Vulnerabilites related to schneider-electric - modicon_premium
cve-2018-7843
Vulnerability from cvelistv5
Published
2019-05-22 19:58
Modified
2024-08-05 06:37
Severity ?
EPSS score ?
Summary
A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service when reading memory blocks with an invalid data size or with an invalid data offset in the controller over Modbus.
References
▼ | URL | Tags |
---|---|---|
https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/ | x_refsource_MISC | |
https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0738 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Modicon M580 Modicon M340 Modicon Quantum Modicon Premium |
Version: Modicon M580 Modicon M340 Modicon Quantum Modicon Premium |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T06:37:59.598Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0738" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Modicon M580 Modicon M340 Modicon Quantum Modicon Premium", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Modicon M580 Modicon M340 Modicon Quantum Modicon Premium" } ] } ], "descriptions": [ { "lang": "en", "value": "A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service when reading memory blocks with an invalid data size or with an invalid data offset in the controller over Modbus." } ], "problemTypes": [ { "descriptions": [ { "description": "Multiple Vulnerabilities", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-06-10T16:06:06", "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "shortName": "schneider" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0738" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cybersecurity@schneider-electric.com", "ID": "CVE-2018-7843", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Modicon M580 Modicon M340 Modicon Quantum Modicon Premium", "version": { "version_data": [ { "version_value": "Modicon M580 Modicon M340 Modicon Quantum Modicon Premium" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service when reading memory blocks with an invalid data size or with an invalid data offset in the controller over Modbus." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Multiple Vulnerabilities" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/", "refsource": "MISC", "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/" }, { "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0738", "refsource": "MISC", "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0738" } ] } } } }, "cveMetadata": { "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "assignerShortName": "schneider", "cveId": "CVE-2018-7843", "datePublished": "2019-05-22T19:58:58", "dateReserved": "2018-03-08T00:00:00", "dateUpdated": "2024-08-05T06:37:59.598Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-7855
Vulnerability from cvelistv5
Published
2019-05-22 20:03
Modified
2024-08-05 06:37
Severity ?
EPSS score ?
Summary
A CWE-248 Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a Denial of Service when sending invalid breakpoint parameters to the controller over Modbus
References
▼ | URL | Tags |
---|---|---|
https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/ | x_refsource_MISC | |
https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0767 | x_refsource_MISC | |
https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0766 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Modicon M580 Modicon M340 Modicon Quantum Modicon Premium |
Version: Modicon M580 Modicon M340 Modicon Quantum Modicon Premium |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T06:37:59.652Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0767" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0766" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Modicon M580 Modicon M340 Modicon Quantum Modicon Premium", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Modicon M580 Modicon M340 Modicon Quantum Modicon Premium" } ] } ], "descriptions": [ { "lang": "en", "value": "A CWE-248 Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a Denial of Service when sending invalid breakpoint parameters to the controller over Modbus" } ], "problemTypes": [ { "descriptions": [ { "description": "Multiple Vulnerabilities", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-06-10T17:06:05", "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "shortName": "schneider" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0767" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0766" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cybersecurity@schneider-electric.com", "ID": "CVE-2018-7855", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Modicon M580 Modicon M340 Modicon Quantum Modicon Premium", "version": { "version_data": [ { "version_value": "Modicon M580 Modicon M340 Modicon Quantum Modicon Premium" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A CWE-248 Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a Denial of Service when sending invalid breakpoint parameters to the controller over Modbus" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Multiple Vulnerabilities" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/", "refsource": "MISC", "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/" }, { "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0767", "refsource": "MISC", "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0767" }, { "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0766", "refsource": "MISC", "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0766" } ] } } } }, "cveMetadata": { "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "assignerShortName": "schneider", "cveId": "CVE-2018-7855", "datePublished": "2019-05-22T20:03:17", "dateReserved": "2018-03-08T00:00:00", "dateUpdated": "2024-08-05T06:37:59.652Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-6809
Vulnerability from cvelistv5
Published
2019-09-17 19:50
Modified
2024-08-04 20:31
Severity ?
EPSS score ?
Summary
A CWE-248: Uncaught Exception vulnerability exists in Modicon M580 (firmware versions prior to V2.90), Modicon M340 (firmware versions prior to V3.10), Modicon Premium (all versions), Modicon Quantum (all versions), which could cause a possible denial of service when reading invalid data from the controller.
