Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2021-30063

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-03 Apr, 2022 | 21:52
Updated At-03 Aug, 2024 | 22:24
Rejected At-
Credits

On Schneider Electric ConneXium Tofino OPCLSM TCSEFM0000 before 03.23 and Belden Tofino Xenon Security Appliance, crafted OPC packets can cause an OPC enforcer denial of service.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:03 Apr, 2022 | 21:52
Updated At:03 Aug, 2024 | 22:24
Rejected At:
▼CVE Numbering Authority (CNA)

On Schneider Electric ConneXium Tofino OPCLSM TCSEFM0000 before 03.23 and Belden Tofino Xenon Security Appliance, crafted OPC packets can cause an OPC enforcer denial of service.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.belden.com/support/security-assurance
x_refsource_MISC
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-011-05
x_refsource_CONFIRM
Hyperlink: https://www.belden.com/support/security-assurance
Resource:
x_refsource_MISC
Hyperlink: https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-011-05
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.belden.com/support/security-assurance
x_refsource_MISC
x_transferred
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-011-05
x_refsource_CONFIRM
x_transferred
Hyperlink: https://www.belden.com/support/security-assurance
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-011-05
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:03 Apr, 2022 | 22:15
Updated At:09 Apr, 2022 | 00:45

On Schneider Electric ConneXium Tofino OPCLSM TCSEFM0000 before 03.23 and Belden Tofino Xenon Security Appliance, crafted OPC packets can cause an OPC enforcer denial of service.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CPE Matches
belden
belden
>>tofino_xenon_security_appliance_firmware>>Versions before 03.2.03(exclusive)
cpe:2.3:o:belden:tofino_xenon_security_appliance_firmware:*:*:*:*:*:*:*:*
belden
belden
>>tofino_xenon_security_appliance>>-
cpe:2.3:h:belden:tofino_xenon_security_appliance:-:*:*:*:*:*:*:*
belden
belden
>>tofino_argon_fa-tsa-220-tx\/mm_firmware>>-
cpe:2.3:o:belden:tofino_argon_fa-tsa-220-tx\/mm_firmware:-:*:*:*:*:*:*:*
belden
belden
>>tofino_argon_fa-tsa-220-tx\/mm>>-
cpe:2.3:h:belden:tofino_argon_fa-tsa-220-tx\/mm:-:*:*:*:*:*:*:*
belden
belden
>>tofino_argon_fa-tsa-220-tx\/tx_firmware>>-
cpe:2.3:o:belden:tofino_argon_fa-tsa-220-tx\/tx_firmware:-:*:*:*:*:*:*:*
belden
belden
>>tofino_argon_fa-tsa-220-tx\/tx>>-
cpe:2.3:h:belden:tofino_argon_fa-tsa-220-tx\/tx:-:*:*:*:*:*:*:*
belden
belden
>>tofino_argon_fa-tsa-220-mm\/tx_firmware>>-
cpe:2.3:o:belden:tofino_argon_fa-tsa-220-mm\/tx_firmware:-:*:*:*:*:*:*:*
belden
belden
>>tofino_argon_fa-tsa-220-mm\/tx>>-
cpe:2.3:h:belden:tofino_argon_fa-tsa-220-mm\/tx:-:*:*:*:*:*:*:*
belden
belden
>>tofino_argon_fa-tsa-220-mm\/mm_firmware>>-
cpe:2.3:o:belden:tofino_argon_fa-tsa-220-mm\/mm_firmware:-:*:*:*:*:*:*:*
belden
belden
>>tofino_argon_fa-tsa-220-mm\/mm>>-
cpe:2.3:h:belden:tofino_argon_fa-tsa-220-mm\/mm:-:*:*:*:*:*:*:*
belden
belden
>>tofino_argon_fa-tsa-100-tx\/tx_firmware>>-
cpe:2.3:o:belden:tofino_argon_fa-tsa-100-tx\/tx_firmware:-:*:*:*:*:*:*:*
belden
belden
>>tofino_argon_fa-tsa-100-tx\/tx>>-
cpe:2.3:h:belden:tofino_argon_fa-tsa-100-tx\/tx:-:*:*:*:*:*:*:*
belden
belden
>>eagle_20_tofino_943_987-505-mm\/mm_firmware>>-
cpe:2.3:o:belden:eagle_20_tofino_943_987-505-mm\/mm_firmware:-:*:*:*:*:*:*:*
belden
belden
>>eagle_20_tofino_943_987-505-mm\/mm>>-
cpe:2.3:h:belden:eagle_20_tofino_943_987-505-mm\/mm:-:*:*:*:*:*:*:*
belden
belden
>>eagle_20_tofino_943_987-504-mm\/tx_firmware>>-
cpe:2.3:o:belden:eagle_20_tofino_943_987-504-mm\/tx_firmware:-:*:*:*:*:*:*:*
belden
belden
>>eagle_20_tofino_943_987-504-mm\/tx>>-
cpe:2.3:h:belden:eagle_20_tofino_943_987-504-mm\/tx:-:*:*:*:*:*:*:*
belden
belden
>>eagle_20_tofino_943_987-502_-tx\/mm_firmware>>-
cpe:2.3:o:belden:eagle_20_tofino_943_987-502_-tx\/mm_firmware:-:*:*:*:*:*:*:*
belden
belden
>>eagle_20_tofino_943_987-502_-tx\/mm>>-
cpe:2.3:h:belden:eagle_20_tofino_943_987-502_-tx\/mm:-:*:*:*:*:*:*:*
belden
belden
>>eagle_20_tofino_943_987-501-tx\/tx_firmware>>-
cpe:2.3:o:belden:eagle_20_tofino_943_987-501-tx\/tx_firmware:-:*:*:*:*:*:*:*
belden
belden
>>eagle_20_tofino_943_987-501-tx\/tx>>-
cpe:2.3:h:belden:eagle_20_tofino_943_987-501-tx\/tx:-:*:*:*:*:*:*:*
Schneider Electric SE
schneider-electric
>>tcsefm0000_firmware>>Versions before 03.23(exclusive)
cpe:2.3:o:schneider-electric:tcsefm0000_firmware:*:*:*:*:*:*:*:*
Schneider Electric SE
schneider-electric
>>tcsefm0000>>-
cpe:2.3:h:schneider-electric:tcsefm0000:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-011-05cve@mitre.org
Vendor Advisory
https://www.belden.com/support/security-assurancecve@mitre.org
Vendor Advisory
Hyperlink: https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-011-05
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: https://www.belden.com/support/security-assurance
Source: cve@mitre.org
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

91Records found
CVE-2020-7538
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-7.5||HIGH
EPSS-0.46% / 62.98%
||
7 Day CHG~0.00%
Published-19 Nov, 2020 | 21:04
Updated-04 Aug, 2024 | 09:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause a crash of the PLC simulator present in EcoStruxureª Control Expert software when receiving a specially crafted request over Modbus.

