CVE-2021-22786
https://notcve.org/view.php?id=CVE-2021-22786
A CWE-200: Information Exposure vulnerability exists that could cause the exposure of sensitive information stored on the memory of the controller when communicating over the Modbus TCP protocol. Affected Products: Modicon M340 CPU (part numbers BMXP34*) (Versions prior to V3.30), Modicon M580 CPU (part numbers BMEP* and BMEH*) (Versions prior to SV3.20), Modicon MC80 (BMKC80) (Versions prior to V1.6), Modicon M580 CPU Safety (part numbers BMEP58*S and BMEH58*S) (All Versions), Modicon Momentum MDI (171CBU*) (Versions prior to V2.3), Legacy Modicon Quantum (All Versions) • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-221-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-221-04-Modicon_Controllers_Ethernet_Modules_Security_Notification.pdf • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2022-37301
https://notcve.org/view.php?id=CVE-2022-37301
A CWE-191: Integer Underflow (Wrap or Wraparound) vulnerability exists that could cause a denial of service of the controller due to memory access violations when using the Modbus TCP protocol. Affected products: Modicon M340 CPU (part numbers BMXP34*)(V3.40 and prior), Modicon M580 CPU (part numbers BMEP* and BMEH*)(V3.22 and prior), Legacy Modicon Quantum/Premium(All Versions), Modicon Momentum MDI (171CBU*)(All Versions), Modicon MC80 (BMKC80)(V1.7 and prior) Existe una vulnerabilidad CWE-191: Integer Underflow (Wrap o Wraparound) que podría causar una Denegación de Servicio (DoS) del controlador debido a violaciones de acceso a la memoria cuando se utiliza el protocolo Modbus TCP. Productos afectados: CPU Modicon M340 (números de pieza BMXP34*)(V3.40 y anteriores), CPU Modicon M580 (números de pieza BMEP* y BMEH*)(V3.22 y anteriores), Modicon Quantum/Premium heredado (todas las versiones), Modicon Momentum MDI (171CBU*)(todas las versiones), Modicon MC80 (BMKC80)(V1.7 y anteriores) • https://www.se.com/us/en/download/document/SEVD-2022-221-02 • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVE-2019-6855
https://notcve.org/view.php?id=CVE-2019-6855
Incorrect Authorization vulnerability exists in EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions), Modicon M340 (all versions prior to V3.20) , and Modicon M580 (all versions prior to V3.10), which could cause a bypass of the authentication process between EcoStruxure Control Expert and the M340 and M580 controllers. Existe una vulnerabilidad de Autorización Incorrecta en EcoStruxure Control Expert (todas las versiones anteriores a la 14.1 Hot Fix), Unity Pro (todas las versiones), Modicon M340 (todas las versiones anteriores a la V3.20) , y Modicon M580 (todas las versiones anteriores a la V3.10), que podría causar un bypass del proceso de autenticación entre EcoStruxure Control Expert y los controladores M340 y M580 • https://www.se.com/ww/en/download/document/SEVD-2019-344-02 • CWE-863: Incorrect Authorization •
CVE-2018-7838
https://notcve.org/view.php?id=CVE-2018-7838
A CWE-119 Buffer Errors vulnerability exists in Modicon M580 CPU - BMEP582040, all versions before V2.90, and Modicon Ethernet Module BMENOC0301, all versions before V2.16, which could cause denial of service on the FTP service of the controller or the Ethernet BMENOC module when it receives a FTP CWD command with a data length greater than 1020 bytes. A power cycle is then needed to reactivate the FTP service. Una CWE-119: Existe una vulnerabilidad de Errores de Búfer en la CPU M580 - BMEP582040 de Modicon , todas las versiones anteriores a la V2.90, y el módulo Ethernet BMENOC0301 de Modicon, todas las versiones anteriores a la V2.16, lo que podría causar la denegación de servicio en el servicio FTP del controlador o Módulo Ethernet BMENOC cuando recibe un comando CWD de FTP con una longitud de datos superior a 1020 bytes. Se necesita entonces un ciclo de energía para reactivar el servicio FTP. • https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-190-03 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •