CVSS: 8.6EPSS: 0%CPEs: 2EXPL: 0CVE-2019-6831
https://notcve.org/view.php?id=CVE-2019-6831
17 Sep 2019 — A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in BMXNOR0200H Ethernet / Serial RTU module (all firmware versions), which could cause disconnection of active connections when an unusually high number of IEC 60870- 5-104 packets are received by the module on port 2404/TCP. Una CWE-754: Se presenta una vulnerabilidad de Comprobación Inapropiada de Condiciones Inusuales o Excepcionales en el módulo BMXNOR0200H Ethernet/Serial RTU (todas las versiones de firmware), lo que p... • https://security.cse.iitk.ac.in/responsible-disclosure • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 5.4EPSS: 0%CPEs: 22EXPL: 0CVE-2015-6462
https://notcve.org/view.php?id=CVE-2015-6462
21 Mar 2019 — Reflected Cross-Site Scripting (nonpersistent) allows an attacker to craft a specific URL, which contains Java script that will be executed on the Schneider Electric Modicon BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, or BMXP342030H PLC client browser. Cross-Site Scripting (XSS) reflejado (no persistente) permite que un atacante manipule una URL específica, que contiene JavaScript que se ejecutará en el navegador del cliente P... • https://ics-cert.us-cert.gov/advisories/ICSA-15-246-02 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 22EXPL: 0CVE-2015-6461
https://notcve.org/view.php?id=CVE-2015-6461
21 Mar 2019 — Remote file inclusion allows an attacker to craft a specific URL referencing the Schneider Electric Modicon BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, or BMXP342030H PLC web server, which, when launched, will result in the browser redirecting to a remote file via a Java script loaded with the web page. La inclusión de archivos remotos permite que un atacante manipule una URL específica que referencia al servidor web PLC de Mo... • https://ics-cert.us-cert.gov/advisories/ICSA-15-246-02 • CWE-20: Improper Input Validation CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 0CVE-2018-7804
https://notcve.org/view.php?id=CVE-2018-7804
17 Dec 2018 — A URL Redirection to Untrusted Site vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where a user clicking on a specially crafted link can be redirected to a URL of the attacker's choosing. Existe una vulnerabilidad de redirección de URL a sitio no fiable en los servidores web embebidos en todos los Modicon M340, Premium, Quantum PLCs y BMXNOR0200, donde un usuario que hace clic en un enlace especialmente manipulado puede ser redirigido a una URL esc... • https://www.schneider-electric.com/en/download/document/SEVD-2018-327-01 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2018-7812
https://notcve.org/view.php?id=CVE-2018-7812
17 Dec 2018 — An Information Exposure through Discrepancy vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where the web server sends different responses in a way that exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not. Existe una vulnerabilidad de divulgación de información mediante discrepancia en los servidores web embebidos en todos los Modicon M340, Premium, Quantum PLCs y BMXNOR0... • https://github.com/SadFud/Exploits/tree/master/Real%20World/SCADA%20-%20IOT%20Systems/CVE-2018-7812 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2018-7833
https://notcve.org/view.php?id=CVE-2018-7833
17 Dec 2018 — An Improper Check for Unusual or Exceptional Conditions vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where an unauthenticated user can send a specially crafted XML data via a POST request to cause the web server to become unavailable Existe una vulnerabilidad de comprobación incorrecta de condiciones inusuales o excepcionales en los servidores web embebidos en todos los Modicon M340, Premium, Quantum PLCs y BMXNOR0200, donde un usuario no autenti... • https://www.schneider-electric.com/en/download/document/SEVD-2018-327-01 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 9.8EPSS: 2%CPEs: 8EXPL: 1CVE-2018-7809
https://notcve.org/view.php?id=CVE-2018-7809
30 Nov 2018 — An Unverified Password Change vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 which could allow an unauthenticated remote user to access the password delete function of the web server. Existe una vulnerabilidad de cambio de contraseña sin verificar en los servidores web embebidos en todos los productos Modicon M340, Premium, Quantum PLCs y BMXNOR0200, lo que podría permitir que un usuario remoto no autenticado acceda a la función de borrado de contr... • https://www.schneider-electric.com/en/download/document/SEVD-2018-327-01 • CWE-640: Weak Password Recovery Mechanism for Forgotten Password •
CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 1CVE-2018-7810
https://notcve.org/view.php?id=CVE-2018-7810
30 Nov 2018 — An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 allowing an attacker to craft a URL containing JavaScript that will be executed within the user's browser, potentially impacting the machine the browser is running on. Existe una vulnerabilidad de neutralización indebida de entradas durante la generación de páginas web ("Cross-Site Scripting") en los servidores web ... • https://www.schneider-electric.com/en/download/document/SEVD-2018-327-01 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 1%CPEs: 8EXPL: 1CVE-2018-7811
https://notcve.org/view.php?id=CVE-2018-7811
30 Nov 2018 — An Unverified Password Change vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 which could allow an unauthenticated remote user to access the change password function of the web server Existe un cambio de contraseña sin verificar en los servidores web embebidos en todos los productos Modicon M340, Premium, Quantum PLCs y BMXNOR0200, lo que podría permitir que un usuario remoto no autenticado acceda a la función de cambio de contraseñas del servidor w... • https://security.cse.iitk.ac.in/responsible-disclosure • CWE-640: Weak Password Recovery Mechanism for Forgotten Password •
CVSS: 7.5EPSS: 2%CPEs: 8EXPL: 1CVE-2018-7830
https://notcve.org/view.php?id=CVE-2018-7830
30 Nov 2018 — Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where a denial of service can occur for ~1 minute by sending a specially crafted HTTP request. Existe una vulnerabilidad de neutralización incorrecta de secuencias CRLF en cabeceras HTTP ("separación de respuesta HTTP") en los servidores web embebidos en todos los productos Modicon M340, Premium, Quantum PLCs y BMXNOR... • https://www.schneider-electric.com/en/download/document/SEVD-2018-327-01 • CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') •