Search

Find a vulnerability

Search criteria

    32 vulnerabilities found for modicon_m340_bmxp3420302cl_firmware by schneider-electric

    CVE-2023-6408 (GCVE-0-2023-6408)

    Vulnerability from nvd – Published: 2024-02-14 16:52 – Updated: 2024-08-02 08:28
    VLAI
    Summary
    CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability exists that could cause a denial of service and loss of confidentiality, integrity of controllers when conducting a Man in the Middle attack.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-924 - Improper Enforcement of Message Integrity During Transmission in a Communication Channel
    Assigner
    Impacted products
    Vendor Product Version
    Schneider Electric Modicon M340 CPU (part numbers BMXP34*) Affected: Versions prior to sv3.60
    Create a notification for this product.
    Schneider Electric Modicon M580 CPU (part numbers BMEP* and BMEH*, excluding M580 CPU Safety) Affected: Versions prior to sv4.20
    Create a notification for this product.
    Schneider Electric Modicon M580 CPU Safety (part numbers BMEP58*S and BMEH58*S) Affected: All Versions
    Create a notification for this product.
    Schneider Electric EcoStruxure Control Expert Affected: Versions prior to v16.0
    Create a notification for this product.
    Schneider Electric EcoStruxure Process Expert Affected: Versions prior to v2023
    Create a notification for this product.
    schneider-electric modicon_m580_bmep585040_firmware Affected: 0 , < 4.20 (custom)
        cpe:2.3:o:schneider-electric:modicon_m580_bmeh582040c_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:schneider-electric:modicon_m580_bmeh582040_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:schneider-electric:modicon_m580_bmeh582040s_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:schneider-electric:modicon_m580_bmeh584040c_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:schneider-electric:modicon_m580_bmeh584040_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:schneider-electric:modicon_m580_bmeh584040s_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:schneider-electric:modicon_m580_bmeh586040c_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:schneider-electric:modicon_m580_bmeh586040_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:schneider-electric:modicon_m580_bmeh586040s_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:schneider-electric:modicon_m580_bmep581020_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:schneider-electric:modicon_m580_bmep581020h_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:schneider-electric:modicon_m580_bmep582020_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:schneider-electric:modicon_m580_bmep582020h_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:schneider-electric:modicon_m580_bmep582040h_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:schneider-electric:modicon_m580_bmep582040s_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:schneider-electric:modicon_m580_bmep583020_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:schneider-electric:modicon_m580_bmep583040_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:schneider-electric:modicon_m580_bmep584020_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:schneider-electric:modicon_m580_bmep584040_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:schneider-electric:modicon_m580_bmep584040s_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:schneider-electric:modicon_m580_bmep585040c_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:schneider-electric:modicon_m580_bmep585040_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    schneider-electric modicon_m340_bmxp342030h_firmware Affected: 0 , < 3.60 (custom)
        cpe:2.3:o:schneider-electric:modicon_m340_bmxp341000_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:schneider-electric:modicon_m340_bmxp341000h_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:schneider-electric:modicon_m340_bmxp342000_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420102cl_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420102_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:schneider-electric:modicon_m340_bmx_p34-2010_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:schneider-electric:modicon_m340_bmxp342010_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:schneider-electric:modicon_m340_bmxp342020_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:schneider-electric:modicon_m340_bmxp342020h_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302cl_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302h_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:schneider-electric:modicon_m340_bmx_p34-2030_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:schneider-electric:modicon_m340_bmxp342030_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:schneider-electric:modicon_m340_bmxp342030h_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    schneider-electric modicon_m580_bmeh586040s_firmware Affected: 0 , < * (custom)
        cpe:2.3:o:schneider-electric:modicon_m580_bmeh582040c_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:schneider-electric:modicon_m580_bmeh582040_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:schneider-electric:modicon_m580_bmeh582040s_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:schneider-electric:modicon_m580_bmeh584040c_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:schneider-electric:modicon_m580_bmeh584040_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:schneider-electric:modicon_m580_bmeh584040s_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:schneider-electric:modicon_m580_bmeh586040c_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:schneider-electric:modicon_m580_bmeh586040_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:schneider-electric:modicon_m580_bmeh586040s_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:schneider-electric:modicon_m580_bmeh582040c_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:schneider-electric:modicon_m580_bmeh582040_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:schneider-electric:modicon_m580_bmeh582040s_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:schneider-electric:modicon_m580_bmeh584040c_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:schneider-electric:modicon_m580_bmeh584040_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:schneider-electric:modicon_m580_bmeh584040s_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:schneider-electric:modicon_m580_bmeh586040c_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:schneider-electric:modicon_m580_bmeh586040_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:schneider-electric:modicon_m580_bmeh586040s_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:schneider-electric:modicon_m580_bmep581020_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:schneider-electric:modicon_m580_bmep581020h_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:schneider-electric:modicon_m580_bmep582020_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:schneider-electric:modicon_m580_bmep582020h_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:schneider-electric:modicon_m580_bmep582040h_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:schneider-electric:modicon_m580_bmep582040s_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:schneider-electric:modicon_m580_bmep583020_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:schneider-electric:modicon_m580_bmep583040_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:schneider-electric:modicon_m580_bmep584020_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:schneider-electric:modicon_m580_bmep584040_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:schneider-electric:modicon_m580_bmep584040s_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:schneider-electric:modicon_m580_bmep585040c_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:schneider-electric:modicon_m580_bmep585040_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "modicon_m580_bmep585040_firmware",
                "vendor": "schneider-electric",
                "versions": [
                  {
                    "lessThan": "4.20",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:schneider-electric:modicon_m340_bmxp341000_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:schneider-electric:modicon_m340_bmxp341000h_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342000_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420102cl_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420102_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:schneider-electric:modicon_m340_bmx_p34-2010_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342010_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342020_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342020h_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302cl_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302h_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:schneider-electric:modicon_m340_bmx_p34-2030_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342030_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342030h_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "modicon_m340_bmxp342030h_firmware",
                "vendor": "schneider-electric",
                "versions": [
                  {
                    "lessThan": "3.60",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:schneider-electric:modicon_m580_bmeh582040c_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:schneider-electric:modicon_m580_bmeh582040_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:schneider-electric:modicon_m580_bmeh582040s_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:schneider-electric:modicon_m580_bmeh584040c_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:schneider-electric:modicon_m580_bmeh584040_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:schneider-electric:modicon_m580_bmeh584040s_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:schneider-electric:modicon_m580_bmeh586040c_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:schneider-electric:modicon_m580_bmeh586040_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:schneider-electric:modicon_m580_bmeh586040s_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "modicon_m580_bmeh586040s_firmware",
                "vendor": "schneider-electric",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-6408",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-17T19:15:41.696437Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-17T19:36:47.656Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:28:21.776Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-044-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2024-044-01.pdf"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Modicon M340 CPU (part numbers BMXP34*)",
              "vendor": "Schneider Electric",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions prior to sv3.60"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Modicon M580 CPU (part numbers BMEP* and BMEH*, excluding M580 CPU Safety)",
              "vendor": "Schneider Electric",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions prior to sv4.20"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Modicon M580 CPU Safety (part numbers BMEP58*S and BMEH58*S)",
              "vendor": "Schneider Electric",
              "versions": [
                {
                  "status": "affected",
                  "version": "All Versions"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "EcoStruxure Control Expert",
              "vendor": "Schneider Electric",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions prior to v16.0"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "EcoStruxure Process Expert",
              "vendor": "Schneider Electric",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions prior to v2023"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\nCWE-924: Improper Enforcement of Message Integrity During Transmission in a\nCommunication Channel vulnerability exists that could cause a denial of service and loss of\nconfidentiality, integrity of controllers when conducting a Man in the Middle attack.\n\n"
                }
              ],
              "value": "\nCWE-924: Improper Enforcement of Message Integrity During Transmission in a\nCommunication Channel vulnerability exists that could cause a denial of service and loss of\nconfidentiality, integrity of controllers when conducting a Man in the Middle attack.\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-924",
                  "description": "CWE-924 Improper Enforcement of Message Integrity During Transmission in a Communication Channel",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-14T16:52:24.805Z",
            "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
            "shortName": "schneider"
          },
          "references": [
            {
              "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-044-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2024-044-01.pdf"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "assignerShortName": "schneider",
        "cveId": "CVE-2023-6408",
        "datePublished": "2024-02-14T16:52:24.805Z",
        "dateReserved": "2023-11-30T09:52:30.945Z",
        "dateUpdated": "2024-08-02T08:28:21.776Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-7549 (GCVE-0-2020-7549)

