CVSS: 9.8EPSS: 1%CPEs: 8EXPL: 1CVE-2018-7847
https://notcve.org/view.php?id=CVE-2018-7847
22 May 2019 — A CWE-284: Improper Access Control vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service or potential code execution by overwriting configuration settings of the controller over Modbus. CWE-284: Existe una vulnerabilidad de Control de Acceso inapropiado en todas las versiones de Modicon M580, Modicon M340, Modicon Quantum y Modicon Premium, que podría generar la Denegación de Servicio o la potencial ejecución de códig... • https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11 • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 6%CPEs: 8EXPL: 2CVE-2018-7842
https://notcve.org/view.php?id=CVE-2018-7842
22 May 2019 — A CWE-290: Authentication Bypass by Spoofing vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause an elevation of privilege by conducting a brute force attack on Modbus parameters sent to the controller. CWE-290: Existe una vulnerabilidad de Omisión de Autenticación por suplantación de identidad en todas las versiones de Modicon M580, Modicon M340, Modicon Quantum y Modicon Premium, que podría generar una elevación de privilegios al r... • https://github.com/yanissec/CVE-2018-7842 • CWE-290: Authentication Bypass by Spoofing •
CVSS: 7.5EPSS: 13%CPEs: 8EXPL: 2CVE-2018-7848
https://notcve.org/view.php?id=CVE-2018-7848
22 May 2019 — A CWE-200: Information Exposure vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause the disclosure of SNMP information when reading files from the controller over Modbus CWE-200: Existe una vulnerabilidad de Exposición de Información en todas las versiones de Modicon M580, Modicon M340, Modicon Quantum y Modicon Premium, que podría generar la divulgación de información SNMP cuando se leen archivos desde el controlador sobre protocolo... • https://github.com/yanissec/CVE-2018-7848 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 14%CPEs: 8EXPL: 2CVE-2018-7843
https://notcve.org/view.php?id=CVE-2018-7843
22 May 2019 — A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service when reading memory blocks with an invalid data size or with an invalid data offset in the controller over Modbus. CWE-248: Existe una vulnerabilidad de Excepción no Detectada en todas las versiones de Modicon M580, Modicon M340, Modicon Quantum y Modicon Premium, lo que podría generar una Denegación de Servicio cuando se lee bloques d... • https://github.com/yanissec/CVE-2018-7843 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 14%CPEs: 8EXPL: 2CVE-2018-7849
https://notcve.org/view.php?id=CVE-2018-7849
22 May 2019 — A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum and Modicon Premium which could cause a possible Denial of Service due to improper data integrity check when sending files the controller over Modbus. CWE-248: Existe una vulnerabilidad de Excepción no Detectada en todas las versiones de Modicon M580, Modicon M340, Modicon Quantum y Modicon Premium, que podría generar una posible Denegación de Servicio debido a una comprobación de integridad... • https://github.com/yanissec/CVE-2018-7849 • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 9.8EPSS: 38%CPEs: 8EXPL: 2CVE-2018-7846
https://notcve.org/view.php?id=CVE-2018-7846
22 May 2019 — A CWE-501: Trust Boundary Violation vulnerability on connection to the Controller exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum and Modicon Premium which could cause unauthorized access by conducting a brute force attack on Modbus protocol to the controller. CWE-501: Existe una vulnerabilidad de violación de límite de confianza en la conexión al controlador, en todas las versiones de Modicon M580, Modicon M340, Modicon Quantum y Modicon Premium, lo que podría generar un acceso no... • https://github.com/yanissec/CVE-2018-7846 • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 6.8EPSS: 0%CPEs: 41EXPL: 0CVE-2018-7851
https://notcve.org/view.php?id=CVE-2018-7851
22 May 2019 — CWE-119: Buffer errors vulnerability exists in Modicon M580 with firmware prior to V2.50, Modicon M340 with firmware prior to V3.01, BMxCRA312xx with firmware prior to V2.40, All firmware versions of Modicon Premium and 140CRA312xxx when sending a specially crafted Modbus packet, which could cause a denial of service to the device that would force a restart to restore availability. CWE-119: Existe una vulnerabilidad de errores de búfer en Modicon M580 con firmware anterior a V2.50, Modicon M340 con firmware... • https://www.schneider-electric.com/en/download/document/SEVD-2019-134-10 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 38EXPL: 0CVE-2019-6819
https://notcve.org/view.php?id=CVE-2019-6819
22 May 2019 — A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists which could cause a possible Denial of Service when specific Modbus frames are sent to the controller in the products: Modicon M340 - firmware versions prior to V3.01, Modicon M580 - firmware versions prior to V2.80, All firmware versions of Modicon Quantum and Modicon Premium. Una CWE-754: Existe una vulnerabilidad de Comprobación Inapropiada para condiciones inusuales o excepcionales, que podría generar una posible Denega... • http://www.securityfocus.com/bid/109004 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2019-6821
https://notcve.org/view.php?id=CVE-2019-6821
22 May 2019 — CWE-330: Use of Insufficiently Random Values vulnerability, which could cause the hijacking of the TCP connection when using Ethernet communication in Modicon M580 firmware versions prior to V2.30, and all firmware versions of Modicon M340, Modicon Premium, Modicon Quantum. Una CWE-330: Una vulnerabilidad de Uso Insuficientes de valores aleatorios, podría generar el secuestro de la conexión TCP cuando se utiliza el protocolo de comunicación Ethernet en Modicon M580 versiones de firmware anteriores a V2.30, ... • http://www.securityfocus.com/bid/108366 • CWE-330: Use of Insufficiently Random Values •
CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 2CVE-2013-0663 – Schneider Electric PLCs - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2013-0663
04 Apr 2013 — Cross-site request forgery (CSRF) vulnerability on the Schneider Electric Quantum 140NOE77111, 140NOE77101, and 140NWM10000; M340 BMXNOC0401, BMXNOE0100x, and BMXNOE011xx; and Premium TSXETY4103, TSXETY5103, and TSXWMY100 PLC modules allows remote attackers to hijack the authentication of arbitrary users for requests that execute commands, as demonstrated by modifying HTTP credentials. Vulnerabilidad CSRF en los módulos Schneider Electric Quantum 140NOE77111, 140NOE77101, y 140NWM10000; M340 BMXNOC0401, BMX... • https://packetstorm.news/files/id/147715 • CWE-352: Cross-Site Request Forgery (CSRF) •