CVSS: 7.5EPSS: 0%CPEs: 42EXPL: 0CVE-2020-7535
https://notcve.org/view.php?id=CVE-2020-7535
11 Dec 2020 — A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal' Vulnerability Type) vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause disclosure of information when sending a specially crafted request to the controller over HTTP. Una CWE-22: Se presenta una vulnerabilidad de Limitación Inapropiada de un Nombre de Ruta a un Di... • https://www.se.com/ww/en/download/document/SEVD-2020-343-05 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.1EPSS: 0%CPEs: 40EXPL: 0CVE-2020-7562
https://notcve.org/view.php?id=CVE-2020-7562
18 Nov 2020 — A CWE-125: Out-of-Bounds Read vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details) which could cause a segmentation fault or a buffer overflow when uploading a specially crafted file on the controller over FTP. CWE-125: Una vulnerabilidad Lectura Fuera de Límites se presenta en el Servidor Web en las ofertas Modicon M340, Modicon Quantum y Modicon Premium Legacy y sus Módulos de Comunicación (... • https://www.se.com/ww/en/download/document/SEVD-2020-315-01 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 1%CPEs: 40EXPL: 0CVE-2020-7564
https://notcve.org/view.php?id=CVE-2020-7564
18 Nov 2020 — A CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details) which could cause write access and the execution of commands when uploading a specially crafted file on the controller over FTP. CWE-120: Una vulnerabilidad de Copia de búfer sin Comprobar el Tamaño de la Entrada ("Classic Buffer Overflow") se presenta en el Se... • https://www.se.com/ww/en/download/document/SEVD-2020-315-01 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.8EPSS: 1%CPEs: 40EXPL: 0CVE-2020-7563
https://notcve.org/view.php?id=CVE-2020-7563
18 Nov 2020 — A CWE-787: Out-of-bounds Write vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details) which could cause corruption of data, a crash, or code execution when uploading a specially crafted file on the controller over FTP. CWE-787: Una vulnerabilidad de escritura fuera de límites se presenta en el Servidor Web de unas ofertas de Modicon M340, Modicon Quantum y Modicon Premium Legacy y sus Módulos de... • https://www.se.com/ww/en/download/document/SEVD-2020-315-01 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 58EXPL: 0CVE-2020-7477
https://notcve.org/view.php?id=CVE-2020-7477
23 Mar 2020 — A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Quantum Ethernet Network module 140NOE771x1 (Versions 7.0 and prior), Quantum processors with integrated Ethernet – 140CPU65xxxxx (all Versions), and Premium processors with integrated Ethernet (all Versions), which could cause a Denial of Service when sending a specially crafted command over Modbus. Una CWE-754: Se presenta una vulnerabilidad Comprobación Inapropiada de Condiciones Inusuales o Excepcionales en el módulo... • https://www.se.com/ww/en/download/document/SEVD-2020-070-02 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 7.5EPSS: 0%CPEs: 60EXPL: 0CVE-2018-7794
https://notcve.org/view.php?id=CVE-2018-7794
06 Jan 2020 — A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service when reading data with invalid index using Modbus TCP. CWE-754: Existe una vulnerabilidad de Comprobación Inapropiada de Condiciones Inusuales o Excepcionales en Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (véase la notificación de seguridad para versiones e... • https://www.se.com/ww/en/download/document/SEVD-2019-344-01 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 7.5EPSS: 0%CPEs: 60EXPL: 0CVE-2019-6857
https://notcve.org/view.php?id=CVE-2019-6857
06 Jan 2020 — A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service of the controller when reading specific memory blocks using Modbus TCP. CWE-754: Hay una vulnerabilidad de Comprobación Inapropiada de Condiciones Inusuales o Excepcionales en Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (véase la notificación de seguridad pa... • https://www.se.com/ww/en/download/document/SEVD-2019-344-01 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 7.5EPSS: 0%CPEs: 60EXPL: 0CVE-2019-6856
https://notcve.org/view.php?id=CVE-2019-6856
06 Jan 2020 — A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service when writing specific physical memory blocks using Modbus TCP. CWE-754: existe una vulnerabilidad de Comprobación Inapropiada de Condiciones Inusuales o Excepcionales en Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (véase la notificación de seguridad para ver... • https://www.se.com/ww/en/download/document/SEVD-2019-344-01 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 8.8EPSS: 0%CPEs: 28EXPL: 0CVE-2018-7240
https://notcve.org/view.php?id=CVE-2018-7240
18 Apr 2018 — A vulnerability exists in Schneider Electric's Modicon Quantum in all versions of the communication modules which could allow arbitrary code execution. An FTP command used to upgrade the firmware of the module can be misused to cause a denial of service, or in extreme cases, to load a malicious firmware. Existe una vulnerabilidad en Modicon Quantum, de Schneider Electric, en todas las versiones de los módulos de comunicación que podría permitir la ejecución de código arbitrario. Un comando FTP usado para ac... • http://www.securityfocus.com/bid/103541 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 120EXPL: 0CVE-2018-7241
https://notcve.org/view.php?id=CVE-2018-7241
18 Apr 2018 — Hard coded accounts exist in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules. Existen cuentas embebidas en los controladores Modicon Premium, Modicon Quantum, Modicon M340 y BMXNOR0200, de Schneider Electric, en todas las versiones de los módulos de comunicación. • http://www.securityfocus.com/bid/103542 • CWE-798: Use of Hard-coded Credentials •