Search

Find a vulnerability

Search criteria

    22 vulnerabilities found for tsxp574634m_firmware by schneider-electric

    CVE-2020-7477 (GCVE-0-2020-7477)

    Vulnerability from nvd – Published: 2020-03-23 19:14 – Updated: 2026-05-28 20:19
    VLAI
    Summary
    A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Quantum Ethernet Network module 140NOE771x1 (Versions 7.0 and prior), Quantum processors with integrated Ethernet – 140CPU65xxxxx (all Versions), and Premium processors with integrated Ethernet (all Versions), which could cause a Denial of Service when sending a specially crafted command over Modbus.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-754 - Improper Check for Unusual or Exceptional Conditions
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Modicon Quantum Ethernet Network module and Quantum / Premium COPRO (Quantum Ethernet Network module 140NOE771x1, versions 7.0 and prior, Quantum processors with integrated Ethernet – 140CPU65xxxxx, all versions, Premium processors with integrated Ethernet, all versions) Affected: Modicon Quantum Ethernet Network module and Quantum / Premium COPRO (Quantum Ethernet Network module 140NOE771x1, versions 7.0 and prior, Quantum processors with integrated Ethernet – 140CPU65xxxxx, all versions, Premium processors with integrated Ethernet, all versions)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T09:33:18.651Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.se.com/ww/en/download/document/SEVD-2020-070-02/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-7477",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-28T20:19:17.040046Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-28T20:19:32.265Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Modicon Quantum Ethernet Network module and Quantum / Premium COPRO (Quantum Ethernet Network module 140NOE771x1, versions 7.0 and prior, Quantum processors with integrated Ethernet \u2013 140CPU65xxxxx, all versions, Premium processors with integrated Ethernet, all versions)",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Modicon Quantum Ethernet Network module and Quantum / Premium COPRO (Quantum Ethernet Network module 140NOE771x1, versions 7.0 and prior, Quantum processors with integrated Ethernet \u2013 140CPU65xxxxx, all versions, Premium processors with integrated Ethernet, all versions)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Quantum Ethernet Network module 140NOE771x1 (Versions 7.0 and prior), Quantum processors with integrated Ethernet \u2013 140CPU65xxxxx (all Versions), and Premium processors with integrated Ethernet (all Versions), which could cause a Denial of Service when sending a specially crafted command over Modbus."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-754",
                  "description": "CWE-754: Improper Check for Unusual or Exceptional Conditions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-03-23T19:14:31.000Z",
            "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
            "shortName": "schneider"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.se.com/ww/en/download/document/SEVD-2020-070-02/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@schneider-electric.com",
              "ID": "CVE-2020-7477",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Modicon Quantum Ethernet Network module and Quantum / Premium COPRO (Quantum Ethernet Network module 140NOE771x1, versions 7.0 and prior, Quantum processors with integrated Ethernet \u2013 140CPU65xxxxx, all versions, Premium processors with integrated Ethernet, all versions)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Modicon Quantum Ethernet Network module and Quantum / Premium COPRO (Quantum Ethernet Network module 140NOE771x1, versions 7.0 and prior, Quantum processors with integrated Ethernet \u2013 140CPU65xxxxx, all versions, Premium processors with integrated Ethernet, all versions)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Quantum Ethernet Network module 140NOE771x1 (Versions 7.0 and prior), Quantum processors with integrated Ethernet \u2013 140CPU65xxxxx (all Versions), and Premium processors with integrated Ethernet (all Versions), which could cause a Denial of Service when sending a specially crafted command over Modbus."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-754: Improper Check for Unusual or Exceptional Conditions"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.se.com/ww/en/download/document/SEVD-2020-070-02/",
                  "refsource": "MISC",
                  "url": "https://www.se.com/ww/en/download/document/SEVD-2020-070-02/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "assignerShortName": "schneider",
        "cveId": "CVE-2020-7477",
        "datePublished": "2020-03-23T19:14:31.000Z",
        "dateReserved": "2020-01-21T00:00:00.000Z",
        "dateUpdated": "2026-05-28T20:19:32.265Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2019-6857 (GCVE-0-2019-6857)

    Vulnerability from nvd – Published: 2020-01-06 22:57 – Updated: 2026-05-29 14:41
    VLAI
    Summary
    A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service of the controller when reading specific memory blocks using Modbus TCP.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-754 - Improper Check for Unusual or Exceptional Conditions
    Assigner
    References
    Impacted products
    Vendor Product Version
    Schneider Electric SE Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) Affected: Modicon M580
    Affected: Modicon M340
    Affected: Modicon Quantum
    Affected: Modicon Premium (see security notification for specific versions)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T20:31:04.438Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.se.com/ww/en/download/document/SEVD-2019-344-01"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.us-cert.gov/ics/advisories/icsa-20-016-01"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2019-6857",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-29T14:39:16.673211Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-29T14:41:14.779Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Modicon M580, Modicon M340, Modicon Quantum,  Modicon Premium (see security notification for specific versions)",
              "vendor": "Schneider Electric SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "Modicon M580"
                },
                {
                  "status": "affected",
                  "version": "Modicon M340"
                },
                {
                  "status": "affected",
                  "version": "Modicon Quantum"
                },
                {
                  "status": "affected",
                  "version": "Modicon Premium (see security notification for specific versions)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service of the controller when reading specific memory blocks using Modbus TCP."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-754",
                  "description": "CWE-754: Improper Check for Unusual or Exceptional Conditions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-01-21T23:03:43.000Z",
            "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
            "shortName": "schneider"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.se.com/ww/en/download/document/SEVD-2019-344-01"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.us-cert.gov/ics/advisories/icsa-20-016-01"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@schneider-electric.com",
              "ID": "CVE-2019-6857",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Modicon M580, Modicon M340, Modicon Quantum,  Modicon Premium (see security notification for specific versions)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Modicon M580"
                              },
                              {
                                "version_value": "Modicon M340"
                              },
                              {
                                "version_value": "Modicon Quantum"
                              },
                              {
                                "version_value": "Modicon Premium (see security notification for specific versions)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Schneider Electric SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service of the controller when reading specific memory blocks using Modbus TCP."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-754: Improper Check for Unusual or Exceptional Conditions"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.se.com/ww/en/download/document/SEVD-2019-344-01",
                  "refsource": "CONFIRM",
                  "url": "https://www.se.com/ww/en/download/document/SEVD-2019-344-01"
                },
                {
                  "name": "https://www.us-cert.gov/ics/advisories/icsa-20-016-01",
                  "refsource": "MISC",
                  "url": "https://www.us-cert.gov/ics/advisories/icsa-20-016-01"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "assignerShortName": "schneider",
        "cveId": "CVE-2019-6857",
        "datePublished": "2020-01-06T22:57:05.000Z",
        "dateReserved": "2019-01-25T00:00:00.000Z",
        "dateUpdated": "2026-05-29T14:41:14.779Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2019-6856 (GCVE-0-2019-6856)

    Vulnerability from nvd – Published: 2020-01-06 22:57 – Updated: 2026-05-29 14:37
    VLAI
    Summary
    A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service when writing specific physical memory blocks using Modbus TCP.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-754 - Improper Check for Unusual or Exceptional Conditions
    Assigner
    References
    Impacted products
    Vendor Product Version
    Schneider Electric SE Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) Affected: Modicon M580
    Affected: Modicon M340
    Affected: Modicon Quantum
    Affected: Modicon Premium (see security notification for specific versions)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T20:31:04.415Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.se.com/ww/en/download/document/SEVD-2019-344-01"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.us-cert.gov/ics/advisories/icsa-20-016-01"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2019-6856",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-29T14:36:59.205058Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-29T14:37:57.750Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Modicon M580, Modicon M340, Modicon Quantum,  Modicon Premium (see security notification for specific versions)",
              "vendor": "Schneider Electric SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "Modicon M580"
                },
                {
                  "status": "affected",
                  "version": "Modicon M340"
                },
                {
                  "status": "affected",
                  "version": "Modicon Quantum"
                },
                {
                  "status": "affected",
                  "version": "Modicon Premium (see security notification for specific versions)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service when writing specific physical memory blocks using Modbus TCP."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-754",
                  "description": "CWE-754: Improper Check for Unusual or Exceptional Conditions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-01-21T23:04:36.000Z",
            "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
            "shortName": "schneider"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.se.com/ww/en/download/document/SEVD-2019-344-01"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.us-cert.gov/ics/advisories/icsa-20-016-01"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@schneider-electric.com",
              "ID": "CVE-2019-6856",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Modicon M580, Modicon M340, Modicon Quantum,  Modicon Premium (see security notification for specific versions)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Modicon M580"
                              },
                              {
                                "version_value": "Modicon M340"
                              },
                              {
                                "version_value": "Modicon Quantum"
                              },
                              {
                                "version_value": "Modicon Premium (see security notification for specific versions)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Schneider Electric SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service when writing specific physical memory blocks using Modbus TCP."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-754: Improper Check for Unusual or Exceptional Conditions"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.se.com/ww/en/download/document/SEVD-2019-344-01",
                  "refsource": "CONFIRM",
                  "url": "https://www.se.com/ww/en/download/document/SEVD-2019-344-01"
                },
                {
                  "name": "https://www.us-cert.gov/ics/advisories/icsa-20-016-01",
                  "refsource": "MISC",
                  "url": "https://www.us-cert.gov/ics/advisories/icsa-20-016-01"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "assignerShortName": "schneider",
        "cveId": "CVE-2019-6856",
        "datePublished": "2020-01-06T22:57:02.000Z",
        "dateReserved": "2019-01-25T00:00:00.000Z",
        "dateUpdated": "2026-05-29T14:37:57.750Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2018-7794 (GCVE-0-2018-7794)