Action-Not Available
Vendor-n/a
Product-ecostruxure_control_expertPLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions)
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2020-7542
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-7.5||HIGH
EPSS-0.39% / 59.16%
||
7 Day CHG~0.00%
Published-11 Dec, 2020 | 00:52
Updated-04 Aug, 2024 | 09:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see security notifications for affected versions), that could cause denial of service when a specially crafted Read Physical Memory request over Modbus is sent to the controller.

Action-Not Available
Vendor-n/a
Product-modicon_m580_bmep582040_firmware140cpu65150tsxp575634_firmwaretsxp574634modicon_m580_bmep583040_firmwaremodicon_m340_bmxp3420102clmodicon_m340_bmxp3420302_firmwaremodicon_m580_bmep583020modicon_m580_bmep586040modicon_m580_bmep584040modicon_m340_bmxp342000modicon_m580_bmep582020modicon_m580_bmep583020_firmwaremodicon_m340_bmxp3420302cl_firmwaremodicon_m340_bmxp341000modicon_m340_bmxp342020_firmwaremodicon_m340_bmxp3420102_firmwaremodicon_m580_bmep585040_firmwaremodicon_m340_bmxp3420102cl_firmwaremodicon_m580_bmep584040_firmwaremodicon_m580_bmep583040tsxp574634_firmwaremodicon_m580_bmep582040modicon_m580_bmep585040modicon_m580_bmep584020_firmwaremodicon_m340_bmxp3420302clmodicon_m340_bmxp3420302modicon_m580_bmep584020modicon_m340_bmxp342020tsxp576634modicon_m340_bmxp341000_firmwaremodicon_m580_bmep581020_firmwaremodicon_m580_bmep581020modicon_m580_bmep582020_firmwaretsxp576634_firmwaremodicon_m340_bmxp342000_firmware140cpu65150_firmwaremodicon_m340_bmxp3420102tsxp575634modicon_m580_bmep586040_firmwareModicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see security notifications for affected versions)
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2024-37039
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-5.9||MEDIUM
EPSS-0.59% / 68.12%
||
7 Day CHG~0.00%
Published-12 Jun, 2024 | 16:54
Updated-02 Aug, 2024 | 03:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CWE-252: Unchecked Return Value vulnerability exists that could cause denial of service of the device when an attacker sends a specially crafted HTTP request.

Action-Not Available
Vendor-
Product-sage_4400sage_1410sage_3030_magnumsage_2400sage_rtu_firmwaresage_1450sage_1430Sage 4400Sage 1450Sage 1410Sage 3030 MagnumSage 1430Sage 2400sage_4400
CWE ID-CWE-252
Unchecked Return Value
CVE-2013-2763
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.88% / 74.38%
||
7 Day CHG~0.00%
Published-04 Apr, 2013 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Schneider Electric M340 PLC modules allow remote attackers to cause a denial of service (resource consumption) via unspecified vectors. NOTE: the vendor reportedly disputes this issue because it "could not be duplicated" and "an attacker could not remotely exploit this observed behavior to deny PLC control functions.

Action-Not Available
Vendor-n/aSchneider Electric SE
Product-modicon_m340_bmx_noe_0110h_firmwaremodicon_m340_bmxp342030modicon_m340_bmxp342030_firmwaremodicon_m340_bmx_noc_0401modicon_m340_bmxp342010modicon_m340_bmx_noe_0110hmodicon_m340_bmx_nor_0200h_firmwaremodicon_m340_bmxp341000_firmwaremodicon_m340_bmxp342020modicon_m340_bmxp341000modicon_m340_bmx_noc_0401_firmwaremodicon_m340_bmxp342010_firmwaremodicon_m340_bmx_nor_0200hmodicon_m340_bmx_p34-2010modicon_m340_bmx_p34-2010_firmwaremodicon_m340_bmx_noe_0100modicon_m340_bmx_noe_0100hmodicon_m340_bmx_noe_0100h_firmwaremodicon_m340_bmx_noe_0100_firmwaremodicon_m340_bmx_p34-2030modicon_m340_bmx_noe_0110_firmwaremodicon_m340_bmxp342020_firmwaremodicon_m340_bmx_p34-2030_firmwaremodicon_m340_bmx_noe_0110n/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-22724
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-7.5||HIGH
EPSS-0.48% / 64.16%
||
7 Day CHG~0.00%
Published-04 Feb, 2022 | 22:29
Updated-03 Aug, 2024 | 03:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-400: Uncontrolled Resource Consumption vulnerability exists that could cause a denial of service on ports 80 (HTTP) and 502 (Modbus), when sending a large number of TCP RST or FIN packets to any open TCP port of the PLC. Affected Product: Modicon M340 CPUs: BMXP34 (All Versions)

Action-Not Available
Vendor-n/a
Product-modicon_m340_bmxp341000_firmwaremodicon_m340_bmxp342030_firmwaremodicon_m340_bmxp342000modicon_m340_bmxp342010_firmwaremodicon_m340_bmxp341000modicon_m340_bmxp342000_firmwaremodicon_m340_bmxp3420102_firmwaremodicon_m340_bmxp3420302modicon_m340_bmxp3420102modicon_m340_bmxp342030modicon_m340_bmxp3420302_firmwaremodicon_m340_bmxp342010Modicon M340 CPUs: BMXP34 (All Versions)
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-24315
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-7.5||HIGH
EPSS-0.64% / 69.68%
||
7 Day CHG~0.00%
Published-09 Feb, 2022 | 22:05
Updated-03 Aug, 2024 | 04:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-125: Out-of-bounds Read vulnerability exists that could cause denial of service when an attacker repeatedly sends a specially crafted message. Affected Product: Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior)

Action-Not Available
Vendor-n/a
Product-interactive_graphical_scada_system_data_serverInteractive Graphical SCADA System Data Server (V15.0.0.22020 and prior)
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-24314
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-7.5||HIGH
EPSS-0.63% / 69.28%
||
7 Day CHG~0.00%
Published-09 Feb, 2022 | 22:05
Updated-03 Aug, 2024 | 04:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-125: Out-of-bounds Read vulnerability exists that could cause memory leaks potentially resulting in denial of service when an attacker repeatedly sends a specially crafted message. Affected Product: Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior)

Action-Not Available
Vendor-n/a
Product-interactive_graphical_scada_system_data_serverInteractive Graphical SCADA System Data Server (V15.0.0.22020 and prior)
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-24321
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-7.5||HIGH
EPSS-0.46% / 62.98%
||
7 Day CHG~0.00%
Published-09 Feb, 2022 | 22:05
Updated-03 Aug, 2024 | 04:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause Denial of Service against the Geo SCADA server when receiving a malformed HTTP request. Affected Product: ClearSCADA (All Versions), EcoStruxure Geo SCADA Expert 2019 (All Versions), EcoStruxure Geo SCADA Expert 2020 (All Versions)

Action-Not Available
Vendor-n/a
Product-clearscadaecostruxure_geo_scada_expert_2020ecostruxure_geo_scada_expert_2019ClearSCADA (All Versions), EcoStruxure Geo SCADA Expert 2019 (All Versions), EcoStruxure Geo SCADA Expert 2020 (All Versions)
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2019-6828
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-7.5||HIGH
EPSS-0.37% / 57.86%
||
7 Day CHG~0.00%
Published-17 Sep, 2019 | 19:59
Updated-04 Aug, 2024 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-248: Uncaught Exception vulnerability exists Modicon M580 (firmware version prior to V2.90), Modicon M340 (firmware version prior to V3.10), Modicon Premium (all versions), and Modicon Quantum (all versions), which could cause a possible denial of service when reading specific coils and registers in the controller over Modbus.