    Vulnerability from nvd – Published: 2020-12-11 00:52 – Updated: 2026-05-28 21:05
    VLAI
    Summary
    A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause denial of HTTP and FTP services when a series of specially crafted requests is sent to the controller over HTTP.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-754 - Improper Check for Unusual or Exceptional Conditions
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions) Affected: Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T09:33:19.948Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-06/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-7549",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-28T21:03:03.311251Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-28T21:05:18.170Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions)",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause denial of HTTP and FTP services when a series of specially crafted requests is sent to the controller over HTTP."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-754",
                  "description": "CWE-754: Improper Check for Unusual or Exceptional Conditions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-12-11T00:52:26.000Z",
            "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
            "shortName": "schneider"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-06/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@schneider-electric.com",
              "ID": "CVE-2020-7549",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause denial of HTTP and FTP services when a series of specially crafted requests is sent to the controller over HTTP."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-754: Improper Check for Unusual or Exceptional Conditions"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.se.com/ww/en/download/document/SEVD-2020-343-06/",
                  "refsource": "CONFIRM",
                  "url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-06/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "assignerShortName": "schneider",
        "cveId": "CVE-2020-7549",
        "datePublished": "2020-12-11T00:52:26.000Z",
        "dateReserved": "2020-01-21T00:00:00.000Z",
        "dateUpdated": "2026-05-28T21:05:18.170Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2020-7543 (GCVE-0-2020-7543)

    Vulnerability from nvd – Published: 2020-12-11 00:52 – Updated: 2024-08-04 09:33
    VLAI
    Summary
    A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see security notifications for affected versions), that could cause denial of service when a specially crafted Read Physical Memory request over Modbus is sent to the controller.
    Severity
    No CVSS data available.
    CWE
    • CWE-754 - Improper Check for Unusual or Exceptional Conditions
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see security notifications for affected versions) Affected: Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see security notifications for affected versions)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T09:33:19.525Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-08/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum \u0026 Modicon Premium (see security notifications for affected versions)",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum \u0026 Modicon Premium (see security notifications for affected versions)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum \u0026 Modicon Premium (see security notifications for affected versions), that could cause denial of service when a specially crafted Read Physical Memory request over Modbus is sent to the controller."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-754",
                  "description": "CWE-754: Improper Check for Unusual or Exceptional Conditions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-12-11T00:52:21.000Z",
            "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
            "shortName": "schneider"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-08/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@schneider-electric.com",
              "ID": "CVE-2020-7543",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum \u0026 Modicon Premium (see security notifications for affected versions)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum \u0026 Modicon Premium (see security notifications for affected versions)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum \u0026 Modicon Premium (see security notifications for affected versions), that could cause denial of service when a specially crafted Read Physical Memory request over Modbus is sent to the controller."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-754: Improper Check for Unusual or Exceptional Conditions"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.se.com/ww/en/download/document/SEVD-2020-343-08/",
                  "refsource": "CONFIRM",
                  "url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-08/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "assignerShortName": "schneider",
        "cveId": "CVE-2020-7543",
        "datePublished": "2020-12-11T00:52:21.000Z",
        "dateReserved": "2020-01-21T00:00:00.000Z",
        "dateUpdated": "2024-08-04T09:33:19.525Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-7542 (GCVE-0-2020-7542)

    Vulnerability from nvd – Published: 2020-12-11 00:52 – Updated: 2024-08-04 09:33
    VLAI
    Summary
    A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see security notifications for affected versions), that could cause denial of service when a specially crafted Read Physical Memory request over Modbus is sent to the controller.
    Severity
    No CVSS data available.
    CWE
    • CWE-754 - Improper Check for Unusual or Exceptional Conditions
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see security notifications for affected versions) Affected: Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see security notifications for affected versions)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T09:33:19.616Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-08/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum \u0026 Modicon Premium (see security notifications for affected versions)",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum \u0026 Modicon Premium (see security notifications for affected versions)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum \u0026 Modicon Premium (see security notifications for affected versions), that could cause denial of service when a specially crafted Read Physical Memory request over Modbus is sent to the controller."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-754",
                  "description": "CWE-754: Improper Check for Unusual or Exceptional Conditions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-12-11T00:52:14.000Z",
            "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
            "shortName": "schneider"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-08/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@schneider-electric.com",
              "ID": "CVE-2020-7542",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum \u0026 Modicon Premium (see security notifications for affected versions)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum \u0026 Modicon Premium (see security notifications for affected versions)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum \u0026 Modicon Premium (see security notifications for affected versions), that could cause denial of service when a specially crafted Read Physical Memory request over Modbus is sent to the controller."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-754: Improper Check for Unusual or Exceptional Conditions"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.se.com/ww/en/download/document/SEVD-2020-343-08/",
                  "refsource": "CONFIRM",
                  "url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-08/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "assignerShortName": "schneider",
        "cveId": "CVE-2020-7542",
        "datePublished": "2020-12-11T00:52:14.000Z",
        "dateReserved": "2020-01-21T00:00:00.000Z",
        "dateUpdated": "2024-08-04T09:33:19.616Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-7541 (GCVE-0-2020-7541)

    Vulnerability from nvd – Published: 2020-12-11 00:52 – Updated: 2024-08-04 09:33
    VLAI
    Summary
    A CWE-425: Direct Request ('Forced Browsing') vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause disclosure of sensitive data when sending a specially crafted request to the controller over HTTP.
    Severity
    No CVSS data available.
    CWE
    • CWE-425 - Direct Request ('Forced Browsing') vulnerability
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions) Affected: Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T09:33:19.936Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-03/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions)",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A CWE-425: Direct Request (\u0027Forced Browsing\u0027) vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause disclosure of sensitive data when sending a specially crafted request to the controller over HTTP."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-425",
                  "description": "CWE-425: Direct Request (\u0027Forced Browsing\u0027) vulnerability",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-12-11T00:52:09.000Z",
            "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
            "shortName": "schneider"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-03/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@schneider-electric.com",
              "ID": "CVE-2020-7541",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A CWE-425: Direct Request (\u0027Forced Browsing\u0027) vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause disclosure of sensitive data when sending a specially crafted request to the controller over HTTP."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-425: Direct Request (\u0027Forced Browsing\u0027) vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.se.com/ww/en/download/document/SEVD-2020-343-03/",
                  "refsource": "CONFIRM",
                  "url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-03/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "assignerShortName": "schneider",
        "cveId": "CVE-2020-7541",
        "datePublished": "2020-12-11T00:52:09.000Z",
        "dateReserved": "2020-01-21T00:00:00.000Z",
        "dateUpdated": "2024-08-04T09:33:19.936Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-7540 (GCVE-0-2020-7540)

    Vulnerability from nvd – Published: 2020-12-11 00:52 – Updated: 2024-08-04 09:33
    VLAI
    Summary
    A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause unauthenticated command execution in the controller when sending special HTTP requests.
    Severity
    No CVSS data available.
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions) Affected: Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T09:33:19.892Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-04/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions)",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause unauthenticated command execution in the controller when sending special HTTP requests."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306: Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-12-11T00:52:03.000Z",
            "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
            "shortName": "schneider"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-04/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@schneider-electric.com",
              "ID": "CVE-2020-7540",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause unauthenticated command execution in the controller when sending special HTTP requests."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-306: Missing Authentication for Critical Function"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.se.com/ww/en/download/document/SEVD-2020-343-04/",
                  "refsource": "CONFIRM",
                  "url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-04/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "assignerShortName": "schneider",
        "cveId": "CVE-2020-7540",
        "datePublished": "2020-12-11T00:52:03.000Z",
        "dateReserved": "2020-01-21T00:00:00.000Z",
        "dateUpdated": "2024-08-04T09:33:19.892Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-7539 (GCVE-0-2020-7539)

    Vulnerability from nvd – Published: 2020-12-11 00:51 – Updated: 2024-08-04 09:33
    VLAI
    Summary
    A CWE-754 Improper Check for Unusual or Exceptional Conditions vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause a denial of service vulnerability when a specially crafted packet is sent to the controller over HTTP.
    Severity
    No CVSS data available.
    CWE
    • CWE-754 - Improper Check for Unusual or Exceptional Conditions
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions) Affected: Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T09:33:19.565Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-03/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions)",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A CWE-754 Improper Check for Unusual or Exceptional Conditions vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause a denial of service vulnerability when a specially crafted packet is sent to the controller over HTTP."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-754",
                  "description": "CWE-754: Improper Check for Unusual or Exceptional Conditions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-12-11T00:51:57.000Z",
            "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
            "shortName": "schneider"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-03/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@schneider-electric.com",
              "ID": "CVE-2020-7539",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A CWE-754 Improper Check for Unusual or Exceptional Conditions vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause a denial of service vulnerability when a specially crafted packet is sent to the controller over HTTP."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-754: Improper Check for Unusual or Exceptional Conditions"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.se.com/ww/en/download/document/SEVD-2020-343-03/",
                  "refsource": "CONFIRM",
                  "url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-03/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "assignerShortName": "schneider",
        "cveId": "CVE-2020-7539",
        "datePublished": "2020-12-11T00:51:57.000Z",
        "dateReserved": "2020-01-21T00:00:00.000Z",
        "dateUpdated": "2024-08-04T09:33:19.565Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-7537 (GCVE-0-2020-7537)