    Vulnerability from nvd – Published: 2020-01-06 22:57 – Updated: 2026-05-29 14:05
    VLAI
    Summary
    A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service when reading data with invalid index using Modbus TCP.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-754 - Improper Check for Unusual or Exceptional Conditions
    Assigner
    References
    Impacted products
    Vendor Product Version
    Schneider Electric SE Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) Affected: Modicon M580
    Affected: Modicon M340
    Affected: Modicon Quantum
    Affected: Modicon Premium (see security notification for specific versions)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:37:59.272Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.se.com/ww/en/download/document/SEVD-2019-344-01"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2018-7794",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-29T14:04:08.954870Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-29T14:05:11.611Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Modicon M580, Modicon M340, Modicon Quantum,  Modicon Premium (see security notification for specific versions)",
              "vendor": "Schneider Electric SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "Modicon M580"
                },
                {
                  "status": "affected",
                  "version": "Modicon M340"
                },
                {
                  "status": "affected",
                  "version": "Modicon Quantum"
                },
                {
                  "status": "affected",
                  "version": "Modicon Premium (see security notification for specific versions)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service when reading data with invalid index using Modbus TCP."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-754",
                  "description": "CWE-754: Improper Check for Unusual or Exceptional Conditions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-01-06T22:57:09.000Z",
            "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
            "shortName": "schneider"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.se.com/ww/en/download/document/SEVD-2019-344-01"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@schneider-electric.com",
              "ID": "CVE-2018-7794",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Modicon M580, Modicon M340, Modicon Quantum,  Modicon Premium (see security notification for specific versions)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Modicon M580"
                              },
                              {
                                "version_value": "Modicon M340"
                              },
                              {
                                "version_value": "Modicon Quantum"
                              },
                              {
                                "version_value": "Modicon Premium (see security notification for specific versions)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Schneider Electric SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service when reading data with invalid index using Modbus TCP."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-754: Improper Check for Unusual or Exceptional Conditions"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.se.com/ww/en/download/document/SEVD-2019-344-01",
                  "refsource": "CONFIRM",
                  "url": "https://www.se.com/ww/en/download/document/SEVD-2019-344-01"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "assignerShortName": "schneider",
        "cveId": "CVE-2018-7794",
        "datePublished": "2020-01-06T22:57:09.000Z",
        "dateReserved": "2018-03-08T00:00:00.000Z",
        "dateUpdated": "2026-05-29T14:05:11.611Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2018-7762 (GCVE-0-2018-7762)

    Vulnerability from nvd – Published: 2018-04-18 20:00 – Updated: 2024-08-05 06:37
    VLAI
    Summary
    A vulnerability exists in the web services to process SOAP requests in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200 which could allow result in a buffer overflow.
    Severity
    No CVSS data available.
    CWE
    • Buffer overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    Schneider Electric SE Modicon M340, Modicon Premium, Modicon Quantum, BMXNOR0203 Affected: All Modicon M340, Premium, Quantum PLCs and BMXNOR0203
    Create a notification for this product.
    Date Public
    2018-03-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:37:58.095Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-02/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Modicon M340, Modicon Premium, Modicon Quantum, BMXNOR0203",
              "vendor": "Schneider Electric SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "All Modicon M340, Premium, Quantum PLCs and BMXNOR0203"
                }
              ]
            }
          ],
          "datePublic": "2018-03-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability exists in the web services to process SOAP requests in Schneider Electric\u0027s Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200 which could allow result in a buffer overflow."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Buffer overflow",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-04-18T19:57:01.000Z",
            "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
            "shortName": "schneider"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-02/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@schneider-electric.com",
              "ID": "CVE-2018-7762",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Modicon M340, Modicon Premium, Modicon Quantum, BMXNOR0203",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All Modicon M340, Premium, Quantum PLCs and BMXNOR0203"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Schneider Electric SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability exists in the web services to process SOAP requests in Schneider Electric\u0027s Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200 which could allow result in a buffer overflow."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Buffer overflow"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-02/",
                  "refsource": "CONFIRM",
                  "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-02/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "assignerShortName": "schneider",
        "cveId": "CVE-2018-7762",
        "datePublished": "2018-04-18T20:00:00.000Z",
        "dateReserved": "2018-03-08T00:00:00.000Z",
        "dateUpdated": "2024-08-05T06:37:58.095Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-7761 (GCVE-0-2018-7761)

    Vulnerability from nvd – Published: 2018-04-18 20:00 – Updated: 2024-08-05 06:37
    VLAI
    Summary
    A vulnerability exists in the HTTP request parser in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200 which could allow arbitrary code execution.
    Severity
    No CVSS data available.
    CWE
    • Arbritrary Code Execution
    Assigner
    References
    Impacted products
    Vendor Product Version
    Schneider Electric SE Modicon M340, Modicon Premium, Modicon Quantum, BMXNOR0202 Affected: All Modicon M340, Premium, Quantum PLCs and BMXNOR0202
    Create a notification for this product.
    Date Public
    2018-03-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:37:57.953Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-02/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Modicon M340, Modicon Premium, Modicon Quantum, BMXNOR0202",
              "vendor": "Schneider Electric SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "All Modicon M340, Premium, Quantum PLCs and BMXNOR0202"
                }
              ]
            }
          ],
          "datePublic": "2018-03-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability exists in the HTTP request parser in Schneider Electric\u0027s Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200 which could allow arbitrary code execution."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Arbritrary Code Execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-04-18T19:57:01.000Z",
            "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
            "shortName": "schneider"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-02/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@schneider-electric.com",
              "ID": "CVE-2018-7761",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Modicon M340, Modicon Premium, Modicon Quantum, BMXNOR0202",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All Modicon M340, Premium, Quantum PLCs and BMXNOR0202"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Schneider Electric SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability exists in the HTTP request parser in Schneider Electric\u0027s Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200 which could allow arbitrary code execution."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Arbritrary Code Execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-02/",
                  "refsource": "CONFIRM",
                  "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-02/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "assignerShortName": "schneider",
        "cveId": "CVE-2018-7761",
        "datePublished": "2018-04-18T20:00:00.000Z",
        "dateReserved": "2018-03-08T00:00:00.000Z",
        "dateUpdated": "2024-08-05T06:37:57.953Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-7760 (GCVE-0-2018-7760)

    Vulnerability from nvd – Published: 2018-04-18 20:00 – Updated: 2024-08-05 06:37
    VLAI
    Summary
    An authorization bypass vulnerability exists in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200. Requests to CGI functions allow malicious users to bypass authorization.
    Severity
    No CVSS data available.
    CWE
    • Authorization Bypass
    Assigner
    References
    Impacted products
    Vendor Product Version
    Schneider Electric SE Modicon M340, Modicon Premium, Modicon Quantum, BMXNOR0201 Affected: All Modicon M340, Premium, Quantum PLCs and BMXNOR0201
    Create a notification for this product.
    Date Public
    2018-03-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:37:59.111Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-02/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Modicon M340, Modicon Premium, Modicon Quantum, BMXNOR0201",
              "vendor": "Schneider Electric SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "All Modicon M340, Premium, Quantum PLCs and BMXNOR0201"
                }
              ]
            }
          ],
          "datePublic": "2018-03-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An authorization bypass vulnerability exists in Schneider Electric\u0027s Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200. Requests to CGI functions allow malicious users to bypass authorization."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Authorization Bypass",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-04-18T19:57:01.000Z",
            "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
            "shortName": "schneider"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-02/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@schneider-electric.com",
              "ID": "CVE-2018-7760",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Modicon M340, Modicon Premium, Modicon Quantum, BMXNOR0201",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All Modicon M340, Premium, Quantum PLCs and BMXNOR0201"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Schneider Electric SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An authorization bypass vulnerability exists in Schneider Electric\u0027s Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200. Requests to CGI functions allow malicious users to bypass authorization."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Authorization Bypass"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-02/",
                  "refsource": "CONFIRM",
                  "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-02/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "assignerShortName": "schneider",
        "cveId": "CVE-2018-7760",
        "datePublished": "2018-04-18T20:00:00.000Z",
        "dateReserved": "2018-03-08T00:00:00.000Z",
        "dateUpdated": "2024-08-05T06:37:59.111Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-7759 (GCVE-0-2018-7759)

    Vulnerability from nvd – Published: 2018-04-18 20:00 – Updated: 2024-08-05 06:37
    VLAI
    Summary
    A buffer overflow vulnerability exists in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200. The buffer overflow vulnerability is caused by the length of the source string specified (instead of the buffer size) as the number of bytes to be copied.
    Severity
    No CVSS data available.
    CWE
    • Buffer overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    Schneider Electric SE Modicon M340, Modicon Premium, Modicon Quantum, BMXNOR0200 Affected: All Modicon M340, Premium, Quantum PLCs and BMXNOR0200
    Create a notification for this product.
    Date Public
    2018-03-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:37:57.979Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-02/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Modicon M340, Modicon Premium, Modicon Quantum, BMXNOR0200",
              "vendor": "Schneider Electric SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "All Modicon M340, Premium, Quantum PLCs and BMXNOR0200"
                }
              ]
            }
          ],
          "datePublic": "2018-03-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A buffer overflow vulnerability exists in Schneider Electric\u0027s Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200. The buffer overflow vulnerability is caused by the length of the source string specified (instead of the buffer size) as the number of bytes to be copied."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Buffer overflow",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-04-18T19:57:01.000Z",
            "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
            "shortName": "schneider"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-02/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@schneider-electric.com",
              "ID": "CVE-2018-7759",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Modicon M340, Modicon Premium, Modicon Quantum, BMXNOR0200",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All Modicon M340, Premium, Quantum PLCs and BMXNOR0200"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Schneider Electric SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A buffer overflow vulnerability exists in Schneider Electric\u0027s Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200. The buffer overflow vulnerability is caused by the length of the source string specified (instead of the buffer size) as the number of bytes to be copied."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Buffer overflow"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-02/",
                  "refsource": "CONFIRM",
                  "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-02/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "assignerShortName": "schneider",
        "cveId": "CVE-2018-7759",
        "datePublished": "2018-04-18T20:00:00.000Z",
        "dateReserved": "2018-03-08T00:00:00.000Z",
        "dateUpdated": "2024-08-05T06:37:57.979Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-7242 (GCVE-0-2018-7242)