Action-Not Available
Vendor-
Product-modicon_quantummodicon_quantum_firmwaremodicon_m580_firmwaremodicon_premium_firmwaremodicon_premiummodicon_m340modicon_m340_firmwaremodicon_m580Modicon M580Modicon QuantumModicon M340Modicon Premium
CWE ID-CWE-248
Uncaught Exception
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CVE-2019-6809
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-7.5||HIGH
EPSS-0.55% / 67.00%
||
7 Day CHG~0.00%
Published-17 Sep, 2019 | 19:50
Updated-04 Aug, 2024 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-248: Uncaught Exception vulnerability exists in Modicon M580 (firmware versions prior to V2.90), Modicon M340 (firmware versions prior to V3.10), Modicon Premium (all versions), Modicon Quantum (all versions), which could cause a possible denial of service when reading invalid data from the controller.

Action-Not Available
Vendor-
Product-modicon_quantummodicon_quantum_firmwaremodicon_m580_firmwaremodicon_premium_firmwaremodicon_premiummodicon_m340modicon_m340_firmwaremodicon_m580Modicon M580Modicon QuantumModicon M340Modicon Premium
CWE ID-CWE-248
Uncaught Exception
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CVE-2019-6857
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-7.5||HIGH
EPSS-0.37% / 57.90%
||
7 Day CHG~0.00%
Published-06 Jan, 2020 | 22:57
Updated-04 Aug, 2024 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service of the controller when reading specific memory blocks using Modbus TCP.

Action-Not Available
Vendor-
Product-140cpu67260_firmware140cpu67261_firmwaretsxp573634m140cpu65150tsxp571634m140cpu67861modicon_m580_firmwaretsxh5744m_firmwaretsxh5744m140cpu65160_firmware140cpu67160s_firmware140cpu65160s_firmware140cpu67160_firmware140cpu65860_firmwaretsxp574634m_firmwaretsxp575634mmodicon_m580140cpu65860tsxp575634m_firmwaretsxh5724m_firmware140cpu65160tsxp573634m_firmwaretsxp57454m_firmware140cpu67160140cpu67861_firmwaretsxp57254m_firmwaretsxp57304mtsxp572634mtsxp574634mtsxh5724mtsxp57304m_firmwaretsxp57204m_140cpu67261140cpu67060_firmwaretsxp576634m_firmware140cpu65160s140cpu65260_firmware140cpu67160stsxp576634m_tsxp57154m_firmwaretsxp57154mtsxp57454mmodicon_m340tsxp57254mtsxp57554mtsxp572634m_firmwaretsxp57104m_firmware140cpu67260tsxp57104mtsxp57354mtsxp57354m_firmware140cpu65150_firmwaretsxp57204m_firmwaretsxp57554m_firmware140cpu65260140cpu67060tsxp571634m_firmwaremodicon_m340_firmwareModicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions)
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2022-0222
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-7.5||HIGH
EPSS-0.20% / 42.24%
||
7 Day CHG~0.00%
Published-22 Nov, 2022 | 00:00
Updated-29 Apr, 2025 | 15:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-269: Improper Privilege Management vulnerability exists that could cause a denial of service of the Ethernet communication of the controller when sending a specific request over SNMP. Affected products: Modicon M340 CPUs(BMXP34* versions prior to V3.40), Modicon M340 X80 Ethernet Communication modules:BMXNOE0100 (H), BMXNOE0110 (H), BMXNOR0200H RTU(BMXNOE* all versions)(BMXNOR* versions prior to v1.7 IR24)

Action-Not Available
Vendor-Schneider Electric SE
Product-modicon_m340_bmxnoe0110hmodicon_m340_bmxp342030_firmwaremodicon_m340_bmxp3420302h_firmwaremodicon_m340_bmxp342020h_firmwaremodicon_m340_bmxp3420302modicon_m340_bmxnoe0110_firmwaremodicon_m340_bmxp3420302_firmwaremodicon_m340_bmxp342010modicon_m340_bmxp342020modicon_m340_bmxnoe0110modicon_m340_bmxp341000_firmwaremodicon_m340_bmxp342030hmodicon_m340_bmxp342020hmodicon_m340_bmxp342000modicon_m340_bmxnoe0100_firmwaremodicon_m340_bmxp342010_firmwaremodicon_m340_bmxp341000modicon_m340_bmxp342020_firmwaremodicon_m340_bmxp342030h_firmwaremodicon_m340_bmxp342000_firmwaremodicon_m340_bmxnor0200h_firmwaremodicon_m340_bmxp3420102_firmwaremodicon_m340_bmxnor0200hmodicon_m340_bmxp3420102modicon_m340_bmxp342030modicon_m340_bmxnoe0100modicon_m340_bmxnoe0110h_firmwaremodicon_m340_bmxp3420302hModicon M340 CPUsModicon M340 X80 Ethernet Communication modules: BMXNOE0100 (H) BMXNOE0110 (H) BMXNOR0200H RTU
CWE ID-CWE-269
Improper Privilege Management
CVE-2019-6856
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-7.5||HIGH
EPSS-0.37% / 57.90%
||
7 Day CHG~0.00%
Published-06 Jan, 2020 | 22:57
Updated-04 Aug, 2024 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service when writing specific physical memory blocks using Modbus TCP.

Action-Not Available
Vendor-
Product-140cpu67260_firmware140cpu67261_firmwaretsxp573634m140cpu65150tsxp571634m140cpu67861modicon_m580_firmwaretsxh5744m_firmwaretsxh5744m140cpu65160_firmware140cpu67160s_firmware140cpu65160s_firmware140cpu67160_firmware140cpu65860_firmwaretsxp574634m_firmwaretsxp575634mmodicon_m580140cpu65860tsxp575634m_firmwaretsxh5724m_firmware140cpu65160tsxp573634m_firmwaretsxp57454m_firmware140cpu67160140cpu67861_firmwaretsxp57254m_firmwaretsxp57304mtsxp572634mtsxp574634mtsxh5724mtsxp57304m_firmwaretsxp57204m_140cpu67261140cpu67060_firmwaretsxp576634m_firmware140cpu65160s140cpu65260_firmware140cpu67160stsxp576634m_tsxp57154m_firmwaretsxp57154mtsxp57454mmodicon_m340tsxp57254mtsxp57554mtsxp572634m_firmwaretsxp57104m_firmware140cpu67260tsxp57104mtsxp57354mtsxp57354m_firmware140cpu65150_firmwaretsxp57204m_firmwaretsxp57554m_firmware140cpu65260140cpu67060tsxp571634m_firmwaremodicon_m340_firmwareModicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions)
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2023-29413
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-7.5||HIGH
EPSS-0.26% / 49.32%
||
7 Day CHG~0.00%
Published-18 Apr, 2023 | 20:50
Updated-05 Feb, 2025 | 20:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause Denial-of-Service when accessed by an unauthenticated user on the Schneider UPS Monitor service.

