CVSS: 7.8EPSS: 0%CPEs: 28EXPL: 0CVE-2022-0222
https://notcve.org/view.php?id=CVE-2022-0222
22 Nov 2022 — A CWE-269: Improper Privilege Management vulnerability exists that could cause a denial of service of the Ethernet communication of the controller when sending a specific request over SNMP. Affected products: Modicon M340 CPUs(BMXP34* versions prior to V3.40), Modicon M340 X80 Ethernet Communication modules:BMXNOE0100 (H), BMXNOE0110 (H), BMXNOR0200H RTU(BMXNOE* all versions)(BMXNOR* versions prior to v1.7 IR24) Existe una vulnerabilidad CWE-269: Gestión de privilegios inadecuada que podría provocar una Den... • https://www.se.com/us/en/download/document/SEVD-2022-102-02 • CWE-269: Improper Privilege Management •
CVSS: 7.5EPSS: 1%CPEs: 28EXPL: 0CVE-2021-22788
https://notcve.org/view.php?id=CVE-2021-22788
11 Feb 2022 — A CWE-787: Out-of-bounds Write vulnerability exists that could cause denial of service when an attacker sends a specially crafted HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (All Versions), Modicon Premium Processors with integrated Ethernet (Copro): TSXP574634, TSXP575634, TSXP576634 (All Versions), Modicon Quantum Processors w... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-257-02 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 28EXPL: 0CVE-2021-22787
https://notcve.org/view.php?id=CVE-2021-22787
11 Feb 2022 — A CWE-20: Improper Input Validation vulnerability exists that could cause denial of service of the device when an attacker sends a specially crafted HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (All Versions), Modicon Premium Processors with integrated Ethernet (Copro): TSXP574634, TSXP575634, TSXP576634 (All Versions), Modicon Q... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-257-02 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 28EXPL: 0CVE-2021-22785
https://notcve.org/view.php?id=CVE-2021-22785
11 Feb 2022 — A CWE-200: Information Exposure vulnerability exists that could cause sensitive information of files located in the web root directory to leak when an attacker sends a HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (All Versions), Modicon Premium Processors with integrated Ethernet (Copro): TSXP574634, TSXP575634, TSXP576634 (All V... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-257-02 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 20EXPL: 0CVE-2020-7534
https://notcve.org/view.php?id=CVE-2020-7534
04 Feb 2022 — A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists on the web server used, that could cause a leak of sensitive data or unauthorized actions on the web server during the time the user is logged in. Affected Products: Modicon M340 CPUs: BMXP34 (All Versions), Modicon Quantum CPUs with integrated Ethernet (Copro): 140CPU65 (All Versions), Modicon Premium CPUs with integrated Ethernet (Copro): TSXP57 (All Versions), Modicon M340 ethernet modules: (BMXNOC0401, BMXNOE01, BMXNOR0200H) (All Versions... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-011-01 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 0CVE-2020-7536
https://notcve.org/view.php?id=CVE-2020-7536
11 Dec 2020 — A CWE-754:Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M340 CPUs (BMXP34* versions prior to V3.30) Modicon M340 Communication Ethernet modules (BMXNOE0100 (H) versions prior to V3.4 BMXNOE0110 (H) versions prior to V6.6 BMXNOR0200H all versions), that could cause the device to be unreachable when modifying network parameters over SNMP. Una CWE-754: Se presenta una vulnerabilidad de Comprobación Inapropiada de Condiciones Inusuales o Excepcionales en Modicon M340 CPUs ... • https://security.cse.iitk.ac.in/responsible-disclosure • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2019-6813
https://notcve.org/view.php?id=CVE-2019-6813
17 Sep 2019 — A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in BMXNOR0200H Ethernet / Serial RTU module (all firmware versions) and Modicon M340 controller (all firmware versions), which could cause denial of service when truncated SNMP packets on port 161/UDP are received by the device. Una CWE-754: Existe una vulnerabilidad de Comprobación Inapropiada de Condiciones Inusuales o Excepcionales en el módulo BMXNOR0200H Ethernet/Serial RTU (todas las versiones de firmware) y el contro... • https://security.cse.iitk.ac.in/responsible-disclosure • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 5.4EPSS: 0%CPEs: 22EXPL: 0CVE-2015-6462
https://notcve.org/view.php?id=CVE-2015-6462
21 Mar 2019 — Reflected Cross-Site Scripting (nonpersistent) allows an attacker to craft a specific URL, which contains Java script that will be executed on the Schneider Electric Modicon BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, or BMXP342030H PLC client browser. Cross-Site Scripting (XSS) reflejado (no persistente) permite que un atacante manipule una URL específica, que contiene JavaScript que se ejecutará en el navegador del cliente P... • https://ics-cert.us-cert.gov/advisories/ICSA-15-246-02 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 22EXPL: 0CVE-2015-6461
https://notcve.org/view.php?id=CVE-2015-6461
21 Mar 2019 — Remote file inclusion allows an attacker to craft a specific URL referencing the Schneider Electric Modicon BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, or BMXP342030H PLC web server, which, when launched, will result in the browser redirecting to a remote file via a Java script loaded with the web page. La inclusión de archivos remotos permite que un atacante manipule una URL específica que referencia al servidor web PLC de Mo... • https://ics-cert.us-cert.gov/advisories/ICSA-15-246-02 • CWE-20: Improper Input Validation CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 9.8EPSS: 0%CPEs: 120EXPL: 0CVE-2018-7242
https://notcve.org/view.php?id=CVE-2018-7242
18 Apr 2018 — Vulnerable hash algorithms exists in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules. The algorithm used to encrypt the password is vulnerable to hash collision attacks. Existen algoritmos de hash vulnerables en los controladores Modicon Premium, Modicon Quantum, Modicon M340 y BMXNOR0200, de Schneider Electric, en todas las versiones de los módulos de comunicación. El algoritmo empleado para cifrar la contraseña es... • http://www.securityfocus.com/bid/103543 • CWE-326: Inadequate Encryption Strength •