CVSS: 7.5EPSS: 0%CPEs: 120EXPL: 0CVE-2018-7759
https://notcve.org/view.php?id=CVE-2018-7759
18 Apr 2018 — A buffer overflow vulnerability exists in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200. The buffer overflow vulnerability is caused by the length of the source string specified (instead of the buffer size) as the number of bytes to be copied. Existe una vulnerabilidad de desbordamiento de búfer en Modicon M340, Modicon Premium, Modicon Quantum PLC y BMXNOR0200, de Schneider Electric. La vulnerabilidad de desbordamiento de búfer se provoca por el tamaño de la cadena de ... • https://www.schneider-electric.com/en/download/document/SEVD-2018-081-02 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 120EXPL: 0CVE-2018-7760
https://notcve.org/view.php?id=CVE-2018-7760
18 Apr 2018 — An authorization bypass vulnerability exists in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200. Requests to CGI functions allow malicious users to bypass authorization. Existe una vulnerabilidad de omisión de autenticación en Modicon M340, Modicon Premium, Modicon Quantum PLC y BMXNOR0200, de Schneider Electric. Las peticiones a funciones CGI permiten que usuarios maliciosos omitan la autorización. • https://www.schneider-electric.com/en/download/document/SEVD-2018-081-02 • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 0%CPEs: 120EXPL: 0CVE-2018-7761
https://notcve.org/view.php?id=CVE-2018-7761
18 Apr 2018 — A vulnerability exists in the HTTP request parser in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200 which could allow arbitrary code execution. Existe una vulnerabilidad en Modicon M340, Modicon Premium, Modicon Quantum PLC y BMXNOR0200, de Schneider Electric, que podría permitir la ejecución de código arbitrario. • https://www.schneider-electric.com/en/download/document/SEVD-2018-081-02 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 120EXPL: 0CVE-2018-7762
https://notcve.org/view.php?id=CVE-2018-7762
18 Apr 2018 — A vulnerability exists in the web services to process SOAP requests in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200 which could allow result in a buffer overflow. Existe una vulnerabilidad en los servicios web que procesan peticiones SOAP en Modicon M340, Modicon Premium, Modicon Quantum PLC y BMXNOR0200, de Schneider Electric, que podría conducir a un desbordamiento de búfer. • https://www.schneider-electric.com/en/download/document/SEVD-2018-081-02 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 6%CPEs: 30EXPL: 0CVE-2017-6017
https://notcve.org/view.php?id=CVE-2017-6017
30 Jun 2017 — A Resource Exhaustion issue was discovered in Schneider Electric Modicon M340 PLC BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP341000, BMXP342000, BMXP3420102, BMXP3420102CL, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, and BMXP342030H. A remote attacker could send a specially crafted set of packets to the PLC causing it to freeze, requiring the operator to physically press the reset button on the PLC in order to recover. Se ha descubierto un problema de agotamiento d... • http://www.securityfocus.com/bid/96414 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 10.0EPSS: 4%CPEs: 13EXPL: 0CVE-2015-7937
https://notcve.org/view.php?id=CVE-2015-7937
21 Dec 2015 — Stack-based buffer overflow in the GoAhead Web Server on Schneider Electric Modicon M340 PLC BMXNOx and BMXPx devices allows remote attackers to execute arbitrary code via a long password in HTTP Basic Authentication data. Desbordamiento de buffer basado en pila en GoAhead Web Server en dispositivos Schneider Electric Modicon M340 PLC BMXNOx y BMXPx permite a atacantes remotos ejecutar código arbitrario a través de una contraseña larga en los datos de HTTP Basic Authentication. • http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-344-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 5%CPEs: 146EXPL: 0CVE-2014-0754
https://notcve.org/view.php?id=CVE-2014-0754
03 Oct 2014 — Directory traversal vulnerability in SchneiderWEB on Schneider Electric Modicon PLC Ethernet modules 140CPU65x Exec before 5.5, 140NOC78x Exec before 1.62, 140NOE77x Exec before 6.2, BMXNOC0401 before 2.05, BMXNOE0100 before 2.9, BMXNOE0110x Exec before 6.0, TSXETC101 Exec before 2.04, TSXETY4103x Exec before 5.7, TSXETY5103x Exec before 5.9, TSXP57x ETYPort Exec before 5.7, and TSXP57x Ethernet Copro Exec before 5.5 allows remote attackers to visit arbitrary resources via a crafted HTTP request. Vulnerabil... • http://download.schneider-electric.com/files?p_Reference=SEVD-2014-260-01&p_EnDocType=Software%20-%20Updates&p_File_Id=608959359&p_File_Name=SEVD-2014-260-01.pdf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 24EXPL: 0CVE-2013-2763
https://notcve.org/view.php?id=CVE-2013-2763
04 Apr 2013 — The Schneider Electric M340 PLC modules allow remote attackers to cause a denial of service (resource consumption) via unspecified vectors. NOTE: the vendor reportedly disputes this issue because it "could not be duplicated" and "an attacker could not remotely exploit this observed behavior to deny PLC control functions. ** EN DISPUTA ** Los modulos Schneider Electric M340 PLC permite a atacantes remotos causar una denegación de servicios (consumo de recursos) a través de vectores no especificados. NOTA: El... • http://ics-cert.us-cert.gov/pdf/ICSA-13-077-01A.pdf • CWE-400: Uncontrolled Resource Consumption •