Action-Not Available
Vendor-Microsoft CorporationSchneider Electric SE
Product-windows_server_2016apc_easy_ups_online_monitoring_softwareeasy_ups_online_monitoring_softwarewindows_11windows_10windows_server_2022windows_server_2019Schneider Electric Easy UPS Online Monitoring Software (Windows 10, 11 Windows Server 2016, 2019, 2022)APC Easy UPS Online Monitoring Software (Windows 10, 11 Windows Server 2016, 2019, 2022)
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2019-6848
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-8.6||HIGH
EPSS-0.46% / 63.13%
||
7 Day CHG~0.00%
Published-29 Oct, 2019 | 14:53
Updated-04 Aug, 2024 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580 CPU (BMEx58*) and Modicon M580 communication module (BMENOC0311, BMENOC0321) (see notification for version info), which could cause a Denial of Service attack on the PLC when sending specific data on the REST API of the controller/communication module.

Action-Not Available
Vendor-n/a
Product-modicon_bmenoc_0321_firmwaremodicon_m580_firmwaremodicon_bmenoc_0321modicon_bmenoc_0311_firmwaremodicon_bmenoc_0311modicon_m580Modicon M580 CPU (BMEx58*) and Modicon M580 communication module (BMENOC0311, BMENOC0321) (see notification for version info)
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CVE-2019-6831
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-8.6||HIGH
EPSS-0.58% / 67.80%
||
7 Day CHG~0.00%
Published-17 Sep, 2019 | 19:22
Updated-04 Aug, 2024 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in BMXNOR0200H Ethernet / Serial RTU module (all firmware versions), which could cause disconnection of active connections when an unusually high number of IEC 60870- 5-104 packets are received by the module on port 2404/TCP.

Action-Not Available
Vendor-
Product-bmxnor0200h_firmwarebmxnor0200hBMXNOR0200H Ethernet / Serial RTU module
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2019-6819
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-7.5||HIGH
EPSS-0.47% / 63.52%
||
7 Day CHG~0.00%
Published-22 May, 2019 | 19:45
Updated-04 Aug, 2024 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists which could cause a possible Denial of Service when specific Modbus frames are sent to the controller in the products: Modicon M340 - firmware versions prior to V3.01, Modicon M580 - firmware versions prior to V2.80, All firmware versions of Modicon Quantum and Modicon Premium.

Action-Not Available
Vendor-n/a
Product-bmeh584040cmodicon_quantum_firmwaremodicon_m580_firmwarebmeh584040bmeh582040cmodicon_premium_firmwaremodicon_m340_bmxp3420102clmodicon_m580_bmep583020modicon_m580_bmep586040modicon_m340_bmxp342000modicon_m580_bmep584040modicon_m580_bmep582020modicon_m340_bmxp341000modicon_m340_bmxp3420302hmodicon_m580_bmep585040cmodicon_m580_bmep584040smodicon_m580_bmep583040modicon_m340_bmxp341000hmodicon_m580_bmep582040modicon_m580_bmep585040modicon_m340_bmxp3420302clmodicon_m580_bmep582040hbmeh586040modicon_m340_bmxp3420302modicon_premiummodicon_m580_bmep584020modicon_m340_bmxp342020modicon_m580_bmep582040smodicon_quantummodicon_m340_bmxp342020hmodicon_m580_bmep581020modicon_m580_bmep586040cbmeh586040cmodicon_m580_bmep581020hmodicon_m580_bmep582020hbmeh582040modicon_m340_bmxp3420102modicon_m340_firmwareModicon Controllers, Modicon M340 - firmware versions prior to V3.01 Modicon M580 - firmware versions prior to V2.80 All firmware versions of Modicon Quantum and Modicon Premium
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2023-25619
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-7.5||HIGH
EPSS-0.07% / 21.38%
||
7 Day CHG~0.00%
Published-19 Apr, 2023 | 07:53
Updated-05 Feb, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause denial of service of the controller when communicating over the Modbus TCP protocol.

Action-Not Available
Vendor-Schneider Electric SE
Product-modicon_m340_firmwaremodicon_m340bmep58s_firmwaretsxp57_firmwaretsxp57bmep58sbmeh58smodicon_momentum_unity_m1e_processormodicon_momentum_unity_m1e_processor_firmwaremodicon_m580modicon_mc80bmeh58s_firmwaremodicon_mc80_firmwaremodicon_m580_firmwareModicon MC80 (BMKC80)Modicon M580 CPU Safety (part numbers BMEP58*S and BMEH58*S)Modicon Momentum Unity M1E Processor (171CBU*)Modicon M580 CPU (part numbers BMEP* and BMEH*)Legacy Modicon Premium CPUs (TSXP57*)Legacy Modicon Quantum (140CPU65*)Modicon M340 CPU (part numbers BMXP34*)
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2023-22610
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-9.1||CRITICAL
EPSS-0.22% / 44.59%
||
7 Day CHG~0.00%
Published-31 Jan, 2023 | 00:00
Updated-05 Feb, 2025 | 20:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-863: Incorrect Authorization vulnerability exists that could cause Denial of Service against the Geo SCADA server when specific messages are sent to the server over the database server TCP port.

Action-Not Available
Vendor-Schneider Electric SE
Product-ecostruxure_geo_scada_expert_2021ecostruxure_geo_scada_expert_2020ecostruxure_geo_scada_expert_2019EcoStruxure Geo SCADA Expert 2019 - 2021 (formerly known as ClearSCADA)
CWE ID-CWE-863
Incorrect Authorization
CVE-2016-8374
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-0.40% / 59.57%
||
7 Day CHG~0.00%
Published-13 Feb, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Schneider Electric Magelis HMI Magelis GTO Advanced Optimum Panels, all versions, Magelis GTU Universal Panel, all versions, Magelis STO5xx and STU Small panels, all versions, Magelis XBT GH Advanced Hand-held Panels, all versions, Magelis XBT GK Advanced Touchscreen Panels with Keyboard, all versions, Magelis XBT GT Advanced Touchscreen Panels, all versions, and Magelis XBT GTW Advanced Open Touchscreen Panels (Windows XPe). An attacker may be able to disrupt a targeted web server, resulting in a denial of service because of UNCONTROLLED RESOURCE CONSUMPTION.

Action-Not Available
Vendor-n/aSchneider Electric SE
Product-magelis_xbt_gk_advanced_touchscreen_panel_with_keyboard_firmwaremagelis_gtu_universal_panelmagelis_xbt_gh_advanced_hand-held_panel_firmwaremagelis_xbt_gtw_advanced_open_touchscreen_panel_firmwaremagelis_gto_advanced_optimum_panelmagelis_xbt_gt_advanced_touchscreen_panelmagelis_xbt_gtw_advanced_open_touchscreen_panelmagelis_sto5_small_panelmagelis_stu_small_panelmagelis_xbt_gt_advanced_touchscreen_panel_firmwaremagelis_gtu_universal_panel_firmwaremagelis_stu_small_panel_firmwaremagelis_gto_advanced_optimum_panel_firmwaremagelis_xbt_gh_advanced_hand-held_panelmagelis_xbt_gk_advanced_touchscreen_panel_with_keyboardmagelis_sto5_small_panel_firmwareSchneider Electric Magelis HMI
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2016-8367
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-5.3||MEDIUM
EPSS-13.71% / 94.00%
||
7 Day CHG~0.00%
Published-13 Feb, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Schneider Electric Magelis HMI Magelis GTO Advanced Optimum Panels, all versions, Magelis GTU Universal Panel, all versions, Magelis STO5xx and STU Small panels, all versions, Magelis XBT GH Advanced Hand-held Panels, all versions, Magelis XBT GK Advanced Touchscreen Panels with Keyboard, all versions, Magelis XBT GT Advanced Touchscreen Panels, all versions, and Magelis XBT GTW Advanced Open Touchscreen Panels (Windows XPe). An attacker can open multiple connections to a targeted web server and keep connections open preventing new connections from being made, rendering the web server unavailable during an attack.

Action-Not Available
Vendor-n/aSchneider Electric SE
Product-magelis_xbt_gk_advanced_touchscreen_panel_with_keyboard_firmwaremagelis_gtu_universal_panelmagelis_xbt_gh_advanced_hand-held_panel_firmwaremagelis_xbt_gtw_advanced_open_touchscreen_panel_firmwaremagelis_gto_advanced_optimum_panelmagelis_xbt_gt_advanced_touchscreen_panelmagelis_xbt_gtw_advanced_open_touchscreen_panelmagelis_sto5_small_panelmagelis_stu_small_panelmagelis_xbt_gt_advanced_touchscreen_panel_firmwaremagelis_gtu_universal_panel_firmwaremagelis_stu_small_panel_firmwaremagelis_gto_advanced_optimum_panel_firmwaremagelis_xbt_gh_advanced_hand-held_panelmagelis_xbt_gk_advanced_touchscreen_panel_with_keyboardmagelis_sto5_small_panel_firmwareSchneider Electric Magelis HMI
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2021-22766
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-7.5||HIGH
EPSS-1.08% / 76.89%
||
7 Day CHG~0.00%
Published-11 Jun, 2021 | 15:40
Updated-03 Aug, 2024 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service via a specially crafted HTTP packet

Action-Not Available
Vendor-n/a
Product-powerlogic_egx300powerlogic_egx100powerlogic_egx100_firmwarepowerlogic_egx300_firmwarePowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions)
CWE ID-CWE-20
Improper Input Validation
CVE-2021-22713
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-7.5||HIGH
EPSS-0.92% / 75.04%
||
7 Day CHG~0.00%
Published-11 Mar, 2021 | 20:15
Updated-03 Aug, 2024 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-119:Improper restriction of operations within the bounds of a memory buffer vulnerability exists in PowerLogic ION8650, ION8800, ION7650, ION7700/73xx, and ION83xx/84xx/85xx/8600 (see security notifcation for affected versions), which could cause the meter to reboot.

Action-Not Available
Vendor-n/a
Product-powerlogic_ion8650powerlogic_ion7700_firmwarepowerlogic_ion8400_firmwarepowerlogic_ion7550powerlogic_ion8300_firmwarepowerlogic_ion7650_firmwarepowerlogic_ion8800powerlogic_ion7700powerlogic_ion8600ion7650_firmwarepowerlogic_ion8500_firmwarepowerlogic_ion8600_firmwarepowerlogic_ion8500powerlogic_ion8300powerlogic_ion7300_firmwarepowerlogic_ion8400powerlogic_ion7650powerlogic_ion7300powerlogic_ion8800_firmwarepowerlogic_ion7550_firmwarepowerlogic_ion8650_firmwarePowerLogic ION8650, ION8800, ION7650, ION7700/73xx, and ION83xx/84xx/85xx/8600 (see security notifcation for affected versions)
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-22800
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-7.5||HIGH
EPSS-0.44% / 62.45%
||
7 Day CHG~0.00%
Published-11 Feb, 2022 | 17:40
Updated-03 Aug, 2024 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-20: Improper Input Validation vulnerability exists that could cause a Denial of Service when a crafted packet is sent to the controller over network port 1105/TCP. Affected Product: Modicon M218 Logic Controller (V5.1.0.6 and prior)

Action-Not Available
Vendor-n/a
Product-modicon_m218modicon_m218_firmwareModicon M218 Logic Controller (V5.1.0.6 and prior)
CWE ID-CWE-20
Improper Input Validation
CVE-2021-22824
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-7.5||HIGH
EPSS-0.63% / 69.28%
||
7 Day CHG~0.00%
Published-11 Feb, 2022 | 17:40
Updated-03 Aug, 2024 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in denial of service, due to missing length check on user-supplied data from a constructed message received on the network. Affected Product: Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21320 and prior)

Action-Not Available
Vendor-n/a
Product-interactive_graphical_scada_system_data_collectorInteractive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21320 and prior)
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-22736
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-7.5||HIGH
EPSS-0.39% / 59.34%
||
7 Day CHG~0.00%
Published-26 May, 2021 | 19:19
Updated-03 Aug, 2024 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior which could cause a denial of service when an unauthorized file is uploaded.

Action-Not Available
Vendor-n/a
Product-homelynkspacelynk_firmwarehomelynk_firmwarespacelynkhomeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-22764
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-5.3||MEDIUM
EPSS-0.33% / 55.22%
||
7 Day CHG~0.00%
Published-11 Jun, 2021 | 15:40
Updated-24 Nov, 2024 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-287: Improper Authentication vulnerability exists in PowerLogic PM55xx, PowerLogic PM8ECC, PowerLogic EGX100 and PowerLogic EGX300 (see security notification for version infromation) that could cause loss of connectivity to the device via Modbus TCP protocol when an attacker sends a specially crafted HTTP request.

Action-Not Available
Vendor-n/a
Product-powerlogic_pm5561powerlogic_pm5560_firmwarepowerlogic_pm5562_firmwarepowerlogic_pm5561_firmwarepowerlogic_pm5563powerlogic_pm5563_firmwarepowerlogic_pm5562powerlogic_pm5560PowerLogic PM55xx, PowerLogic EGX100, and PowerLogic EGX300 (see security notification for version infromation)
CWE ID-CWE-287
Improper Authentication
CVE-2020-7539
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-7.5||HIGH
EPSS-0.32% / 54.23%
||
7 Day CHG~0.00%
Published-11 Dec, 2020 | 00:51
Updated-04 Aug, 2024 | 09:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-754 Improper Check for Unusual or Exceptional Conditions vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause a denial of service vulnerability when a specially crafted packet is sent to the controller over HTTP.

Action-Not Available
Vendor-n/a
Product-140noc78100140cpu65150140noc78000_firmwaretsxp575634_firmware140noc78000bmxnoe0110_firmwaretsxp574634modicon_m340_bmxp3420102clmodicon_m340_bmxp3420302_firmware140noc78100_firmwaremodicon_m340_bmxp342000modicon_m340_bmxp3420302cl_firmwaremodicon_m340_bmxp341000140noe77111_firmwaremodicon_m340_bmxp342020_firmware140noc77101_firmwaremodicon_m340_bmxp3420102_firmware140noc77101bmxnoe0110tsxety5103_firmwaremodicon_m340_bmxp3420102cl_firmwaretsxety5103tsxp574634_firmwarebmxnoc0401_firmware140noe77111modicon_m340_bmxp3420302clmodicon_m340_bmxp3420302modicon_m340_bmxp342020bmxnoe0100_firmwaretsxp576634modicon_m340_bmxp341000_firmwaretsxety4103_firmwarebmxnoc0401tsxp576634_firmwaremodicon_m340_bmxp342000_firmwarebmxnoe0100140cpu65150_firmwaremodicon_m340_bmxp3420102tsxety4103tsxp575634Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions)
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2019-12258
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-15.02% / 94.30%
||
7 Day CHG~0.00%
Published-09 Aug, 2019 | 20:00
Updated-04 Aug, 2024 | 23:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Wind River VxWorks 6.6 through vx7 has Session Fixation in the TCP component. This is a IPNET security vulnerability: DoS of TCP connection via malformed TCP options.

Action-Not Available
Vendor-beldenwindrivern/aNetApp, Inc.Siemens AGSonicWall Inc.
Product-power_meter_9810_firmwarehirschmann_rsp20ruggedcom_win7025_firmwarehirschmann_ees25sonicoshirschmann_grs1030hirschmann_grs1142ruggedcom_win7018_firmwarehirschmann_rspe32hirschmann_grs1130garrettcom_magnum_dx940ehirschmann_rspe35hirschmann_eesx20hirschmann_rspe37ruggedcom_win7018power_meter_9410_firmwarehirschmann_grs1042siprotec_5_firmwareruggedcom_win7000ruggedcom_win7200hirschmann_rsp35garrettcom_magnum_dx940e_firmwaree-series_santricity_os_controllervxworkshirschmann_msp40hirschmann_octopus_os3hirschmann_rsp30hirschmann_dragon_mach4000hirschmann_dragon_mach4500hirschmann_msp32hirschmann_rsp25hirschmann_rail_switch_power_smarthirschmann_eesx30hirschmann_grs1020hirschmann_rail_switch_power_litehirschmann_eagle20hirschmann_eagle30hirschmann_hiosruggedcom_win7025hirschmann_rspe30hirschmann_eagle_oneruggedcom_win7200_firmwaresiprotec_5hirschmann_ees20hirschmann_red25power_meter_9410power_meter_9810ruggedcom_win7000_firmwarehirschmann_msp30hirschmann_grs1120n/a
CWE ID-CWE-384
Session Fixation
CVE-2019-12259
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-30.05% / 96.49%
||
7 Day CHG~0.00%
Published-09 Aug, 2019 | 18:05
Updated-04 Aug, 2024 | 23:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Wind River VxWorks 6.6, 6.7, 6.8, 6.9 and vx7 has an array index error in the IGMPv3 client component. There is an IPNET security vulnerability: DoS via NULL dereference in IGMP parsing.

Action-Not Available
Vendor-beldenwindrivern/aSiemens AGSonicWall Inc.
Product-hirschmann_rsp20ruggedcom_win7025_firmwarehirschmann_ees25sonicoshirschmann_grs1030hirschmann_grs1142ruggedcom_win7018_firmwarehirschmann_rspe32hirschmann_grs1130garrettcom_magnum_dx940ehirschmann_rspe35hirschmann_eesx20hirschmann_rspe37ruggedcom_win7018hirschmann_grs10429410_power_meter_firmwareruggedcom_win7000siprotec_5_firmwareruggedcom_win7200hirschmann_rsp35garrettcom_magnum_dx940e_firmwarevxworkshirschmann_msp40hirschmann_octopus_os39810_power_meterhirschmann_rsp309410_power_meter9810_power_meter_firmwarehirschmann_dragon_mach4000hirschmann_dragon_mach4500hirschmann_msp32hirschmann_rsp25hirschmann_rail_switch_power_smarthirschmann_eesx30hirschmann_grs1020hirschmann_rail_switch_power_litehirschmann_eagle20hirschmann_eagle30hirschmann_hiosruggedcom_win7025hirschmann_rspe30hirschmann_eagle_oneruggedcom_win7200_firmwaresiprotec_5hirschmann_ees20hirschmann_red25ruggedcom_win7000_firmwarehirschmann_msp30hirschmann_grs1120n/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-7524
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-7.5||HIGH
EPSS-0.54% / 66.48%
||
7 Day CHG~0.00%
Published-31 Aug, 2020 | 16:12
Updated-04 Aug, 2024 | 09:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds Write vulnerability exists in Modicon M218 Logic Controller (V5.0.0.7 and prior) which could cause Denial of Service when sending specific crafted IPV4 packet to the controller: Sending a specific IPv4 protocol package to Schneider Electric Modicon M218 Logic Controller can cause IPv4 devices to go down. The device does not work properly and must be powered back on to return to normal.

Action-Not Available
Vendor-n/a
Product-modicon_m218modicon_m218_firmwareModicon M218 Logic Controller V5.0.0.7 and prior
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-10953
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-0.72% / 71.52%
||
7 Day CHG~0.00%
Published-17 Apr, 2019 | 14:02
Updated-04 Aug, 2024 | 22:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - Programmable Logic Controllers, multiple versions. Researchers have found some controllers are susceptible to a denial-of-service attack due to a flood of network packets.

Action-Not Available
Vendor-wagon/aABBPhoenix Contact GmbH & Co. KGSiemens AG
Product-ethernet_firmwarebacnet\/ip6es7211-1ae40-0xb0modicon_m221_firmwareknx_ip_firmwareknx_ipethernet6es7314-6eh04-0ab0modicon_m221pm554-tp-eth_firmware6es7314-6eh04-0ab0_firmware6ed1052-1cc01-0ba8pm554-tp-eth6es7211-1ae40-0xb0_firmwarepfc100_firmwarepfc100ilc_151_eth_firmwarebacnet\/ip_firmware6ed1052-1cc01-0ba8_firmwareilc_151_ethABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - Programmable Logic Controllers
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2018-2603
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.3||MEDIUM
EPSS-0.07% / 21.78%
||
7 Day CHG~0.00%
Published-18 Jan, 2018 | 02:00
Updated-03 Oct, 2024 | 20:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

Action-Not Available
Vendor-Canonical Ltd.Debian GNU/LinuxHP Inc.Oracle CorporationRed Hat, Inc.
Product-enterprise_linux_serverubuntu_linuxxp7_command_viewenterprise_linux_server_eusenterprise_linux_server_aussatellitejdkstruxureware_data_center_expertjrockitxp_command_viewdebian_linuxxp_p9000_command_viewjreenterprise_linux_workstationenterprise_linux_server_tusenterprise_linux_desktopJava
CVE-2022-37301
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-7.5||HIGH
EPSS-0.30% / 53.19%
||
7 Day CHG~0.00%
Published-22 Nov, 2022 | 00:00
Updated-28 Apr, 2025 | 14:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-191: Integer Underflow (Wrap or Wraparound) vulnerability exists that could cause a denial of service of the controller due to memory access violations when using the Modbus TCP protocol. Affected products: Modicon M340 CPU (part numbers BMXP34*)(V3.40 and prior), Modicon M580 CPU (part numbers BMEP* and BMEH*)(V3.22 and prior), Legacy Modicon Quantum/Premium(All Versions), Modicon Momentum MDI (171CBU*)(All Versions), Modicon MC80 (BMKC80)(V1.7 and prior)

Action-Not Available
Vendor-Schneider Electric SE
Product-modicon_premium_tsxp57_454mmodicon_premium_tsxp57_2834m_firmwaremodicon_premium_tsxp57_6634m_firmwaremodicon_m580_bmep583040_firmwaremodicon_m580_bmeh582040smodicon_quantum_140cpu65160_firmwaremodicon_m580_bmeh584040smodicon_m580_bmep582020h_firmwaremodicon_m580_bmep584040s_firmwaremodicon_m580_bmep584040modicon_mc80_bmkc8020310_firmwaremodicon_m580_bmep585040_firmwaremodicon_m580_bmep582040h_firmwaremodicon_m340_bmx_p34-2030modicon_premium_tsxp57_454m_firmwaremodicon_quantum_140cpu65150modicon_m580_bmep584040_firmwaremodicon_momentum_171cbu78090_firmwaremodicon_m580_bmep584040smodicon_m580_bmeh582040cmodicon_m580_bmep583040modicon_m580_bmep582040modicon_m580_bmep585040modicon_premium_tsxp57_4634mmodicon_m580_bmep584020_firmwaremodicon_m580_bmeh584040modicon_m580_bmep585040c_firmwaremodicon_premium_tsxp57_2634m_firmwaremodicon_m580_bmeh584040_firmwaremodicon_momentum_171cbu78090modicon_premium_tsxp57_5634mmodicon_m580_bmep581020h_firmwaremodicon_m580_bmep584020modicon_mc80_bmkc8020301modicon_quantum_140noc78100modicon_m580_bmeh584040s_firmwaremodicon_m580_bmep582040smodicon_premium_tsxp57_1634m_firmwaremodicon_momentum_171cbu98090_firmwaremodicon_quantum_140noc78100_firmwaremodicon_m580_bmeh586040cmodicon_m580_bmep582020_firmwaremodicon_momentum_171cbu98091modicon_m580_bmep581020hmodicon_m580_bmeh586040_firmwaremodicon_m340_bmx_p34-2010modicon_m580_bmeh584040cmodicon_m580_bmeh586040c_firmwaremodicon_m580_bmep586040_firmwaremodicon_m580_bmeh582040_firmwaremodicon_quantum_140cpu65150c_firmwaremodicon_m340_bmx_p34-2010_firmwaremodicon_m580_bmep582040_firmwaremodicon_quantum_140noe77101_firmwaremodicon_m580_bmeh582040modicon_quantum_140cpu65160c_firmwaremodicon_mc80_bmkc8030311modicon_quantum_140cpu65160modicon_momentum_171cbu98090modicon_quantum_140noe77111_firmwaremodicon_premium_tsxp57_1634mmodicon_m580_bmeh582040c_firmwaremodicon_m580_bmep583020modicon_m580_bmeh586040s_firmwaremodicon_m580_bmeh586040smodicon_m580_bmep586040modicon_premium_tsxp57_2634mmodicon_m580_bmeh586040modicon_mc80_bmkc8020310modicon_m580_bmep583020_firmwaremodicon_premium_tsxp57_5634m_firmwaremodicon_premium_tsxp57_554m_firmwaremodicon_m580_bmep582020modicon_quantum_140cpu65160cmodicon_m580_bmeh584040c_firmwaremodicon_quantum_140cpu65150_firmwaremodicon_momentum_171cbu98091_firmwaremodicon_quantum_140cpu65150cmodicon_m580_bmep585040cmodicon_mc80_bmkc8030311_firmwaremodicon_quantum_140noe77101modicon_m580_bmep582040hmodicon_premium_tsxp57_554mmodicon_m580_bmep582040s_firmwaremodicon_premium_tsxp57_2834mmodicon_m580_bmep581020_firmwaremodicon_mc80_bmkc8020301_firmwaremodicon_m580_bmep581020modicon_m580_bmep586040cmodicon_premium_tsxp57_4634m_firmwaremodicon_quantum_140noe77111modicon_m580_bmep582020hmodicon_m340_bmx_p34-2030_firmwaremodicon_m580_bmep586040c_firmwaremodicon_m580_bmeh582040s_firmwaremodicon_premium_tsxp57_6634mModicon M580 CPU (part numbers BMEP* and BMEH*) Modicon M340 CPU (part numbers BMXP34*)Modicon MC80 (BMKC80)Legacy Modicon Quantum/PremiumModicon Momentum MDI (171CBU*)
CWE ID-CWE-191
Integer Underflow (Wrap or Wraparound)
CVE-2021-22787
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-7.5||HIGH
EPSS-0.43% / 61.86%
||
7 Day CHG~0.00%
Published-11 Feb, 2022 | 17:40
Updated-03 Aug, 2024 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-20: Improper Input Validation vulnerability exists that could cause denial of service of the device when an attacker sends a specially crafted HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (All Versions), Modicon Premium Processors with integrated Ethernet (Copro): TSXP574634, TSXP575634, TSXP576634 (All Versions), Modicon Quantum Processors with Integrated Ethernet (Copro): 140CPU65xxxxx (All Versions), Modicon Quantum Communication Modules: 140NOE771x1, 140NOC78x00, 140NOC77101 (All Versions), Modicon Premium Communication Modules: TSXETY4103, TSXETY5103 (All Versions)

Action-Not Available
Vendor-n/a
Product-tsxp575634140noc78x00_firmware140noe771x1tsxety5103140cpu65150tsxp574634_firmwarebmxnoc0401_firmwaretsxp575634_firmwarebmxnoe0110_firmware140noe771x1_firmwaretsxp574634tsxp576634modicon_m340_bmxp342020bmxnoe0100_firmwaretsxety4103_firmwarebmxnoc0401tsxp576634_firmwarebmxnor0200h_rtumodicon_m340_bmxp342020_firmware140noc77101_firmwarebmxnoe0100140cpu65150_firmwarebmxnor0200h_rtu_firmwaretsxety4103140noc77101bmxnoe0110140noc78x00tsxety5103_firmwareModicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (All Versions), Modicon Premium Processors with integrated Ethernet (Copro): TSXP574634, TSXP575634, TSXP576634 (All Versions), Modicon Quantum Processors with Integrated Ethernet (Copro): 140CPU65xxxxx (All Versions), Modicon Quantum Communication Modules: 140NOE771x1, 140NOC78x00, 140NOC77101 (All Versions), Modicon Premium Communication Modules: TSXETY4103, TSXETY5103 (All Versions)
CWE ID-CWE-20
Improper Input Validation
CVE-2020-7543
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-7.5||HIGH
EPSS-0.39% / 59.16%
||
7 Day CHG~0.00%
Published-11 Dec, 2020 | 00:52
Updated-04 Aug, 2024 | 09:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see security notifications for affected versions), that could cause denial of service when a specially crafted Read Physical Memory request over Modbus is sent to the controller.

Action-Not Available
Vendor-n/a
Product-modicon_m580_bmep582040_firmwaremodicon_m580_bmep583040_firmwaremodicon_m340_bmxp3420102clmodicon_m340_bmxp3420302_firmwaremodicon_m580_bmep583020modicon_m580_bmep586040modicon_m580_bmep584040modicon_m340_bmxp342000modicon_m580_bmep582020modicon_m580_bmep583020_firmwaremodicon_m340_bmxp3420302cl_firmwaremodicon_m340_bmxp341000modicon_m340_bmxp342020_firmwaremodicon_m340_bmxp3420102_firmwaremodicon_m580_bmep585040_firmwaremodicon_m340_bmxp3420102cl_firmwaremodicon_m580_bmep584040_firmwaremodicon_m580_bmep583040modicon_m580_bmep582040modicon_m580_bmep585040modicon_m580_bmep584020_firmwaremodicon_m340_bmxp3420302clmodicon_m340_bmxp3420302modicon_m580_bmep584020modicon_m340_bmxp342020modicon_m340_bmxp341000_firmwaremodicon_m580_bmep581020_firmwaremodicon_m580_bmep581020modicon_m580_bmep582020_firmwaremodicon_m340_bmxp342000_firmwaremodicon_m340_bmxp3420102modicon_m580_bmep586040_firmwareModicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see security notifications for affected versions)
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2020-7486
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-7.5||HIGH
EPSS-0.30% / 52.81%
||
7 Day CHG~0.00%
Published-15 Apr, 2020 | 21:03
Updated-04 Aug, 2024 | 09:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

**VERSION NOT SUPPORTED WHEN ASSIGNED** A vulnerability could cause TCM modules to reset when under high network load in TCM v10.4.x and in system v10.3.x. This vulnerability was discovered and remediated in version v10.5.x on August 13, 2009. TCMs from v10.5.x and on will no longer exhibit this behavior.

Action-Not Available
Vendor-n/a
Product-tricon_tcm_4352tricon_tcm_4352atricon_tcm_4351btricon_tcm_4351a_firmwaretricon_tcm_4351_firmwaretricon_tcm_4352btricon_tcm_4352b_firmwaretricon_tcm_4352_firmwaretricon_tcm_4351b_firmwaretricon_tcm_4351atricon_tcm_4352a_firmwaretricon_tcm_4351Tricon TCM Model 4351, 4352, 4351A/B, 4352A/B (v10.3.x, v10.4.x)
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2019-6813
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-7.5||HIGH
EPSS-0.51% / 65.36%
||
7 Day CHG~0.00%
Published-17 Sep, 2019 | 19:56
Updated-04 Aug, 2024 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in BMXNOR0200H Ethernet / Serial RTU module (all firmware versions) and Modicon M340 controller (all firmware versions), which could cause denial of service when truncated SNMP packets on port 161/UDP are received by the device.

Action-Not Available
Vendor-
Product-bmxnor0200h_firmwarebmxnor0200hmodicon_m340modicon_m340_firmwareBMXNOR0200H Ethernet / Serial RTU moduleModicon M340 controller
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2019-6811
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-7.5||HIGH
EPSS-0.39% / 59.16%
||
7 Day CHG~0.00%
Published-17 Sep, 2019 | 19:55
Updated-04 Aug, 2024 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Improper Check for Unusual or Exceptional Conditions (CWE-754) vulnerability exists in Modicon Quantum 140 NOE771x1 version 6.9 and earlier, which could cause denial of service when the module receives an IP fragmented packet with a length greater than 65535 bytes. The module then requires a power cycle to recover.

Action-Not Available
Vendor-
Product-modicon_quantum_140noe77101modicon_quantum_140noe77111_firmwaremodicon_quantum_140noe77111modicon_quantum_140noe77101_firmwareModicon Quantum 140 NOE771x1
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2019-6807
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-7.5||HIGH
EPSS-0.14% / 34.81%
||
7 Day CHG~0.00%
Published-22 May, 2019 | 20:05
Updated-04 Aug, 2024 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a possible denial of service when writing sensitive application variables to the controller over Modbus.

Action-Not Available
Vendor-n/a
Product-modicon_quantummodicon_quantum_firmwaremodicon_m580_firmwaremodicon_premium_firmwaremodicon_premiummodicon_m340modicon_m340_firmwaremodicon_m580Modicon M580 Modicon M340 Modicon Quantum Modicon Premium
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CVE-2019-6829
Matching Score-8
Assigner-Schneider Electric
ShareView Details
Matching Score-8
Assigner-Schneider Electric
CVSS Score-7.5||HIGH
EPSS-0.37% / 57.86%
||
7 Day CHG~0.00%
Published-17 Sep, 2019 | 19:44
Updated-04 Aug, 2024 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-248: Uncaught Exception vulnerability exists in Modicon M580 (firmware version prior to V2.90) and Modicon M340 (firmware version prior to V3.10), which could cause a possible denial of service when writing to specific memory addresses in the controller over Modbus.

Action-Not Available
Vendor-
Product-modicon_m580_firmwaremodicon_m340modicon_m340_firmwaremodicon_m580Modicon M580Modicon M340
CWE ID-CWE-248
Uncaught Exception
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
  • Previous
  • 1
  • 2
  • Next
Details not found