    Vulnerability from nvd – Published: 2020-12-11 00:51 – Updated: 2024-08-04 09:33
    VLAI
    Summary
    A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see security notifications for affected versions), that could cause denial of service when a specially crafted Read Physical Memory request over Modbus is sent to the controller.
    Severity
    No CVSS data available.
    CWE
    • CWE-754 - Improper Check for Unusual or Exceptional Conditions
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see security notifications for affected versions) Affected: Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see security notifications for affected versions)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T09:33:19.484Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-08/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum \u0026 Modicon Premium (see security notifications for affected versions)",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum \u0026 Modicon Premium (see security notifications for affected versions)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum \u0026 Modicon Premium (see security notifications for affected versions), that could cause denial of service when a specially crafted Read Physical Memory request over Modbus is sent to the controller."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-754",
                  "description": "CWE-754: Improper Check for Unusual or Exceptional Conditions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-12-11T00:51:52.000Z",
            "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
            "shortName": "schneider"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-08/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@schneider-electric.com",
              "ID": "CVE-2020-7537",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum \u0026 Modicon Premium (see security notifications for affected versions)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum \u0026 Modicon Premium (see security notifications for affected versions)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum \u0026 Modicon Premium (see security notifications for affected versions), that could cause denial of service when a specially crafted Read Physical Memory request over Modbus is sent to the controller."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-754: Improper Check for Unusual or Exceptional Conditions"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.se.com/ww/en/download/document/SEVD-2020-343-08/",
                  "refsource": "CONFIRM",
                  "url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-08/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "assignerShortName": "schneider",
        "cveId": "CVE-2020-7537",
        "datePublished": "2020-12-11T00:51:52.000Z",
        "dateReserved": "2020-01-21T00:00:00.000Z",
        "dateUpdated": "2024-08-04T09:33:19.484Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-7536 (GCVE-0-2020-7536)

    Vulnerability from nvd – Published: 2020-12-11 00:46 – Updated: 2024-08-04 09:33
    VLAI
    Summary
    A CWE-754:Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M340 CPUs (BMXP34* versions prior to V3.30) Modicon M340 Communication Ethernet modules (BMXNOE0100 (H) versions prior to V3.4 BMXNOE0110 (H) versions prior to V6.6 BMXNOR0200H all versions), that could cause the device to be unreachable when modifying network parameters over SNMP.
    Severity
    No CVSS data available.
    CWE
    • CWE-754 - Improper Check for Unusual or Exceptional Conditions
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Modicon M340 CPUs (BMXP34* versions prior to V3.30) and Modicon M340 Communication Ethernet modules (BMXNOE0100 (H) versions prior to V3.4, BMXNOE0110 (H) versions prior to V6.6, and BMXNOR0200H all versions) Affected: Modicon M340 CPUs (BMXP34* versions prior to V3.30) and Modicon M340 Communication Ethernet modules (BMXNOE0100 (H) versions prior to V3.4, BMXNOE0110 (H) versions prior to V6.6, and BMXNOR0200H all versions)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T09:33:19.463Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://security.cse.iitk.ac.in/responsible-disclosure"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-07/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Modicon M340 CPUs (BMXP34* versions prior to V3.30) and Modicon M340 Communication Ethernet modules (BMXNOE0100 (H) versions prior to V3.4,  BMXNOE0110 (H) versions prior to V6.6, and BMXNOR0200H all versions)",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Modicon M340 CPUs (BMXP34* versions prior to V3.30) and Modicon M340 Communication Ethernet modules (BMXNOE0100 (H) versions prior to V3.4,  BMXNOE0110 (H) versions prior to V6.6, and BMXNOR0200H all versions)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A CWE-754:Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M340 CPUs (BMXP34* versions prior to V3.30) Modicon M340 Communication Ethernet modules (BMXNOE0100 (H) versions prior to V3.4 BMXNOE0110 (H) versions prior to V6.6 BMXNOR0200H all versions), that could cause the device to be unreachable when modifying network parameters over SNMP."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-754",
                  "description": "CWE-754: Improper Check for Unusual or Exceptional Conditions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-12-14T12:56:47.000Z",
            "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
            "shortName": "schneider"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://security.cse.iitk.ac.in/responsible-disclosure"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-07/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@schneider-electric.com",
              "ID": "CVE-2020-7536",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Modicon M340 CPUs (BMXP34* versions prior to V3.30) and Modicon M340 Communication Ethernet modules (BMXNOE0100 (H) versions prior to V3.4,  BMXNOE0110 (H) versions prior to V6.6, and BMXNOR0200H all versions)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Modicon M340 CPUs (BMXP34* versions prior to V3.30) and Modicon M340 Communication Ethernet modules (BMXNOE0100 (H) versions prior to V3.4,  BMXNOE0110 (H) versions prior to V6.6, and BMXNOR0200H all versions)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A CWE-754:Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M340 CPUs (BMXP34* versions prior to V3.30) Modicon M340 Communication Ethernet modules (BMXNOE0100 (H) versions prior to V3.4 BMXNOE0110 (H) versions prior to V6.6 BMXNOR0200H all versions), that could cause the device to be unreachable when modifying network parameters over SNMP."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-754: Improper Check for Unusual or Exceptional Conditions"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://security.cse.iitk.ac.in/responsible-disclosure",
                  "refsource": "MISC",
                  "url": "https://security.cse.iitk.ac.in/responsible-disclosure"
                },
                {
                  "name": "https://www.se.com/ww/en/download/document/SEVD-2020-343-07/",
                  "refsource": "CONFIRM",
                  "url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-07/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "assignerShortName": "schneider",
        "cveId": "CVE-2020-7536",
        "datePublished": "2020-12-11T00:46:18.000Z",
        "dateReserved": "2020-01-21T00:00:00.000Z",
        "dateUpdated": "2024-08-04T09:33:19.463Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-7535 (GCVE-0-2020-7535)

    Vulnerability from nvd – Published: 2020-12-11 00:51 – Updated: 2024-08-04 09:33
    VLAI
    Summary
    A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal' Vulnerability Type) vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause disclosure of information when sending a specially crafted request to the controller over HTTP.
    Severity
    No CVSS data available.
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal' Vulnerability Type)
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions) Affected: Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T09:33:19.664Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-05/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions)",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027 Vulnerability Type) vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause disclosure of information when sending a specially crafted request to the controller over HTTP."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027 Vulnerability Type)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-12-11T00:51:37.000Z",
            "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
            "shortName": "schneider"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-05/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@schneider-electric.com",
              "ID": "CVE-2020-7535",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027 Vulnerability Type) vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause disclosure of information when sending a specially crafted request to the controller over HTTP."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027 Vulnerability Type)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.se.com/ww/en/download/document/SEVD-2020-343-05/",
                  "refsource": "CONFIRM",
                  "url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-05/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "assignerShortName": "schneider",
        "cveId": "CVE-2020-7535",
        "datePublished": "2020-12-11T00:51:37.000Z",
        "dateReserved": "2020-01-21T00:00:00.000Z",
        "dateUpdated": "2024-08-04T09:33:19.664Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-7762 (GCVE-0-2018-7762)

    Vulnerability from nvd – Published: 2018-04-18 20:00 – Updated: 2024-08-05 06:37
    VLAI
    Summary
    A vulnerability exists in the web services to process SOAP requests in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200 which could allow result in a buffer overflow.
    Severity
    No CVSS data available.
    CWE
    • Buffer overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    Schneider Electric SE Modicon M340, Modicon Premium, Modicon Quantum, BMXNOR0203 Affected: All Modicon M340, Premium, Quantum PLCs and BMXNOR0203
    Create a notification for this product.
    Date Public
    2018-03-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:37:58.095Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-02/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Modicon M340, Modicon Premium, Modicon Quantum, BMXNOR0203",
              "vendor": "Schneider Electric SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "All Modicon M340, Premium, Quantum PLCs and BMXNOR0203"
                }
              ]
            }
          ],
          "datePublic": "2018-03-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability exists in the web services to process SOAP requests in Schneider Electric\u0027s Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200 which could allow result in a buffer overflow."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Buffer overflow",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-04-18T19:57:01.000Z",
            "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
            "shortName": "schneider"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-02/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@schneider-electric.com",
              "ID": "CVE-2018-7762",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Modicon M340, Modicon Premium, Modicon Quantum, BMXNOR0203",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All Modicon M340, Premium, Quantum PLCs and BMXNOR0203"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Schneider Electric SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability exists in the web services to process SOAP requests in Schneider Electric\u0027s Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200 which could allow result in a buffer overflow."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Buffer overflow"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-02/",
                  "refsource": "CONFIRM",
                  "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-02/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "assignerShortName": "schneider",
        "cveId": "CVE-2018-7762",
        "datePublished": "2018-04-18T20:00:00.000Z",
        "dateReserved": "2018-03-08T00:00:00.000Z",
        "dateUpdated": "2024-08-05T06:37:58.095Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-7761 (GCVE-0-2018-7761)

