CVSS: 7.5EPSS: 0%CPEs: 60EXPL: 0CVE-2019-6857
https://notcve.org/view.php?id=CVE-2019-6857
06 Jan 2020 — A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service of the controller when reading specific memory blocks using Modbus TCP. CWE-754: Hay una vulnerabilidad de Comprobación Inapropiada de Condiciones Inusuales o Excepcionales en Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (véase la notificación de seguridad pa... • https://www.se.com/ww/en/download/document/SEVD-2019-344-01 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 7.5EPSS: 0%CPEs: 60EXPL: 0CVE-2019-6856
https://notcve.org/view.php?id=CVE-2019-6856
06 Jan 2020 — A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service when writing specific physical memory blocks using Modbus TCP. CWE-754: existe una vulnerabilidad de Comprobación Inapropiada de Condiciones Inusuales o Excepcionales en Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (véase la notificación de seguridad para ver... • https://www.se.com/ww/en/download/document/SEVD-2019-344-01 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 7.5EPSS: 0%CPEs: 47EXPL: 0CVE-2019-6855
https://notcve.org/view.php?id=CVE-2019-6855
06 Jan 2020 — Incorrect Authorization vulnerability exists in EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions), Modicon M340 (all versions prior to V3.20) , and Modicon M580 (all versions prior to V3.10), which could cause a bypass of the authentication process between EcoStruxure Control Expert and the M340 and M580 controllers. Existe una vulnerabilidad de Autorización Incorrecta en EcoStruxure Control Expert (todas las versiones anteriores a la 14.1 Hot Fix), Unity Pro (todas l... • https://www.se.com/ww/en/download/document/SEVD-2019-344-02 • CWE-863: Incorrect Authorization •
CVSS: 7.5EPSS: 0%CPEs: 74EXPL: 0CVE-2019-6851
https://notcve.org/view.php?id=CVE-2019-6851
29 Oct 2019 — A CWE-538: File and Directory Information Exposure vulnerability exists in Modicon M580, Modicon M340, Modicon Premium , Modicon Quantum (all firmware versions), which could cause the disclosure of information from the controller when using TFTP protocol. CWE-538: Hay una vulnerabilidad de Exposición de Información de Archivos y Directorios en Modicon M580, Modicon M340, Modicon Premium, Modicon Quantum (todas las versiones de firmware), lo que podría causar una divulgación de información del controlador cu... • https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-01 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-538: Insertion of Sensitive Information into Externally-Accessible File or Directory •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2019-6850
https://notcve.org/view.php?id=CVE-2019-6850
29 Oct 2019 — A CWE-200: Information Exposure vulnerability exists in Modicon M580, Modicon BMENOC 0311, and Modicon BMENOC 0321, which could cause the disclosure of sensitive information when reading specific registers with the REST API of the controller/communication module. Una CWE-200: Existe una vulnerabilidad de Exposición de Información en Modicon M580, Modicon BMENOC 0311 y Modicon BMENOC 0321, lo que podría causar la divulgación de información confidencial cuando se leen registros específicos con la API REST del... • https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-04 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2019-6849
https://notcve.org/view.php?id=CVE-2019-6849
29 Oct 2019 — A CWE-200: Information Exposure vulnerability exists in Modicon M580, Modicon BMENOC 0311, and Modicon BMENOC 0321, which could cause the disclosure of sensitive information when using specific Modbus services provided by the REST API of the controller/communication module. Una CWE-200: Existe una vulnerabilidad de Exposición de Información en Modicon M580, Modicon BMENOC 0311 y Modicon BMENOC 0321, lo que podría causar la divulgación de información confidencial cuando son usados servicios Modbus específico... • https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-04 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.6EPSS: 0%CPEs: 6EXPL: 0CVE-2019-6848
https://notcve.org/view.php?id=CVE-2019-6848
29 Oct 2019 — A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580 CPU (BMEx58*) and Modicon M580 communication module (BMENOC0311, BMENOC0321) (see notification for version info), which could cause a Denial of Service attack on the PLC when sending specific data on the REST API of the controller/communication module. Existe una vulnerabilidad CWE-755: Manejo inadecuado de condiciones excepcionales en la CPU Modicon M580 (BMEx58*) y en el módulo de comunicación Modicon M580 (BMENOC0... • https://www.se.com/ww/en/download/document/SEVD-2019-281-04 • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 4.9EPSS: 0%CPEs: 8EXPL: 0CVE-2019-6847
https://notcve.org/view.php?id=CVE-2019-6847
29 Oct 2019 — A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause a Denial of Service attack on the FTP service when upgrading the firmware with a version incompatible with the application in the controller using FTP protocol. Existe una vulnerabilidad CWE-755: Manejo inadecuado de condiciones excepcionales en los módulos Modicon M580, Modicon M340, Modicon BMxCRA y 140CRA (todas las version... • https://www.se.com/ww/en/download/document/SEVD-2019-281-02 • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2019-6846
https://notcve.org/view.php?id=CVE-2019-6846
29 Oct 2019 — A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause information disclosure when using the FTP protocol. Una CWE-319: Existe una vulnerabilidad de Transmisión de Texto Sin Cifrar de Información Confidencial en Modicon M580, Modicon M340, Modicon BMxCRA y los módulos 140CRA (todas las versiones de firmware), que podrían causar una divulgación de información cuando se utiliza ... • https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-02 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 7.5EPSS: 0%CPEs: 74EXPL: 0CVE-2019-6845
https://notcve.org/view.php?id=CVE-2019-6845
29 Oct 2019 — A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists in Modicon M580, Modicon M340, Modicon Premium , Modicon Quantum (all firmware versions), which could cause the disclosure of information when transferring applications to the controller using Modbus TCP protocol. Una CWE-319: existe una vulnerabilidad de Transmisión de Texto Sin Cifrar de Información Confidencial en Modicon M580, Modicon M340, Modicon Premium, Modicon Quantum (todas las versiones de firmware), lo que podría cau... • https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-03 • CWE-319: Cleartext Transmission of Sensitive Information •