    Vulnerability from nvd – Published: 2018-04-18 20:00 – Updated: 2024-08-05 06:24
    VLAI
    Summary
    Vulnerable hash algorithms exists in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules. The algorithm used to encrypt the password is vulnerable to hash collision attacks.
    Severity
    No CVSS data available.
    CWE
    • Vulnerable Hash Algorithms
    Assigner
    References
    Impacted products
    Vendor Product Version
    Schneider Electric SE Modicon Premium, Modicon Quantum, Modicon M340, BMXNOR0200 Affected: All versions of communication modules for Modicon Premium, Quantum, M340 and BMXNOR0200
    Create a notification for this product.
    Date Public
    2018-03-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:24:11.352Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-01/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-086-01"
              },
              {
                "name": "103543",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/103543"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Modicon Premium, Modicon Quantum, Modicon M340, BMXNOR0200",
              "vendor": "Schneider Electric SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions of communication modules for Modicon Premium, Quantum, M340 and BMXNOR0200"
                }
              ]
            }
          ],
          "datePublic": "2018-03-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Vulnerable hash algorithms exists in Schneider Electric\u0027s Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules. The algorithm used to encrypt the password is vulnerable to hash collision attacks."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Vulnerable Hash Algorithms",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-12-05T20:57:01.000Z",
            "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
            "shortName": "schneider"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-01/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-086-01"
            },
            {
              "name": "103543",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/103543"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@schneider-electric.com",
              "ID": "CVE-2018-7242",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Modicon Premium, Modicon Quantum, Modicon M340, BMXNOR0200",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions of communication modules for Modicon Premium, Quantum, M340 and BMXNOR0200"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Schneider Electric SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Vulnerable hash algorithms exists in Schneider Electric\u0027s Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules. The algorithm used to encrypt the password is vulnerable to hash collision attacks."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Vulnerable Hash Algorithms"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-01/",
                  "refsource": "CONFIRM",
                  "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-01/"
                },
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-086-01",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-086-01"
                },
                {
                  "name": "103543",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/103543"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "assignerShortName": "schneider",
        "cveId": "CVE-2018-7242",
        "datePublished": "2018-04-18T20:00:00.000Z",
        "dateReserved": "2018-02-19T00:00:00.000Z",
        "dateUpdated": "2024-08-05T06:24:11.352Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-7241 (GCVE-0-2018-7241)

    Vulnerability from nvd – Published: 2018-04-18 20:00 – Updated: 2024-08-05 06:24
    VLAI
    Summary
    Hard coded accounts exist in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules.
    Severity
    No CVSS data available.
    CWE
    • Hard-coded accounts
    Assigner
    References
    Impacted products
    Vendor Product Version
    Schneider Electric SE Modicon Premium, Modicon Quantum, Modicon M340, BMXNOR0200 Affected: All versions of communication modules for Modicon Premium, Quantum, M340 and BMXNOR0200
    Create a notification for this product.
    Date Public
    2018-03-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:24:11.691Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-01/"
              },
              {
                "name": "103542",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/103542"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-086-01"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Modicon Premium, Modicon Quantum, Modicon M340, BMXNOR0200",
              "vendor": "Schneider Electric SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions of communication modules for Modicon Premium, Quantum, M340 and BMXNOR0200"
                }
              ]
            }
          ],
          "datePublic": "2018-03-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Hard coded accounts exist in Schneider Electric\u0027s Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Hard-coded accounts",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-12-05T20:57:01.000Z",
            "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
            "shortName": "schneider"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-01/"
            },
            {
              "name": "103542",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/103542"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-086-01"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@schneider-electric.com",
              "ID": "CVE-2018-7241",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Modicon Premium, Modicon Quantum, Modicon M340, BMXNOR0200",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions of communication modules for Modicon Premium, Quantum, M340 and BMXNOR0200"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Schneider Electric SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Hard coded accounts exist in Schneider Electric\u0027s Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Hard-coded accounts"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-01/",
                  "refsource": "CONFIRM",
                  "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-01/"
                },
                {
                  "name": "103542",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/103542"
                },
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-086-01",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-086-01"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "assignerShortName": "schneider",
        "cveId": "CVE-2018-7241",
        "datePublished": "2018-04-18T20:00:00.000Z",
        "dateReserved": "2018-02-19T00:00:00.000Z",
        "dateUpdated": "2024-08-05T06:24:11.691Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-0754 (GCVE-0-2014-0754)

