Schneider-electric

Modicon M580 Bmep582040s Firmware

8 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.1

CVE-2023-6408

  • EPSS 0.16%
  • Published 14.02.2024 17:15:11
  • Last modified 23.01.2025 19:39:42

CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability exists that could cause a denial of service and loss of confidentiality, integrity of controllers when conducting a Man in the Middle att...

7.5

CVE-2021-22786

  • EPSS 0.18%
  • Published 01.02.2023 04:15:08
  • Last modified 21.11.2024 05:50:39

A CWE-200: Information Exposure vulnerability exists that could cause the exposure of sensitive information stored on the memory of the controller when communicating over the Modbus TCP protocol. Affected Products: Modicon M340 CPU (part numbers BMXP...

9.8

CVE-2022-45789

  • EPSS 0.06%
  • Published 31.01.2023 06:15:07
  • Last modified 21.11.2024 07:29:43

A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause execution of unauthorized Modbus functions on the controller when hijacking an authenticated Modbus session. Affected Products: EcoStruxure Control Expert (All V...

9.8

CVE-2022-45788

  • EPSS 0.29%
  • Published 30.01.2023 13:15:09
  • Last modified 21.11.2024 07:29:43

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause arbitrary code execution, denial of service and loss of confidentiality & integrity when a malicious project file is loaded onto the controller. Aff...

7.5

CVE-2022-37301

  • EPSS 0.33%
  • Published 22.11.2022 12:15:09
  • Last modified 21.11.2024 07:14:42

A CWE-191: Integer Underflow (Wrap or Wraparound) vulnerability exists that could cause a denial of service of the controller due to memory access violations when using the Modbus TCP protocol. Affected products: Modicon M340 CPU (part numbers BMXP34...

9.1

CVE-2021-22779

  • EPSS 0.12%
  • Published 14.07.2021 15:15:08
  • Last modified 21.11.2024 05:50:38

Authentication Bypass by Spoofing vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Control Expert V15.0 SP1, EcoStruxure Process Expert (all versions, including all...

7.5

CVE-2019-6855

  • EPSS 0.19%
  • Published 06.01.2020 23:15:11
  • Last modified 21.11.2024 04:47:17

Incorrect Authorization vulnerability exists in EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions), Modicon M340 (all versions prior to V3.20) , and Modicon M580 (all versions prior to V3.10), which could cause ...

7.8

CVE-2018-7838

  • EPSS 0.37%
  • Published 15.07.2019 21:15:10
  • Last modified 21.11.2024 04:12:51

A CWE-119 Buffer Errors vulnerability exists in Modicon M580 CPU - BMEP582040, all versions before V2.90, and Modicon Ethernet Module BMENOC0301, all versions before V2.16, which could cause denial of service on the FTP service of the controller or t...