CVSS: 7.5EPSS: 14%CPEs: 8EXPL: 2CVE-2018-7849
https://notcve.org/view.php?id=CVE-2018-7849
22 May 2019 — A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum and Modicon Premium which could cause a possible Denial of Service due to improper data integrity check when sending files the controller over Modbus. CWE-248: Existe una vulnerabilidad de Excepción no Detectada en todas las versiones de Modicon M580, Modicon M340, Modicon Quantum y Modicon Premium, que podría generar una posible Denegación de Servicio debido a una comprobación de integridad... • https://github.com/yanissec/CVE-2018-7849 • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 9.8EPSS: 38%CPEs: 8EXPL: 2CVE-2018-7846
https://notcve.org/view.php?id=CVE-2018-7846
22 May 2019 — A CWE-501: Trust Boundary Violation vulnerability on connection to the Controller exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum and Modicon Premium which could cause unauthorized access by conducting a brute force attack on Modbus protocol to the controller. CWE-501: Existe una vulnerabilidad de violación de límite de confianza en la conexión al controlador, en todas las versiones de Modicon M580, Modicon M340, Modicon Quantum y Modicon Premium, lo que podría generar un acceso no... • https://github.com/yanissec/CVE-2018-7846 • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 6.8EPSS: 0%CPEs: 41EXPL: 0CVE-2018-7851
https://notcve.org/view.php?id=CVE-2018-7851
22 May 2019 — CWE-119: Buffer errors vulnerability exists in Modicon M580 with firmware prior to V2.50, Modicon M340 with firmware prior to V3.01, BMxCRA312xx with firmware prior to V2.40, All firmware versions of Modicon Premium and 140CRA312xxx when sending a specially crafted Modbus packet, which could cause a denial of service to the device that would force a restart to restore availability. CWE-119: Existe una vulnerabilidad de errores de búfer en Modicon M580 con firmware anterior a V2.50, Modicon M340 con firmware... • https://www.schneider-electric.com/en/download/document/SEVD-2019-134-10 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2019-6816
https://notcve.org/view.php?id=CVE-2019-6816
22 May 2019 — In Modicon Quantum all firmware versions, a CWE-94: Code Injection vulnerability could cause an unauthorized firmware modification with possible Denial of Service when using Modbus protocol. En todas las versiones de firmware Modicon Quantum, una CWE-94: Vulnerabilidad de Inyección de Código, podría generar una modificación de firmware no autorizada con una posible Denegación de Servicio al utilizar protocolo Modbus. • https://www.schneider-electric.com/en/download/document/SEVD-2019-134-09 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2019-6815
https://notcve.org/view.php?id=CVE-2019-6815
22 May 2019 — In Modicon Quantum all firmware versions, CWE-264: Permissions, Privileges, and Access Control vulnerabilities could cause a denial of service or unauthorized modifications of the PLC configuration when using Ethernet/IP protocol. En todas las versiones de firmware Modicon Quantum, una CWE-264: Vulnerabilidades de Permisos, Privilegios y Control de Acceso, podrían generar una Denegación de Servicio o modificaciones no autorizadas de la configuración del PLC cuando se utiliza protocolo Ethernet/IP. • https://www.schneider-electric.com/en/download/document/SEVD-2019-134-09 •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-7788
https://notcve.org/view.php?id=CVE-2018-7788
22 May 2019 — A CWE-255 Credentials Management vulnerability exists in Modicon Quantum with firmware versions prior to V2.40. which could cause a Denial Of Service when using a Telnet connection. CWE-255: Existe una vulnerabilidad de Administración de Credenciales en Modicon Quantum con versiones de firmware anteriores a la V2.40, que podría generar una Denegación de Servicio al utilizar una conexión Telnet. • https://www.schneider-electric.com/en/download/document/SEVD-2019-134-08 • CWE-255: Credentials Management Errors •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2018-7834
https://notcve.org/view.php?id=CVE-2018-7834
22 May 2019 — A CWE-79 Cross-Site Scripting vulnerability exists in all versions of the TSXETG100 allowing an attacker to send a specially crafted URL with an embedded script to a user that would then be executed within the context of that user. CWE-79: Existe una vulnerabilidad tipo Cross-Site Scripting en todas las versiones de TSXETG100, que permite a un atacante enviar una URL especialmente creada con un script integrado a un usuario que luego se ejecutaría dentro del contexto de ese usuario. • https://www.schneider-electric.com/en/download/document/SEVD-2019-134-07 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2019-6812
https://notcve.org/view.php?id=CVE-2019-6812
22 May 2019 — A CWE-798 use of hardcoded credentials vulnerability exists in BMX-NOR-0200H with firmware versions prior to V1.7 IR 19 which could cause a confidentiality issue when using FTP protocol. Una CWE-798: Una vulnerabilidad de uso de credenciales codificadas en BMX-NOR-0200H con versiones de firmware anteriores a V1.7 IR 19, podría generar un problema de confidencialidad cuando se usa protocolo FTP. • https://security.cse.iitk.ac.in/responsible-disclosure • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.5EPSS: 0%CPEs: 38EXPL: 0CVE-2019-6819
https://notcve.org/view.php?id=CVE-2019-6819
22 May 2019 — A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists which could cause a possible Denial of Service when specific Modbus frames are sent to the controller in the products: Modicon M340 - firmware versions prior to V3.01, Modicon M580 - firmware versions prior to V2.80, All firmware versions of Modicon Quantum and Modicon Premium. Una CWE-754: Existe una vulnerabilidad de Comprobación Inapropiada para condiciones inusuales o excepcionales, que podría generar una posible Denega... • http://www.securityfocus.com/bid/109004 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2019-6821
https://notcve.org/view.php?id=CVE-2019-6821
22 May 2019 — CWE-330: Use of Insufficiently Random Values vulnerability, which could cause the hijacking of the TCP connection when using Ethernet communication in Modicon M580 firmware versions prior to V2.30, and all firmware versions of Modicon M340, Modicon Premium, Modicon Quantum. Una CWE-330: Una vulnerabilidad de Uso Insuficientes de valores aleatorios, podría generar el secuestro de la conexión TCP cuando se utiliza el protocolo de comunicación Ethernet en Modicon M580 versiones de firmware anteriores a V2.30, ... • http://www.securityfocus.com/bid/108366 • CWE-330: Use of Insufficiently Random Values •