    Vulnerability from nvd – Published: 2014-10-03 18:00 – Updated: 2025-08-25 23:45
    VLAI
    Title
    Schneider Electric
    Summary
    Directory traversal vulnerability in SchneiderWEB on Schneider Electric Modicon PLC Ethernet modules 140CPU65x Exec before 5.5, 140NOC78x Exec before 1.62, 140NOE77x Exec before 6.2, BMXNOC0401 before 2.05, BMXNOE0100 before 2.9, BMXNOE0110x Exec before 6.0, TSXETC101 Exec before 2.04, TSXETY4103x Exec before 5.7, TSXETY5103x Exec before 5.9, TSXP57x ETYPort Exec before 5.7, and TSXP57x Ethernet Copro Exec before 5.5 allows remote attackers to visit arbitrary resources via a crafted HTTP request.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Impacted products
    Vendor Product Version
    Schneider Electric Ethernet modules for M340, Quantum and Premium PLC ranges Affected: 140CPU65150
    Affected: 140CPU65160
    Affected: 140CPU65260
    Affected: 140NOC77100
    Affected: 140NOC78000
    Affected: 140NOC78100
    Affected: 140NOE77100
    Affected: 140NOE77101
    Affected: 140NOE77101C
    Affected: 140NOE77110
    Affected: 140NOE77111
    Affected: 140NOE77111C
    Affected: 140NWM10000
    Affected: 170ENT11001
    Affected: 170ENT11002
    Affected: 170ENT11002C
    Affected: 171CCC96020
    Affected: 171CCC96020C
    Affected: 171CCC96030
    Affected: 171CCC96030C
    Affected: 171CCC98020
    Affected: 171CCC98030
    Affected: BMXNOC0401
    Affected: BMXNOC0402
    Affected: BMXNOE0100
    Affected: BMXNOE0110
    Affected: BMXNOE0110H
    Affected: BMXNOR0200H
    Affected: BMXP342020
    Affected: BMXP342020H
    Affected: BMXP342030
    Affected: BMXP3420302
    Affected: BMXP3420302H
    Affected: BMXP342030H
    Affected: BMXPRMxxxx
    Affected: STBNIC2212
    Affected: STBNIP2212
    Affected: TSXETC0101
    Affected: TSXETC100
    Affected: TSXETY110WS
    Affected: TSXETY110WSC
    Affected: TSXETY4103
    Affected: TSXETY4103C
    Affected: TSXETY5103
    Affected: TSXETY5103C
    Affected: TSXETZ410
    Affected: TSXETZ510
    Affected: TSXNTP100
    Affected: TSXP572623M
    Affected: TSXP572623MC
    Affected: TSXP572823M
    Affected: TSXP572823MC
    Affected: TSXP573623AM
    Affected: TSXP573623M
    Affected: TSXP573623MC
    Affected: TSXP574634M
    Affected: TSXP574823AM
    Affected: TSXP574823M
    Affected: TSXP574823MC
    Affected: TSXP575634M
    Affected: TSXP576634M
    Affected: TSXWMY100
    Affected: TSXWMY100C
    Affected: TSXP571634M
    Affected: TSXP572634M
    Affected: TSXP573634M
    Create a notification for this product.
    Date Public
    2014-09-30 06:00
    Credits
    Billy Rios
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T09:27:19.540Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "70193",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/70193"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-273-01"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://download.schneider-electric.com/files?p_Reference=SEVD-2014-260-01\u0026p_EnDocType=Software%20-%20Updates\u0026p_File_Id=608959359\u0026p_File_Name=SEVD-2014-260-01.pdf"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Ethernet modules for M340, Quantum and Premium PLC ranges",
              "vendor": "Schneider Electric",
              "versions": [
                {
                  "status": "affected",
                  "version": "140CPU65150"
                },
                {
                  "status": "affected",
                  "version": "140CPU65160"
                },
                {
                  "status": "affected",
                  "version": "140CPU65260"
                },
                {
                  "status": "affected",
                  "version": "140NOC77100"
                },
                {
                  "status": "affected",
                  "version": "140NOC78000"
                },
                {
                  "status": "affected",
                  "version": "140NOC78100"
                },
                {
                  "status": "affected",
                  "version": "140NOE77100"
                },
                {
                  "status": "affected",
                  "version": "140NOE77101"
                },
                {
                  "status": "affected",
                  "version": "140NOE77101C"
                },
                {
                  "status": "affected",
                  "version": "140NOE77110"
                },
                {
                  "status": "affected",
                  "version": "140NOE77111"
                },
                {
                  "status": "affected",
                  "version": "140NOE77111C"
                },
                {
                  "status": "affected",
                  "version": "140NWM10000"
                },
                {
                  "status": "affected",
                  "version": "170ENT11001"
                },
                {
                  "status": "affected",
                  "version": "170ENT11002"
                },
                {
                  "status": "affected",
                  "version": "170ENT11002C"
                },
                {
                  "status": "affected",
                  "version": "171CCC96020"
                },
                {
                  "status": "affected",
                  "version": "171CCC96020C"
                },
                {
                  "status": "affected",
                  "version": "171CCC96030"
                },
                {
                  "status": "affected",
                  "version": "171CCC96030C"
                },
                {
                  "status": "affected",
                  "version": "171CCC98020"
                },
                {
                  "status": "affected",
                  "version": "171CCC98030"
                },
                {
                  "status": "affected",
                  "version": "BMXNOC0401"
                },
                {
                  "status": "affected",
                  "version": "BMXNOC0402"
                },
                {
                  "status": "affected",
                  "version": "BMXNOE0100"
                },
                {
                  "status": "affected",
                  "version": "BMXNOE0110"
                },
                {
                  "status": "affected",
                  "version": "BMXNOE0110H"
                },
                {
                  "status": "affected",
                  "version": "BMXNOR0200H"
                },
                {
                  "status": "affected",
                  "version": "BMXP342020"
                },
                {
                  "status": "affected",
                  "version": "BMXP342020H"
                },
                {
                  "status": "affected",
                  "version": "BMXP342030"
                },
                {
                  "status": "affected",
                  "version": "BMXP3420302"
                },
                {
                  "status": "affected",
                  "version": "BMXP3420302H"
                },
                {
                  "status": "affected",
                  "version": "BMXP342030H"
                },
                {
                  "status": "affected",
                  "version": "BMXPRMxxxx"
                },
                {
                  "status": "affected",
                  "version": "STBNIC2212"
                },
                {
                  "status": "affected",
                  "version": "STBNIP2212"
                },
                {
                  "status": "affected",
                  "version": "TSXETC0101"
                },
                {
                  "status": "affected",
                  "version": "TSXETC100"
                },
                {
                  "status": "affected",
                  "version": "TSXETY110WS"
                },
                {
                  "status": "affected",
                  "version": "TSXETY110WSC"
                },
                {
                  "status": "affected",
                  "version": "TSXETY4103"
                },
                {
                  "status": "affected",
                  "version": "TSXETY4103C"
                },
                {
                  "status": "affected",
                  "version": "TSXETY5103"
                },
                {
                  "status": "affected",
                  "version": "TSXETY5103C"
                },
                {
                  "status": "affected",
                  "version": "TSXETZ410"
                },
                {
                  "status": "affected",
                  "version": "TSXETZ510"
                },
                {
                  "status": "affected",
                  "version": "TSXNTP100"
                },
                {
                  "status": "affected",
                  "version": "TSXP572623M"
                },
                {
                  "status": "affected",
                  "version": "TSXP572623MC"
                },
                {
                  "status": "affected",
                  "version": "TSXP572823M"
                },
                {
                  "status": "affected",
                  "version": "TSXP572823MC"
                },
                {
                  "status": "affected",
                  "version": "TSXP573623AM"
                },
                {
                  "status": "affected",
                  "version": "TSXP573623M"
                },
                {
                  "status": "affected",
                  "version": "TSXP573623MC"
                },
                {
                  "status": "affected",
                  "version": "TSXP574634M"
                },
                {
                  "status": "affected",
                  "version": "TSXP574823AM"
                },
                {
                  "status": "affected",
                  "version": "TSXP574823M"
                },
                {
                  "status": "affected",
                  "version": "TSXP574823MC"
                },
                {
                  "status": "affected",
                  "version": "TSXP575634M"
                },
                {
                  "status": "affected",
                  "version": "TSXP576634M"
                },
                {
                  "status": "affected",
                  "version": "TSXWMY100"
                },
                {
                  "status": "affected",
                  "version": "TSXWMY100C"
                },
                {
                  "status": "affected",
                  "version": "TSXP571634M"
                },
                {
                  "status": "affected",
                  "version": "TSXP572634M"
                },
                {
                  "status": "affected",
                  "version": "TSXP573634M"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Billy Rios"
            }
          ],
          "datePublic": "2014-09-30T06:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eDirectory traversal vulnerability in SchneiderWEB on Schneider Electric Modicon PLC Ethernet modules 140CPU65x Exec before 5.5, 140NOC78x Exec before 1.62, 140NOE77x Exec before 6.2, BMXNOC0401 before 2.05, BMXNOE0100 before 2.9, BMXNOE0110x Exec before 6.0, TSXETC101 Exec before 2.04, TSXETY4103x Exec before 5.7, TSXETY5103x Exec before 5.9, TSXP57x ETYPort Exec before 5.7, and TSXP57x Ethernet Copro Exec before 5.5 allows remote attackers to visit arbitrary resources via a crafted HTTP request.\u003c/p\u003e"
                }
              ],
              "value": "Directory traversal vulnerability in SchneiderWEB on Schneider Electric Modicon PLC Ethernet modules 140CPU65x Exec before 5.5, 140NOC78x Exec before 1.62, 140NOE77x Exec before 6.2, BMXNOC0401 before 2.05, BMXNOE0100 before 2.9, BMXNOE0110x Exec before 6.0, TSXETC101 Exec before 2.04, TSXETY4103x Exec before 5.7, TSXETY5103x Exec before 5.9, TSXP57x ETYPort Exec before 5.7, and TSXP57x Ethernet Copro Exec before 5.5 allows remote attackers to visit arbitrary resources via a crafted HTTP request."
            }
          ],
          "metrics": [
            {
              "cvssV2_0": {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10,
                "confidentialityImpact": "COMPLETE",
                "integrityImpact": "COMPLETE",
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-25T23:45:03.684Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "name": "70193",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/70193"
            },
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-273-01"
            },
            {
              "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2014-260-01"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003ePlease see Schneider Electric\u2019s vulnerability disclosure \n(SEVD-2014-260-01)Schneider Electric Vulnerability Disclosure \u2013 Modicon \nEthernet Comm Modules - SEVD-2014-260-01 - \n\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2014-260-01\"\u003ehttp://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2014-260-01\u003c/a\u003e. for more detailed \ninformation on which product part numbers are affected, as well as the \ncomplete list of which devices have released firmware updates available.\u003c/p\u003e\u003cp\u003eThis vulnerability disclosure can be downloaded at the following URL:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.schneider-electric.com/ww/en/download/\"\u003ehttp://www.schneider-electric.com/ww/en/download/\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "Please see Schneider Electric\u2019s vulnerability disclosure \n(SEVD-2014-260-01)Schneider Electric Vulnerability Disclosure \u2013 Modicon \nEthernet Comm Modules - SEVD-2014-260-01 - \n http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2014-260-01 . for more detailed \ninformation on which product part numbers are affected, as well as the \ncomplete list of which devices have released firmware updates available.\n\nThis vulnerability disclosure can be downloaded at the following URL:\u00a0 http://www.schneider-electric.com/ww/en/download/"
            }
          ],
          "source": {
            "advisory": "ICSA-14-273-01",
            "discovery": "EXTERNAL"
          },
          "title": "Schneider Electric",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eSearch downloads for SEVD-14-260-01, then keyword SEVD-14-260-01 to \ndownload the vulnerability disclosure. This URL site can also be used to\n download firmware updates identified in the vulnerability disclosure.\u003c/p\u003e\n\u003cp\u003eSchneider Electric also recommends the following measures to mitigate the vulnerability for the remaining affected devices:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUse a deep packet inspection firewall to prevent HTTP requests to the product that contains traversals in the URL.\u003c/li\u003e\n\u003cli\u003eDisable Port 80 (HTTP) on modules where it is possible.\u003c/li\u003e\n\u003cli\u003eBlock Port 80 in firewalls to these devices, except for trusted devices.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePlease contact Schneider Electric Customer Care Center for more information.\u003c/p\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "Search downloads for SEVD-14-260-01, then keyword SEVD-14-260-01 to \ndownload the vulnerability disclosure. This URL site can also be used to\n download firmware updates identified in the vulnerability disclosure.\n\n\nSchneider Electric also recommends the following measures to mitigate the vulnerability for the remaining affected devices:\n\n\n\n  *  Use a deep packet inspection firewall to prevent HTTP requests to the product that contains traversals in the URL.\n\n  *  Disable Port 80 (HTTP) on modules where it is possible.\n\n  *  Block Port 80 in firewalls to these devices, except for trusted devices.\n\n\n\n\nPlease contact Schneider Electric Customer Care Center for more information."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2014-0754",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Directory traversal vulnerability in SchneiderWEB on Schneider Electric Modicon PLC Ethernet modules 140CPU65x Exec before 5.5, 140NOC78x Exec before 1.62, 140NOE77x Exec before 6.2, BMXNOC0401 before 2.05, BMXNOE0100 before 2.9, BMXNOE0110x Exec before 6.0, TSXETC101 Exec before 2.04, TSXETY4103x Exec before 5.7, TSXETY5103x Exec before 5.9, TSXP57x ETYPort Exec before 5.7, and TSXP57x Ethernet Copro Exec before 5.5 allows remote attackers to visit arbitrary resources via a crafted HTTP request."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "70193",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/70193"
                },
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-273-01",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-273-01"
                },
                {
                  "name": "http://download.schneider-electric.com/files?p_Reference=SEVD-2014-260-01\u0026p_EnDocType=Software%20-%20Updates\u0026p_File_Id=608959359\u0026p_File_Name=SEVD-2014-260-01.pdf",
                  "refsource": "CONFIRM",
                  "url": "http://download.schneider-electric.com/files?p_Reference=SEVD-2014-260-01\u0026p_EnDocType=Software%20-%20Updates\u0026p_File_Id=608959359\u0026p_File_Name=SEVD-2014-260-01.pdf"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2014-0754",
        "datePublished": "2014-10-03T18:00:00.000Z",
        "dateReserved": "2014-01-02T00:00:00.000Z",
        "dateUpdated": "2025-08-25T23:45:03.684Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-7477 (GCVE-0-2020-7477)

    Vulnerability from cvelistv5 – Published: 2020-03-23 19:14 – Updated: 2026-05-28 20:19
    VLAI
    Summary
    A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Quantum Ethernet Network module 140NOE771x1 (Versions 7.0 and prior), Quantum processors with integrated Ethernet – 140CPU65xxxxx (all Versions), and Premium processors with integrated Ethernet (all Versions), which could cause a Denial of Service when sending a specially crafted command over Modbus.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-754 - Improper Check for Unusual or Exceptional Conditions
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Modicon Quantum Ethernet Network module and Quantum / Premium COPRO (Quantum Ethernet Network module 140NOE771x1, versions 7.0 and prior, Quantum processors with integrated Ethernet – 140CPU65xxxxx, all versions, Premium processors with integrated Ethernet, all versions) Affected: Modicon Quantum Ethernet Network module and Quantum / Premium COPRO (Quantum Ethernet Network module 140NOE771x1, versions 7.0 and prior, Quantum processors with integrated Ethernet – 140CPU65xxxxx, all versions, Premium processors with integrated Ethernet, all versions)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T09:33:18.651Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.se.com/ww/en/download/document/SEVD-2020-070-02/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-7477",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-28T20:19:17.040046Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-28T20:19:32.265Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Modicon Quantum Ethernet Network module and Quantum / Premium COPRO (Quantum Ethernet Network module 140NOE771x1, versions 7.0 and prior, Quantum processors with integrated Ethernet \u2013 140CPU65xxxxx, all versions, Premium processors with integrated Ethernet, all versions)",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Modicon Quantum Ethernet Network module and Quantum / Premium COPRO (Quantum Ethernet Network module 140NOE771x1, versions 7.0 and prior, Quantum processors with integrated Ethernet \u2013 140CPU65xxxxx, all versions, Premium processors with integrated Ethernet, all versions)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Quantum Ethernet Network module 140NOE771x1 (Versions 7.0 and prior), Quantum processors with integrated Ethernet \u2013 140CPU65xxxxx (all Versions), and Premium processors with integrated Ethernet (all Versions), which could cause a Denial of Service when sending a specially crafted command over Modbus."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-754",
                  "description": "CWE-754: Improper Check for Unusual or Exceptional Conditions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-03-23T19:14:31.000Z",
            "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
            "shortName": "schneider"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.se.com/ww/en/download/document/SEVD-2020-070-02/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@schneider-electric.com",
              "ID": "CVE-2020-7477",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Modicon Quantum Ethernet Network module and Quantum / Premium COPRO (Quantum Ethernet Network module 140NOE771x1, versions 7.0 and prior, Quantum processors with integrated Ethernet \u2013 140CPU65xxxxx, all versions, Premium processors with integrated Ethernet, all versions)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Modicon Quantum Ethernet Network module and Quantum / Premium COPRO (Quantum Ethernet Network module 140NOE771x1, versions 7.0 and prior, Quantum processors with integrated Ethernet \u2013 140CPU65xxxxx, all versions, Premium processors with integrated Ethernet, all versions)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Quantum Ethernet Network module 140NOE771x1 (Versions 7.0 and prior), Quantum processors with integrated Ethernet \u2013 140CPU65xxxxx (all Versions), and Premium processors with integrated Ethernet (all Versions), which could cause a Denial of Service when sending a specially crafted command over Modbus."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-754: Improper Check for Unusual or Exceptional Conditions"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.se.com/ww/en/download/document/SEVD-2020-070-02/",
                  "refsource": "MISC",
                  "url": "https://www.se.com/ww/en/download/document/SEVD-2020-070-02/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "assignerShortName": "schneider",
        "cveId": "CVE-2020-7477",
        "datePublished": "2020-03-23T19:14:31.000Z",
        "dateReserved": "2020-01-21T00:00:00.000Z",
        "dateUpdated": "2026-05-28T20:19:32.265Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2018-7794 (GCVE-0-2018-7794)

    Vulnerability from cvelistv5 – Published: 2020-01-06 22:57 – Updated: 2026-05-29 14:05
    VLAI
    Summary
    A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service when reading data with invalid index using Modbus TCP.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-754 - Improper Check for Unusual or Exceptional Conditions
    Assigner
    References
    Impacted products
    Vendor Product Version
    Schneider Electric SE Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) Affected: Modicon M580
    Affected: Modicon M340
    Affected: Modicon Quantum
    Affected: Modicon Premium (see security notification for specific versions)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:37:59.272Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.se.com/ww/en/download/document/SEVD-2019-344-01"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2018-7794",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-29T14:04:08.954870Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-29T14:05:11.611Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Modicon M580, Modicon M340, Modicon Quantum,  Modicon Premium (see security notification for specific versions)",
              "vendor": "Schneider Electric SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "Modicon M580"
                },
                {
                  "status": "affected",
                  "version": "Modicon M340"
                },
                {
                  "status": "affected",
                  "version": "Modicon Quantum"
                },
                {
                  "status": "affected",
                  "version": "Modicon Premium (see security notification for specific versions)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service when reading data with invalid index using Modbus TCP."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-754",
                  "description": "CWE-754: Improper Check for Unusual or Exceptional Conditions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-01-06T22:57:09.000Z",
            "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
            "shortName": "schneider"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.se.com/ww/en/download/document/SEVD-2019-344-01"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@schneider-electric.com",
              "ID": "CVE-2018-7794",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Modicon M580, Modicon M340, Modicon Quantum,  Modicon Premium (see security notification for specific versions)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Modicon M580"
                              },
                              {
                                "version_value": "Modicon M340"
                              },
                              {
                                "version_value": "Modicon Quantum"
                              },
                              {
                                "version_value": "Modicon Premium (see security notification for specific versions)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Schneider Electric SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service when reading data with invalid index using Modbus TCP."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-754: Improper Check for Unusual or Exceptional Conditions"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.se.com/ww/en/download/document/SEVD-2019-344-01",
                  "refsource": "CONFIRM",
                  "url": "https://www.se.com/ww/en/download/document/SEVD-2019-344-01"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "assignerShortName": "schneider",
        "cveId": "CVE-2018-7794",
        "datePublished": "2020-01-06T22:57:09.000Z",
        "dateReserved": "2018-03-08T00:00:00.000Z",
        "dateUpdated": "2026-05-29T14:05:11.611Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2019-6857 (GCVE-0-2019-6857)

    Vulnerability from cvelistv5 – Published: 2020-01-06 22:57 – Updated: 2026-05-29 14:41
    VLAI
    Summary
    A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service of the controller when reading specific memory blocks using Modbus TCP.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-754 - Improper Check for Unusual or Exceptional Conditions
    Assigner
    References
    Impacted products
    Vendor Product Version
    Schneider Electric SE Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) Affected: Modicon M580
    Affected: Modicon M340
    Affected: Modicon Quantum
    Affected: Modicon Premium (see security notification for specific versions)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T20:31:04.438Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.se.com/ww/en/download/document/SEVD-2019-344-01"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.us-cert.gov/ics/advisories/icsa-20-016-01"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2019-6857",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-29T14:39:16.673211Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-29T14:41:14.779Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Modicon M580, Modicon M340, Modicon Quantum,  Modicon Premium (see security notification for specific versions)",
              "vendor": "Schneider Electric SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "Modicon M580"
                },
                {
                  "status": "affected",
                  "version": "Modicon M340"
                },
                {
                  "status": "affected",
                  "version": "Modicon Quantum"
                },
                {
                  "status": "affected",
                  "version": "Modicon Premium (see security notification for specific versions)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service of the controller when reading specific memory blocks using Modbus TCP."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-754",
                  "description": "CWE-754: Improper Check for Unusual or Exceptional Conditions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-01-21T23:03:43.000Z",
            "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
            "shortName": "schneider"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.se.com/ww/en/download/document/SEVD-2019-344-01"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.us-cert.gov/ics/advisories/icsa-20-016-01"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@schneider-electric.com",
              "ID": "CVE-2019-6857",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Modicon M580, Modicon M340, Modicon Quantum,  Modicon Premium (see security notification for specific versions)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Modicon M580"
                              },
                              {
                                "version_value": "Modicon M340"
                              },
                              {
                                "version_value": "Modicon Quantum"
                              },
                              {
                                "version_value": "Modicon Premium (see security notification for specific versions)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Schneider Electric SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service of the controller when reading specific memory blocks using Modbus TCP."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-754: Improper Check for Unusual or Exceptional Conditions"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.se.com/ww/en/download/document/SEVD-2019-344-01",
                  "refsource": "CONFIRM",
                  "url": "https://www.se.com/ww/en/download/document/SEVD-2019-344-01"
                },
                {
                  "name": "https://www.us-cert.gov/ics/advisories/icsa-20-016-01",
                  "refsource": "MISC",
                  "url": "https://www.us-cert.gov/ics/advisories/icsa-20-016-01"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "assignerShortName": "schneider",
        "cveId": "CVE-2019-6857",
        "datePublished": "2020-01-06T22:57:05.000Z",
        "dateReserved": "2019-01-25T00:00:00.000Z",
        "dateUpdated": "2026-05-29T14:41:14.779Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2019-6856 (GCVE-0-2019-6856)

    Vulnerability from cvelistv5 – Published: 2020-01-06 22:57 – Updated: 2026-05-29 14:37
    VLAI
    Summary
    A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service when writing specific physical memory blocks using Modbus TCP.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-754 - Improper Check for Unusual or Exceptional Conditions
    Assigner
    References
    Impacted products
    Vendor Product Version
    Schneider Electric SE Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) Affected: Modicon M580
    Affected: Modicon M340
    Affected: Modicon Quantum
    Affected: Modicon Premium (see security notification for specific versions)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T20:31:04.415Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.se.com/ww/en/download/document/SEVD-2019-344-01"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.us-cert.gov/ics/advisories/icsa-20-016-01"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2019-6856",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-29T14:36:59.205058Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-29T14:37:57.750Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Modicon M580, Modicon M340, Modicon Quantum,  Modicon Premium (see security notification for specific versions)",
              "vendor": "Schneider Electric SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "Modicon M580"
                },
                {
                  "status": "affected",
                  "version": "Modicon M340"
                },
                {
                  "status": "affected",
                  "version": "Modicon Quantum"
                },
                {
                  "status": "affected",
                  "version": "Modicon Premium (see security notification for specific versions)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service when writing specific physical memory blocks using Modbus TCP."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-754",
                  "description": "CWE-754: Improper Check for Unusual or Exceptional Conditions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-01-21T23:04:36.000Z",
            "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
            "shortName": "schneider"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.se.com/ww/en/download/document/SEVD-2019-344-01"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.us-cert.gov/ics/advisories/icsa-20-016-01"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@schneider-electric.com",
              "ID": "CVE-2019-6856",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Modicon M580, Modicon M340, Modicon Quantum,  Modicon Premium (see security notification for specific versions)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Modicon M580"
                              },
                              {
                                "version_value": "Modicon M340"
                              },
                              {
                                "version_value": "Modicon Quantum"
                              },
                              {
                                "version_value": "Modicon Premium (see security notification for specific versions)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Schneider Electric SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service when writing specific physical memory blocks using Modbus TCP."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-754: Improper Check for Unusual or Exceptional Conditions"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.se.com/ww/en/download/document/SEVD-2019-344-01",
                  "refsource": "CONFIRM",
                  "url": "https://www.se.com/ww/en/download/document/SEVD-2019-344-01"
                },
                {
                  "name": "https://www.us-cert.gov/ics/advisories/icsa-20-016-01",
                  "refsource": "MISC",
                  "url": "https://www.us-cert.gov/ics/advisories/icsa-20-016-01"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "assignerShortName": "schneider",
        "cveId": "CVE-2019-6856",
        "datePublished": "2020-01-06T22:57:02.000Z",
        "dateReserved": "2019-01-25T00:00:00.000Z",
        "dateUpdated": "2026-05-29T14:37:57.750Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2018-7242 (GCVE-0-2018-7242)

    Vulnerability from cvelistv5 – Published: 2018-04-18 20:00 – Updated: 2024-08-05 06:24
    VLAI
    Summary
    Vulnerable hash algorithms exists in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules. The algorithm used to encrypt the password is vulnerable to hash collision attacks.
    Severity
    No CVSS data available.
    CWE
    • Vulnerable Hash Algorithms
    Assigner
    References
    Impacted products
    Vendor Product Version
    Schneider Electric SE Modicon Premium, Modicon Quantum, Modicon M340, BMXNOR0200 Affected: All versions of communication modules for Modicon Premium, Quantum, M340 and BMXNOR0200
    Create a notification for this product.
    Date Public
    2018-03-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:24:11.352Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-01/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-086-01"
              },
              {
                "name": "103543",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/103543"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Modicon Premium, Modicon Quantum, Modicon M340, BMXNOR0200",
              "vendor": "Schneider Electric SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions of communication modules for Modicon Premium, Quantum, M340 and BMXNOR0200"
                }
              ]
            }
          ],
          "datePublic": "2018-03-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Vulnerable hash algorithms exists in Schneider Electric\u0027s Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules. The algorithm used to encrypt the password is vulnerable to hash collision attacks."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Vulnerable Hash Algorithms",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-12-05T20:57:01.000Z",
            "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
            "shortName": "schneider"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-01/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-086-01"
            },
            {
              "name": "103543",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/103543"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@schneider-electric.com",
              "ID": "CVE-2018-7242",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Modicon Premium, Modicon Quantum, Modicon M340, BMXNOR0200",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions of communication modules for Modicon Premium, Quantum, M340 and BMXNOR0200"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Schneider Electric SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Vulnerable hash algorithms exists in Schneider Electric\u0027s Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules. The algorithm used to encrypt the password is vulnerable to hash collision attacks."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Vulnerable Hash Algorithms"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-01/",
                  "refsource": "CONFIRM",
                  "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-01/"
                },
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-086-01",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-086-01"
                },
                {
                  "name": "103543",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/103543"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "assignerShortName": "schneider",
        "cveId": "CVE-2018-7242",
        "datePublished": "2018-04-18T20:00:00.000Z",
        "dateReserved": "2018-02-19T00:00:00.000Z",
        "dateUpdated": "2024-08-05T06:24:11.352Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-7759 (GCVE-0-2018-7759)

    Vulnerability from cvelistv5 – Published: 2018-04-18 20:00 – Updated: 2024-08-05 06:37
    VLAI
    Summary
    A buffer overflow vulnerability exists in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200. The buffer overflow vulnerability is caused by the length of the source string specified (instead of the buffer size) as the number of bytes to be copied.
    Severity
    No CVSS data available.
    CWE
    • Buffer overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    Schneider Electric SE Modicon M340, Modicon Premium, Modicon Quantum, BMXNOR0200 Affected: All Modicon M340, Premium, Quantum PLCs and BMXNOR0200
    Create a notification for this product.
    Date Public
    2018-03-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:37:57.979Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-02/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Modicon M340, Modicon Premium, Modicon Quantum, BMXNOR0200",
              "vendor": "Schneider Electric SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "All Modicon M340, Premium, Quantum PLCs and BMXNOR0200"
                }
              ]
            }
          ],
          "datePublic": "2018-03-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A buffer overflow vulnerability exists in Schneider Electric\u0027s Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200. The buffer overflow vulnerability is caused by the length of the source string specified (instead of the buffer size) as the number of bytes to be copied."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Buffer overflow",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-04-18T19:57:01.000Z",
            "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
            "shortName": "schneider"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-02/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@schneider-electric.com",
              "ID": "CVE-2018-7759",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Modicon M340, Modicon Premium, Modicon Quantum, BMXNOR0200",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All Modicon M340, Premium, Quantum PLCs and BMXNOR0200"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Schneider Electric SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A buffer overflow vulnerability exists in Schneider Electric\u0027s Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200. The buffer overflow vulnerability is caused by the length of the source string specified (instead of the buffer size) as the number of bytes to be copied."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Buffer overflow"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-02/",
                  "refsource": "CONFIRM",
                  "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-02/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "assignerShortName": "schneider",
        "cveId": "CVE-2018-7759",
        "datePublished": "2018-04-18T20:00:00.000Z",
        "dateReserved": "2018-03-08T00:00:00.000Z",
        "dateUpdated": "2024-08-05T06:37:57.979Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-7761 (GCVE-0-2018-7761)

    Vulnerability from cvelistv5 – Published: 2018-04-18 20:00 – Updated: 2024-08-05 06:37
    VLAI
    Summary
    A vulnerability exists in the HTTP request parser in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200 which could allow arbitrary code execution.
    Severity
    No CVSS data available.
    CWE
    • Arbritrary Code Execution
    Assigner
    References
    Impacted products
    Vendor Product Version
    Schneider Electric SE Modicon M340, Modicon Premium, Modicon Quantum, BMXNOR0202 Affected: All Modicon M340, Premium, Quantum PLCs and BMXNOR0202
    Create a notification for this product.
    Date Public
    2018-03-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:37:57.953Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-02/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Modicon M340, Modicon Premium, Modicon Quantum, BMXNOR0202",
              "vendor": "Schneider Electric SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "All Modicon M340, Premium, Quantum PLCs and BMXNOR0202"
                }
              ]
            }
          ],
          "datePublic": "2018-03-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability exists in the HTTP request parser in Schneider Electric\u0027s Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200 which could allow arbitrary code execution."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Arbritrary Code Execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-04-18T19:57:01.000Z",
            "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
            "shortName": "schneider"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-02/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@schneider-electric.com",
              "ID": "CVE-2018-7761",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Modicon M340, Modicon Premium, Modicon Quantum, BMXNOR0202",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All Modicon M340, Premium, Quantum PLCs and BMXNOR0202"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Schneider Electric SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability exists in the HTTP request parser in Schneider Electric\u0027s Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200 which could allow arbitrary code execution."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Arbritrary Code Execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-02/",
                  "refsource": "CONFIRM",
                  "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-02/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "assignerShortName": "schneider",
        "cveId": "CVE-2018-7761",
        "datePublished": "2018-04-18T20:00:00.000Z",
        "dateReserved": "2018-03-08T00:00:00.000Z",
        "dateUpdated": "2024-08-05T06:37:57.953Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-7762 (GCVE-0-2018-7762)

    Vulnerability from cvelistv5 – Published: 2018-04-18 20:00 – Updated: 2024-08-05 06:37
    VLAI
    Summary
    A vulnerability exists in the web services to process SOAP requests in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200 which could allow result in a buffer overflow.
    Severity
    No CVSS data available.
    CWE
    • Buffer overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    Schneider Electric SE Modicon M340, Modicon Premium, Modicon Quantum, BMXNOR0203 Affected: All Modicon M340, Premium, Quantum PLCs and BMXNOR0203
    Create a notification for this product.
    Date Public
    2018-03-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:37:58.095Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-02/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Modicon M340, Modicon Premium, Modicon Quantum, BMXNOR0203",
              "vendor": "Schneider Electric SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "All Modicon M340, Premium, Quantum PLCs and BMXNOR0203"
                }
              ]
            }
          ],
          "datePublic": "2018-03-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability exists in the web services to process SOAP requests in Schneider Electric\u0027s Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200 which could allow result in a buffer overflow."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Buffer overflow",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-04-18T19:57:01.000Z",
            "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
            "shortName": "schneider"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-02/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@schneider-electric.com",
              "ID": "CVE-2018-7762",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Modicon M340, Modicon Premium, Modicon Quantum, BMXNOR0203",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All Modicon M340, Premium, Quantum PLCs and BMXNOR0203"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Schneider Electric SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability exists in the web services to process SOAP requests in Schneider Electric\u0027s Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200 which could allow result in a buffer overflow."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Buffer overflow"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-02/",
                  "refsource": "CONFIRM",
                  "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-02/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "assignerShortName": "schneider",
        "cveId": "CVE-2018-7762",
        "datePublished": "2018-04-18T20:00:00.000Z",
        "dateReserved": "2018-03-08T00:00:00.000Z",
        "dateUpdated": "2024-08-05T06:37:58.095Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-7760 (GCVE-0-2018-7760)

