CVSS: 6.5EPSS: 0%CPEs: 16EXPL: 0CVE-2023-25620
https://notcve.org/view.php?id=CVE-2023-25620
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause denial of service of the controller when a malicious project file is loaded onto the controller by an authenticated user. • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-101-05.pdf • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 8.8EPSS: 0%CPEs: 20EXPL: 0CVE-2020-7534
https://notcve.org/view.php?id=CVE-2020-7534
A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists on the web server used, that could cause a leak of sensitive data or unauthorized actions on the web server during the time the user is logged in. Affected Products: Modicon M340 CPUs: BMXP34 (All Versions), Modicon Quantum CPUs with integrated Ethernet (Copro): 140CPU65 (All Versions), Modicon Premium CPUs with integrated Ethernet (Copro): TSXP57 (All Versions), Modicon M340 ethernet modules: (BMXNOC0401, BMXNOE01, BMXNOR0200H) (All Versions), Modicon Quantum and Premium factory cast communication modules: (140NOE77111, 140NOC78*00, TSXETY5103, TSXETY4103) (All Versions) Una CWE-352: Una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) se presenta en el servidor web usado, que podría causar un filtrado de datos confidenciales o acciones no autorizadas en el servidor web durante el tiempo en que el usuario está conectado. Productos afectados: CPUs Modicon M340: BMXP34 (Todas las versiones), CPUs Modicon Quantum con Ethernet integrada (Copro): 140CPU65 (Todas las versiones), CPUs Modicon Premium con Ethernet integrada (Copro): TSXP57 (Todas las versiones), Módulos ethernet Modicon M340: (BMXNOC0401, BMXNOE01, BMXNOR0200H) (Todas las versiones), Módulos de comunicación de fábrica Modicon Quantum y Premium: (140NOE77111, 140NOC78*00, TSXETY5103, TSXETY4103) (Todas las versiones) • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-011-01 • CWE-352: Cross-Site Request Forgery (CSRF) •