CVSS: 10.0EPSS: 0%CPEs: 108EXPL: 0CVE-2022-45788
https://notcve.org/view.php?id=CVE-2022-45788
30 Jan 2023 — A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause arbitrary code execution, denial of service and loss of confidentiality & integrity when a malicious project file is loaded onto the controller. Affected Products: EcoStruxure Control Expert (All Versions), EcoStruxure Process Expert (All Versions), Modicon M340 CPU - part numbers BMXP34* (All Versions), Modicon M580 CPU - part numbers BMEP* and BMEH* (All Versions), Modicon M580 CPU Safety - part numbers B... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-010-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-010-05_Modicon_Controllers_Security_Notification.pdf • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 7.8EPSS: 0%CPEs: 96EXPL: 0CVE-2022-37301
https://notcve.org/view.php?id=CVE-2022-37301
22 Nov 2022 — A CWE-191: Integer Underflow (Wrap or Wraparound) vulnerability exists that could cause a denial of service of the controller due to memory access violations when using the Modbus TCP protocol. Affected products: Modicon M340 CPU (part numbers BMXP34*)(V3.40 and prior), Modicon M580 CPU (part numbers BMEP* and BMEH*)(V3.22 and prior), Legacy Modicon Quantum/Premium(All Versions), Modicon Momentum MDI (171CBU*)(All Versions), Modicon MC80 (BMKC80)(V1.7 and prior) Existe una vulnerabilidad CWE-191: Integer Un... • https://www.se.com/us/en/download/document/SEVD-2022-221-02 • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 7.5EPSS: 0%CPEs: 49EXPL: 0CVE-2021-22792
https://notcve.org/view.php?id=CVE-2021-22792
02 Sep 2021 — A CWE-476: NULL Pointer Dereference vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxureª Control Expert, including ... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-04 • CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 0%CPEs: 49EXPL: 0CVE-2021-22791
https://notcve.org/view.php?id=CVE-2021-22791
02 Sep 2021 — A CWE-787: Out-of-bounds Write vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxureª Control Expert, including all U... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-04 • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 49EXPL: 0CVE-2021-22790
https://notcve.org/view.php?id=CVE-2021-22790
02 Sep 2021 — A CWE-125: Out-of-bounds Read vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxureª Control Expert, including all Un... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-04 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 49EXPL: 0CVE-2021-22789
https://notcve.org/view.php?id=CVE-2021-22789
02 Sep 2021 — A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simula... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-04 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.1EPSS: 0%CPEs: 40EXPL: 0CVE-2020-7562
https://notcve.org/view.php?id=CVE-2020-7562
18 Nov 2020 — A CWE-125: Out-of-Bounds Read vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details) which could cause a segmentation fault or a buffer overflow when uploading a specially crafted file on the controller over FTP. CWE-125: Una vulnerabilidad Lectura Fuera de Límites se presenta en el Servidor Web en las ofertas Modicon M340, Modicon Quantum y Modicon Premium Legacy y sus Módulos de Comunicación (... • https://www.se.com/ww/en/download/document/SEVD-2020-315-01 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 1%CPEs: 40EXPL: 0CVE-2020-7564
https://notcve.org/view.php?id=CVE-2020-7564
18 Nov 2020 — A CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details) which could cause write access and the execution of commands when uploading a specially crafted file on the controller over FTP. CWE-120: Una vulnerabilidad de Copia de búfer sin Comprobar el Tamaño de la Entrada ("Classic Buffer Overflow") se presenta en el Se... • https://www.se.com/ww/en/download/document/SEVD-2020-315-01 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.8EPSS: 1%CPEs: 40EXPL: 0CVE-2020-7563
https://notcve.org/view.php?id=CVE-2020-7563
18 Nov 2020 — A CWE-787: Out-of-bounds Write vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details) which could cause corruption of data, a crash, or code execution when uploading a specially crafted file on the controller over FTP. CWE-787: Una vulnerabilidad de escritura fuera de límites se presenta en el Servidor Web de unas ofertas de Modicon M340, Modicon Quantum y Modicon Premium Legacy y sus Módulos de... • https://www.se.com/ww/en/download/document/SEVD-2020-315-01 • CWE-787: Out-of-bounds Write •