    Vulnerability from cvelistv5 – Published: 2018-04-18 20:00 – Updated: 2024-08-05 06:37
    VLAI
    Summary
    An authorization bypass vulnerability exists in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200. Requests to CGI functions allow malicious users to bypass authorization.
    Severity
    No CVSS data available.
    CWE
    • Authorization Bypass
    Assigner
    References
    Impacted products
    Vendor Product Version
    Schneider Electric SE Modicon M340, Modicon Premium, Modicon Quantum, BMXNOR0201 Affected: All Modicon M340, Premium, Quantum PLCs and BMXNOR0201
    Create a notification for this product.
    Date Public
    2018-03-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:37:59.111Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-02/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Modicon M340, Modicon Premium, Modicon Quantum, BMXNOR0201",
              "vendor": "Schneider Electric SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "All Modicon M340, Premium, Quantum PLCs and BMXNOR0201"
                }
              ]
            }
          ],
          "datePublic": "2018-03-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An authorization bypass vulnerability exists in Schneider Electric\u0027s Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200. Requests to CGI functions allow malicious users to bypass authorization."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Authorization Bypass",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-04-18T19:57:01.000Z",
            "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
            "shortName": "schneider"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-02/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@schneider-electric.com",
              "ID": "CVE-2018-7760",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Modicon M340, Modicon Premium, Modicon Quantum, BMXNOR0201",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All Modicon M340, Premium, Quantum PLCs and BMXNOR0201"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Schneider Electric SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An authorization bypass vulnerability exists in Schneider Electric\u0027s Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200. Requests to CGI functions allow malicious users to bypass authorization."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Authorization Bypass"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-02/",
                  "refsource": "CONFIRM",
                  "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-02/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "assignerShortName": "schneider",
        "cveId": "CVE-2018-7760",
        "datePublished": "2018-04-18T20:00:00.000Z",
        "dateReserved": "2018-03-08T00:00:00.000Z",
        "dateUpdated": "2024-08-05T06:37:59.111Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-7241 (GCVE-0-2018-7241)

    Vulnerability from cvelistv5 – Published: 2018-04-18 20:00 – Updated: 2024-08-05 06:24
    VLAI
    Summary
    Hard coded accounts exist in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules.
    Severity
    No CVSS data available.
    CWE
    • Hard-coded accounts
    Assigner
    References
    Impacted products
    Vendor Product Version
    Schneider Electric SE Modicon Premium, Modicon Quantum, Modicon M340, BMXNOR0200 Affected: All versions of communication modules for Modicon Premium, Quantum, M340 and BMXNOR0200
    Create a notification for this product.
    Date Public
    2018-03-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:24:11.691Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-01/"
              },
              {
                "name": "103542",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/103542"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-086-01"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Modicon Premium, Modicon Quantum, Modicon M340, BMXNOR0200",
              "vendor": "Schneider Electric SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions of communication modules for Modicon Premium, Quantum, M340 and BMXNOR0200"
                }
              ]
            }
          ],
          "datePublic": "2018-03-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Hard coded accounts exist in Schneider Electric\u0027s Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Hard-coded accounts",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-12-05T20:57:01.000Z",
            "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
            "shortName": "schneider"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-01/"
            },
            {
              "name": "103542",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/103542"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-086-01"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@schneider-electric.com",
              "ID": "CVE-2018-7241",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Modicon Premium, Modicon Quantum, Modicon M340, BMXNOR0200",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions of communication modules for Modicon Premium, Quantum, M340 and BMXNOR0200"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Schneider Electric SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Hard coded accounts exist in Schneider Electric\u0027s Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Hard-coded accounts"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-01/",
                  "refsource": "CONFIRM",
                  "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-01/"
                },
                {
                  "name": "103542",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/103542"
                },
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-086-01",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-086-01"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "assignerShortName": "schneider",
        "cveId": "CVE-2018-7241",
        "datePublished": "2018-04-18T20:00:00.000Z",
        "dateReserved": "2018-02-19T00:00:00.000Z",
        "dateUpdated": "2024-08-05T06:24:11.691Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-0754 (GCVE-0-2014-0754)

