30 results (0.003 seconds)

CVSS: 8.4EPSS: 0%CPEs: 4EXPL: 0

17 Jan 2025 — CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause information disclosure, impacts workstation integrity and potential remote code execution on the compromised computer, when specific crafted XML file is imported in the Web Designer configuration tool. Existe una vulnerabilidad de restricción inadecuada de referencia de entidad externa XML que podría causar la divulgación de información, afectar la integridad de la estación de trabajo y la posible ejecución ... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-014-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-014-04.pdf • CWE-611: Improper Restriction of XML External Entity Reference •

CVSS: 7.8EPSS: 0%CPEs: 28EXPL: 0

22 Nov 2022 — A CWE-269: Improper Privilege Management vulnerability exists that could cause a denial of service of the Ethernet communication of the controller when sending a specific request over SNMP. Affected products: Modicon M340 CPUs(BMXP34* versions prior to V3.40), Modicon M340 X80 Ethernet Communication modules:BMXNOE0100 (H), BMXNOE0110 (H), BMXNOR0200H RTU(BMXNOE* all versions)(BMXNOR* versions prior to v1.7 IR24) Existe una vulnerabilidad CWE-269: Gestión de privilegios inadecuada que podría provocar una Den... • https://www.se.com/us/en/download/document/SEVD-2022-102-02 • CWE-269: Improper Privilege Management •

CVSS: 7.5EPSS: 1%CPEs: 28EXPL: 0

11 Feb 2022 — A CWE-787: Out-of-bounds Write vulnerability exists that could cause denial of service when an attacker sends a specially crafted HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (All Versions), Modicon Premium Processors with integrated Ethernet (Copro): TSXP574634, TSXP575634, TSXP576634 (All Versions), Modicon Quantum Processors w... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-257-02 • CWE-787: Out-of-bounds Write •

CVSS: 7.5EPSS: 0%CPEs: 28EXPL: 0

11 Feb 2022 — A CWE-20: Improper Input Validation vulnerability exists that could cause denial of service of the device when an attacker sends a specially crafted HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (All Versions), Modicon Premium Processors with integrated Ethernet (Copro): TSXP574634, TSXP575634, TSXP576634 (All Versions), Modicon Q... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-257-02 • CWE-20: Improper Input Validation •

CVSS: 7.5EPSS: 0%CPEs: 28EXPL: 0

11 Feb 2022 — A CWE-200: Information Exposure vulnerability exists that could cause sensitive information of files located in the web root directory to leak when an attacker sends a HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (All Versions), Modicon Premium Processors with integrated Ethernet (Copro): TSXP574634, TSXP575634, TSXP576634 (All V... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-257-02 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 8.8EPSS: 0%CPEs: 20EXPL: 0

04 Feb 2022 — A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists on the web server used, that could cause a leak of sensitive data or unauthorized actions on the web server during the time the user is logged in. Affected Products: Modicon M340 CPUs: BMXP34 (All Versions), Modicon Quantum CPUs with integrated Ethernet (Copro): 140CPU65 (All Versions), Modicon Premium CPUs with integrated Ethernet (Copro): TSXP57 (All Versions), Modicon M340 ethernet modules: (BMXNOC0401, BMXNOE01, BMXNOR0200H) (All Versions... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-011-01 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 5.3EPSS: 0%CPEs: 8EXPL: 0

11 Jun 2021 — A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Modicon X80 BMXNOR0200H RTU SV1.70 IR22 and prior that could cause information leak concerning the current RTU configuration including communication parameters dedicated to telemetry, when a specially crafted HTTP request is sent to the web server of the module. Un CWE-787: Se presenta una vulnerabilidad de Exposición de Información Confidencial a un Actor No Autorizado en Modicon X80 BMXNOR0200H RTU versiones SV1.... • http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-05 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 0

11 Dec 2020 — A CWE-754:Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M340 CPUs (BMXP34* versions prior to V3.30) Modicon M340 Communication Ethernet modules (BMXNOE0100 (H) versions prior to V3.4 BMXNOE0110 (H) versions prior to V6.6 BMXNOR0200H all versions), that could cause the device to be unreachable when modifying network parameters over SNMP. Una CWE-754: Se presenta una vulnerabilidad de Comprobación Inapropiada de Condiciones Inusuales o Excepcionales en Modicon M340 CPUs ... • https://security.cse.iitk.ac.in/responsible-disclosure • CWE-754: Improper Check for Unusual or Exceptional Conditions •

CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0

17 Sep 2019 — A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in BMXNOR0200H Ethernet / Serial RTU module (all firmware versions) and Modicon M340 controller (all firmware versions), which could cause denial of service when truncated SNMP packets on port 161/UDP are received by the device. Una CWE-754: Existe una vulnerabilidad de Comprobación Inapropiada de Condiciones Inusuales o Excepcionales en el módulo BMXNOR0200H Ethernet/Serial RTU (todas las versiones de firmware) y el contro... • https://security.cse.iitk.ac.in/responsible-disclosure • CWE-754: Improper Check for Unusual or Exceptional Conditions •

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0

17 Sep 2019 — CWE-284: Improper Access Control vulnerability exists in BMXNOR0200H Ethernet / Serial RTU module (all firmware versions), which could cause the execution of commands by unauthorized users when using IEC 60870-5-104 protocol. CWE-284: Existe una vulnerabilidad de Control de Acceso Inapropiada en el módulo BMXNOR0200H Ethernet/Serial RTU (todas las versiones de firmware), lo que podría causar la ejecución de comandos por parte de usuarios no autorizados al utilizar el protocolo IEC 60870-5-104. • https://security.cse.iitk.ac.in/responsible-disclosure • CWE-284: Improper Access Control •