CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 0CVE-2020-7536
https://notcve.org/view.php?id=CVE-2020-7536
11 Dec 2020 — A CWE-754:Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M340 CPUs (BMXP34* versions prior to V3.30) Modicon M340 Communication Ethernet modules (BMXNOE0100 (H) versions prior to V3.4 BMXNOE0110 (H) versions prior to V6.6 BMXNOR0200H all versions), that could cause the device to be unreachable when modifying network parameters over SNMP. Una CWE-754: Se presenta una vulnerabilidad de Comprobación Inapropiada de Condiciones Inusuales o Excepcionales en Modicon M340 CPUs ... • https://security.cse.iitk.ac.in/responsible-disclosure • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 9.8EPSS: 0%CPEs: 34EXPL: 0CVE-2020-7533
https://notcve.org/view.php?id=CVE-2020-7533
01 Dec 2020 — A CWE-255: Credentials Management vulnerability exists in Web Server on Modicon M340, Modicon Quantum and ModiconPremium Legacy offers and their Communication Modules (see security notification for version information) which could cause the execution of commands on the webserver without authentication when sending specially crafted HTTP requests. Una CWE-255: Se presenta una vulnerabilidad Administración de Credenciales en el Servidor Web en Modicon M340, Modicon Quantum y ofertas ModiconPremium Legacy y su... • https://www.se.com/ww/en/download/document/SEVD-2020-287-01 • CWE-255: Credentials Management Errors •
CVSS: 8.1EPSS: 0%CPEs: 40EXPL: 0CVE-2020-7562
https://notcve.org/view.php?id=CVE-2020-7562
18 Nov 2020 — A CWE-125: Out-of-Bounds Read vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details) which could cause a segmentation fault or a buffer overflow when uploading a specially crafted file on the controller over FTP. CWE-125: Una vulnerabilidad Lectura Fuera de Límites se presenta en el Servidor Web en las ofertas Modicon M340, Modicon Quantum y Modicon Premium Legacy y sus Módulos de Comunicación (... • https://www.se.com/ww/en/download/document/SEVD-2020-315-01 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 1%CPEs: 40EXPL: 0CVE-2020-7564
https://notcve.org/view.php?id=CVE-2020-7564
18 Nov 2020 — A CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details) which could cause write access and the execution of commands when uploading a specially crafted file on the controller over FTP. CWE-120: Una vulnerabilidad de Copia de búfer sin Comprobar el Tamaño de la Entrada ("Classic Buffer Overflow") se presenta en el Se... • https://www.se.com/ww/en/download/document/SEVD-2020-315-01 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.8EPSS: 1%CPEs: 40EXPL: 0CVE-2020-7563
https://notcve.org/view.php?id=CVE-2020-7563
18 Nov 2020 — A CWE-787: Out-of-bounds Write vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details) which could cause corruption of data, a crash, or code execution when uploading a specially crafted file on the controller over FTP. CWE-787: Una vulnerabilidad de escritura fuera de límites se presenta en el Servidor Web de unas ofertas de Modicon M340, Modicon Quantum y Modicon Premium Legacy y sus Módulos de... • https://www.se.com/ww/en/download/document/SEVD-2020-315-01 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2020-7475
https://notcve.org/view.php?id=CVE-2020-7475
23 Mar 2020 — A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'), reflective DLL, vulnerability exists in EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions), Modicon M340 (all versions prior to V3.20), Modicon M580 (all versions prior to V3.10), which, if exploited, could allow attackers to transfer malicious code to the controller. Una CWE-74: Una Neutralización Inapropiada de Elementos Especiales en la Salida Usada por un C... • http://www.se.com/ww/en/download/document/SEVD-2020-080-01 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 7.5EPSS: 0%CPEs: 60EXPL: 0CVE-2018-7794
https://notcve.org/view.php?id=CVE-2018-7794
06 Jan 2020 — A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service when reading data with invalid index using Modbus TCP. CWE-754: Existe una vulnerabilidad de Comprobación Inapropiada de Condiciones Inusuales o Excepcionales en Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (véase la notificación de seguridad para versiones e... • https://www.se.com/ww/en/download/document/SEVD-2019-344-01 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 7.5EPSS: 0%CPEs: 60EXPL: 0CVE-2019-6857
https://notcve.org/view.php?id=CVE-2019-6857
06 Jan 2020 — A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service of the controller when reading specific memory blocks using Modbus TCP. CWE-754: Hay una vulnerabilidad de Comprobación Inapropiada de Condiciones Inusuales o Excepcionales en Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (véase la notificación de seguridad pa... • https://www.se.com/ww/en/download/document/SEVD-2019-344-01 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 7.5EPSS: 0%CPEs: 60EXPL: 0CVE-2019-6856
https://notcve.org/view.php?id=CVE-2019-6856
06 Jan 2020 — A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service when writing specific physical memory blocks using Modbus TCP. CWE-754: existe una vulnerabilidad de Comprobación Inapropiada de Condiciones Inusuales o Excepcionales en Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (véase la notificación de seguridad para ver... • https://www.se.com/ww/en/download/document/SEVD-2019-344-01 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 7.5EPSS: 0%CPEs: 47EXPL: 0CVE-2019-6855
https://notcve.org/view.php?id=CVE-2019-6855
06 Jan 2020 — Incorrect Authorization vulnerability exists in EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions), Modicon M340 (all versions prior to V3.20) , and Modicon M580 (all versions prior to V3.10), which could cause a bypass of the authentication process between EcoStruxure Control Expert and the M340 and M580 controllers. Existe una vulnerabilidad de Autorización Incorrecta en EcoStruxure Control Expert (todas las versiones anteriores a la 14.1 Hot Fix), Unity Pro (todas l... • https://www.se.com/ww/en/download/document/SEVD-2019-344-02 • CWE-863: Incorrect Authorization •