    Vulnerability from cvelistv5 – Published: 2014-10-03 18:00 – Updated: 2025-08-25 23:45
    VLAI
    Title
    Schneider Electric
    Summary
    Directory traversal vulnerability in SchneiderWEB on Schneider Electric Modicon PLC Ethernet modules 140CPU65x Exec before 5.5, 140NOC78x Exec before 1.62, 140NOE77x Exec before 6.2, BMXNOC0401 before 2.05, BMXNOE0100 before 2.9, BMXNOE0110x Exec before 6.0, TSXETC101 Exec before 2.04, TSXETY4103x Exec before 5.7, TSXETY5103x Exec before 5.9, TSXP57x ETYPort Exec before 5.7, and TSXP57x Ethernet Copro Exec before 5.5 allows remote attackers to visit arbitrary resources via a crafted HTTP request.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Impacted products
    Vendor Product Version
    Schneider Electric Ethernet modules for M340, Quantum and Premium PLC ranges Affected: 140CPU65150
    Affected: 140CPU65160
    Affected: 140CPU65260
    Affected: 140NOC77100
    Affected: 140NOC78000
    Affected: 140NOC78100
    Affected: 140NOE77100
    Affected: 140NOE77101
    Affected: 140NOE77101C
    Affected: 140NOE77110
    Affected: 140NOE77111
    Affected: 140NOE77111C
    Affected: 140NWM10000
    Affected: 170ENT11001
    Affected: 170ENT11002
    Affected: 170ENT11002C
    Affected: 171CCC96020
    Affected: 171CCC96020C
    Affected: 171CCC96030
    Affected: 171CCC96030C
    Affected: 171CCC98020
    Affected: 171CCC98030
    Affected: BMXNOC0401
    Affected: BMXNOC0402
    Affected: BMXNOE0100
    Affected: BMXNOE0110
    Affected: BMXNOE0110H
    Affected: BMXNOR0200H
    Affected: BMXP342020
    Affected: BMXP342020H
    Affected: BMXP342030
    Affected: BMXP3420302
    Affected: BMXP3420302H
    Affected: BMXP342030H
    Affected: BMXPRMxxxx
    Affected: STBNIC2212
    Affected: STBNIP2212
    Affected: TSXETC0101
    Affected: TSXETC100
    Affected: TSXETY110WS
    Affected: TSXETY110WSC
    Affected: TSXETY4103
    Affected: TSXETY4103C
    Affected: TSXETY5103
    Affected: TSXETY5103C
    Affected: TSXETZ410
    Affected: TSXETZ510
    Affected: TSXNTP100
    Affected: TSXP572623M
    Affected: TSXP572623MC
    Affected: TSXP572823M
    Affected: TSXP572823MC
    Affected: TSXP573623AM
    Affected: TSXP573623M
    Affected: TSXP573623MC
    Affected: TSXP574634M
    Affected: TSXP574823AM
    Affected: TSXP574823M
    Affected: TSXP574823MC
    Affected: TSXP575634M
    Affected: TSXP576634M
    Affected: TSXWMY100
    Affected: TSXWMY100C
    Affected: TSXP571634M
    Affected: TSXP572634M
    Affected: TSXP573634M
    Create a notification for this product.
    Date Public
    2014-09-30 06:00
    Credits
    Billy Rios
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T09:27:19.540Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "70193",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/70193"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-273-01"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://download.schneider-electric.com/files?p_Reference=SEVD-2014-260-01\u0026p_EnDocType=Software%20-%20Updates\u0026p_File_Id=608959359\u0026p_File_Name=SEVD-2014-260-01.pdf"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Ethernet modules for M340, Quantum and Premium PLC ranges",
              "vendor": "Schneider Electric",
              "versions": [
                {
                  "status": "affected",
                  "version": "140CPU65150"
                },
                {
                  "status": "affected",
                  "version": "140CPU65160"
                },
                {
                  "status": "affected",
                  "version": "140CPU65260"
                },
                {
                  "status": "affected",
                  "version": "140NOC77100"
                },
                {
                  "status": "affected",
                  "version": "140NOC78000"
                },
                {
                  "status": "affected",
                  "version": "140NOC78100"
                },
                {
                  "status": "affected",
                  "version": "140NOE77100"
                },
                {
                  "status": "affected",
                  "version": "140NOE77101"
                },
                {
                  "status": "affected",
                  "version": "140NOE77101C"
                },
                {
                  "status": "affected",
                  "version": "140NOE77110"
                },
                {
                  "status": "affected",
                  "version": "140NOE77111"
                },
                {
                  "status": "affected",
                  "version": "140NOE77111C"
                },
                {
                  "status": "affected",
                  "version": "140NWM10000"
                },
                {
                  "status": "affected",
                  "version": "170ENT11001"
                },
                {
                  "status": "affected",
                  "version": "170ENT11002"
                },
                {
                  "status": "affected",
                  "version": "170ENT11002C"
                },
                {
                  "status": "affected",
                  "version": "171CCC96020"
                },
                {
                  "status": "affected",
                  "version": "171CCC96020C"
                },
                {
                  "status": "affected",
                  "version": "171CCC96030"
                },
                {
                  "status": "affected",
                  "version": "171CCC96030C"
                },
                {
                  "status": "affected",
                  "version": "171CCC98020"
                },
                {
                  "status": "affected",
                  "version": "171CCC98030"
                },
                {
                  "status": "affected",
                  "version": "BMXNOC0401"
                },
                {
                  "status": "affected",
                  "version": "BMXNOC0402"
                },
                {
                  "status": "affected",
                  "version": "BMXNOE0100"
                },
                {
                  "status": "affected",
                  "version": "BMXNOE0110"
                },
                {
                  "status": "affected",
                  "version": "BMXNOE0110H"
                },
                {
                  "status": "affected",
                  "version": "BMXNOR0200H"
                },
                {
                  "status": "affected",
                  "version": "BMXP342020"
                },
                {
                  "status": "affected",
                  "version": "BMXP342020H"
                },
                {
                  "status": "affected",
                  "version": "BMXP342030"
                },
                {
                  "status": "affected",
                  "version": "BMXP3420302"
                },
                {
                  "status": "affected",
                  "version": "BMXP3420302H"
                },
                {
                  "status": "affected",
                  "version": "BMXP342030H"
                },
                {
                  "status": "affected",
                  "version": "BMXPRMxxxx"
                },
                {
                  "status": "affected",
                  "version": "STBNIC2212"
                },
                {
                  "status": "affected",
                  "version": "STBNIP2212"
                },
                {
                  "status": "affected",
                  "version": "TSXETC0101"
                },
                {
                  "status": "affected",
                  "version": "TSXETC100"
                },
                {
                  "status": "affected",
                  "version": "TSXETY110WS"
                },
                {
                  "status": "affected",
                  "version": "TSXETY110WSC"
                },
                {
                  "status": "affected",
                  "version": "TSXETY4103"
                },
                {
                  "status": "affected",
                  "version": "TSXETY4103C"
                },
                {
                  "status": "affected",
                  "version": "TSXETY5103"
                },
                {
                  "status": "affected",
                  "version": "TSXETY5103C"
                },
                {
                  "status": "affected",
                  "version": "TSXETZ410"
                },
                {
                  "status": "affected",
                  "version": "TSXETZ510"
                },
                {
                  "status": "affected",
                  "version": "TSXNTP100"
                },
                {
                  "status": "affected",
                  "version": "TSXP572623M"
                },
                {
                  "status": "affected",
                  "version": "TSXP572623MC"
                },
                {
                  "status": "affected",
                  "version": "TSXP572823M"
                },
                {
                  "status": "affected",
                  "version": "TSXP572823MC"
                },
                {
                  "status": "affected",
                  "version": "TSXP573623AM"
                },
                {
                  "status": "affected",
                  "version": "TSXP573623M"
                },
                {
                  "status": "affected",
                  "version": "TSXP573623MC"
                },
                {
                  "status": "affected",
                  "version": "TSXP574634M"
                },
                {
                  "status": "affected",
                  "version": "TSXP574823AM"
                },
                {
                  "status": "affected",
                  "version": "TSXP574823M"
                },
                {
                  "status": "affected",
                  "version": "TSXP574823MC"
                },
                {
                  "status": "affected",
                  "version": "TSXP575634M"
                },
                {
                  "status": "affected",
                  "version": "TSXP576634M"
                },
                {
                  "status": "affected",
                  "version": "TSXWMY100"
                },
                {
                  "status": "affected",
                  "version": "TSXWMY100C"
                },
                {
                  "status": "affected",
                  "version": "TSXP571634M"
                },
                {
                  "status": "affected",
                  "version": "TSXP572634M"
                },
                {
                  "status": "affected",
                  "version": "TSXP573634M"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Billy Rios"
            }
          ],
          "datePublic": "2014-09-30T06:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eDirectory traversal vulnerability in SchneiderWEB on Schneider Electric Modicon PLC Ethernet modules 140CPU65x Exec before 5.5, 140NOC78x Exec before 1.62, 140NOE77x Exec before 6.2, BMXNOC0401 before 2.05, BMXNOE0100 before 2.9, BMXNOE0110x Exec before 6.0, TSXETC101 Exec before 2.04, TSXETY4103x Exec before 5.7, TSXETY5103x Exec before 5.9, TSXP57x ETYPort Exec before 5.7, and TSXP57x Ethernet Copro Exec before 5.5 allows remote attackers to visit arbitrary resources via a crafted HTTP request.\u003c/p\u003e"
                }
              ],
              "value": "Directory traversal vulnerability in SchneiderWEB on Schneider Electric Modicon PLC Ethernet modules 140CPU65x Exec before 5.5, 140NOC78x Exec before 1.62, 140NOE77x Exec before 6.2, BMXNOC0401 before 2.05, BMXNOE0100 before 2.9, BMXNOE0110x Exec before 6.0, TSXETC101 Exec before 2.04, TSXETY4103x Exec before 5.7, TSXETY5103x Exec before 5.9, TSXP57x ETYPort Exec before 5.7, and TSXP57x Ethernet Copro Exec before 5.5 allows remote attackers to visit arbitrary resources via a crafted HTTP request."
            }
          ],
          "metrics": [
            {
              "cvssV2_0": {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10,
                "confidentialityImpact": "COMPLETE",
                "integrityImpact": "COMPLETE",
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-25T23:45:03.684Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "name": "70193",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/70193"
            },
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-273-01"
            },
            {
              "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2014-260-01"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003ePlease see Schneider Electric\u2019s vulnerability disclosure \n(SEVD-2014-260-01)Schneider Electric Vulnerability Disclosure \u2013 Modicon \nEthernet Comm Modules - SEVD-2014-260-01 - \n\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2014-260-01\"\u003ehttp://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2014-260-01\u003c/a\u003e. for more detailed \ninformation on which product part numbers are affected, as well as the \ncomplete list of which devices have released firmware updates available.\u003c/p\u003e\u003cp\u003eThis vulnerability disclosure can be downloaded at the following URL:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.schneider-electric.com/ww/en/download/\"\u003ehttp://www.schneider-electric.com/ww/en/download/\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "Please see Schneider Electric\u2019s vulnerability disclosure \n(SEVD-2014-260-01)Schneider Electric Vulnerability Disclosure \u2013 Modicon \nEthernet Comm Modules - SEVD-2014-260-01 - \n http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2014-260-01 . for more detailed \ninformation on which product part numbers are affected, as well as the \ncomplete list of which devices have released firmware updates available.\n\nThis vulnerability disclosure can be downloaded at the following URL:\u00a0 http://www.schneider-electric.com/ww/en/download/"
            }
          ],
          "source": {
            "advisory": "ICSA-14-273-01",
            "discovery": "EXTERNAL"
          },
          "title": "Schneider Electric",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eSearch downloads for SEVD-14-260-01, then keyword SEVD-14-260-01 to \ndownload the vulnerability disclosure. This URL site can also be used to\n download firmware updates identified in the vulnerability disclosure.\u003c/p\u003e\n\u003cp\u003eSchneider Electric also recommends the following measures to mitigate the vulnerability for the remaining affected devices:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUse a deep packet inspection firewall to prevent HTTP requests to the product that contains traversals in the URL.\u003c/li\u003e\n\u003cli\u003eDisable Port 80 (HTTP) on modules where it is possible.\u003c/li\u003e\n\u003cli\u003eBlock Port 80 in firewalls to these devices, except for trusted devices.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePlease contact Schneider Electric Customer Care Center for more information.\u003c/p\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "Search downloads for SEVD-14-260-01, then keyword SEVD-14-260-01 to \ndownload the vulnerability disclosure. This URL site can also be used to\n download firmware updates identified in the vulnerability disclosure.\n\n\nSchneider Electric also recommends the following measures to mitigate the vulnerability for the remaining affected devices:\n\n\n\n  *  Use a deep packet inspection firewall to prevent HTTP requests to the product that contains traversals in the URL.\n\n  *  Disable Port 80 (HTTP) on modules where it is possible.\n\n  *  Block Port 80 in firewalls to these devices, except for trusted devices.\n\n\n\n\nPlease contact Schneider Electric Customer Care Center for more information."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2014-0754",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Directory traversal vulnerability in SchneiderWEB on Schneider Electric Modicon PLC Ethernet modules 140CPU65x Exec before 5.5, 140NOC78x Exec before 1.62, 140NOE77x Exec before 6.2, BMXNOC0401 before 2.05, BMXNOE0100 before 2.9, BMXNOE0110x Exec before 6.0, TSXETC101 Exec before 2.04, TSXETY4103x Exec before 5.7, TSXETY5103x Exec before 5.9, TSXP57x ETYPort Exec before 5.7, and TSXP57x Ethernet Copro Exec before 5.5 allows remote attackers to visit arbitrary resources via a crafted HTTP request."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "70193",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/70193"
                },
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-273-01",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-273-01"
                },
                {
                  "name": "http://download.schneider-electric.com/files?p_Reference=SEVD-2014-260-01\u0026p_EnDocType=Software%20-%20Updates\u0026p_File_Id=608959359\u0026p_File_Name=SEVD-2014-260-01.pdf",
                  "refsource": "CONFIRM",
                  "url": "http://download.schneider-electric.com/files?p_Reference=SEVD-2014-260-01\u0026p_EnDocType=Software%20-%20Updates\u0026p_File_Id=608959359\u0026p_File_Name=SEVD-2014-260-01.pdf"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2014-0754",
        "datePublished": "2014-10-03T18:00:00.000Z",
        "dateReserved": "2014-01-02T00:00:00.000Z",
        "dateUpdated": "2025-08-25T23:45:03.684Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }