Tsxp573634mc_firmware, Tsxp57454m_firmware, Tsxp57454mc_firmware, Tsxp574634m_firmware, Tsxp574634mc_firmware, Tsxp57554m_firmware, Tsxp57554mc_firmware, Tsxp575634m_firmware, Tsxp575634mc_firmware, Tsxp576634m_firmware, Tsxp576634mc_firmware
|
9.8
|
|
|
2018-04-18
|
CVE-2018-7761
|
A vulnerability exists in the HTTP request parser in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200 which could allow arbitrary code execution.
|
140cpu31110_firmware, 140cpu31110c_firmware, 140cpu43412u_firmware, 140cpu43412uc_firmware, 140cpu65150_firmware, 140cpu65150c_firmware, 140cpu65160_firmware, 140cpu65160c_firmware, 140cpu65160s_firmware, 140cpu65260_firmware, 140cpu65260c_firmware, 140cpu65860_firmware, 140cpu65860c_firmware, Bmxnor0200_firmware, Bmxnor0200h_firmware, Modicon_m340_bmxp341000_firmware, Modicon_m340_bmxp341000h_firmware, Modicon_m340_bmxp342000_firmware, Modicon_m340_bmxp3420102_firmware, Modicon_m340_bmxp3420102cl_firmware, Modicon_m340_bmxp342020_firmware, Modicon_m340_bmxp342020h_firmware, Modicon_m340_bmxp3420302_firmware, Modicon_m340_bmxp3420302cl_firmware, Modicon_m340_bmxp3420302h_firmware, Tsxh5724m_firmware, Tsxh5724mc_firmware, Tsxh5744m_firmware, Tsxh5744mc_firmware, Tsxp57104m_firmware, Tsxp57104mc_firmware, Tsxp57154m_firmware, Tsxp57154mc_firmware, Tsxp571634m_firmware, Tsxp571634mc_firmware, Tsxp57204m_firmware, Tsxp57204mc_firmware, Tsxp57254m_firmware, Tsxp57254mc_firmware, Tsxp572634m_firmware, Tsxp572634mc_firmware, Tsxp57304m_firmware, Tsxp57304mc_firmware, Tsxp57354m_firmware, Tsxp57354mc_firmware, Tsxp573634m_firmware, Tsxp573634mc_firmware, Tsxp57454m_firmware, Tsxp57454mc_firmware, Tsxp574634m_firmware, Tsxp574634mc_firmware, Tsxp57554m_firmware, Tsxp57554mc_firmware, Tsxp575634m_firmware, Tsxp575634mc_firmware, Tsxp576634m_firmware, Tsxp576634mc_firmware
|
9.8
|
|
|
2018-04-18
|
CVE-2018-7762
|
A vulnerability exists in the web services to process SOAP requests in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200 which could allow result in a buffer overflow.
|
140cpu31110_firmware, 140cpu31110c_firmware, 140cpu43412u_firmware, 140cpu43412uc_firmware, 140cpu65150_firmware, 140cpu65150c_firmware, 140cpu65160_firmware, 140cpu65160c_firmware, 140cpu65160s_firmware, 140cpu65260_firmware, 140cpu65260c_firmware, 140cpu65860_firmware, 140cpu65860c_firmware, Bmxnor0200_firmware, Bmxnor0200h_firmware, Modicon_m340_bmxp341000_firmware, Modicon_m340_bmxp341000h_firmware, Modicon_m340_bmxp342000_firmware, Modicon_m340_bmxp3420102_firmware, Modicon_m340_bmxp3420102cl_firmware, Modicon_m340_bmxp342020_firmware, Modicon_m340_bmxp342020h_firmware, Modicon_m340_bmxp3420302_firmware, Modicon_m340_bmxp3420302cl_firmware, Modicon_m340_bmxp3420302h_firmware, Tsxh5724m_firmware, Tsxh5724mc_firmware, Tsxh5744m_firmware, Tsxh5744mc_firmware, Tsxp57104m_firmware, Tsxp57104mc_firmware, Tsxp57154m_firmware, Tsxp57154mc_firmware, Tsxp571634m_firmware, Tsxp571634mc_firmware, Tsxp57204m_firmware, Tsxp57204mc_firmware, Tsxp57254m_firmware, Tsxp57254mc_firmware, Tsxp572634m_firmware, Tsxp572634mc_firmware, Tsxp57304m_firmware, Tsxp57304mc_firmware, Tsxp57354m_firmware, Tsxp57354mc_firmware, Tsxp573634m_firmware, Tsxp573634mc_firmware, Tsxp57454m_firmware, Tsxp57454mc_firmware, Tsxp574634m_firmware, Tsxp574634mc_firmware, Tsxp57554m_firmware, Tsxp57554mc_firmware, Tsxp575634m_firmware, Tsxp575634mc_firmware, Tsxp576634m_firmware, Tsxp576634mc_firmware
|
7.5
|
|
|
2014-10-03
|
CVE-2014-0754
|
Directory traversal vulnerability in SchneiderWEB on Schneider Electric Modicon PLC Ethernet modules 140CPU65x Exec before 5.5, 140NOC78x Exec before 1.62, 140NOE77x Exec before 6.2, BMXNOC0401 before 2.05, BMXNOE0100 before 2.9, BMXNOE0110x Exec before 6.0, TSXETC101 Exec before 2.04, TSXETY4103x Exec before 5.7, TSXETY5103x Exec before 5.9, TSXP57x ETYPort Exec before 5.7, and TSXP57x Ethernet Copro Exec before 5.5 allows remote attackers to visit arbitrary resources via a crafted HTTP request.
|
171ccc96020_firmware, 171ccc96020c_firmware, 171ccc96030_firmware, 171ccc96030c_firmware, 171ccc98020_firmware, 171ccc98030_firmware, Modicon_m340_bmxnoc0401_firmware, Modicon_m340_bmxnoe0100_firmware, Modicon_m340_bmxnoe0110_firmware, Modicon_m340_bmxnoe0110h_firmware, Modicon_m340_bmxnor0200h_firmware, Modicon_m340_bmxp342020_firmware, Modicon_m340_bmxp342020h_firmware, Modicon_m340_bmxp3420302_firmware, Modicon_m340_bmxp3420302h_firmware, Modicon_m340_bmxp342030_firmware, Modicon_m340_bmxp342030h_firmware, Modicon_m580_bmxnoc0402_firmware, Stbnic2212_firmware, Stbnip2212_firmware, Tsxetc0101_firmware, Tsxetc100_firmware, Tsxety110ws_firmware, Tsxety110wsc_firmware, Tsxety4103_firmware, Tsxety4103c_firmware, Tsxety5103_firmware, Tsxety5103c_firmware, Tsxetz410_firmware, Tsxetz510_firmware, Tsxntp100_firmware, Tsxp571634m_firmware, Tsxp572634m_firmware, Tsxp573623mc_firmware, Tsxp573634m_firmware, Tsxp574634m_firmware, Tsxp574823am_firmware, Tsxp574823m_firmware, Tsxp574823mc_firmware, Tsxp575634m_firmware, Tsxp576634m_firmware, Tsxwmy100_firmware, Tsxwmy100c_firmware
|
N/A
|
|
|
2020-01-06
|
CVE-2019-6855
|
Incorrect Authorization vulnerability exists in EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions), Modicon M340 (all versions prior to V3.20) , and Modicon M580 (all versions prior to V3.10), which could cause a bypass of the authentication process between EcoStruxure Control Expert and the M340 and M580 controllers.
|
Ecostruxure_control_expert, Modicon_m340_bmxp341000_firmware, Modicon_m340_bmxp342000_firmware, Modicon_m340_bmxp3420102_firmware, Modicon_m340_bmxp342020_firmware, Modicon_m340_bmxp3420302_firmware, Modicon_m580_bmeh582040_firmware, Modicon_m580_bmeh584040_firmware, Modicon_m580_bmeh584040s_firmware, Modicon_m580_bmeh586040_firmware, Modicon_m580_bmeh586040s_firmware, Modicon_m580_bmep581020_firmware, Modicon_m580_bmep582020_firmware, Modicon_m580_bmep582040_firmware, Modicon_m580_bmep582040s_firmware, Modicon_m580_bmep583020_firmware, Modicon_m580_bmep583040_firmware, Modicon_m580_bmep584020_firmware, Modicon_m580_bmep584040_firmware, Modicon_m580_bmep584040s_firmware, Modicon_m580_bmep585040_firmware, Modicon_m580_bmep586040_firmware, Unity_pro
|
7.3
|
|
|