    Vulnerability from nvd – Published: 2018-04-18 20:00 – Updated: 2024-08-05 06:37
    VLAI
    Summary
    A vulnerability exists in the HTTP request parser in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200 which could allow arbitrary code execution.
    Severity
    No CVSS data available.
    CWE
    • Arbritrary Code Execution
    Assigner
    References
    Impacted products
    Vendor Product Version
    Schneider Electric SE Modicon M340, Modicon Premium, Modicon Quantum, BMXNOR0202 Affected: All Modicon M340, Premium, Quantum PLCs and BMXNOR0202
    Create a notification for this product.
    Date Public
    2018-03-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:37:57.953Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-02/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Modicon M340, Modicon Premium, Modicon Quantum, BMXNOR0202",
              "vendor": "Schneider Electric SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "All Modicon M340, Premium, Quantum PLCs and BMXNOR0202"
                }
              ]
            }
          ],
          "datePublic": "2018-03-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability exists in the HTTP request parser in Schneider Electric\u0027s Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200 which could allow arbitrary code execution."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Arbritrary Code Execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-04-18T19:57:01.000Z",
            "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
            "shortName": "schneider"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-02/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@schneider-electric.com",
              "ID": "CVE-2018-7761",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Modicon M340, Modicon Premium, Modicon Quantum, BMXNOR0202",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All Modicon M340, Premium, Quantum PLCs and BMXNOR0202"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Schneider Electric SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability exists in the HTTP request parser in Schneider Electric\u0027s Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200 which could allow arbitrary code execution."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Arbritrary Code Execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-02/",
                  "refsource": "CONFIRM",
                  "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-02/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "assignerShortName": "schneider",
        "cveId": "CVE-2018-7761",
        "datePublished": "2018-04-18T20:00:00.000Z",
        "dateReserved": "2018-03-08T00:00:00.000Z",
        "dateUpdated": "2024-08-05T06:37:57.953Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-7760 (GCVE-0-2018-7760)

    Vulnerability from nvd – Published: 2018-04-18 20:00 – Updated: 2024-08-05 06:37
    VLAI
    Summary
    An authorization bypass vulnerability exists in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200. Requests to CGI functions allow malicious users to bypass authorization.
    Severity
    No CVSS data available.
    CWE
    • Authorization Bypass
    Assigner
    References
    Impacted products
    Vendor Product Version
    Schneider Electric SE Modicon M340, Modicon Premium, Modicon Quantum, BMXNOR0201 Affected: All Modicon M340, Premium, Quantum PLCs and BMXNOR0201
    Create a notification for this product.
    Date Public
    2018-03-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:37:59.111Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-02/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Modicon M340, Modicon Premium, Modicon Quantum, BMXNOR0201",
              "vendor": "Schneider Electric SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "All Modicon M340, Premium, Quantum PLCs and BMXNOR0201"
                }
              ]
            }
          ],
          "datePublic": "2018-03-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An authorization bypass vulnerability exists in Schneider Electric\u0027s Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200. Requests to CGI functions allow malicious users to bypass authorization."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Authorization Bypass",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-04-18T19:57:01.000Z",
            "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
            "shortName": "schneider"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-02/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@schneider-electric.com",
              "ID": "CVE-2018-7760",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Modicon M340, Modicon Premium, Modicon Quantum, BMXNOR0201",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All Modicon M340, Premium, Quantum PLCs and BMXNOR0201"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Schneider Electric SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An authorization bypass vulnerability exists in Schneider Electric\u0027s Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200. Requests to CGI functions allow malicious users to bypass authorization."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Authorization Bypass"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-02/",
                  "refsource": "CONFIRM",
                  "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-02/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "assignerShortName": "schneider",
        "cveId": "CVE-2018-7760",
        "datePublished": "2018-04-18T20:00:00.000Z",
        "dateReserved": "2018-03-08T00:00:00.000Z",
        "dateUpdated": "2024-08-05T06:37:59.111Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-7759 (GCVE-0-2018-7759)

    Vulnerability from nvd – Published: 2018-04-18 20:00 – Updated: 2024-08-05 06:37
    VLAI
    Summary
    A buffer overflow vulnerability exists in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200. The buffer overflow vulnerability is caused by the length of the source string specified (instead of the buffer size) as the number of bytes to be copied.
    Severity
    No CVSS data available.
    CWE
    • Buffer overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    Schneider Electric SE Modicon M340, Modicon Premium, Modicon Quantum, BMXNOR0200 Affected: All Modicon M340, Premium, Quantum PLCs and BMXNOR0200
    Create a notification for this product.
    Date Public
    2018-03-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:37:57.979Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-02/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Modicon M340, Modicon Premium, Modicon Quantum, BMXNOR0200",
              "vendor": "Schneider Electric SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "All Modicon M340, Premium, Quantum PLCs and BMXNOR0200"
                }
              ]
            }
          ],
          "datePublic": "2018-03-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A buffer overflow vulnerability exists in Schneider Electric\u0027s Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200. The buffer overflow vulnerability is caused by the length of the source string specified (instead of the buffer size) as the number of bytes to be copied."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Buffer overflow",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-04-18T19:57:01.000Z",
            "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
            "shortName": "schneider"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-02/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@schneider-electric.com",
              "ID": "CVE-2018-7759",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Modicon M340, Modicon Premium, Modicon Quantum, BMXNOR0200",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All Modicon M340, Premium, Quantum PLCs and BMXNOR0200"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Schneider Electric SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A buffer overflow vulnerability exists in Schneider Electric\u0027s Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200. The buffer overflow vulnerability is caused by the length of the source string specified (instead of the buffer size) as the number of bytes to be copied."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Buffer overflow"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-02/",
                  "refsource": "CONFIRM",
                  "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-02/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "assignerShortName": "schneider",
        "cveId": "CVE-2018-7759",
        "datePublished": "2018-04-18T20:00:00.000Z",
        "dateReserved": "2018-03-08T00:00:00.000Z",
        "dateUpdated": "2024-08-05T06:37:57.979Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-7242 (GCVE-0-2018-7242)

    Vulnerability from nvd – Published: 2018-04-18 20:00 – Updated: 2024-08-05 06:24
    VLAI
    Summary
    Vulnerable hash algorithms exists in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules. The algorithm used to encrypt the password is vulnerable to hash collision attacks.
    Severity
    No CVSS data available.
    CWE
    • Vulnerable Hash Algorithms
    Assigner
    References
    Impacted products
    Vendor Product Version
    Schneider Electric SE Modicon Premium, Modicon Quantum, Modicon M340, BMXNOR0200 Affected: All versions of communication modules for Modicon Premium, Quantum, M340 and BMXNOR0200
    Create a notification for this product.
    Date Public
    2018-03-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:24:11.352Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-01/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-086-01"
              },
              {
                "name": "103543",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/103543"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Modicon Premium, Modicon Quantum, Modicon M340, BMXNOR0200",
              "vendor": "Schneider Electric SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions of communication modules for Modicon Premium, Quantum, M340 and BMXNOR0200"
                }
              ]
            }
          ],
          "datePublic": "2018-03-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Vulnerable hash algorithms exists in Schneider Electric\u0027s Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules. The algorithm used to encrypt the password is vulnerable to hash collision attacks."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Vulnerable Hash Algorithms",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-12-05T20:57:01.000Z",
            "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
            "shortName": "schneider"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-01/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-086-01"
            },
            {
              "name": "103543",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/103543"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@schneider-electric.com",
              "ID": "CVE-2018-7242",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Modicon Premium, Modicon Quantum, Modicon M340, BMXNOR0200",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions of communication modules for Modicon Premium, Quantum, M340 and BMXNOR0200"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Schneider Electric SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Vulnerable hash algorithms exists in Schneider Electric\u0027s Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules. The algorithm used to encrypt the password is vulnerable to hash collision attacks."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Vulnerable Hash Algorithms"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-01/",
                  "refsource": "CONFIRM",
                  "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-01/"
                },
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-086-01",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-086-01"
                },
                {
                  "name": "103543",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/103543"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "assignerShortName": "schneider",
        "cveId": "CVE-2018-7242",
        "datePublished": "2018-04-18T20:00:00.000Z",
        "dateReserved": "2018-02-19T00:00:00.000Z",
        "dateUpdated": "2024-08-05T06:24:11.352Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-7241 (GCVE-0-2018-7241)

    Vulnerability from nvd – Published: 2018-04-18 20:00 – Updated: 2024-08-05 06:24
    VLAI
    Summary
    Hard coded accounts exist in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules.
    Severity
    No CVSS data available.
    CWE
    • Hard-coded accounts
    Assigner
    References
    Impacted products
    Vendor Product Version
    Schneider Electric SE Modicon Premium, Modicon Quantum, Modicon M340, BMXNOR0200 Affected: All versions of communication modules for Modicon Premium, Quantum, M340 and BMXNOR0200
    Create a notification for this product.
    Date Public
    2018-03-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:24:11.691Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-01/"
              },
              {
                "name": "103542",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/103542"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-086-01"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Modicon Premium, Modicon Quantum, Modicon M340, BMXNOR0200",
              "vendor": "Schneider Electric SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions of communication modules for Modicon Premium, Quantum, M340 and BMXNOR0200"
                }
              ]
            }
          ],
          "datePublic": "2018-03-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Hard coded accounts exist in Schneider Electric\u0027s Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Hard-coded accounts",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-12-05T20:57:01.000Z",
            "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
            "shortName": "schneider"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-01/"
            },
            {
              "name": "103542",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/103542"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-086-01"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@schneider-electric.com",
              "ID": "CVE-2018-7241",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Modicon Premium, Modicon Quantum, Modicon M340, BMXNOR0200",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions of communication modules for Modicon Premium, Quantum, M340 and BMXNOR0200"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Schneider Electric SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Hard coded accounts exist in Schneider Electric\u0027s Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Hard-coded accounts"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-01/",
                  "refsource": "CONFIRM",
                  "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-01/"
                },
                {
                  "name": "103542",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/103542"
                },
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-086-01",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-086-01"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "assignerShortName": "schneider",
        "cveId": "CVE-2018-7241",
        "datePublished": "2018-04-18T20:00:00.000Z",
        "dateReserved": "2018-02-19T00:00:00.000Z",
        "dateUpdated": "2024-08-05T06:24:11.691Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-6408 (GCVE-0-2023-6408)

    Vulnerability from cvelistv5 – Published: 2024-02-14 16:52 – Updated: 2024-08-02 08:28
    VLAI
    Summary
    CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability exists that could cause a denial of service and loss of confidentiality, integrity of controllers when conducting a Man in the Middle attack.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-924 - Improper Enforcement of Message Integrity During Transmission in a Communication Channel
    Assigner
    Impacted products
    Vendor Product Version
    Schneider Electric Modicon M340 CPU (part numbers BMXP34*) Affected: Versions prior to sv3.60
    Create a notification for this product.
    Schneider Electric Modicon M580 CPU (part numbers BMEP* and BMEH*, excluding M580 CPU Safety) Affected: Versions prior to sv4.20
    Create a notification for this product.
    Schneider Electric Modicon M580 CPU Safety (part numbers BMEP58*S and BMEH58*S) Affected: All Versions
    Create a notification for this product.
    Schneider Electric EcoStruxure Control Expert Affected: Versions prior to v16.0
    Create a notification for this product.
    Schneider Electric EcoStruxure Process Expert Affected: Versions prior to v2023
    Create a notification for this product.
    schneider-electric modicon_m580_bmep585040_firmware Affected: 0 , < 4.20 (custom)
        cpe:2.3:o:schneider-electric:modicon_m580_bmeh582040c_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:schneider-electric:modicon_m580_bmeh582040_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:schneider-electric:modicon_m580_bmeh582040s_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:schneider-electric:modicon_m580_bmeh584040c_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:schneider-electric:modicon_m580_bmeh584040_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:schneider-electric:modicon_m580_bmeh584040s_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:schneider-electric:modicon_m580_bmeh586040c_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:schneider-electric:modicon_m580_bmeh586040_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:schneider-electric:modicon_m580_bmeh586040s_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:schneider-electric:modicon_m580_bmep581020_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:schneider-electric:modicon_m580_bmep581020h_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:schneider-electric:modicon_m580_bmep582020_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:schneider-electric:modicon_m580_bmep582020h_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:schneider-electric:modicon_m580_bmep582040h_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:schneider-electric:modicon_m580_bmep582040s_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:schneider-electric:modicon_m580_bmep583020_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:schneider-electric:modicon_m580_bmep583040_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:schneider-electric:modicon_m580_bmep584020_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:schneider-electric:modicon_m580_bmep584040_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:schneider-electric:modicon_m580_bmep584040s_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:schneider-electric:modicon_m580_bmep585040c_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:schneider-electric:modicon_m580_bmep585040_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    schneider-electric modicon_m340_bmxp342030h_firmware Affected: 0 , < 3.60 (custom)
        cpe:2.3:o:schneider-electric:modicon_m340_bmxp341000_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:schneider-electric:modicon_m340_bmxp341000h_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:schneider-electric:modicon_m340_bmxp342000_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420102cl_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420102_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:schneider-electric:modicon_m340_bmx_p34-2010_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:schneider-electric:modicon_m340_bmxp342010_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:schneider-electric:modicon_m340_bmxp342020_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:schneider-electric:modicon_m340_bmxp342020h_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302cl_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302h_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:schneider-electric:modicon_m340_bmx_p34-2030_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:schneider-electric:modicon_m340_bmxp342030_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:schneider-electric:modicon_m340_bmxp342030h_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    schneider-electric modicon_m580_bmeh586040s_firmware Affected: 0 , < * (custom)
        cpe:2.3:o:schneider-electric:modicon_m580_bmeh582040c_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:schneider-electric:modicon_m580_bmeh582040_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:schneider-electric:modicon_m580_bmeh582040s_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:schneider-electric:modicon_m580_bmeh584040c_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:schneider-electric:modicon_m580_bmeh584040_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:schneider-electric:modicon_m580_bmeh584040s_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:schneider-electric:modicon_m580_bmeh586040c_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:schneider-electric:modicon_m580_bmeh586040_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:schneider-electric:modicon_m580_bmeh586040s_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:schneider-electric:modicon_m580_bmeh582040c_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:schneider-electric:modicon_m580_bmeh582040_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:schneider-electric:modicon_m580_bmeh582040s_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:schneider-electric:modicon_m580_bmeh584040c_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:schneider-electric:modicon_m580_bmeh584040_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:schneider-electric:modicon_m580_bmeh584040s_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:schneider-electric:modicon_m580_bmeh586040c_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:schneider-electric:modicon_m580_bmeh586040_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:schneider-electric:modicon_m580_bmeh586040s_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:schneider-electric:modicon_m580_bmep581020_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:schneider-electric:modicon_m580_bmep581020h_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:schneider-electric:modicon_m580_bmep582020_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:schneider-electric:modicon_m580_bmep582020h_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:schneider-electric:modicon_m580_bmep582040h_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:schneider-electric:modicon_m580_bmep582040s_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:schneider-electric:modicon_m580_bmep583020_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:schneider-electric:modicon_m580_bmep583040_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:schneider-electric:modicon_m580_bmep584020_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:schneider-electric:modicon_m580_bmep584040_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:schneider-electric:modicon_m580_bmep584040s_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:schneider-electric:modicon_m580_bmep585040c_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:schneider-electric:modicon_m580_bmep585040_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "modicon_m580_bmep585040_firmware",
                "vendor": "schneider-electric",
                "versions": [
                  {
                    "lessThan": "4.20",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:schneider-electric:modicon_m340_bmxp341000_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:schneider-electric:modicon_m340_bmxp341000h_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342000_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420102cl_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420102_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:schneider-electric:modicon_m340_bmx_p34-2010_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342010_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342020_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342020h_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302cl_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302h_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:schneider-electric:modicon_m340_bmx_p34-2030_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342030_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342030h_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "modicon_m340_bmxp342030h_firmware",
                "vendor": "schneider-electric",
                "versions": [
                  {
                    "lessThan": "3.60",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:schneider-electric:modicon_m580_bmeh582040c_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:schneider-electric:modicon_m580_bmeh582040_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:schneider-electric:modicon_m580_bmeh582040s_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:schneider-electric:modicon_m580_bmeh584040c_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:schneider-electric:modicon_m580_bmeh584040_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:schneider-electric:modicon_m580_bmeh584040s_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:schneider-electric:modicon_m580_bmeh586040c_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:schneider-electric:modicon_m580_bmeh586040_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:schneider-electric:modicon_m580_bmeh586040s_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "modicon_m580_bmeh586040s_firmware",
                "vendor": "schneider-electric",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-6408",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-17T19:15:41.696437Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-17T19:36:47.656Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:28:21.776Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-044-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2024-044-01.pdf"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Modicon M340 CPU (part numbers BMXP34*)",
              "vendor": "Schneider Electric",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions prior to sv3.60"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Modicon M580 CPU (part numbers BMEP* and BMEH*, excluding M580 CPU Safety)",
              "vendor": "Schneider Electric",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions prior to sv4.20"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Modicon M580 CPU Safety (part numbers BMEP58*S and BMEH58*S)",
              "vendor": "Schneider Electric",
              "versions": [
                {
                  "status": "affected",
                  "version": "All Versions"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "EcoStruxure Control Expert",
              "vendor": "Schneider Electric",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions prior to v16.0"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "EcoStruxure Process Expert",
              "vendor": "Schneider Electric",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions prior to v2023"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\nCWE-924: Improper Enforcement of Message Integrity During Transmission in a\nCommunication Channel vulnerability exists that could cause a denial of service and loss of\nconfidentiality, integrity of controllers when conducting a Man in the Middle attack.\n\n"
                }
              ],
              "value": "\nCWE-924: Improper Enforcement of Message Integrity During Transmission in a\nCommunication Channel vulnerability exists that could cause a denial of service and loss of\nconfidentiality, integrity of controllers when conducting a Man in the Middle attack.\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-924",
                  "description": "CWE-924 Improper Enforcement of Message Integrity During Transmission in a Communication Channel",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-14T16:52:24.805Z",
            "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
            "shortName": "schneider"
          },
          "references": [
            {
              "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-044-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2024-044-01.pdf"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "assignerShortName": "schneider",
        "cveId": "CVE-2023-6408",
        "datePublished": "2024-02-14T16:52:24.805Z",
        "dateReserved": "2023-11-30T09:52:30.945Z",
        "dateUpdated": "2024-08-02T08:28:21.776Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-7549 (GCVE-0-2020-7549)

    Vulnerability from cvelistv5 – Published: 2020-12-11 00:52 – Updated: 2026-05-28 21:05
    VLAI
    Summary
    A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause denial of HTTP and FTP services when a series of specially crafted requests is sent to the controller over HTTP.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-754 - Improper Check for Unusual or Exceptional Conditions
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions) Affected: Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T09:33:19.948Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-06/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-7549",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-28T21:03:03.311251Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-28T21:05:18.170Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions)",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause denial of HTTP and FTP services when a series of specially crafted requests is sent to the controller over HTTP."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-754",
                  "description": "CWE-754: Improper Check for Unusual or Exceptional Conditions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-12-11T00:52:26.000Z",
            "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
            "shortName": "schneider"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-06/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@schneider-electric.com",
              "ID": "CVE-2020-7549",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause denial of HTTP and FTP services when a series of specially crafted requests is sent to the controller over HTTP."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-754: Improper Check for Unusual or Exceptional Conditions"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.se.com/ww/en/download/document/SEVD-2020-343-06/",
                  "refsource": "CONFIRM",
                  "url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-06/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "assignerShortName": "schneider",
        "cveId": "CVE-2020-7549",
        "datePublished": "2020-12-11T00:52:26.000Z",
        "dateReserved": "2020-01-21T00:00:00.000Z",
        "dateUpdated": "2026-05-28T21:05:18.170Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2020-7543 (GCVE-0-2020-7543)

    Vulnerability from cvelistv5 – Published: 2020-12-11 00:52 – Updated: 2024-08-04 09:33
    VLAI
    Summary
    A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see security notifications for affected versions), that could cause denial of service when a specially crafted Read Physical Memory request over Modbus is sent to the controller.
    Severity
    No CVSS data available.
    CWE
    • CWE-754 - Improper Check for Unusual or Exceptional Conditions
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see security notifications for affected versions) Affected: Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see security notifications for affected versions)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T09:33:19.525Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-08/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum \u0026 Modicon Premium (see security notifications for affected versions)",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum \u0026 Modicon Premium (see security notifications for affected versions)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum \u0026 Modicon Premium (see security notifications for affected versions), that could cause denial of service when a specially crafted Read Physical Memory request over Modbus is sent to the controller."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-754",
                  "description": "CWE-754: Improper Check for Unusual or Exceptional Conditions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-12-11T00:52:21.000Z",
            "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
            "shortName": "schneider"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-08/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@schneider-electric.com",
              "ID": "CVE-2020-7543",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum \u0026 Modicon Premium (see security notifications for affected versions)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum \u0026 Modicon Premium (see security notifications for affected versions)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum \u0026 Modicon Premium (see security notifications for affected versions), that could cause denial of service when a specially crafted Read Physical Memory request over Modbus is sent to the controller."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-754: Improper Check for Unusual or Exceptional Conditions"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.se.com/ww/en/download/document/SEVD-2020-343-08/",
                  "refsource": "CONFIRM",
                  "url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-08/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "assignerShortName": "schneider",
        "cveId": "CVE-2020-7543",
        "datePublished": "2020-12-11T00:52:21.000Z",
        "dateReserved": "2020-01-21T00:00:00.000Z",
        "dateUpdated": "2024-08-04T09:33:19.525Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-7542 (GCVE-0-2020-7542)

    Vulnerability from cvelistv5 – Published: 2020-12-11 00:52 – Updated: 2024-08-04 09:33
    VLAI
    Summary
    A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see security notifications for affected versions), that could cause denial of service when a specially crafted Read Physical Memory request over Modbus is sent to the controller.
    Severity
    No CVSS data available.
    CWE
    • CWE-754 - Improper Check for Unusual or Exceptional Conditions
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see security notifications for affected versions) Affected: Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see security notifications for affected versions)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T09:33:19.616Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-08/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum \u0026 Modicon Premium (see security notifications for affected versions)",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum \u0026 Modicon Premium (see security notifications for affected versions)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum \u0026 Modicon Premium (see security notifications for affected versions), that could cause denial of service when a specially crafted Read Physical Memory request over Modbus is sent to the controller."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-754",
                  "description": "CWE-754: Improper Check for Unusual or Exceptional Conditions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-12-11T00:52:14.000Z",
            "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
            "shortName": "schneider"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-08/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@schneider-electric.com",
              "ID": "CVE-2020-7542",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum \u0026 Modicon Premium (see security notifications for affected versions)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum \u0026 Modicon Premium (see security notifications for affected versions)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum \u0026 Modicon Premium (see security notifications for affected versions), that could cause denial of service when a specially crafted Read Physical Memory request over Modbus is sent to the controller."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-754: Improper Check for Unusual or Exceptional Conditions"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.se.com/ww/en/download/document/SEVD-2020-343-08/",
                  "refsource": "CONFIRM",
                  "url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-08/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "assignerShortName": "schneider",
        "cveId": "CVE-2020-7542",
        "datePublished": "2020-12-11T00:52:14.000Z",
        "dateReserved": "2020-01-21T00:00:00.000Z",
        "dateUpdated": "2024-08-04T09:33:19.616Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-7541 (GCVE-0-2020-7541)

    Vulnerability from cvelistv5 – Published: 2020-12-11 00:52 – Updated: 2024-08-04 09:33
    VLAI
    Summary
    A CWE-425: Direct Request ('Forced Browsing') vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause disclosure of sensitive data when sending a specially crafted request to the controller over HTTP.
    Severity
    No CVSS data available.
    CWE
    • CWE-425 - Direct Request ('Forced Browsing') vulnerability
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions) Affected: Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T09:33:19.936Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-03/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions)",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A CWE-425: Direct Request (\u0027Forced Browsing\u0027) vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause disclosure of sensitive data when sending a specially crafted request to the controller over HTTP."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-425",
                  "description": "CWE-425: Direct Request (\u0027Forced Browsing\u0027) vulnerability",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-12-11T00:52:09.000Z",
            "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
            "shortName": "schneider"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-03/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@schneider-electric.com",
              "ID": "CVE-2020-7541",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A CWE-425: Direct Request (\u0027Forced Browsing\u0027) vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause disclosure of sensitive data when sending a specially crafted request to the controller over HTTP."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-425: Direct Request (\u0027Forced Browsing\u0027) vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.se.com/ww/en/download/document/SEVD-2020-343-03/",
                  "refsource": "CONFIRM",
                  "url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-03/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "assignerShortName": "schneider",
        "cveId": "CVE-2020-7541",
        "datePublished": "2020-12-11T00:52:09.000Z",
        "dateReserved": "2020-01-21T00:00:00.000Z",
        "dateUpdated": "2024-08-04T09:33:19.936Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-7540 (GCVE-0-2020-7540)

    Vulnerability from cvelistv5 – Published: 2020-12-11 00:52 – Updated: 2024-08-04 09:33
    VLAI
    Summary
    A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause unauthenticated command execution in the controller when sending special HTTP requests.
    Severity
    No CVSS data available.
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions) Affected: Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T09:33:19.892Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-04/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions)",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause unauthenticated command execution in the controller when sending special HTTP requests."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306: Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-12-11T00:52:03.000Z",
            "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
            "shortName": "schneider"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-04/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@schneider-electric.com",
              "ID": "CVE-2020-7540",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause unauthenticated command execution in the controller when sending special HTTP requests."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-306: Missing Authentication for Critical Function"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.se.com/ww/en/download/document/SEVD-2020-343-04/",
                  "refsource": "CONFIRM",
                  "url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-04/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "assignerShortName": "schneider",
        "cveId": "CVE-2020-7540",
        "datePublished": "2020-12-11T00:52:03.000Z",
        "dateReserved": "2020-01-21T00:00:00.000Z",
        "dateUpdated": "2024-08-04T09:33:19.892Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-7539 (GCVE-0-2020-7539)

    Vulnerability from cvelistv5 – Published: 2020-12-11 00:51 – Updated: 2024-08-04 09:33
    VLAI
    Summary
    A CWE-754 Improper Check for Unusual or Exceptional Conditions vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause a denial of service vulnerability when a specially crafted packet is sent to the controller over HTTP.
    Severity
    No CVSS data available.
    CWE
    • CWE-754 - Improper Check for Unusual or Exceptional Conditions
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions) Affected: Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T09:33:19.565Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-03/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions)",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A CWE-754 Improper Check for Unusual or Exceptional Conditions vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause a denial of service vulnerability when a specially crafted packet is sent to the controller over HTTP."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-754",
                  "description": "CWE-754: Improper Check for Unusual or Exceptional Conditions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-12-11T00:51:57.000Z",
            "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
            "shortName": "schneider"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-03/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@schneider-electric.com",
              "ID": "CVE-2020-7539",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A CWE-754 Improper Check for Unusual or Exceptional Conditions vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause a denial of service vulnerability when a specially crafted packet is sent to the controller over HTTP."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-754: Improper Check for Unusual or Exceptional Conditions"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.se.com/ww/en/download/document/SEVD-2020-343-03/",
                  "refsource": "CONFIRM",
                  "url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-03/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "assignerShortName": "schneider",
        "cveId": "CVE-2020-7539",
        "datePublished": "2020-12-11T00:51:57.000Z",
        "dateReserved": "2020-01-21T00:00:00.000Z",
        "dateUpdated": "2024-08-04T09:33:19.565Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-7537 (GCVE-0-2020-7537)

    Vulnerability from cvelistv5 – Published: 2020-12-11 00:51 – Updated: 2024-08-04 09:33
    VLAI
    Summary
    A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see security notifications for affected versions), that could cause denial of service when a specially crafted Read Physical Memory request over Modbus is sent to the controller.
    Severity
    No CVSS data available.
    CWE
    • CWE-754 - Improper Check for Unusual or Exceptional Conditions
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see security notifications for affected versions) Affected: Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see security notifications for affected versions)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T09:33:19.484Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-08/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum \u0026 Modicon Premium (see security notifications for affected versions)",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum \u0026 Modicon Premium (see security notifications for affected versions)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum \u0026 Modicon Premium (see security notifications for affected versions), that could cause denial of service when a specially crafted Read Physical Memory request over Modbus is sent to the controller."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-754",
                  "description": "CWE-754: Improper Check for Unusual or Exceptional Conditions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-12-11T00:51:52.000Z",
            "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
            "shortName": "schneider"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-08/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@schneider-electric.com",
              "ID": "CVE-2020-7537",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum \u0026 Modicon Premium (see security notifications for affected versions)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum \u0026 Modicon Premium (see security notifications for affected versions)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum \u0026 Modicon Premium (see security notifications for affected versions), that could cause denial of service when a specially crafted Read Physical Memory request over Modbus is sent to the controller."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-754: Improper Check for Unusual or Exceptional Conditions"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.se.com/ww/en/download/document/SEVD-2020-343-08/",
                  "refsource": "CONFIRM",
                  "url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-08/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "assignerShortName": "schneider",
        "cveId": "CVE-2020-7537",
        "datePublished": "2020-12-11T00:51:52.000Z",
        "dateReserved": "2020-01-21T00:00:00.000Z",
        "dateUpdated": "2024-08-04T09:33:19.484Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-7535 (GCVE-0-2020-7535)

    Vulnerability from cvelistv5 – Published: 2020-12-11 00:51 – Updated: 2024-08-04 09:33
    VLAI
    Summary
    A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal' Vulnerability Type) vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause disclosure of information when sending a specially crafted request to the controller over HTTP.
    Severity
    No CVSS data available.
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal' Vulnerability Type)
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions) Affected: Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T09:33:19.664Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-05/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions)",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027 Vulnerability Type) vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause disclosure of information when sending a specially crafted request to the controller over HTTP."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027 Vulnerability Type)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-12-11T00:51:37.000Z",
            "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
            "shortName": "schneider"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-05/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@schneider-electric.com",
              "ID": "CVE-2020-7535",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027 Vulnerability Type) vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause disclosure of information when sending a specially crafted request to the controller over HTTP."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027 Vulnerability Type)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.se.com/ww/en/download/document/SEVD-2020-343-05/",
                  "refsource": "CONFIRM",
                  "url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-05/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "assignerShortName": "schneider",
        "cveId": "CVE-2020-7535",
        "datePublished": "2020-12-11T00:51:37.000Z",
        "dateReserved": "2020-01-21T00:00:00.000Z",
        "dateUpdated": "2024-08-04T09:33:19.664Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-7536 (GCVE-0-2020-7536)

    Vulnerability from cvelistv5 – Published: 2020-12-11 00:46 – Updated: 2024-08-04 09:33
    VLAI
    Summary
    A CWE-754:Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M340 CPUs (BMXP34* versions prior to V3.30) Modicon M340 Communication Ethernet modules (BMXNOE0100 (H) versions prior to V3.4 BMXNOE0110 (H) versions prior to V6.6 BMXNOR0200H all versions), that could cause the device to be unreachable when modifying network parameters over SNMP.
    Severity
    No CVSS data available.
    CWE
    • CWE-754 - Improper Check for Unusual or Exceptional Conditions
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Modicon M340 CPUs (BMXP34* versions prior to V3.30) and Modicon M340 Communication Ethernet modules (BMXNOE0100 (H) versions prior to V3.4, BMXNOE0110 (H) versions prior to V6.6, and BMXNOR0200H all versions) Affected: Modicon M340 CPUs (BMXP34* versions prior to V3.30) and Modicon M340 Communication Ethernet modules (BMXNOE0100 (H) versions prior to V3.4, BMXNOE0110 (H) versions prior to V6.6, and BMXNOR0200H all versions)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T09:33:19.463Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://security.cse.iitk.ac.in/responsible-disclosure"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-07/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Modicon M340 CPUs (BMXP34* versions prior to V3.30) and Modicon M340 Communication Ethernet modules (BMXNOE0100 (H) versions prior to V3.4,  BMXNOE0110 (H) versions prior to V6.6, and BMXNOR0200H all versions)",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Modicon M340 CPUs (BMXP34* versions prior to V3.30) and Modicon M340 Communication Ethernet modules (BMXNOE0100 (H) versions prior to V3.4,  BMXNOE0110 (H) versions prior to V6.6, and BMXNOR0200H all versions)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A CWE-754:Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M340 CPUs (BMXP34* versions prior to V3.30) Modicon M340 Communication Ethernet modules (BMXNOE0100 (H) versions prior to V3.4 BMXNOE0110 (H) versions prior to V6.6 BMXNOR0200H all versions), that could cause the device to be unreachable when modifying network parameters over SNMP."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-754",
                  "description": "CWE-754: Improper Check for Unusual or Exceptional Conditions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-12-14T12:56:47.000Z",
            "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
            "shortName": "schneider"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://security.cse.iitk.ac.in/responsible-disclosure"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-07/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@schneider-electric.com",
              "ID": "CVE-2020-7536",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Modicon M340 CPUs (BMXP34* versions prior to V3.30) and Modicon M340 Communication Ethernet modules (BMXNOE0100 (H) versions prior to V3.4,  BMXNOE0110 (H) versions prior to V6.6, and BMXNOR0200H all versions)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Modicon M340 CPUs (BMXP34* versions prior to V3.30) and Modicon M340 Communication Ethernet modules (BMXNOE0100 (H) versions prior to V3.4,  BMXNOE0110 (H) versions prior to V6.6, and BMXNOR0200H all versions)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A CWE-754:Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M340 CPUs (BMXP34* versions prior to V3.30) Modicon M340 Communication Ethernet modules (BMXNOE0100 (H) versions prior to V3.4 BMXNOE0110 (H) versions prior to V6.6 BMXNOR0200H all versions), that could cause the device to be unreachable when modifying network parameters over SNMP."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-754: Improper Check for Unusual or Exceptional Conditions"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://security.cse.iitk.ac.in/responsible-disclosure",
                  "refsource": "MISC",
                  "url": "https://security.cse.iitk.ac.in/responsible-disclosure"
                },
                {
                  "name": "https://www.se.com/ww/en/download/document/SEVD-2020-343-07/",
                  "refsource": "CONFIRM",
                  "url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-07/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "assignerShortName": "schneider",
        "cveId": "CVE-2020-7536",
        "datePublished": "2020-12-11T00:46:18.000Z",
        "dateReserved": "2020-01-21T00:00:00.000Z",
        "dateUpdated": "2024-08-04T09:33:19.463Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-7242 (GCVE-0-2018-7242)

    Vulnerability from cvelistv5 – Published: 2018-04-18 20:00 – Updated: 2024-08-05 06:24
    VLAI
    Summary
    Vulnerable hash algorithms exists in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules. The algorithm used to encrypt the password is vulnerable to hash collision attacks.
    Severity
    No CVSS data available.
    CWE
    • Vulnerable Hash Algorithms
    Assigner
    References
    Impacted products
    Vendor Product Version
    Schneider Electric SE Modicon Premium, Modicon Quantum, Modicon M340, BMXNOR0200 Affected: All versions of communication modules for Modicon Premium, Quantum, M340 and BMXNOR0200
    Create a notification for this product.
    Date Public
    2018-03-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:24:11.352Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-01/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-086-01"
              },
              {
                "name": "103543",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/103543"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Modicon Premium, Modicon Quantum, Modicon M340, BMXNOR0200",
              "vendor": "Schneider Electric SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions of communication modules for Modicon Premium, Quantum, M340 and BMXNOR0200"
                }
              ]
            }
          ],
          "datePublic": "2018-03-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Vulnerable hash algorithms exists in Schneider Electric\u0027s Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules. The algorithm used to encrypt the password is vulnerable to hash collision attacks."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Vulnerable Hash Algorithms",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-12-05T20:57:01.000Z",
            "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
            "shortName": "schneider"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-01/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-086-01"
            },
            {
              "name": "103543",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/103543"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@schneider-electric.com",
              "ID": "CVE-2018-7242",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Modicon Premium, Modicon Quantum, Modicon M340, BMXNOR0200",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions of communication modules for Modicon Premium, Quantum, M340 and BMXNOR0200"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Schneider Electric SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Vulnerable hash algorithms exists in Schneider Electric\u0027s Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules. The algorithm used to encrypt the password is vulnerable to hash collision attacks."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Vulnerable Hash Algorithms"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-01/",
                  "refsource": "CONFIRM",
                  "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-01/"
                },
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-086-01",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-086-01"
                },
                {
                  "name": "103543",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/103543"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "assignerShortName": "schneider",
        "cveId": "CVE-2018-7242",
        "datePublished": "2018-04-18T20:00:00.000Z",
        "dateReserved": "2018-02-19T00:00:00.000Z",
        "dateUpdated": "2024-08-05T06:24:11.352Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-7759 (GCVE-0-2018-7759)

    Vulnerability from cvelistv5 – Published: 2018-04-18 20:00 – Updated: 2024-08-05 06:37
    VLAI
    Summary
    A buffer overflow vulnerability exists in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200. The buffer overflow vulnerability is caused by the length of the source string specified (instead of the buffer size) as the number of bytes to be copied.
    Severity
    No CVSS data available.
    CWE
    • Buffer overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    Schneider Electric SE Modicon M340, Modicon Premium, Modicon Quantum, BMXNOR0200 Affected: All Modicon M340, Premium, Quantum PLCs and BMXNOR0200
    Create a notification for this product.
    Date Public
    2018-03-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:37:57.979Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-02/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Modicon M340, Modicon Premium, Modicon Quantum, BMXNOR0200",
              "vendor": "Schneider Electric SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "All Modicon M340, Premium, Quantum PLCs and BMXNOR0200"
                }
              ]
            }
          ],
          "datePublic": "2018-03-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A buffer overflow vulnerability exists in Schneider Electric\u0027s Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200. The buffer overflow vulnerability is caused by the length of the source string specified (instead of the buffer size) as the number of bytes to be copied."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Buffer overflow",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-04-18T19:57:01.000Z",
            "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
            "shortName": "schneider"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-02/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@schneider-electric.com",
              "ID": "CVE-2018-7759",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Modicon M340, Modicon Premium, Modicon Quantum, BMXNOR0200",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All Modicon M340, Premium, Quantum PLCs and BMXNOR0200"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Schneider Electric SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A buffer overflow vulnerability exists in Schneider Electric\u0027s Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200. The buffer overflow vulnerability is caused by the length of the source string specified (instead of the buffer size) as the number of bytes to be copied."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Buffer overflow"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-02/",
                  "refsource": "CONFIRM",
                  "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-02/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "assignerShortName": "schneider",
        "cveId": "CVE-2018-7759",
        "datePublished": "2018-04-18T20:00:00.000Z",
        "dateReserved": "2018-03-08T00:00:00.000Z",
        "dateUpdated": "2024-08-05T06:37:57.979Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-7761 (GCVE-0-2018-7761)

    Vulnerability from cvelistv5 – Published: 2018-04-18 20:00 – Updated: 2024-08-05 06:37
    VLAI
    Summary
    A vulnerability exists in the HTTP request parser in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200 which could allow arbitrary code execution.
    Severity
    No CVSS data available.
    CWE
    • Arbritrary Code Execution
    Assigner
    References
    Impacted products
    Vendor Product Version
    Schneider Electric SE Modicon M340, Modicon Premium, Modicon Quantum, BMXNOR0202 Affected: All Modicon M340, Premium, Quantum PLCs and BMXNOR0202
    Create a notification for this product.
    Date Public
    2018-03-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:37:57.953Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-02/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Modicon M340, Modicon Premium, Modicon Quantum, BMXNOR0202",
              "vendor": "Schneider Electric SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "All Modicon M340, Premium, Quantum PLCs and BMXNOR0202"
                }
              ]
            }
          ],
          "datePublic": "2018-03-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability exists in the HTTP request parser in Schneider Electric\u0027s Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200 which could allow arbitrary code execution."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Arbritrary Code Execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-04-18T19:57:01.000Z",
            "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
            "shortName": "schneider"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-02/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@schneider-electric.com",
              "ID": "CVE-2018-7761",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Modicon M340, Modicon Premium, Modicon Quantum, BMXNOR0202",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All Modicon M340, Premium, Quantum PLCs and BMXNOR0202"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Schneider Electric SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability exists in the HTTP request parser in Schneider Electric\u0027s Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200 which could allow arbitrary code execution."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Arbritrary Code Execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-02/",
                  "refsource": "CONFIRM",
                  "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-02/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "assignerShortName": "schneider",
        "cveId": "CVE-2018-7761",
        "datePublished": "2018-04-18T20:00:00.000Z",
        "dateReserved": "2018-03-08T00:00:00.000Z",
        "dateUpdated": "2024-08-05T06:37:57.953Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-7762 (GCVE-0-2018-7762)

    Vulnerability from cvelistv5 – Published: 2018-04-18 20:00 – Updated: 2024-08-05 06:37
    VLAI
    Summary
    A vulnerability exists in the web services to process SOAP requests in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200 which could allow result in a buffer overflow.
    Severity
    No CVSS data available.
    CWE
    • Buffer overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    Schneider Electric SE Modicon M340, Modicon Premium, Modicon Quantum, BMXNOR0203 Affected: All Modicon M340, Premium, Quantum PLCs and BMXNOR0203
    Create a notification for this product.
    Date Public
    2018-03-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:37:58.095Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-02/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Modicon M340, Modicon Premium, Modicon Quantum, BMXNOR0203",
              "vendor": "Schneider Electric SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "All Modicon M340, Premium, Quantum PLCs and BMXNOR0203"
                }
              ]
            }
          ],
          "datePublic": "2018-03-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability exists in the web services to process SOAP requests in Schneider Electric\u0027s Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200 which could allow result in a buffer overflow."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Buffer overflow",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-04-18T19:57:01.000Z",
            "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
            "shortName": "schneider"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-02/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@schneider-electric.com",
              "ID": "CVE-2018-7762",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Modicon M340, Modicon Premium, Modicon Quantum, BMXNOR0203",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All Modicon M340, Premium, Quantum PLCs and BMXNOR0203"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Schneider Electric SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability exists in the web services to process SOAP requests in Schneider Electric\u0027s Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200 which could allow result in a buffer overflow."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Buffer overflow"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-02/",
                  "refsource": "CONFIRM",
                  "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-02/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "assignerShortName": "schneider",
        "cveId": "CVE-2018-7762",
        "datePublished": "2018-04-18T20:00:00.000Z",
        "dateReserved": "2018-03-08T00:00:00.000Z",
        "dateUpdated": "2024-08-05T06:37:58.095Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }