CVSS: 7.5EPSS: 0%CPEs: 120EXPL: 0CVE-2018-7762
https://notcve.org/view.php?id=CVE-2018-7762
A vulnerability exists in the web services to process SOAP requests in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200 which could allow result in a buffer overflow. Existe una vulnerabilidad en los servicios web que procesan peticiones SOAP en Modicon M340, Modicon Premium, Modicon Quantum PLC y BMXNOR0200, de Schneider Electric, que podría conducir a un desbordamiento de búfer. • https://www.schneider-electric.com/en/download/document/SEVD-2018-081-02 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 120EXPL: 0CVE-2018-7760
https://notcve.org/view.php?id=CVE-2018-7760
An authorization bypass vulnerability exists in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200. Requests to CGI functions allow malicious users to bypass authorization. Existe una vulnerabilidad de omisión de autenticación en Modicon M340, Modicon Premium, Modicon Quantum PLC y BMXNOR0200, de Schneider Electric. Las peticiones a funciones CGI permiten que usuarios maliciosos omitan la autorización. • https://www.schneider-electric.com/en/download/document/SEVD-2018-081-02 • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 0%CPEs: 120EXPL: 0CVE-2018-7242
https://notcve.org/view.php?id=CVE-2018-7242
Vulnerable hash algorithms exists in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules. The algorithm used to encrypt the password is vulnerable to hash collision attacks. Existen algoritmos de hash vulnerables en los controladores Modicon Premium, Modicon Quantum, Modicon M340 y BMXNOR0200, de Schneider Electric, en todas las versiones de los módulos de comunicación. El algoritmo empleado para cifrar la contraseña es vulnerable a ataques de colisión de hash. • http://www.securityfocus.com/bid/103543 https://ics-cert.us-cert.gov/advisories/ICSA-18-086-01 https://www.schneider-electric.com/en/download/document/SEVD-2018-081-01 • CWE-326: Inadequate Encryption Strength •
CVSS: 7.8EPSS: 0%CPEs: 30EXPL: 0CVE-2017-6017
https://notcve.org/view.php?id=CVE-2017-6017
A Resource Exhaustion issue was discovered in Schneider Electric Modicon M340 PLC BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP341000, BMXP342000, BMXP3420102, BMXP3420102CL, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, and BMXP342030H. A remote attacker could send a specially crafted set of packets to the PLC causing it to freeze, requiring the operator to physically press the reset button on the PLC in order to recover. Se ha descubierto un problema de agotamiento de recursos en Schneider Electric Modicon M340 PLC BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP341000, BMXP342000, BMXP3420102, BMXP3420102CL, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H y BMXP342030H. Un atacante remoto podría enviar un conjunto de paquetes manipulados al PLC para congelarlo, lo que requeriría que el operador presionase físicamente el botón reset en el PLC para recuperarlo. • http://www.securityfocus.com/bid/96414 https://ics-cert.us-cert.gov/advisories/ICSA-17-054-03 https://www.schneider-electric.com/en/download/document/SEVD-2017-048-02 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 10.0EPSS: 7%CPEs: 13EXPL: 0CVE-2015-7937
https://notcve.org/view.php?id=CVE-2015-7937
Stack-based buffer overflow in the GoAhead Web Server on Schneider Electric Modicon M340 PLC BMXNOx and BMXPx devices allows remote attackers to execute arbitrary code via a long password in HTTP Basic Authentication data. Desbordamiento de buffer basado en pila en GoAhead Web Server en dispositivos Schneider Electric Modicon M340 PLC BMXNOx y BMXPx permite a atacantes remotos ejecutar código arbitrario a través de una contraseña larga en los datos de HTTP Basic Authentication. • http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-344-01 http://www.securityfocus.com/bid/79622 https://ics-cert.us-cert.gov/advisories/ICSA-15-351-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •