Schneider-electric

Modicom M340 Firmware

8 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2018-7804

  • EPSS 0.2%
  • Veröffentlicht 17.12.2018 22:29:00
  • Zuletzt bearbeitet 21.11.2024 04:12:46

A URL Redirection to Untrusted Site vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where a user clicking on a specially crafted link can be redirected to a URL of the attacker's choosing.

7.5

CVE-2018-7812

  • EPSS 0.83%
  • Veröffentlicht 17.12.2018 22:29:00
  • Zuletzt bearbeitet 21.11.2024 04:12:46

An Information Exposure through Discrepancy vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where the web server sends different responses in a way that exposes security-relevant information ...

7.5

CVE-2018-7833

  • EPSS 0.46%
  • Veröffentlicht 17.12.2018 22:29:00
  • Zuletzt bearbeitet 21.11.2024 04:12:50

An Improper Check for Unusual or Exceptional Conditions vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where an unauthenticated user can send a specially crafted XML data via a POST request ...

9.8

CVE-2018-7809

Exploit
  • EPSS 1.98%
  • Veröffentlicht 30.11.2018 19:29:00
  • Zuletzt bearbeitet 21.11.2024 04:12:46

An Unverified Password Change vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 which could allow an unauthenticated remote user to access the password delete function of the web server.

6.1

CVE-2018-7810

Exploit
  • EPSS 0.31%
  • Veröffentlicht 30.11.2018 19:29:00
  • Zuletzt bearbeitet 21.11.2024 04:12:46

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 allowing an attacker to craft a URL containing JavaScri...

9.8

CVE-2018-7811

Exploit
  • EPSS 1.59%
  • Veröffentlicht 30.11.2018 19:29:00
  • Zuletzt bearbeitet 21.11.2024 04:12:46

An Unverified Password Change vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 which could allow an unauthenticated remote user to access the change password function of the web server

7.5

CVE-2018-7830

Exploit
  • EPSS 2.67%
  • Veröffentlicht 30.11.2018 19:29:00
  • Zuletzt bearbeitet 21.11.2024 04:12:50

Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where a denial of service can occur for ~1 minute by send...

8.8

CVE-2018-7831

Exploit
  • EPSS 0.22%
  • Veröffentlicht 30.11.2018 19:29:00
  • Zuletzt bearbeitet 21.11.2024 04:12:50

An Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 allowing an attacker to send a specially crafted URL to a curr...