CVSS: 7.5EPSS: 0%CPEs: 120EXPL: 0CVE-2018-7762
https://notcve.org/view.php?id=CVE-2018-7762
18 Apr 2018 — A vulnerability exists in the web services to process SOAP requests in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200 which could allow result in a buffer overflow. Existe una vulnerabilidad en los servicios web que procesan peticiones SOAP en Modicon M340, Modicon Premium, Modicon Quantum PLC y BMXNOR0200, de Schneider Electric, que podría conducir a un desbordamiento de búfer. • https://www.schneider-electric.com/en/download/document/SEVD-2018-081-02 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 6%CPEs: 30EXPL: 0CVE-2017-6017
https://notcve.org/view.php?id=CVE-2017-6017
30 Jun 2017 — A Resource Exhaustion issue was discovered in Schneider Electric Modicon M340 PLC BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP341000, BMXP342000, BMXP3420102, BMXP3420102CL, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, and BMXP342030H. A remote attacker could send a specially crafted set of packets to the PLC causing it to freeze, requiring the operator to physically press the reset button on the PLC in order to recover. Se ha descubierto un problema de agotamiento d... • http://www.securityfocus.com/bid/96414 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 10.0EPSS: 4%CPEs: 13EXPL: 0CVE-2015-7937
https://notcve.org/view.php?id=CVE-2015-7937
21 Dec 2015 — Stack-based buffer overflow in the GoAhead Web Server on Schneider Electric Modicon M340 PLC BMXNOx and BMXPx devices allows remote attackers to execute arbitrary code via a long password in HTTP Basic Authentication data. Desbordamiento de buffer basado en pila en GoAhead Web Server en dispositivos Schneider Electric Modicon M340 PLC BMXNOx y BMXPx permite a atacantes remotos ejecutar código arbitrario a través de una contraseña larga en los datos de HTTP Basic Authentication. • http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-344-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 5%CPEs: 146EXPL: 0CVE-2014-0754
https://notcve.org/view.php?id=CVE-2014-0754
03 Oct 2014 — Directory traversal vulnerability in SchneiderWEB on Schneider Electric Modicon PLC Ethernet modules 140CPU65x Exec before 5.5, 140NOC78x Exec before 1.62, 140NOE77x Exec before 6.2, BMXNOC0401 before 2.05, BMXNOE0100 before 2.9, BMXNOE0110x Exec before 6.0, TSXETC101 Exec before 2.04, TSXETY4103x Exec before 5.7, TSXETY5103x Exec before 5.9, TSXP57x ETYPort Exec before 5.7, and TSXP57x Ethernet Copro Exec before 5.5 allows remote attackers to visit arbitrary resources via a crafted HTTP request. Vulnerabil... • http://download.schneider-electric.com/files?p_Reference=SEVD-2014-260-01&p_EnDocType=Software%20-%20Updates&p_File_Id=608959359&p_File_Name=SEVD-2014-260-01.pdf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2013-2761
https://notcve.org/view.php?id=CVE-2013-2761
04 Apr 2013 — The Schneider Electric M340 BMXNOE01xx and BMXP3420xx PLC modules allow remote authenticated users to cause a denial of service (module crash) via crafted FTP traffic, as demonstrated by the FileZilla FTP client. Los módulos Schneider Electric M340 BMXNOE01xx y BMXP3420xx PLC, permite a usuarios autenticados remotamente provocar una denegación de servicio (caída de módulo) a través de tráfico FTP manipulado, como se ha demostrado a través del cliente Filezilla FTP. • http://www.schneider-electric.com/download/ww/en/details/35081317-Vulnerability-Disclosure-for-Quantum-Premium-and-M340 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 24EXPL: 0CVE-2013-2763
https://notcve.org/view.php?id=CVE-2013-2763
04 Apr 2013 — The Schneider Electric M340 PLC modules allow remote attackers to cause a denial of service (resource consumption) via unspecified vectors. NOTE: the vendor reportedly disputes this issue because it "could not be duplicated" and "an attacker could not remotely exploit this observed behavior to deny PLC control functions. ** EN DISPUTA ** Los modulos Schneider Electric M340 PLC permite a atacantes remotos causar una denegación de servicios (consumo de recursos) a través de vectores no especificados. NOTA: El... • http://ics-cert.us-cert.gov/pdf/ICSA-13-077-01A.pdf • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 2CVE-2013-0663 – Schneider Electric PLCs - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2013-0663
04 Apr 2013 — Cross-site request forgery (CSRF) vulnerability on the Schneider Electric Quantum 140NOE77111, 140NOE77101, and 140NWM10000; M340 BMXNOC0401, BMXNOE0100x, and BMXNOE011xx; and Premium TSXETY4103, TSXETY5103, and TSXWMY100 PLC modules allows remote attackers to hijack the authentication of arbitrary users for requests that execute commands, as demonstrated by modifying HTTP credentials. Vulnerabilidad CSRF en los módulos Schneider Electric Quantum 140NOE77111, 140NOE77101, y 140NWM10000; M340 BMXNOC0401, BMX... • https://packetstorm.news/files/id/147715 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 1%CPEs: 4EXPL: 0CVE-2013-0664
https://notcve.org/view.php?id=CVE-2013-0664
04 Apr 2013 — The FactoryCast service on the Schneider Electric Quantum 140NOE77111 and 140NWM10000, M340 BMXNOE0110x, and Premium TSXETY5103 PLC modules allows remote authenticated users to send Modbus messages, and consequently execute arbitrary code, by embedding these messages in SOAP HTTP POST requests. El servicio FactoryCast en los módulos Electric Quantum 140NOE77111 y 140NWM10000, M340 BMXNOE0110x, y Premium TSXETY5103 PLC , permite a usuarios autenticados remotamente el envío de mensajes Modbus, y por consiguie... • http://ics-cert.us-cert.gov/pdf/ICSA-13-077-01A.pdf •