CVSS: 9.8EPSS: 0%CPEs: 108EXPL: 0CVE-2022-45788
https://notcve.org/view.php?id=CVE-2022-45788
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause arbitrary code execution, denial of service and loss of confidentiality & integrity when a malicious project file is loaded onto the controller. Affected Products: EcoStruxure Control Expert (All Versions), EcoStruxure Process Expert (All Versions), Modicon M340 CPU - part numbers BMXP34* (All Versions), Modicon M580 CPU - part numbers BMEP* and BMEH* (All Versions), Modicon M580 CPU Safety - part numbers BMEP58*S and BMEH58*S (All Versions), Modicon Momentum Unity M1E Processor - 171CBU* (All Versions), Modicon MC80 - BMKC80 (All Versions), Legacy Modicon Quantum - 140CPU65* and Premium CPUs - TSXP57* (All Versions) • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-010-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-010-05_Modicon_Controllers_Security_Notification.pdf • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 7.5EPSS: 0%CPEs: 96EXPL: 0CVE-2022-37301
https://notcve.org/view.php?id=CVE-2022-37301
A CWE-191: Integer Underflow (Wrap or Wraparound) vulnerability exists that could cause a denial of service of the controller due to memory access violations when using the Modbus TCP protocol. Affected products: Modicon M340 CPU (part numbers BMXP34*)(V3.40 and prior), Modicon M580 CPU (part numbers BMEP* and BMEH*)(V3.22 and prior), Legacy Modicon Quantum/Premium(All Versions), Modicon Momentum MDI (171CBU*)(All Versions), Modicon MC80 (BMKC80)(V1.7 and prior) Existe una vulnerabilidad CWE-191: Integer Underflow (Wrap o Wraparound) que podría causar una Denegación de Servicio (DoS) del controlador debido a violaciones de acceso a la memoria cuando se utiliza el protocolo Modbus TCP. Productos afectados: CPU Modicon M340 (números de pieza BMXP34*)(V3.40 y anteriores), CPU Modicon M580 (números de pieza BMEP* y BMEH*)(V3.22 y anteriores), Modicon Quantum/Premium heredado (todas las versiones), Modicon Momentum MDI (171CBU*)(todas las versiones), Modicon MC80 (BMKC80)(V1.7 y anteriores) • https://www.se.com/us/en/download/document/SEVD-2022-221-02 • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 7.5EPSS: 0%CPEs: 28EXPL: 0CVE-2021-22788
https://notcve.org/view.php?id=CVE-2021-22788
A CWE-787: Out-of-bounds Write vulnerability exists that could cause denial of service when an attacker sends a specially crafted HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (All Versions), Modicon Premium Processors with integrated Ethernet (Copro): TSXP574634, TSXP575634, TSXP576634 (All Versions), Modicon Quantum Processors with Integrated Ethernet (Copro): 140CPU65xxxxx (All Versions), Modicon Quantum Communication Modules: 140NOE771x1, 140NOC78x00, 140NOC77101 (All Versions), Modicon Premium Communication Modules: TSXETY4103, TSXETY5103 (All Versions) Una CWE-787: Se presenta una vulnerabilidad de Escritura Fuera de Límites que podría causar una denegación de servicio cuando un atacante envía una petición HTTP especialmente diseñada al servidor web del dispositivo. Producto afectado: CPUs Modicon M340: BMXP34 (Versiones anteriores a V3.40), Módulos de Comunicación Ethernet Modicon M340 X80: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (Todas las versiones), Procesadores Modicon Premium con Ethernet integrada (Copro): TSXP574634, TSXP575634, TSXP576634 (Todas las versiones), Procesadores Modicon Quantum con Ethernet integrado (Copro): 140CPU65xxxxx (Todas las versiones), Módulos de comunicación Modicon Quantum: 140NOE771x1, 140NOC78x00, 140NOC77101 (Todas las versiones), Módulos de comunicación Modicon Premium: TSXETY4103, TSXETY5103 (todas las versiones) • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-257-02 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 28EXPL: 0CVE-2021-22787
https://notcve.org/view.php?id=CVE-2021-22787
A CWE-20: Improper Input Validation vulnerability exists that could cause denial of service of the device when an attacker sends a specially crafted HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (All Versions), Modicon Premium Processors with integrated Ethernet (Copro): TSXP574634, TSXP575634, TSXP576634 (All Versions), Modicon Quantum Processors with Integrated Ethernet (Copro): 140CPU65xxxxx (All Versions), Modicon Quantum Communication Modules: 140NOE771x1, 140NOC78x00, 140NOC77101 (All Versions), Modicon Premium Communication Modules: TSXETY4103, TSXETY5103 (All Versions) Una CWE-20: Se presenta una vulnerabilidad de Comprobación de Entrada Inapropiada que podría causar una denegación de servicio del dispositivo cuando un atacante envía una petición HTTP especialmente diseñada al servidor web del dispositivo. Producto afectado: CPUs Modicon M340: BMXP34 (Versiones anteriores a V3.40), Módulos de Comunicación Ethernet Modicon M340 X80: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (Todas las versiones), Procesadores Modicon Premium con Ethernet integrada (Copro): TSXP574634, TSXP575634, TSXP576634 (Todas las versiones), Procesadores Modicon Quantum con Ethernet integrado (Copro): 140CPU65xxxxx (Todas las versiones), Módulos de comunicación Modicon Quantum: 140NOE771x1, 140NOC78x00, 140NOC77101 (Todas las versiones), Módulos de comunicación Modicon Premium: TSXETY4103, TSXETY5103 (todas las versiones) • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-257-02 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 28EXPL: 0CVE-2021-22785
https://notcve.org/view.php?id=CVE-2021-22785
A CWE-200: Information Exposure vulnerability exists that could cause sensitive information of files located in the web root directory to leak when an attacker sends a HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (All Versions), Modicon Premium Processors with integrated Ethernet (Copro): TSXP574634, TSXP575634, TSXP576634 (All Versions), Modicon Quantum Processors with Integrated Ethernet (Copro): 140CPU65xxxxx (All Versions), Modicon Quantum Communication Modules: 140NOE771x1, 140NOC78x00, 140NOC77101 (All Versions), Modicon Premium Communication Modules: TSXETY4103, TSXETY5103 (All Versions) Una CWE-200: Se presenta una vulnerabilidad de Exposición de Información que podría causar un filtrado de información confidencial de archivos ubicados en el directorio root de la web cuando un atacante envía una petición HTTP al servidor web del dispositivo. Producto afectado: CPUs Modicon M340: BMXP34 (Versiones anteriores a V3.40), Módulos de Comunicación Ethernet Modicon M340 X80: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (Todas las versiones), Procesadores Modicon Premium con Ethernet integrada (Copro): TSXP574634, TSXP575634, TSXP576634 (Todas las versiones), Procesadores Modicon Quantum con Ethernet integrado (Copro): 140CPU65xxxxx (Todas las versiones), Módulos de comunicación Modicon Quantum: 140NOE771x1, 140NOC78x00, 140NOC77101 (Todas las versiones), Módulos de comunicación Modicon Premium: TSXETY4103, TSXETY5103 (todas las versiones) • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-257-02 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •