Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2020-7536

Summary
Assigner-schneider
Assigner Org ID-076d1eb6-cfab-4401-b34d-6dfc2a413bdb
Published At-11 Dec, 2020 | 00:46
Updated At-04 Aug, 2024 | 09:33
Rejected At-
Credits

A CWE-754:Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M340 CPUs (BMXP34* versions prior to V3.30) Modicon M340 Communication Ethernet modules (BMXNOE0100 (H) versions prior to V3.4 BMXNOE0110 (H) versions prior to V6.6 BMXNOR0200H all versions), that could cause the device to be unreachable when modifying network parameters over SNMP.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:schneider
Assigner Org ID:076d1eb6-cfab-4401-b34d-6dfc2a413bdb
Published At:11 Dec, 2020 | 00:46
Updated At:04 Aug, 2024 | 09:33
Rejected At:
▼CVE Numbering Authority (CNA)

A CWE-754:Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M340 CPUs (BMXP34* versions prior to V3.30) Modicon M340 Communication Ethernet modules (BMXNOE0100 (H) versions prior to V3.4 BMXNOE0110 (H) versions prior to V6.6 BMXNOR0200H all versions), that could cause the device to be unreachable when modifying network parameters over SNMP.

Affected Products
Vendor
n/a
Product
Modicon M340 CPUs (BMXP34* versions prior to V3.30) and Modicon M340 Communication Ethernet modules (BMXNOE0100 (H) versions prior to V3.4, BMXNOE0110 (H) versions prior to V6.6, and BMXNOR0200H all versions)
Versions
Affected
  • Modicon M340 CPUs (BMXP34* versions prior to V3.30) and Modicon M340 Communication Ethernet modules (BMXNOE0100 (H) versions prior to V3.4, BMXNOE0110 (H) versions prior to V6.6, and BMXNOR0200H all versions)
Problem Types
TypeCWE IDDescription
CWECWE-754CWE-754: Improper Check for Unusual or Exceptional Conditions
Type: CWE
CWE ID: CWE-754
Description: CWE-754: Improper Check for Unusual or Exceptional Conditions
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://security.cse.iitk.ac.in/responsible-disclosure
x_refsource_MISC
https://www.se.com/ww/en/download/document/SEVD-2020-343-07/
x_refsource_CONFIRM
Hyperlink: https://security.cse.iitk.ac.in/responsible-disclosure
Resource:
x_refsource_MISC
Hyperlink: https://www.se.com/ww/en/download/document/SEVD-2020-343-07/
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://security.cse.iitk.ac.in/responsible-disclosure
x_refsource_MISC
x_transferred
https://www.se.com/ww/en/download/document/SEVD-2020-343-07/
x_refsource_CONFIRM
x_transferred
Hyperlink: https://security.cse.iitk.ac.in/responsible-disclosure
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://www.se.com/ww/en/download/document/SEVD-2020-343-07/
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cybersecurity@se.com
Published At:11 Dec, 2020 | 01:15
Updated At:10 Apr, 2024 | 12:28

A CWE-754:Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M340 CPUs (BMXP34* versions prior to V3.30) Modicon M340 Communication Ethernet modules (BMXNOE0100 (H) versions prior to V3.4 BMXNOE0110 (H) versions prior to V6.6 BMXNOR0200H all versions), that could cause the device to be unreachable when modifying network parameters over SNMP.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary2.07.8HIGH
AV:N/AC:L/Au:N/C:N/I:N/A:C
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 2.0
Base score: 7.8
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C
CPE Matches
Schneider Electric SE
schneider-electric
>>modicon_m340_bmxp341000_firmware>>Versions before 3.30(exclusive)
cpe:2.3:o:schneider-electric:modicon_m340_bmxp341000_firmware:*:*:*:*:*:*:*:*
Schneider Electric SE
schneider-electric
>>modicon_m340_bmxp341000>>-
cpe:2.3:h:schneider-electric:modicon_m340_bmxp341000:-:*:*:*:*:*:*:*
Schneider Electric SE
schneider-electric
>>modicon_m340_bmxp342000_firmware>>Versions before 3.30(exclusive)
cpe:2.3:o:schneider-electric:modicon_m340_bmxp342000_firmware:*:*:*:*:*:*:*:*
Schneider Electric SE
schneider-electric
>>modicon_m340_bmxp342000>>-
cpe:2.3:h:schneider-electric:modicon_m340_bmxp342000:-:*:*:*:*:*:*:*
Schneider Electric SE
schneider-electric
>>modicon_m340_bmxp3420102_firmware>>Versions before 3.30(exclusive)
cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420102_firmware:*:*:*:*:*:*:*:*
Schneider Electric SE
schneider-electric
>>modicon_m340_bmxp3420102>>-
cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420102:-:*:*:*:*:*:*:*
Schneider Electric SE
schneider-electric
>>modicon_m340_bmxp3420102cl_firmware>>Versions before 3.30(exclusive)
cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420102cl_firmware:*:*:*:*:*:*:*:*
Schneider Electric SE
schneider-electric
>>modicon_m340_bmxp3420102cl>>-
cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420102cl:-:*:*:*:*:*:*:*
Schneider Electric SE
schneider-electric
>>modicon_m340_bmxp342020_firmware>>Versions before 3.30(exclusive)
cpe:2.3:o:schneider-electric:modicon_m340_bmxp342020_firmware:*:*:*:*:*:*:*:*
Schneider Electric SE
schneider-electric
>>modicon_m340_bmxp342020>>-
cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020:-:*:*:*:*:*:*:*
Schneider Electric SE
schneider-electric
>>modicon_m340_bmxp3420302_firmware>>Versions before 3.30(exclusive)
cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302_firmware:*:*:*:*:*:*:*:*
Schneider Electric SE
schneider-electric
>>modicon_m340_bmxp3420302>>-
cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302:-:*:*:*:*:*:*:*
Schneider Electric SE
schneider-electric
>>modicon_m340_bmxp3420302cl_firmware>>Versions before 3.30(exclusive)
cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302cl_firmware:*:*:*:*:*:*:*:*
Schneider Electric SE
schneider-electric
>>modicon_m340_bmxp3420302cl>>-
cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302cl:-:*:*:*:*:*:*:*
Schneider Electric SE
schneider-electric
>>bmxnoe0100_firmware>>Versions before 3.4(exclusive)
cpe:2.3:o:schneider-electric:bmxnoe0100_firmware:*:*:*:*:*:*:*:*
Schneider Electric SE
schneider-electric
>>bmxnoe0100>>-
cpe:2.3:h:schneider-electric:bmxnoe0100:-:*:*:*:*:*:*:*
Schneider Electric SE
schneider-electric
>>bmxnoe0110_firmware>>Versions before 6.6(exclusive)
cpe:2.3:o:schneider-electric:bmxnoe0110_firmware:*:*:*:*:*:*:*:*
Schneider Electric SE
schneider-electric
>>bmxnoe0110>>-
cpe:2.3:h:schneider-electric:bmxnoe0110:-:*:*:*:*:*:*:*
Schneider Electric SE
schneider-electric
>>bmxnor0200h_firmware>>*
cpe:2.3:o:schneider-electric:bmxnor0200h_firmware:*:*:*:*:*:*:*:*
Schneider Electric SE
schneider-electric
>>bmxnor0200h>>-
cpe:2.3:h:schneider-electric:bmxnor0200h:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-754Primarycybersecurity@se.com
CWE ID: CWE-754
Type: Primary
Source: cybersecurity@se.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://security.cse.iitk.ac.in/responsible-disclosurecybersecurity@se.com
Vendor Advisory
https://www.se.com/ww/en/download/document/SEVD-2020-343-07/cybersecurity@se.com
Vendor Advisory
Hyperlink: https://security.cse.iitk.ac.in/responsible-disclosure
Source: cybersecurity@se.com
Resource:
Vendor Advisory
Hyperlink: https://www.se.com/ww/en/download/document/SEVD-2020-343-07/
Source: cybersecurity@se.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

181Records found
CVE-2018-7789
Matching Score-10
Assigner-Schneider Electric
ShareView Details
Matching Score-10
Assigner-Schneider Electric
CVSS Score-7.5||HIGH
EPSS-0.46% / 63.39%
||
7 Day CHG~0.00%
Published-29 Aug, 2018 | 20:00
Updated-16 Sep, 2024 | 19:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Improper Check for Unusual or Exceptional Conditions vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to remotely reboot Modicon M221 using crafted programing protocol frames.

