Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Modicon_m580_firmware
(Schneider\-Electric)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 41 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-10-29 | CVE-2019-6844 | A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause a Denial of Service atack on the PLC when upgrading the controller with a firmware package containing an invalid web server image using FTP protocol. | Modicon_140cra_firmware, Modicon_bmxcra_firmware, Modicon_m340_firmware, Modicon_m580_firmware | 4.9 | ||
| 2019-10-29 | CVE-2019-6845 | A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists in Modicon M580, Modicon M340, Modicon Premium , Modicon Quantum (all firmware versions), which could cause the disclosure of information when transferring applications to the controller using Modbus TCP protocol. | Modicon_m340_firmware, Modicon_m580_firmware, Tsxmcpc002m_firmware, Tsxmcpc512k_firmware, Tsxmfp0128p2_firmware, Tsxmfp064p2_firmware, Tsxmfpp001m_firmware, Tsxmfpp002m_firmware, Tsxmfpp004m_firmware, Tsxmfpp224k_firmware, Tsxmfpp384k_firmware, Tsxmfpp512k_firmware, Tsxmrpc001m_firmware, Tsxmrpc002m_firmware, Tsxmrpc003m_firmware, Tsxmrpc007m_firmware, Tsxmrpc01m7_firmware, Tsxmrpc448k_firmware, Tsxmrpc768k_firmware, Tsxmrpf004m_firmware, Tsxmrpf008m_firmware, Tsxmrpp224k_firmware, Tsxmrpp384k_firmware | 7.5 | ||
| 2019-10-29 | CVE-2019-6846 | A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause information disclosure when using the FTP protocol. | Modicon_140cra_firmware, Modicon_bmxcra_firmware, Modicon_m340_firmware, Modicon_m580_firmware | 6.5 | ||
| 2019-10-29 | CVE-2019-6847 | A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause a Denial of Service attack on the FTP service when upgrading the firmware with a version incompatible with the application in the controller using FTP protocol. | Modicon_140cra_firmware, Modicon_bmxcra_firmware, Modicon_m340_firmware, Modicon_m580_firmware | 4.9 | ||
| 2019-10-29 | CVE-2019-6851 | A CWE-538: File and Directory Information Exposure vulnerability exists in Modicon M580, Modicon M340, Modicon Premium , Modicon Quantum (all firmware versions), which could cause the disclosure of information from the controller when using TFTP protocol. | Modicon_m340_firmware, Modicon_m580_firmware, Tsxmcpc002m_firmware, Tsxmcpc512k_firmware, Tsxmfp0128p2_firmware, Tsxmfp064p2_firmware, Tsxmfpp001m_firmware, Tsxmfpp002m_firmware, Tsxmfpp004m_firmware, Tsxmfpp224k_firmware, Tsxmfpp384k_firmware, Tsxmfpp512k_firmware, Tsxmrpc001m_firmware, Tsxmrpc002m_firmware, Tsxmrpc003m_firmware, Tsxmrpc007m_firmware, Tsxmrpc01m7_firmware, Tsxmrpc448k_firmware, Tsxmrpc768k_firmware, Tsxmrpf004m_firmware, Tsxmrpf008m_firmware, Tsxmrpp224k_firmware, Tsxmrpp384k_firmware | 7.5 | ||
| 2020-01-06 | CVE-2018-7794 | A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service when reading data with invalid index using Modbus TCP. | 140cpu65150_firmware, 140cpu65160_firmware, 140cpu65160s_firmware, 140cpu65260_firmware, 140cpu65860_firmware, 140cpu67060_firmware, 140cpu67160_firmware, 140cpu67160s_firmware, 140cpu67260_firmware, 140cpu67261_firmware, 140cpu67861_firmware, Modicon_m340_firmware, Modicon_m580_firmware, Tsxh5724m_firmware, Tsxh5744m_firmware, Tsxp57104m_firmware, Tsxp57154m_firmware, Tsxp571634m_firmware, Tsxp57204m_firmware, Tsxp57254m_firmware, Tsxp572634m_firmware, Tsxp57304m_firmware, Tsxp57354m_firmware, Tsxp573634m_firmware, Tsxp57454m_firmware, Tsxp574634m_firmware, Tsxp57554m_firmware, Tsxp575634m_firmware, Tsxp576634m_firmware | 7.5 | ||
| 2020-03-23 | CVE-2020-7475 | A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'), reflective DLL, vulnerability exists in EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions), Modicon M340 (all versions prior to V3.20), Modicon M580 (all versions prior to V3.10), which, if exploited, could allow attackers to transfer malicious code to the controller. | Ecostruxure_control_expert, Modicon_m340_firmware, Modicon_m580_firmware, Unity_pro | 9.8 | ||
| 2019-10-29 | CVE-2019-6848 | A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580 CPU (BMEx58*) and Modicon M580 communication module (BMENOC0311, BMENOC0321) (see notification for version info), which could cause a Denial of Service attack on the PLC when sending specific data on the REST API of the controller/communication module. | Modicon_bmenoc_0311_firmware, Modicon_bmenoc_0321_firmware, Modicon_m580_firmware | 8.6 | ||
| 2019-10-29 | CVE-2019-6850 | A CWE-200: Information Exposure vulnerability exists in Modicon M580, Modicon BMENOC 0311, and Modicon BMENOC 0321, which could cause the disclosure of sensitive information when reading specific registers with the REST API of the controller/communication module. | Modicon_bmenoc_0311_firmware, Modicon_bmenoc_0321_firmware, Modicon_m580_firmware | N/A | ||
| 2019-10-29 | CVE-2019-6849 | A CWE-200: Information Exposure vulnerability exists in Modicon M580, Modicon BMENOC 0311, and Modicon BMENOC 0321, which could cause the disclosure of sensitive information when using specific Modbus services provided by the REST API of the controller/communication module. | Modicon_bmenoc_0311_firmware, Modicon_bmenoc_0321_firmware, Modicon_m580_firmware | N/A |