Action-Not Available
Vendor-
Product-modicon_m221_firmwaremodicon_m221Modicon M221, all references, all versions prior to firmware V1.6.2.0
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2018-7794
Matching Score-10
Assigner-Schneider Electric
ShareView Details
Matching Score-10
Assigner-Schneider Electric
CVSS Score-7.5||HIGH
EPSS-0.39% / 59.16%
||
7 Day CHG~0.00%
Published-06 Jan, 2020 | 22:57
Updated-05 Aug, 2024 | 06:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service when reading data with invalid index using Modbus TCP.

Action-Not Available
Vendor-
Product-140cpu67260_firmware140cpu67261_firmwaretsxp573634m140cpu65150tsxp571634m140cpu67861modicon_m580_firmwaretsxh5744m_firmwaretsxh5744m140cpu65160_firmware140cpu67160s_firmware140cpu65160s_firmware140cpu67160_firmware140cpu65860_firmwaretsxp574634m_firmwaretsxp575634mmodicon_m580140cpu65860tsxp575634m_firmwaretsxh5724m_firmware140cpu65160tsxp573634m_firmwaretsxp57454m_firmware140cpu67160140cpu67861_firmwaretsxp57254m_firmwaretsxp57304mtsxp572634mtsxp574634mtsxh5724mtsxp57304m_firmwaretsxp57204m_140cpu67261140cpu67060_firmwaretsxp576634m_firmware140cpu65160s140cpu65260_firmware140cpu67160stsxp57154m_firmwaretsxp57154mtsxp576634mtsxp57454mmodicon_m340tsxp57254mtsxp57554mtsxp572634m_firmwaretsxp57104m_firmware140cpu67260tsxp57104mtsxp57354mtsxp57354m_firmware140cpu65150_firmwaretsxp57204m_firmwaretsxp57554m_firmware140cpu65260140cpu67060tsxp571634m_firmwaremodicon_m340_firmwareModicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions)
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2018-7854
Matching Score-10
Assigner-Schneider Electric
ShareView Details
Matching Score-10
Assigner-Schneider Electric
CVSS Score-7.5||HIGH
EPSS-1.91% / 82.54%
||
7 Day CHG~0.00%
Published-22 May, 2019 | 20:02
Updated-05 Aug, 2024 | 06:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-248 Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a denial of Service when sending invalid debug parameters to the controller over Modbus.

Action-Not Available
Vendor-n/a
Product-modicon_quantummodicon_quantum_firmwaremodicon_m580_firmwaremodicon_premium_firmwaremodicon_premiummodicon_m340modicon_m340_firmwaremodicon_m580Modicon M580 Modicon M340 Modicon Quantum Modicon Premium
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2018-7855
Matching Score-10
Assigner-Schneider Electric
ShareView Details
Matching Score-10
Assigner-Schneider Electric
CVSS Score-7.5||HIGH
EPSS-0.59% / 68.23%
||
7 Day CHG~0.00%
Published-22 May, 2019 | 20:03
Updated-05 Aug, 2024 | 06:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-248 Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a Denial of Service when sending invalid breakpoint parameters to the controller over Modbus

Action-Not Available
Vendor-n/a
Product-modicon_quantummodicon_quantum_firmwaremodicon_m580_firmwaremodicon_premium_firmwaremodicon_premiummodicon_m340modicon_m340_firmwaremodicon_m580Modicon M580 Modicon M340 Modicon Quantum Modicon Premium
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2018-7857
Matching Score-10
Assigner-Schneider Electric
ShareView Details
Matching Score-10
Assigner-Schneider Electric
CVSS Score-7.5||HIGH
EPSS-0.49% / 64.69%
||
7 Day CHG~0.00%
Published-22 May, 2019 | 20:04
Updated-05 Aug, 2024 | 06:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a possible Denial of Service when writing out of bounds variables to the controller over Modbus.

Action-Not Available
Vendor-n/a
Product-modicon_quantummodicon_quantum_firmwaremodicon_m580_firmwaremodicon_premium_firmwaremodicon_premiummodicon_m340modicon_m340_firmwaremodicon_m580Modicon M580 Modicon M340 Modicon Quantum Modicon Premium
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2018-7853
Matching Score-10
Assigner-Schneider Electric
ShareView Details
Matching Score-10
Assigner-Schneider Electric
CVSS Score-7.5||HIGH
EPSS-0.49% / 64.69%
||
7 Day CHG~0.00%
Published-22 May, 2019 | 20:02
Updated-05 Aug, 2024 | 06:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service when reading invalid physical memory blocks in the controller over Modbus

Action-Not Available
Vendor-n/a
Product-modicon_quantummodicon_quantum_firmwaremodicon_m580_firmwaremodicon_premium_firmwaremodicon_premiummodicon_m340modicon_m340_firmwaremodicon_m580Modicon M580 Modicon M340 Modicon Quantum Modicon Premium
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2018-7856
Matching Score-10
Assigner-Schneider Electric
ShareView Details
Matching Score-10
Assigner-Schneider Electric
CVSS Score-7.5||HIGH
EPSS-0.49% / 64.69%
||
7 Day CHG~0.00%
Published-22 May, 2019 | 20:03
Updated-05 Aug, 2024 | 06:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a possible denial of Service when writing invalid memory blocks to the controller over Modbus.

Action-Not Available
Vendor-n/a
Product-modicon_quantummodicon_quantum_firmwaremodicon_m580_firmwaremodicon_premium_firmwaremodicon_premiummodicon_m340modicon_m340_firmwaremodicon_m580Modicon M580 Modicon M340 Modicon Quantum Modicon Premium
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2021-22816
Matching Score-10
Assigner-Schneider Electric
ShareView Details
Matching Score-10
Assigner-Schneider Electric
CVSS Score-7.5||HIGH
EPSS-0.37% / 57.86%
||
7 Day CHG~0.00%
Published-28 Jan, 2022 | 19:09
Updated-03 Aug, 2024 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause a Denial of Service of the RTU when receiving a specially crafted request over Modbus, and the RTU is configured as a Modbus server. Affected Products: SCADAPack 312E, 313E, 314E, 330E, 333E, 334E, 337E, 350E and 357E RTUs with firmware V8.18.1 and prior

Action-Not Available
Vendor-n/a
Product-scadapack_337e_firmwarescadapack_313escadapack_330e_firmwarescadapack_314escadapack_357escadapack_350escadapack_350e_firmwarescadapack_313e_firmwarescadapack_334e_firmwarescadapack_314e_firmwarescadapack_330escadapack_312escadapack_334escadapack_333escadapack_333e_firmwarescadapack_357e_firmwarescadapack_337escadapack_312e_firmwaren/a
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2020-7537
Matching Score-10
Assigner-Schneider Electric
ShareView Details
Matching Score-10
Assigner-Schneider Electric
CVSS Score-7.5||HIGH
EPSS-0.39% / 59.16%
||
7 Day CHG~0.00%
Published-11 Dec, 2020 | 00:51
Updated-04 Aug, 2024 | 09:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see security notifications for affected versions), that could cause denial of service when a specially crafted Read Physical Memory request over Modbus is sent to the controller.

Action-Not Available
Vendor-n/a
Product-modicon_m580_bmep582040_firmwaretsxp575634_firmwaretsxp574634modicon_m580_bmep583040_firmwaremodicon_m340_bmxp3420102clmodicon_m340_bmxp3420302_firmwaremodicon_m580_bmep583020modicon_m580_bmep586040modicon_m580_bmep584040modicon_m340_bmxp342000modicon_m580_bmep582020modicon_m580_bmep583020_firmwaremodicon_m340_bmxp3420302cl_firmwaremodicon_m340_bmxp341000modicon_m340_bmxp342020_firmwaremodicon_m340_bmxp3420102_firmwaremodicon_m580_bmep585040_firmwaremodicon_m340_bmxp3420102cl_firmwaremodicon_m580_bmep584040_firmwaremodicon_m580_bmep583040tsxp574634_firmwaremodicon_m580_bmep582040modicon_m580_bmep585040modicon_m580_bmep584020_firmwaremodicon_m340_bmxp3420302clmodicon_m340_bmxp3420302modicon_m580_bmep584020modicon_m340_bmxp342020tsxp576634modicon_m340_bmxp341000_firmwaremodicon_m580_bmep581020_firmwaremodicon_m580_bmep581020modicon_m580_bmep582020_firmwaretsxp576634_firmwaremodicon_m340_bmxp342000_firmwaremodicon_m340_bmxp3420102tsxp575634modicon_m580_bmep586040_firmwareModicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see security notifications for affected versions)
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2020-7477
Matching Score-10
Assigner-Schneider Electric
ShareView Details
Matching Score-10
Assigner-Schneider Electric
CVSS Score-7.5||HIGH
EPSS-0.54% / 66.48%
||
7 Day CHG~0.00%
Published-23 Mar, 2020 | 19:14
Updated-04 Aug, 2024 | 09:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Quantum Ethernet Network module 140NOE771x1 (Versions 7.0 and prior), Quantum processors with integrated Ethernet – 140CPU65xxxxx (all Versions), and Premium processors with integrated Ethernet (all Versions), which could cause a Denial of Service when sending a specially crafted command over Modbus.

Action-Not Available
Vendor-n/a
Product-140cpu67260_firmware140cpu67261_firmwaretsxp573634m140cpu65150tsxp571634m140cpu67861tsxh5744m_firmwaretsxh5744m140cpu65160_firmware140cpu67160s_firmware140cpu65160s_firmware140cpu67160_firmware140cpu65860_firmwaretsxp574634m_firmwaretsxp575634m140cpu65860tsxp575634m_firmwaretsxh5724m_firmware140cpu65160tsxp573634m_firmware140noe77111_firmwaretsxp57454m_firmware140cpu67160140cpu67861_firmwaretsxp57254m_firmwaretsxp57304mtsxp572634mtsxp574634mtsxh5724m140noe77101tsxp57304m_firmwaretsxp57204m_140cpu67261140cpu67060_firmwaretsxp576634m_firmware140cpu65160s140noe77111140cpu65260_firmware140cpu67160stsxp576634m_tsxp57154m_firmwaretsxp57154m140noe77101_firmwaretsxp57454mtsxp57254mtsxp57554mtsxp572634m_firmwaretsxp57104m_firmware140cpu67260tsxp57104m140cpu65150_firmwaretsxp57204m_firmwaretsxp57554m_firmware140cpu65260140cpu67060tsxp571634m_firmwareModicon Quantum Ethernet Network module and Quantum / Premium COPRO (Quantum Ethernet Network module 140NOE771x1, versions 7.0 and prior, Quantum processors with integrated Ethernet – 140CPU65xxxxx, all versions, Premium processors with integrated Ethernet, all versions)
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2020-7538
Matching Score-10
Assigner-Schneider Electric
ShareView Details
Matching Score-10
Assigner-Schneider Electric
CVSS Score-7.5||HIGH
EPSS-0.46% / 62.98%
||
7 Day CHG~0.00%
Published-19 Nov, 2020 | 21:04
Updated-04 Aug, 2024 | 09:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause a crash of the PLC simulator present in EcoStruxureª Control Expert software when receiving a specially crafted request over Modbus.

Action-Not Available
Vendor-n/a
Product-ecostruxure_control_expertPLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions)
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2020-7542
Matching Score-10
Assigner-Schneider Electric
ShareView Details
Matching Score-10
Assigner-Schneider Electric
CVSS Score-7.5||HIGH
EPSS-0.39% / 59.16%
||
7 Day CHG~0.00%
Published-11 Dec, 2020 | 00:52
Updated-04 Aug, 2024 | 09:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see security notifications for affected versions), that could cause denial of service when a specially crafted Read Physical Memory request over Modbus is sent to the controller.

Action-Not Available
Vendor-n/a
Product-modicon_m580_bmep582040_firmware140cpu65150tsxp575634_firmwaretsxp574634modicon_m580_bmep583040_firmwaremodicon_m340_bmxp3420102clmodicon_m340_bmxp3420302_firmwaremodicon_m580_bmep583020modicon_m580_bmep586040modicon_m580_bmep584040modicon_m340_bmxp342000modicon_m580_bmep582020modicon_m580_bmep583020_firmwaremodicon_m340_bmxp3420302cl_firmwaremodicon_m340_bmxp341000modicon_m340_bmxp342020_firmwaremodicon_m340_bmxp3420102_firmwaremodicon_m580_bmep585040_firmwaremodicon_m340_bmxp3420102cl_firmwaremodicon_m580_bmep584040_firmwaremodicon_m580_bmep583040tsxp574634_firmwaremodicon_m580_bmep582040modicon_m580_bmep585040modicon_m580_bmep584020_firmwaremodicon_m340_bmxp3420302clmodicon_m340_bmxp3420302modicon_m580_bmep584020modicon_m340_bmxp342020tsxp576634modicon_m340_bmxp341000_firmwaremodicon_m580_bmep581020_firmwaremodicon_m580_bmep581020modicon_m580_bmep582020_firmwaretsxp576634_firmwaremodicon_m340_bmxp342000_firmware140cpu65150_firmwaremodicon_m340_bmxp3420102tsxp575634modicon_m580_bmep586040_firmwareModicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see security notifications for affected versions)
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2022-24321
Matching Score-10
Assigner-Schneider Electric
ShareView Details
Matching Score-10
Assigner-Schneider Electric
CVSS Score-7.5||HIGH
EPSS-0.46% / 62.98%
||
7 Day CHG~0.00%
Published-09 Feb, 2022 | 22:05
Updated-03 Aug, 2024 | 04:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause Denial of Service against the Geo SCADA server when receiving a malformed HTTP request. Affected Product: ClearSCADA (All Versions), EcoStruxure Geo SCADA Expert 2019 (All Versions), EcoStruxure Geo SCADA Expert 2020 (All Versions)

Action-Not Available
Vendor-n/a
Product-clearscadaecostruxure_geo_scada_expert_2020ecostruxure_geo_scada_expert_2019ClearSCADA (All Versions), EcoStruxure Geo SCADA Expert 2019 (All Versions), EcoStruxure Geo SCADA Expert 2020 (All Versions)
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2019-6857
Matching Score-10
Assigner-Schneider Electric
ShareView Details
Matching Score-10
Assigner-Schneider Electric
CVSS Score-7.5||HIGH
EPSS-0.37% / 57.90%
||
7 Day CHG~0.00%
Published-06 Jan, 2020 | 22:57
Updated-04 Aug, 2024 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service of the controller when reading specific memory blocks using Modbus TCP.

Action-Not Available
Vendor-
Product-140cpu67260_firmware140cpu67261_firmwaretsxp573634m140cpu65150tsxp571634m140cpu67861modicon_m580_firmwaretsxh5744m_firmwaretsxh5744m140cpu65160_firmware140cpu67160s_firmware140cpu65160s_firmware140cpu67160_firmware140cpu65860_firmwaretsxp574634m_firmwaretsxp575634mmodicon_m580140cpu65860tsxp575634m_firmwaretsxh5724m_firmware140cpu65160tsxp573634m_firmwaretsxp57454m_firmware140cpu67160140cpu67861_firmwaretsxp57254m_firmwaretsxp57304mtsxp572634mtsxp574634mtsxh5724mtsxp57304m_firmwaretsxp57204m_140cpu67261140cpu67060_firmwaretsxp576634m_firmware140cpu65160s140cpu65260_firmware140cpu67160stsxp576634m_tsxp57154m_firmwaretsxp57154mtsxp57454mmodicon_m340tsxp57254mtsxp57554mtsxp572634m_firmwaretsxp57104m_firmware140cpu67260tsxp57104mtsxp57354mtsxp57354m_firmware140cpu65150_firmwaretsxp57204m_firmwaretsxp57554m_firmware140cpu65260140cpu67060tsxp571634m_firmwaremodicon_m340_firmwareModicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions)
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2019-6856
Matching Score-10
Assigner-Schneider Electric
ShareView Details
Matching Score-10
Assigner-Schneider Electric
CVSS Score-7.5||HIGH
EPSS-0.37% / 57.90%
||
7 Day CHG~0.00%
Published-06 Jan, 2020 | 22:57
Updated-04 Aug, 2024 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service when writing specific physical memory blocks using Modbus TCP.

Action-Not Available
Vendor-
Product-140cpu67260_firmware140cpu67261_firmwaretsxp573634m140cpu65150tsxp571634m140cpu67861modicon_m580_firmwaretsxh5744m_firmwaretsxh5744m140cpu65160_firmware140cpu67160s_firmware140cpu65160s_firmware140cpu67160_firmware140cpu65860_firmwaretsxp574634m_firmwaretsxp575634mmodicon_m580140cpu65860tsxp575634m_firmwaretsxh5724m_firmware140cpu65160tsxp573634m_firmwaretsxp57454m_firmware140cpu67160140cpu67861_firmwaretsxp57254m_firmwaretsxp57304mtsxp572634mtsxp574634mtsxh5724mtsxp57304m_firmwaretsxp57204m_140cpu67261140cpu67060_firmwaretsxp576634m_firmware140cpu65160s140cpu65260_firmware140cpu67160stsxp576634m_tsxp57154m_firmwaretsxp57154mtsxp57454mmodicon_m340tsxp57254mtsxp57554mtsxp572634m_firmwaretsxp57104m_firmware140cpu67260tsxp57104mtsxp57354mtsxp57354m_firmware140cpu65150_firmwaretsxp57204m_firmwaretsxp57554m_firmware140cpu65260140cpu67060tsxp571634m_firmwaremodicon_m340_firmwareModicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions)
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2019-6819
Matching Score-10
Assigner-Schneider Electric
ShareView Details
Matching Score-10
Assigner-Schneider Electric
CVSS Score-7.5||HIGH
EPSS-0.47% / 63.52%
||
7 Day CHG~0.00%
Published-22 May, 2019 | 19:45
Updated-04 Aug, 2024 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists which could cause a possible Denial of Service when specific Modbus frames are sent to the controller in the products: Modicon M340 - firmware versions prior to V3.01, Modicon M580 - firmware versions prior to V2.80, All firmware versions of Modicon Quantum and Modicon Premium.

Action-Not Available
Vendor-n/a
Product-bmeh584040cmodicon_quantum_firmwaremodicon_m580_firmwarebmeh584040bmeh582040cmodicon_premium_firmwaremodicon_m340_bmxp3420102clmodicon_m580_bmep583020modicon_m580_bmep586040modicon_m340_bmxp342000modicon_m580_bmep584040modicon_m580_bmep582020modicon_m340_bmxp341000modicon_m340_bmxp3420302hmodicon_m580_bmep585040cmodicon_m580_bmep584040smodicon_m580_bmep583040modicon_m340_bmxp341000hmodicon_m580_bmep582040modicon_m580_bmep585040modicon_m340_bmxp3420302clmodicon_m580_bmep582040hbmeh586040modicon_m340_bmxp3420302modicon_premiummodicon_m580_bmep584020modicon_m340_bmxp342020modicon_m580_bmep582040smodicon_quantummodicon_m340_bmxp342020hmodicon_m580_bmep581020modicon_m580_bmep586040cbmeh586040cmodicon_m580_bmep581020hmodicon_m580_bmep582020hbmeh582040modicon_m340_bmxp3420102modicon_m340_firmwareModicon Controllers, Modicon M340 - firmware versions prior to V3.01 Modicon M580 - firmware versions prior to V2.80 All firmware versions of Modicon Quantum and Modicon Premium
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2023-25619
Matching Score-10
Assigner-Schneider Electric
ShareView Details
Matching Score-10
Assigner-Schneider Electric
CVSS Score-7.5||HIGH
EPSS-0.07% / 21.38%
||
7 Day CHG~0.00%
Published-19 Apr, 2023 | 07:53
Updated-05 Feb, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause denial of service of the controller when communicating over the Modbus TCP protocol.

Action-Not Available
Vendor-Schneider Electric SE
Product-modicon_m340_firmwaremodicon_m340bmep58s_firmwaretsxp57_firmwaretsxp57bmep58sbmeh58smodicon_momentum_unity_m1e_processormodicon_momentum_unity_m1e_processor_firmwaremodicon_m580modicon_mc80bmeh58s_firmwaremodicon_mc80_firmwaremodicon_m580_firmwareModicon MC80 (BMKC80)Modicon M580 CPU Safety (part numbers BMEP58*S and BMEH58*S)Modicon Momentum Unity M1E Processor (171CBU*)Modicon M580 CPU (part numbers BMEP* and BMEH*)Legacy Modicon Premium CPUs (TSXP57*)Legacy Modicon Quantum (140CPU65*)Modicon M340 CPU (part numbers BMXP34*)
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2020-7539
Matching Score-10
Assigner-Schneider Electric
ShareView Details
Matching Score-10
Assigner-Schneider Electric
CVSS Score-7.5||HIGH
EPSS-0.32% / 54.23%
||
7 Day CHG~0.00%
Published-11 Dec, 2020 | 00:51
Updated-04 Aug, 2024 | 09:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-754 Improper Check for Unusual or Exceptional Conditions vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause a denial of service vulnerability when a specially crafted packet is sent to the controller over HTTP.

Action-Not Available
Vendor-n/a
Product-140noc78100140cpu65150140noc78000_firmwaretsxp575634_firmware140noc78000bmxnoe0110_firmwaretsxp574634modicon_m340_bmxp3420102clmodicon_m340_bmxp3420302_firmware140noc78100_firmwaremodicon_m340_bmxp342000modicon_m340_bmxp3420302cl_firmwaremodicon_m340_bmxp341000140noe77111_firmwaremodicon_m340_bmxp342020_firmware140noc77101_firmwaremodicon_m340_bmxp3420102_firmware140noc77101bmxnoe0110tsxety5103_firmwaremodicon_m340_bmxp3420102cl_firmwaretsxety5103tsxp574634_firmwarebmxnoc0401_firmware140noe77111modicon_m340_bmxp3420302clmodicon_m340_bmxp3420302modicon_m340_bmxp342020bmxnoe0100_firmwaretsxp576634modicon_m340_bmxp341000_firmwaretsxety4103_firmwarebmxnoc0401tsxp576634_firmwaremodicon_m340_bmxp342000_firmwarebmxnoe0100140cpu65150_firmwaremodicon_m340_bmxp3420102tsxety4103tsxp575634Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions)
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2020-7543
Matching Score-10
Assigner-Schneider Electric
ShareView Details
Matching Score-10
Assigner-Schneider Electric
CVSS Score-7.5||HIGH
EPSS-0.39% / 59.16%
||
7 Day CHG~0.00%
Published-11 Dec, 2020 | 00:52
Updated-04 Aug, 2024 | 09:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see security notifications for affected versions), that could cause denial of service when a specially crafted Read Physical Memory request over Modbus is sent to the controller.

Action-Not Available
Vendor-n/a
Product-modicon_m580_bmep582040_firmwaremodicon_m580_bmep583040_firmwaremodicon_m340_bmxp3420102clmodicon_m340_bmxp3420302_firmwaremodicon_m580_bmep583020modicon_m580_bmep586040modicon_m580_bmep584040modicon_m340_bmxp342000modicon_m580_bmep582020modicon_m580_bmep583020_firmwaremodicon_m340_bmxp3420302cl_firmwaremodicon_m340_bmxp341000modicon_m340_bmxp342020_firmwaremodicon_m340_bmxp3420102_firmwaremodicon_m580_bmep585040_firmwaremodicon_m340_bmxp3420102cl_firmwaremodicon_m580_bmep584040_firmwaremodicon_m580_bmep583040modicon_m580_bmep582040modicon_m580_bmep585040modicon_m580_bmep584020_firmwaremodicon_m340_bmxp3420302clmodicon_m340_bmxp3420302modicon_m580_bmep584020modicon_m340_bmxp342020modicon_m340_bmxp341000_firmwaremodicon_m580_bmep581020_firmwaremodicon_m580_bmep581020modicon_m580_bmep582020_firmwaremodicon_m340_bmxp342000_firmwaremodicon_m340_bmxp3420102modicon_m580_bmep586040_firmwareModicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see security notifications for affected versions)
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2019-6813
Matching Score-10
Assigner-Schneider Electric
ShareView Details
Matching Score-10
Assigner-Schneider Electric
CVSS Score-7.5||HIGH
EPSS-0.51% / 65.36%
||
7 Day CHG~0.00%
Published-17 Sep, 2019 | 19:56
Updated-04 Aug, 2024 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in BMXNOR0200H Ethernet / Serial RTU module (all firmware versions) and Modicon M340 controller (all firmware versions), which could cause denial of service when truncated SNMP packets on port 161/UDP are received by the device.

Action-Not Available
Vendor-
Product-bmxnor0200h_firmwarebmxnor0200hmodicon_m340modicon_m340_firmwareBMXNOR0200H Ethernet / Serial RTU moduleModicon M340 controller
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2019-6811
Matching Score-10
Assigner-Schneider Electric
ShareView Details
Matching Score-10
Assigner-Schneider Electric
CVSS Score-7.5||HIGH
EPSS-0.39% / 59.16%
||
7 Day CHG~0.00%
Published-17 Sep, 2019 | 19:55
Updated-04 Aug, 2024 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Improper Check for Unusual or Exceptional Conditions (CWE-754) vulnerability exists in Modicon Quantum 140 NOE771x1 version 6.9 and earlier, which could cause denial of service when the module receives an IP fragmented packet with a length greater than 65535 bytes. The module then requires a power cycle to recover.

Action-Not Available
Vendor-
Product-modicon_quantum_140noe77101modicon_quantum_140noe77111_firmwaremodicon_quantum_140noe77111modicon_quantum_140noe77101_firmwareModicon Quantum 140 NOE771x1
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2018-7852
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-7.5||HIGH
EPSS-14.76% / 94.24%
||
7 Day CHG~0.00%
Published-22 May, 2019 | 20:01
Updated-05 Aug, 2024 | 06:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service when an invalid private command parameter is sent to the controller over Modbus.

Action-Not Available
Vendor-n/a
Product-modicon_quantummodicon_quantum_firmwaremodicon_m580_firmwaremodicon_premium_firmwaremodicon_premiummodicon_m340modicon_m340_firmwaremodicon_m580Modicon M580 Modicon M340 Modicon Quantum Modicon Premium
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CVE-2018-7843
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-7.5||HIGH
EPSS-14.76% / 94.24%
||
7 Day CHG~0.00%
Published-22 May, 2019 | 19:58
Updated-05 Aug, 2024 | 06:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service when reading memory blocks with an invalid data size or with an invalid data offset in the controller over Modbus.

Action-Not Available
Vendor-n/a
Product-modicon_quantummodicon_quantum_firmwaremodicon_m580_firmwaremodicon_premium_firmwaremodicon_premiummodicon_m340modicon_m340_firmwaremodicon_m580Modicon M580 Modicon M340 Modicon Quantum Modicon Premium
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-7821
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-7.5||HIGH
EPSS-0.54% / 66.48%
||
7 Day CHG~0.00%
Published-22 May, 2019 | 19:36
Updated-05 Aug, 2024 | 06:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Environment (CWE-2) vulnerability exists in SoMachine Basic, all versions, and Modicon M221(all references, all versions prior to firmware V1.10.0.0) which could cause cycle time impact when flooding the M221 ethernet interface while the Ethernet/IP adapter is activated.

Action-Not Available
Vendor-n/a
Product-somachine_basicmodicon_m221_firmwaremodicon_m221SoMachine Basic and Modicon M221, SoMachine Basic, all versions Modicon M221, all references, all versions prior to firmware V1.10.0.0
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2018-7849
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-7.5||HIGH
EPSS-14.76% / 94.24%
||
7 Day CHG~0.00%
Published-22 May, 2019 | 19:58
Updated-05 Aug, 2024 | 06:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum and Modicon Premium which could cause a possible Denial of Service due to improper data integrity check when sending files the controller over Modbus.

Action-Not Available
Vendor-n/a
Product-modicon_quantummodicon_quantum_firmwaremodicon_m580_firmwaremodicon_premium_firmwaremodicon_premiummodicon_m340modicon_m340_firmwaremodicon_m580Modicon M580 Modicon M340 Modicon Quantum Modicon Premium
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CVE-2018-7838
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-7.5||HIGH
EPSS-0.37% / 57.86%
||
7 Day CHG~0.00%
Published-15 Jul, 2019 | 20:49
Updated-05 Aug, 2024 | 06:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-119 Buffer Errors vulnerability exists in Modicon M580 CPU - BMEP582040, all versions before V2.90, and Modicon Ethernet Module BMENOC0301, all versions before V2.16, which could cause denial of service on the FTP service of the controller or the Ethernet BMENOC module when it receives a FTP CWD command with a data length greater than 1020 bytes. A power cycle is then needed to reactivate the FTP service.

Action-Not Available
Vendor-
Product-bmeh584040cmodicon_m580_bmep582040_firmwarebmeh582040_firmwarebmeh584040bmeh582040cmodicon_m580_bmep583040_firmwaremodicon_m580_bmep583020modicon_m580_bmep586040modicon_m580_bmep584040modicon_m580_bmep582020modicon_m580_bmep583020_firmwarebmeh586040_firmwaremodicon_m580_bmep585040_firmwaremodicon_m580_bmep584040_firmwaremodicon_m580_bmep585040cmodicon_m580_bmep584040smodicon_m580_bmep583040modicon_m580_bmep582040modicon_m580_bmep584020_firmwaremodicon_m580_bmep585040modicon_m580_bmep582040hbmeh586040modicon_m580_bmep584020modicon_m580_bmep582040s_firmwaremodicon_m580_bmep582040smodicon_m580_bmep581020_firmwaremodicon_m580_bmep581020modicon_m580_bmep586040cbmenoc0301_firmwarebmeh586040cmodicon_m580_bmep582020_firmwaremodicon_m580_bmep581020hmodicon_m580_bmep582020hbmeh582040bmenoc0301modicon_m580_bmep586040_firmwareModicon M580 CPU - BMEP582040 all versions before V2.90 and Modicon Ethernet Module BMENOC0301 all versions before V2.16
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-30063
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.07% / 20.96%
||
7 Day CHG~0.00%
Published-03 Apr, 2022 | 21:52
Updated-03 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

On Schneider Electric ConneXium Tofino OPCLSM TCSEFM0000 before 03.23 and Belden Tofino Xenon Security Appliance, crafted OPC packets can cause an OPC enforcer denial of service.

Action-Not Available
Vendor-beldenn/a
Product-tofino_argon_fa-tsa-220-mm\/txeagle_20_tofino_943_987-504-mm\/txtcsefm0000_firmwaretofino_argon_fa-tsa-220-tx\/txeagle_20_tofino_943_987-502_-tx\/mm_firmwareeagle_20_tofino_943_987-501-tx\/txtofino_argon_fa-tsa-220-mm\/tx_firmwaretofino_argon_fa-tsa-100-tx\/txtofino_xenon_security_appliance_firmwareeagle_20_tofino_943_987-501-tx\/tx_firmwaretcsefm0000tofino_argon_fa-tsa-220-tx\/mm_firmwaretofino_xenon_security_appliancetofino_argon_fa-tsa-100-tx\/tx_firmwareeagle_20_tofino_943_987-502_-tx\/mmtofino_argon_fa-tsa-220-tx\/tx_firmwaretofino_argon_fa-tsa-220-tx\/mmeagle_20_tofino_943_987-505-mm\/mmeagle_20_tofino_943_987-505-mm\/mm_firmwaretofino_argon_fa-tsa-220-mm\/mmeagle_20_tofino_943_987-504-mm\/tx_firmwaretofino_argon_fa-tsa-220-mm\/mm_firmwaren/a
CVE-2021-22792
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-7.5||HIGH
EPSS-0.46% / 63.06%
||
7 Day CHG~0.00%
Published-02 Sep, 2021 | 16:53
Updated-03 Aug, 2024 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-476: NULL Pointer Dereference vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxureª Control Expert, including all Unity Pro versions (former name of EcoStruxureª Control Expert, all versions), PLC Simulator for EcoStruxureª Process Expert including all HDCS versions (former name of EcoStruxureª Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions).

Action-Not Available
Vendor-n/a
Product-modicon_m580_bmeh582040modicon_premium_tsxp57_454mmodicon_mc80_bmkc8030311modicon_quantum_140cpu65160modicon_momentum_171cbu98090modicon_premium_tsxp57_1634mmodicon_m580_bmeh582040smodicon_m340_bmxp342010modicon_m580_bmep583020modicon_m580_bmeh584040smodicon_m580_bmeh586040smodicon_m580_bmep586040modicon_mc80_bmkc8020310modicon_m580_bmeh586040modicon_m580_bmep584040modicon_m580_bmep582020modicon_premium_tsxp57_2634mmodicon_quantum_140cpu65160cmodicon_m340_bmxp341000plc_simulator_for_ecostruxure_process_expertmodicon_quantum_140cpu65150cmodicon_quantum_140cpu65150modicon_m580_bmep585040cmodicon_m580_bmep584040smodicon_m580_bmeh582040cmodicon_m580_bmep583040modicon_m580_bmep582040modicon_m580_bmep585040modicon_m580_bmeh584040modicon_premium_tsxp57_4634mmodicon_m580_bmep582040hmodicon_momentum_171cbu78090modicon_premium_tsxp57_5634mmodicon_premium_tsxp57_554mmodicon_m580_bmep584020modicon_mc80_bmkc8020301modicon_m340_bmxp342020modicon_m580_bmep582040smodicon_premium_tsxp57_2834mplc_simulator_for_ecostruxure_control_expertmodicon_m580_bmep581020modicon_m580_bmep586040cmodicon_m580_bmeh586040cmodicon_momentum_171cbu98091modicon_m580_bmep581020hmodicon_m580_bmep582020hmodicon_m580_bmeh584040cmodicon_m340_bmxp342030modicon_premium_tsxp57_6634mModicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxureª Control Expert, including all Unity Pro versions (former name of EcoStruxureª Control Expert, all versions), PLC Simulator for EcoStruxureª Process Expert including all HDCS versions (former name of EcoStruxureª Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions)
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2014-0789
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.8||HIGH
EPSS-0.52% / 65.59%
||
7 Day CHG~0.00%
Published-04 Apr, 2014 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflows in the OPC Automation 2.0 Server Object ActiveX control in Schneider Electric OPC Factory Server (OFS) TLXCDSUOFS33 3.5 and earlier, TLXCDSTOFS33 3.5 and earlier, TLXCDLUOFS33 3.5 and earlier, TLXCDLTOFS33 3.5 and earlier, and TLXCDLFOFS33 3.5 and earlier allow remote attackers to cause a denial of service via long arguments to unspecified functions.

Action-Not Available
Vendor-n/aSchneider Electric SE
Product-opc_factory_server_tlxcdluofsopc_factory_server_tlxcdsuofsopc_factory_server_tlxcdlfofsopc_factory_server_tlxcdstofsopc_factory_server_tlxcdltofsn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-22699
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-7.5||HIGH
EPSS-0.55% / 67.00%
||
7 Day CHG~0.00%
Published-26 May, 2021 | 19:19
Updated-03 Aug, 2024 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper Input Validation vulnerability exists in Modicon M241/M251 logic controllers firmware prior to V5.1.9.1 that could cause denial of service when specific crafted requests are sent to the controller over HTTP.

Action-Not Available
Vendor-n/a
Product-modicon_m241modicon_m241_firmwaremodicon_m251_firmwaremodicon_m251Modicon M241/M251 logic controllers firmware prior to V5.1.9.1
CWE ID-CWE-20
Improper Input Validation
CVE-2021-22788
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-7.5||HIGH
EPSS-1.46% / 80.03%
||
7 Day CHG~0.00%
Published-11 Feb, 2022 | 17:40
Updated-03 Aug, 2024 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-787: Out-of-bounds Write vulnerability exists that could cause denial of service when an attacker sends a specially crafted HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (All Versions), Modicon Premium Processors with integrated Ethernet (Copro): TSXP574634, TSXP575634, TSXP576634 (All Versions), Modicon Quantum Processors with Integrated Ethernet (Copro): 140CPU65xxxxx (All Versions), Modicon Quantum Communication Modules: 140NOE771x1, 140NOC78x00, 140NOC77101 (All Versions), Modicon Premium Communication Modules: TSXETY4103, TSXETY5103 (All Versions)

Action-Not Available
Vendor-n/a
Product-tsxp575634140noc78x00_firmware140noe771x1tsxety5103140cpu65150tsxp574634_firmwarebmxnoc0401_firmwaretsxp575634_firmwarebmxnoe0110_firmware140noe771x1_firmwaretsxp574634tsxp576634modicon_m340_bmxp342020bmxnoe0100_firmwaretsxety4103_firmwarebmxnoc0401tsxp576634_firmwarebmxnor0200h_rtumodicon_m340_bmxp342020_firmware140noc77101_firmwarebmxnoe0100140cpu65150_firmwarebmxnor0200h_rtu_firmwaretsxety4103140noc77101bmxnoe0110140noc78x00tsxety5103_firmwareModicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (All Versions), Modicon Premium Processors with integrated Ethernet (Copro): TSXP574634, TSXP575634, TSXP576634 (All Versions), Modicon Quantum Processors with Integrated Ethernet (Copro): 140CPU65xxxxx (All Versions), Modicon Quantum Communication Modules: 140NOE771x1, 140NOC78x00, 140NOC77101 (All Versions), Modicon Premium Communication Modules: TSXETY4103, TSXETY5103 (All Versions)
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-9631
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-0.87% / 74.33%
||
7 Day CHG~0.00%
Published-07 Jul, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Null Pointer Dereference issue was discovered in Schneider Electric Wonderware ArchestrA Logger, versions 2017.426.2307.1 and prior. The null pointer dereference vulnerability could allow an attacker to crash the logger process, causing a denial of service for logging and log-viewing (applications that use the Wonderware ArchestrA Logger continue to run when the Wonderware ArchestrA Logger service is unavailable).

Action-Not Available
Vendor-n/aSchneider Electric SE
Product-wonderware_archestra_loggerSchneider Electric Wonderware ArchestrA Logger
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2013-2824
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.8||HIGH
EPSS-0.23% / 46.16%
||
7 Day CHG~0.00%
Published-26 Feb, 2014 | 11:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Schneider Electric StruxureWare SCADA Expert Vijeo Citect 7.40, Vijeo Citect 7.20 through 7.30SP1, CitectSCADA 7.20 through 7.30SP1, StruxureWare PowerSCADA Expert 7.30 through 7.30SR1, and PowerLogic SCADA 7.20 through 7.20SR1 do not properly handle exceptions, which allows remote attackers to cause a denial of service via a crafted packet.

Action-Not Available
Vendor-n/aSchneider Electric SE
Product-citectscadastruxureware_powerscada_expertstruxureware_scada_expert_vijeo_citectpowerlogic_scadan/a
CVE-2017-6017
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-6.14% / 90.44%
||
7 Day CHG~0.00%
Published-30 Jun, 2017 | 02:35
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Resource Exhaustion issue was discovered in Schneider Electric Modicon M340 PLC BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP341000, BMXP342000, BMXP3420102, BMXP3420102CL, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, and BMXP342030H. A remote attacker could send a specially crafted set of packets to the PLC causing it to freeze, requiring the operator to physically press the reset button on the PLC in order to recover.

Action-Not Available
Vendor-n/aSchneider Electric SE
Product-bmxnoe0110_firmwarebmxnoe0110h_firmwaremodicon_m340_bmxp3420302_firmwaremodicon_m340_bmxp3420102modicon_m340_bmxp341000bmxnoe0110bmxnoe0110hmodicon_m340_bmxp3420102cl_firmwaremodicon_m340_bmxp342020_firmwarebmxnoc0401_firmwaremodicon_m340_bmxp3420302hbmxnoe0100_firmwaremodicon_m340_bmxp342000_firmwaremodicon_m340_bmxp342020h_firmwaremodicon_m340_bmxp342020modicon_m340_bmxp3420102clbmxnoc0401modicon_m340_bmxp342030h_firmwaremodicon_m340_bmxp3420302modicon_m340_bmxp342030_firmwarebmxnor0200h_firmwaremodicon_m340_bmxp342000modicon_m340_bmxp342030hmodicon_m340_bmxp3420102_firmwaremodicon_m340_bmxp342020hbmxnoe0100modicon_m340_bmxp342030modicon_m340_bmxp3420302h_firmwarebmxnor0200hmodicon_m340_bmxp341000_firmwareSchneider Electric Modicon M340 PLC
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-9409
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-8.7||HIGH
EPSS-0.23% / 46.10%
||
7 Day CHG~0.00%
Published-13 Nov, 2024 | 04:29
Updated-19 Nov, 2024 | 15:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CWE-400: An Uncontrolled Resource Consumption vulnerability exists that could cause the device to become unresponsive resulting in communication loss when a large amount of IGMP packets is present in the network.

Action-Not Available
Vendor-
Product-powerlogic_pm5340powerlogic_pm5320_firmwarepowerlogic_pm5341powerlogic_pm5341_firmwarepowerlogic_pm5320powerlogic_pm5340_firmwarePowerLogic PM5320PowerLogic PM5340PowerLogic PM5341powerlogic_pm5340powerlogic_pm5341powerlogic_pm5320
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-6918
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-7.5||HIGH
EPSS-0.20% / 41.81%
||
7 Day CHG~0.00%
Published-20 Aug, 2024 | 12:11
Updated-03 Sep, 2024 | 17:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability exists that could cause a crash of the Accutech Manager when receiving a specially crafted request over port 2536/TCP.

Action-Not Available
Vendor-
Product-Accutech Manageraccutech_manager
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2017-6019
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-24.16% / 95.85%
||
7 Day CHG~0.00%
Published-07 Apr, 2017 | 22:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Schneider Electric Conext ComBox, model 865-1058, all firmware versions prior to V3.03 BN 830. A series of rapid requests to the device may cause it to reboot.

Action-Not Available
Vendor-n/aSchneider Electric SE
Product-conext_combox_865-1058conext_combox_865-1058_firmwareSchneider Electric Conext ComBox
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-34764
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-5.9||MEDIUM
EPSS-0.59% / 68.18%
||
7 Day CHG~0.00%
Published-13 Jul, 2022 | 21:11
Updated-16 Sep, 2024 | 18:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause denial of service when parsing the URL. Affected Products: X80 advanced RTU Communication Module (BMENOR2200H) (V1.0), OPC UA Modicon Communication Module (BMENUA0100) (V1.10 and prior)

Action-Not Available
Vendor-
Product-opc_ua_module_for_m580opc_ua_module_for_m580_firmwarex80_advanced_rtu_module_firmwarex80_advanced_rtu_moduleOPC UA Modicon Communication ModuleX80 advanced RTU Communication Module
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2022-34761
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-7.5||HIGH
EPSS-0.69% / 70.75%
||
7 Day CHG~0.00%
Published-13 Jul, 2022 | 21:10
Updated-16 Sep, 2024 | 16:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-476: NULL Pointer Dereference vulnerability exists that could cause a denial of service of the webserver when parsing JSON content type. Affected Products: X80 advanced RTU Communication Module (BMENOR2200H) (V2.01 and later), OPC UA Modicon Communication Module (BMENUA0100) (V1.10 and prior)

Action-Not Available
Vendor-
Product-opc_ua_module_for_m580opc_ua_module_for_m580_firmwarex80_advanced_rtu_module_firmwarex80_advanced_rtu_moduleOPC UA Modicon Communication ModuleX80 advanced RTU Communication Module
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2022-34759
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-7.5||HIGH
EPSS-0.59% / 68.18%
||
7 Day CHG~0.00%
Published-13 Jul, 2022 | 21:10
Updated-16 Sep, 2024 | 22:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-787: Out-of-bounds Write vulnerability exists that could cause a denial of service of the webserver due to improper parsing of the HTTP Headers. Affected Products: X80 advanced RTU Communication Module (BMENOR2200H) (V1.0), OPC UA Modicon Communication Module (BMENUA0100) (V1.10 and prior)

Action-Not Available
Vendor-
Product-opc_ua_module_for_m580opc_ua_module_for_m580_firmwarex80_advanced_rtu_module_firmwarex80_advanced_rtu_moduleOPC UA Modicon Communication ModuleX80 advanced RTU Communication Module
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-34760
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-7.5||HIGH
EPSS-0.46% / 62.98%
||
7 Day CHG~0.00%
Published-13 Jul, 2022 | 21:10
Updated-17 Sep, 2024 | 01:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability exists that could cause a denial of service of the webserver due to improper handling of the cookies. Affected Products: X80 advanced RTU Communication Module (BMENOR2200H) (V1.0), OPC UA Modicon Communication Module (BMENUA0100) (V1.10 and prior)

Action-Not Available
Vendor-
Product-opc_ua_module_for_m580opc_ua_module_for_m580_firmwarex80_advanced_rtu_module_firmwarex80_advanced_rtu_moduleOPC UA Modicon Communication ModuleX80 advanced RTU Communication Module
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2012-0929
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-12.55% / 93.69%
||
7 Day CHG~0.00%
Published-28 Jan, 2012 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflows in Schneider Electric Modicon Quantum PLC allow remote attackers to cause a denial of service via malformed requests to the (1) FTP server or (2) HTTP server.

Action-Not Available
Vendor-n/aSchneider Electric SE
Product-modicon_quantum_plcn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2024-5560
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-5.3||MEDIUM
EPSS-0.23% / 45.40%
||
7 Day CHG~0.00%
Published-12 Jun, 2024 | 16:45
Updated-01 Aug, 2024 | 21:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CWE-125: Out-of-bounds Read vulnerability exists that could cause denial of service of the device’s web interface when an attacker sends a specially crafted HTTP request.

Action-Not Available
Vendor-
Product-sage_4400sage_1410sage_3030_magnumsage_2400sage_rtu_firmwaresage_1450sage_1430Sage 4400Sage 1450Sage 1410Sage 3030 MagnumSage 1430Sage 2400sage_4400
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-32516
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-7.5||HIGH
EPSS-0.12% / 31.94%
||
7 Day CHG~0.00%
Published-30 Jan, 2023 | 00:00
Updated-05 Feb, 2025 | 20:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists that could cause system’s configurations override and cause a reboot loop when the product suffers from POST-Based Cross-Site Request Forgery (CSRF). Affected Products: Conext™ ComBox (All Versions)

Action-Not Available
Vendor-Schneider Electric SE
Product-conext_comboxconext_combox_firmwareConext™ ComBox
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-7502
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-7.5||HIGH
EPSS-0.35% / 56.63%
||
7 Day CHG~0.00%
Published-16 Jun, 2020 | 19:41
Updated-04 Aug, 2024 | 09:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-787: Out-of-bounds Write vulnerability exists in Modicon M218 Logic Controller (Firmware version 4.3 and prior), which may cause a Denial of Service when specific TCP/IP crafted packets are sent to the Modicon M218 Logic Controller.

Action-Not Available
Vendor-n/a
Product-modicon_m218modicon_m218_firmwareModicon M218 Logic Controller (Firmware version 4.3 and prior)
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-7559
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-7.5||HIGH
EPSS-0.51% / 65.19%
||
7 Day CHG~0.00%
Published-19 Nov, 2020 | 21:04
Updated-04 Aug, 2024 | 09:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause a crash of the PLC simulator present in EcoStruxureª Control Expert software when receiving a specially crafted request over Modbus.

Action-Not Available
Vendor-n/a
Product-ecostruxure_control_expertPLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions)
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2020-7484
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-7.5||HIGH
EPSS-0.30% / 52.42%
||
7 Day CHG~0.00%
Published-15 Apr, 2020 | 21:03
Updated-04 Aug, 2024 | 09:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

**VERSION NOT SUPPORTED WHEN ASSIGNED** A vulnerability with the former 'password' feature could allow a denial of service attack if the user is not following documented guidelines pertaining to dedicated TriStation connection and key-switch protection. This vulnerability was discovered and remediated in versions v4.9.1 and v4.10.1 on May 30, 2013. This feature is not present in version v4.9.1 and v4.10.1 through current. Therefore, the vulnerability is not present in these versions.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_7windows_xpwindows_nttristation_1131TriStation TS1131 (v4.0.0 to v4.9.0, v4.10.0)
CVE-2020-7507
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-7.5||HIGH
EPSS-0.39% / 59.16%
||
7 Day CHG~0.00%
Published-16 Jun, 2020 | 19:43
Updated-04 Aug, 2024 | 09:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-400: Uncontrolled Resource Consumption vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to login multiple times resulting in a denial of service.

Action-Not Available
Vendor-n/a
Product-easergy_t300easergy_t300_firmwareEasergy T300 (Firmware version 1.5.2 and older)
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-37039
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-5.9||MEDIUM
EPSS-0.59% / 68.12%
||
7 Day CHG~0.00%
Published-12 Jun, 2024 | 16:54
Updated-02 Aug, 2024 | 03:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CWE-252: Unchecked Return Value vulnerability exists that could cause denial of service of the device when an attacker sends a specially crafted HTTP request.

Action-Not Available
Vendor-
Product-sage_4400sage_1410sage_3030_magnumsage_2400sage_rtu_firmwaresage_1450sage_1430Sage 4400Sage 1450Sage 1410Sage 3030 MagnumSage 1430Sage 2400sage_4400
CWE ID-CWE-252
Unchecked Return Value
CVE-2022-22724
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-7.5||HIGH
EPSS-0.48% / 64.16%
||
7 Day CHG~0.00%
Published-04 Feb, 2022 | 22:29
Updated-03 Aug, 2024 | 03:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-400: Uncontrolled Resource Consumption vulnerability exists that could cause a denial of service on ports 80 (HTTP) and 502 (Modbus), when sending a large number of TCP RST or FIN packets to any open TCP port of the PLC. Affected Product: Modicon M340 CPUs: BMXP34 (All Versions)

Action-Not Available
Vendor-n/a
Product-modicon_m340_bmxp341000_firmwaremodicon_m340_bmxp342030_firmwaremodicon_m340_bmxp342000modicon_m340_bmxp342010_firmwaremodicon_m340_bmxp341000modicon_m340_bmxp342000_firmwaremodicon_m340_bmxp3420102_firmwaremodicon_m340_bmxp3420302modicon_m340_bmxp3420102modicon_m340_bmxp342030modicon_m340_bmxp3420302_firmwaremodicon_m340_bmxp342010Modicon M340 CPUs: BMXP34 (All Versions)
CWE ID-CWE-400
Uncontrolled Resource Consumption
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found