References
▼ | URL | Tags |
---|---|---|
https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/ | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Schneider Electric SE | Modicon M580 |
Version: firmware version prior to V2.90 |
||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T20:31:04.229Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Modicon M580", "vendor": "Schneider Electric SE", "versions": [ { "status": "affected", "version": "firmware version prior to V2.90" } ] }, { "product": "Modicon M340", "vendor": "Schneider Electric SE", "versions": [ { "status": "affected", "version": "firmware version prior to V3.10" } ] }, { "product": "Modicon Premium", "vendor": "Schneider Electric SE", "versions": [ { "status": "affected", "version": "all versions" } ] }, { "product": "Modicon Quantum", "vendor": "Schneider Electric SE", "versions": [ { "status": "affected", "version": "all versions" } ] } ], "descriptions": [ { "lang": "en", "value": "A CWE-248: Uncaught Exception vulnerability exists in Modicon M580 (firmware versions prior to V2.90), Modicon M340 (firmware versions prior to V3.10), Modicon Premium (all versions), Modicon Quantum (all versions), which could cause a possible denial of service when reading invalid data from the controller." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-248", "description": "CWE-248: Uncaught Exception", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2019-09-17T19:50:29", "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "shortName": "schneider" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cybersecurity@schneider-electric.com", "ID": "CVE-2019-6809", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Modicon M580", "version": { "version_data": [ { "version_value": "firmware version prior to V2.90" } ] } }, { "product_name": "Modicon M340", "version": { "version_data": [ { "version_value": "firmware version prior to V3.10" } ] } }, { "product_name": "Modicon Premium", "version": { "version_data": [ { "version_value": "all versions" } ] } }, { "product_name": "Modicon Quantum", "version": { "version_data": [ { "version_value": "all versions" } ] } } ] }, "vendor_name": "Schneider Electric SE" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A CWE-248: Uncaught Exception vulnerability exists in Modicon M580 (firmware versions prior to V2.90), Modicon M340 (firmware versions prior to V3.10), Modicon Premium (all versions), Modicon Quantum (all versions), which could cause a possible denial of service when reading invalid data from the controller." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-248: Uncaught Exception" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/", "refsource": "CONFIRM", "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/" } ] } } } }, "cveMetadata": { "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "assignerShortName": "schneider", "cveId": "CVE-2019-6809", "datePublished": "2019-09-17T19:50:29", "dateReserved": "2019-01-25T00:00:00", "dateUpdated": "2024-08-04T20:31:04.229Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2013-0663
Vulnerability from cvelistv5
Published
2013-04-04 10:00
Modified
2024-08-06 14:33
Severity ?
EPSS score ?
Summary
Cross-site request forgery (CSRF) vulnerability on the Schneider Electric Quantum 140NOE77111, 140NOE77101, and 140NWM10000; M340 BMXNOC0401, BMXNOE0100x, and BMXNOE011xx; and Premium TSXETY4103, TSXETY5103, and TSXWMY100 PLC modules allows remote attackers to hijack the authentication of arbitrary users for requests that execute commands, as demonstrated by modifying HTTP credentials.
References
▼ | URL | Tags |
---|---|---|
https://www.exploit-db.com/exploits/44678/ | exploit, x_refsource_EXPLOIT-DB | |
http://www.schneider-electric.com/download/ww/en/details/35081317-Vulnerability-Disclosure-for-Quantum-Premium-and-M340/ | x_refsource_CONFIRM | |
http://www.schneider-electric.com/download/ww/en/file/36555639-SEVD-2013-023-01.pdf/?fileName=SEVD-2013-023-01.pdf&reference=SEVD-2013-023-01&docType=Technical-paper | x_refsource_CONFIRM | |
http://ics-cert.us-cert.gov/pdf/ICSA-13-077-01A.pdf | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T14:33:05.456Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "44678", "tags": [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred" ], "url": "https://www.exploit-db.com/exploits/44678/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.schneider-electric.com/download/ww/en/details/35081317-Vulnerability-Disclosure-for-Quantum-Premium-and-M340/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.schneider-electric.com/download/ww/en/file/36555639-SEVD-2013-023-01.pdf/?fileName=SEVD-2013-023-01.pdf\u0026reference=SEVD-2013-023-01\u0026docType=Technical-paper" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://ics-cert.us-cert.gov/pdf/ICSA-13-077-01A.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2013-01-23T00:00:00", "descriptions": [ { "lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability on the Schneider Electric Quantum 140NOE77111, 140NOE77101, and 140NWM10000; M340 BMXNOC0401, BMXNOE0100x, and BMXNOE011xx; and Premium TSXETY4103, TSXETY5103, and TSXWMY100 PLC modules allows remote attackers to hijack the authentication of arbitrary users for requests that execute commands, as demonstrated by modifying HTTP credentials." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-05-23T09:57:01", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "name": "44678", "tags": [ "exploit", "x_refsource_EXPLOIT-DB" ], "url": "https://www.exploit-db.com/exploits/44678/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.schneider-electric.com/download/ww/en/details/35081317-Vulnerability-Disclosure-for-Quantum-Premium-and-M340/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.schneider-electric.com/download/ww/en/file/36555639-SEVD-2013-023-01.pdf/?fileName=SEVD-2013-023-01.pdf\u0026reference=SEVD-2013-023-01\u0026docType=Technical-paper" }, { "tags": [ "x_refsource_MISC" ], "url": "http://ics-cert.us-cert.gov/pdf/ICSA-13-077-01A.pdf" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2013-0663", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Cross-site request forgery (CSRF) vulnerability on the Schneider Electric Quantum 140NOE77111, 140NOE77101, and 140NWM10000; M340 BMXNOC0401, BMXNOE0100x, and BMXNOE011xx; and Premium TSXETY4103, TSXETY5103, and TSXWMY100 PLC modules allows remote attackers to hijack the authentication of arbitrary users for requests that execute commands, as demonstrated by modifying HTTP credentials." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "44678", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/44678/" }, { "name": "http://www.schneider-electric.com/download/ww/en/details/35081317-Vulnerability-Disclosure-for-Quantum-Premium-and-M340/", "refsource": "CONFIRM", "url": "http://www.schneider-electric.com/download/ww/en/details/35081317-Vulnerability-Disclosure-for-Quantum-Premium-and-M340/" }, { "name": "http://www.schneider-electric.com/download/ww/en/file/36555639-SEVD-2013-023-01.pdf/?fileName=SEVD-2013-023-01.pdf\u0026reference=SEVD-2013-023-01\u0026docType=Technical-paper", "refsource": "CONFIRM", "url": "http://www.schneider-electric.com/download/ww/en/file/36555639-SEVD-2013-023-01.pdf/?fileName=SEVD-2013-023-01.pdf\u0026reference=SEVD-2013-023-01\u0026docType=Technical-paper" }, { "name": "http://ics-cert.us-cert.gov/pdf/ICSA-13-077-01A.pdf", "refsource": "MISC", "url": "http://ics-cert.us-cert.gov/pdf/ICSA-13-077-01A.pdf" } ] } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2013-0663", "datePublished": "2013-04-04T10:00:00", "dateReserved": "2012-12-19T00:00:00", "dateUpdated": "2024-08-06T14:33:05.456Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-6807
Vulnerability from cvelistv5
Published
2019-05-22 20:05
Modified
2024-08-04 20:31
Severity ?
EPSS score ?
Summary
A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a possible denial of service when writing sensitive application variables to the controller over Modbus.
References
▼ | URL | Tags |
---|---|---|
https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/ | x_refsource_MISC | |
https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0770 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Modicon M580 Modicon M340 Modicon Quantum Modicon Premium |
Version: Modicon M580 Modicon M340 Modicon Quantum Modicon Premium |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T20:31:04.152Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0770" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Modicon M580 Modicon M340 Modicon Quantum Modicon Premium", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Modicon M580 Modicon M340 Modicon Quantum Modicon Premium" } ] } ], "descriptions": [ { "lang": "en", "value": "A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a possible denial of service when writing sensitive application variables to the controller over Modbus." } ], "problemTypes": [ { "descriptions": [ { "description": "Multiple Vulnerabilities", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-06-10T17:06:04", "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "shortName": "schneider" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0770" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cybersecurity@schneider-electric.com", "ID": "CVE-2019-6807", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Modicon M580 Modicon M340 Modicon Quantum Modicon Premium", "version": { "version_data": [ { "version_value": "Modicon M580 Modicon M340 Modicon Quantum Modicon Premium" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a possible denial of service when writing sensitive application variables to the controller over Modbus." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Multiple Vulnerabilities" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/", "refsource": "MISC", "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/" }, { "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0770", "refsource": "MISC", "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0770" } ] } } } }, "cveMetadata": { "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "assignerShortName": "schneider", "cveId": "CVE-2019-6807", "datePublished": "2019-05-22T20:05:13", "dateReserved": "2019-01-25T00:00:00", "dateUpdated": "2024-08-04T20:31:04.152Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-7844
Vulnerability from cvelistv5
Published
2019-05-22 20:06
Modified
2024-08-05 06:37
Severity ?
EPSS score ?
Summary
A CWE-200: Information Exposure vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause the disclosure of SNMP information when reading memory blocks from the controller over Modbus.
References
▼ | URL | Tags |
---|---|---|
https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/ | x_refsource_MISC | |
https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0739 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Modicon M580 Modicon M340 Modicon Quantum Modicon Premium |
Version: Modicon M580 Modicon M340 Modicon Quantum Modicon Premium |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T06:37:59.563Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0739" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Modicon M580 Modicon M340 Modicon Quantum Modicon Premium", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Modicon M580 Modicon M340 Modicon Quantum Modicon Premium" } ] } ], "descriptions": [ { "lang": "en", "value": "A CWE-200: Information Exposure vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause the disclosure of SNMP information when reading memory blocks from the controller over Modbus." } ], "problemTypes": [ { "descriptions": [ { "description": "Multiple Vulnerabilities", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-06-10T16:06:06", "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "shortName": "schneider" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0739" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cybersecurity@schneider-electric.com", "ID": "CVE-2018-7844", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Modicon M580 Modicon M340 Modicon Quantum Modicon Premium", "version": { "version_data": [ { "version_value": "Modicon M580 Modicon M340 Modicon Quantum Modicon Premium" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A CWE-200: Information Exposure vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause the disclosure of SNMP information when reading memory blocks from the controller over Modbus." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Multiple Vulnerabilities" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/", "refsource": "MISC", "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/" }, { "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0739", "refsource": "MISC", "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0739" } ] } } } }, "cveMetadata": { "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "assignerShortName": "schneider", "cveId": "CVE-2018-7844", "datePublished": "2019-05-22T20:06:09", "dateReserved": "2018-03-08T00:00:00", "dateUpdated": "2024-08-05T06:37:59.563Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-7847
Vulnerability from cvelistv5
Published
2019-05-22 20:00
Modified
2024-08-05 06:37
Severity ?
EPSS score ?
Summary
A CWE-284: Improper Access Control vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service or potential code execution by overwriting configuration settings of the controller over Modbus.
References
▼ | URL | Tags |
---|---|---|
https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/ | x_refsource_MISC | |
https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0742 | x_refsource_MISC | |
https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0743 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Modicon M580 Modicon M340 Modicon Quantum Modicon Premium |
Version: Modicon M580 Modicon M340 Modicon Quantum Modicon Premium |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T06:37:59.510Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0742" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0743" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Modicon M580 Modicon M340 Modicon Quantum Modicon Premium", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Modicon M580 Modicon M340 Modicon Quantum Modicon Premium" } ] } ], "descriptions": [ { "lang": "en", "value": "A CWE-284: Improper Access Control vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service or potential code execution by overwriting configuration settings of the controller over Modbus." } ], "problemTypes": [ { "descriptions": [ { "description": "Multiple Vulnerabilities", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-06-10T16:06:06", "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "shortName": "schneider" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0742" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0743" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cybersecurity@schneider-electric.com", "ID": "CVE-2018-7847", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Modicon M580 Modicon M340 Modicon Quantum Modicon Premium", "version": { "version_data": [ { "version_value": "Modicon M580 Modicon M340 Modicon Quantum Modicon Premium" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A CWE-284: Improper Access Control vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service or potential code execution by overwriting configuration settings of the controller over Modbus." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Multiple Vulnerabilities" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/", "refsource": "MISC", "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/" }, { "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0742", "refsource": "MISC", "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0742" }, { "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0743", "refsource": "MISC", "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0743" } ] } } } }, "cveMetadata": { "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "assignerShortName": "schneider", "cveId": "CVE-2018-7847", "datePublished": "2019-05-22T20:00:04", "dateReserved": "2018-03-08T00:00:00", "dateUpdated": "2024-08-05T06:37:59.510Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-6806
Vulnerability from cvelistv5
Published
2019-05-22 20:04
Modified
2024-08-04 20:31
Severity ?
EPSS score ?
Summary
A CWE-200: Information Exposure vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause the disclosure of SNMP information when reading variables in the controller using Modbus.
References
▼ | URL | Tags |
---|---|---|
https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/ | x_refsource_MISC | |
https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0769 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Modicon M580 Modicon M340 Modicon Quantum Modicon Premium |
Version: Modicon M580 Modicon M340 Modicon Quantum Modicon Premium |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T20:31:04.311Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0769" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Modicon M580 Modicon M340 Modicon Quantum Modicon Premium", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Modicon M580 Modicon M340 Modicon Quantum Modicon Premium" } ] } ], "descriptions": [ { "lang": "en", "value": "A CWE-200: Information Exposure vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause the disclosure of SNMP information when reading variables in the controller using Modbus." } ], "problemTypes": [ { "descriptions": [ { "description": "Multiple Vulnerabilities", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-06-10T17:06:04", "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "shortName": "schneider" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0769" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cybersecurity@schneider-electric.com", "ID": "CVE-2019-6806", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Modicon M580 Modicon M340 Modicon Quantum Modicon Premium", "version": { "version_data": [ { "version_value": "Modicon M580 Modicon M340 Modicon Quantum Modicon Premium" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A CWE-200: Information Exposure vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause the disclosure of SNMP information when reading variables in the controller using Modbus." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Multiple Vulnerabilities" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/", "refsource": "MISC", "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/" }, { "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0769", "refsource": "MISC", "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0769" } ] } } } }, "cveMetadata": { "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "assignerShortName": "schneider", "cveId": "CVE-2019-6806", "datePublished": "2019-05-22T20:04:46", "dateReserved": "2019-01-25T00:00:00", "dateUpdated": "2024-08-04T20:31:04.311Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-6819
Vulnerability from cvelistv5
Published
2019-05-22 19:45
Modified
2024-08-04 20:31
Severity ?
EPSS score ?
Summary
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists which could cause a possible Denial of Service when specific Modbus frames are sent to the controller in the products: Modicon M340 - firmware versions prior to V3.01, Modicon M580 - firmware versions prior to V2.80, All firmware versions of Modicon Quantum and Modicon Premium.
References
▼ | URL | Tags |
---|---|---|
https://www.schneider-electric.com/en/download/document/SEVD-2019-134-05/ | x_refsource_MISC | |
http://www.securityfocus.com/bid/109004 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Modicon Controllers, Modicon M340 - firmware versions prior to V3.01 Modicon M580 - firmware versions prior to V2.80 All firmware versions of Modicon Quantum and Modicon Premium |
Version: Modicon Controllers, Modicon M340 - firmware versions prior to V3.01 Modicon M580 - firmware versions prior to V2.80 All firmware versions of Modicon Quantum and Modicon Premium |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T20:31:04.277Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-05/" }, { "name": "109004", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/109004" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Modicon Controllers, Modicon M340 - firmware versions prior to V3.01 Modicon M580 - firmware versions prior to V2.80 All firmware versions of Modicon Quantum and Modicon Premium", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Modicon Controllers, Modicon M340 - firmware versions prior to V3.01 Modicon M580 - firmware versions prior to V2.80 All firmware versions of Modicon Quantum and Modicon Premium" } ] } ], "descriptions": [ { "lang": "en", "value": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists which could cause a possible Denial of Service when specific Modbus frames are sent to the controller in the products: Modicon M340 - firmware versions prior to V3.01, Modicon M580 - firmware versions prior to V2.80, All firmware versions of Modicon Quantum and Modicon Premium." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-754", "description": "CWE-754: Improper Check for Unusual or Exceptional Conditions", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2019-07-03T13:06:07", "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "shortName": "schneider" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-05/" }, { "name": "109004", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/109004" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cybersecurity@schneider-electric.com", "ID": "CVE-2019-6819", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Modicon Controllers, Modicon M340 - firmware versions prior to V3.01 Modicon M580 - firmware versions prior to V2.80 All firmware versions of Modicon Quantum and Modicon Premium", "version": { "version_data": [ { "version_value": "Modicon Controllers, Modicon M340 - firmware versions prior to V3.01 Modicon M580 - firmware versions prior to V2.80 All firmware versions of Modicon Quantum and Modicon Premium" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists which could cause a possible Denial of Service when specific Modbus frames are sent to the controller in the products: Modicon M340 - firmware versions prior to V3.01, Modicon M580 - firmware versions prior to V2.80, All firmware versions of Modicon Quantum and Modicon Premium." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-754: Improper Check for Unusual or Exceptional Conditions" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-05/", "refsource": "MISC", "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-05/" }, { "name": "109004", "refsource": "BID", "url": "http://www.securityfocus.com/bid/109004" } ] } } } }, "cveMetadata": { "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "assignerShortName": "schneider", "cveId": "CVE-2019-6819", "datePublished": "2019-05-22T19:45:08", "dateReserved": "2019-01-25T00:00:00", "dateUpdated": "2024-08-04T20:31:04.277Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-7848
Vulnerability from cvelistv5
Published
2019-05-22 19:59
Modified
2024-08-05 06:37
Severity ?
EPSS score ?
Summary
A CWE-200: Information Exposure vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause the disclosure of SNMP information when reading files from the controller over Modbus
References
▼ | URL | Tags |
---|---|---|
https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/ | x_refsource_MISC | |
https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0740 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Modicon M580 Modicon M340 Modicon Quantum Modicon Premium |
Version: Modicon M580 Modicon M340 Modicon Quantum Modicon Premium |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T06:37:59.566Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0740" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Modicon M580 Modicon M340 Modicon Quantum Modicon Premium", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Modicon M580 Modicon M340 Modicon Quantum Modicon Premium" } ] } ], "descriptions": [ { "lang": "en", "value": "A CWE-200: Information Exposure vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause the disclosure of SNMP information when reading files from the controller over Modbus" } ], "problemTypes": [ { "descriptions": [ { "description": "Multiple Vulnerabilities", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-06-10T16:06:06", "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "shortName": "schneider" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0740" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cybersecurity@schneider-electric.com", "ID": "CVE-2018-7848", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Modicon M580 Modicon M340 Modicon Quantum Modicon Premium", "version": { "version_data": [ { "version_value": "Modicon M580 Modicon M340 Modicon Quantum Modicon Premium" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A CWE-200: Information Exposure vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause the disclosure of SNMP information when reading files from the controller over Modbus" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Multiple Vulnerabilities" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/", "refsource": "MISC", "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/" }, { "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0740", "refsource": "MISC", "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0740" } ] } } } }, "cveMetadata": { "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "assignerShortName": "schneider", "cveId": "CVE-2018-7848", "datePublished": "2019-05-22T19:59:26", "dateReserved": "2018-03-08T00:00:00", "dateUpdated": "2024-08-05T06:37:59.566Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-7856
Vulnerability from cvelistv5
Published
2019-05-22 20:03
Modified
2024-08-05 06:37
Severity ?
EPSS score ?
Summary
A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a possible denial of Service when writing invalid memory blocks to the controller over Modbus.
References
▼ | URL | Tags |
---|---|---|
https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/ | x_refsource_MISC | |
https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0767 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Modicon M580 Modicon M340 Modicon Quantum Modicon Premium |
Version: Modicon M580 Modicon M340 Modicon Quantum Modicon Premium |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T06:37:59.599Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0767" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Modicon M580 Modicon M340 Modicon Quantum Modicon Premium", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Modicon M580 Modicon M340 Modicon Quantum Modicon Premium" } ] } ], "descriptions": [ { "lang": "en", "value": "A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a possible denial of Service when writing invalid memory blocks to the controller over Modbus." } ], "problemTypes": [ { "descriptions": [ { "description": "Multiple Vulnerabilities", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-06-11T18:06:08", "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "shortName": "schneider" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0767" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cybersecurity@schneider-electric.com", "ID": "CVE-2018-7856", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Modicon M580 Modicon M340 Modicon Quantum Modicon Premium", "version": { "version_data": [ { "version_value": "Modicon M580 Modicon M340 Modicon Quantum Modicon Premium" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a possible denial of Service when writing invalid memory blocks to the controller over Modbus." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Multiple Vulnerabilities" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/", "refsource": "MISC", "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/" }, { "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0767", "refsource": "MISC", "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0767" } ] } } } }, "cveMetadata": { "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "assignerShortName": "schneider", "cveId": "CVE-2018-7856", "datePublished": "2019-05-22T20:03:45", "dateReserved": "2018-03-08T00:00:00", "dateUpdated": "2024-08-05T06:37:59.599Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-7849
Vulnerability from cvelistv5
Published
2019-05-22 19:58
Modified
2024-08-05 06:37
Severity ?
EPSS score ?
Summary
A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum and Modicon Premium which could cause a possible Denial of Service due to improper data integrity check when sending files the controller over Modbus.
References
▼ | URL | Tags |
---|---|---|
https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/ | x_refsource_MISC | |
https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0737 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Modicon M580 Modicon M340 Modicon Quantum Modicon Premium |
Version: Modicon M580 Modicon M340 Modicon Quantum Modicon Premium |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T06:37:59.761Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0737" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Modicon M580 Modicon M340 Modicon Quantum Modicon Premium", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Modicon M580 Modicon M340 Modicon Quantum Modicon Premium" } ] } ], "descriptions": [ { "lang": "en", "value": "A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum and Modicon Premium which could cause a possible Denial of Service due to improper data integrity check when sending files the controller over Modbus." } ], "problemTypes": [ { "descriptions": [ { "description": "Multiple Vulnerabilities", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-06-10T16:06:06", "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "shortName": "schneider" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0737" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cybersecurity@schneider-electric.com", "ID": "CVE-2018-7849", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Modicon M580 Modicon M340 Modicon Quantum Modicon Premium", "version": { "version_data": [ { "version_value": "Modicon M580 Modicon M340 Modicon Quantum Modicon Premium" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum and Modicon Premium which could cause a possible Denial of Service due to improper data integrity check when sending files the controller over Modbus." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Multiple Vulnerabilities" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/", "refsource": "MISC", "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/" }, { "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0737", "refsource": "MISC", "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0737" } ] } } } }, "cveMetadata": { "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "assignerShortName": "schneider", "cveId": "CVE-2018-7849", "datePublished": "2019-05-22T19:58:16", "dateReserved": "2018-03-08T00:00:00", "dateUpdated": "2024-08-05T06:37:59.761Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-7851
Vulnerability from cvelistv5
Published
2019-05-22 19:56
Modified
2024-08-05 06:37
Severity ?
EPSS score ?
Summary
CWE-119: Buffer errors vulnerability exists in Modicon M580 with firmware prior to V2.50, Modicon M340 with firmware prior to V3.01, BMxCRA312xx with firmware prior to V2.40, All firmware versions of Modicon Premium and 140CRA312xxx when sending a specially crafted Modbus packet, which could cause a denial of service to the device that would force a restart to restore availability.
References
▼ | URL | Tags |
---|---|---|
https://www.schneider-electric.com/en/download/document/SEVD-2019-134-10/ | x_refsource_MISC |
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Modicon M580 with firmware prior to V2.50 Modicon M340 with firmware prior to V3.01 BMxCRA312xx with firmware prior to V2.40 All firmware versions of Modicon Premium and 140CRA312xxx |
Version: Modicon M580 with firmware prior to V2.50 Modicon M340 with firmware prior to V3.01 BMxCRA312xx with firmware prior to V2.40 All firmware versions of Modicon Premium and 140CRA312xxx |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T06:37:59.635Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-10/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Modicon M580 with firmware prior to V2.50 Modicon M340 with firmware prior to V3.01 BMxCRA312xx with firmware prior to V2.40 All firmware versions of Modicon Premium and 140CRA312xxx", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Modicon M580 with firmware prior to V2.50 Modicon M340 with firmware prior to V3.01 BMxCRA312xx with firmware prior to V2.40 All firmware versions of Modicon Premium and 140CRA312xxx" } ] } ], "descriptions": [ { "lang": "en", "value": "CWE-119: Buffer errors vulnerability exists in Modicon M580 with firmware prior to V2.50, Modicon M340 with firmware prior to V3.01, BMxCRA312xx with firmware prior to V2.40, All firmware versions of Modicon Premium and 140CRA312xxx when sending a specially crafted Modbus packet, which could cause a denial of service to the device that would force a restart to restore availability." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-119", "description": "CWE-119: Buffer errors", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2019-05-22T19:56:24", "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "shortName": "schneider" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-10/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cybersecurity@schneider-electric.com", "ID": "CVE-2018-7851", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Modicon M580 with firmware prior to V2.50 Modicon M340 with firmware prior to V3.01 BMxCRA312xx with firmware prior to V2.40 All firmware versions of Modicon Premium and 140CRA312xxx", "version": { "version_data": [ { "version_value": "Modicon M580 with firmware prior to V2.50 Modicon M340 with firmware prior to V3.01 BMxCRA312xx with firmware prior to V2.40 All firmware versions of Modicon Premium and 140CRA312xxx" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "CWE-119: Buffer errors vulnerability exists in Modicon M580 with firmware prior to V2.50, Modicon M340 with firmware prior to V3.01, BMxCRA312xx with firmware prior to V2.40, All firmware versions of Modicon Premium and 140CRA312xxx when sending a specially crafted Modbus packet, which could cause a denial of service to the device that would force a restart to restore availability." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-119: Buffer errors" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-10/", "refsource": "MISC", "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-10/" } ] } } } }, "cveMetadata": { "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "assignerShortName": "schneider", "cveId": "CVE-2018-7851", "datePublished": "2019-05-22T19:56:24", "dateReserved": "2018-03-08T00:00:00", "dateUpdated": "2024-08-05T06:37:59.635Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-7852
Vulnerability from cvelistv5
Published
2019-05-22 20:01
Modified
2024-08-05 06:37
Severity ?
EPSS score ?
Summary
A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service when an invalid private command parameter is sent to the controller over Modbus.
References
▼ | URL | Tags |
---|---|---|
https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/ | x_refsource_MISC | |
https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0763 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Modicon M580 Modicon M340 Modicon Quantum Modicon Premium |
Version: Modicon M580 Modicon M340 Modicon Quantum Modicon Premium |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T06:37:59.655Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0763" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Modicon M580 Modicon M340 Modicon Quantum Modicon Premium", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Modicon M580 Modicon M340 Modicon Quantum Modicon Premium" } ] } ], "descriptions": [ { "lang": "en", "value": "A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service when an invalid private command parameter is sent to the controller over Modbus." } ], "problemTypes": [ { "descriptions": [ { "description": "Multiple Vulnerabilities", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-06-10T16:06:06", "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "shortName": "schneider" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0763" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cybersecurity@schneider-electric.com", "ID": "CVE-2018-7852", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Modicon M580 Modicon M340 Modicon Quantum Modicon Premium", "version": { "version_data": [ { "version_value": "Modicon M580 Modicon M340 Modicon Quantum Modicon Premium" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service when an invalid private command parameter is sent to the controller over Modbus." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Multiple Vulnerabilities" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/", "refsource": "MISC", "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/" }, { "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0763", "refsource": "MISC", "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0763" } ] } } } }, "cveMetadata": { "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "assignerShortName": "schneider", "cveId": "CVE-2018-7852", "datePublished": "2019-05-22T20:01:12", "dateReserved": "2018-03-08T00:00:00", "dateUpdated": "2024-08-05T06:37:59.655Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2013-0664
Vulnerability from cvelistv5
Published
2013-04-04 10:00
Modified
2024-09-16 19:30
Severity ?
EPSS score ?
Summary
The FactoryCast service on the Schneider Electric Quantum 140NOE77111 and 140NWM10000, M340 BMXNOE0110x, and Premium TSXETY5103 PLC modules allows remote authenticated users to send Modbus messages, and consequently execute arbitrary code, by embedding these messages in SOAP HTTP POST requests.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T14:33:05.668Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.schneider-electric.com/download/ww/en/details/35081317-Vulnerability-Disclosure-for-Quantum-Premium-and-M340/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.schneider-electric.com/download/ww/en/file/36555639-SEVD-2013-023-01.pdf/?fileName=SEVD-2013-023-01.pdf\u0026reference=SEVD-2013-023-01\u0026docType=Technical-paper" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://ics-cert.us-cert.gov/pdf/ICSA-13-077-01A.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "The FactoryCast service on the Schneider Electric Quantum 140NOE77111 and 140NWM10000, M340 BMXNOE0110x, and Premium TSXETY5103 PLC modules allows remote authenticated users to send Modbus messages, and consequently execute arbitrary code, by embedding these messages in SOAP HTTP POST requests." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2013-04-04T10:00:00Z", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.schneider-electric.com/download/ww/en/details/35081317-Vulnerability-Disclosure-for-Quantum-Premium-and-M340/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.schneider-electric.com/download/ww/en/file/36555639-SEVD-2013-023-01.pdf/?fileName=SEVD-2013-023-01.pdf\u0026reference=SEVD-2013-023-01\u0026docType=Technical-paper" }, { "tags": [ "x_refsource_MISC" ], "url": "http://ics-cert.us-cert.gov/pdf/ICSA-13-077-01A.pdf" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2013-0664", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The FactoryCast service on the Schneider Electric Quantum 140NOE77111 and 140NWM10000, M340 BMXNOE0110x, and Premium TSXETY5103 PLC modules allows remote authenticated users to send Modbus messages, and consequently execute arbitrary code, by embedding these messages in SOAP HTTP POST requests." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://www.schneider-electric.com/download/ww/en/details/35081317-Vulnerability-Disclosure-for-Quantum-Premium-and-M340/", "refsource": "CONFIRM", "url": "http://www.schneider-electric.com/download/ww/en/details/35081317-Vulnerability-Disclosure-for-Quantum-Premium-and-M340/" }, { "name": "http://www.schneider-electric.com/download/ww/en/file/36555639-SEVD-2013-023-01.pdf/?fileName=SEVD-2013-023-01.pdf\u0026reference=SEVD-2013-023-01\u0026docType=Technical-paper", "refsource": "CONFIRM", "url": "http://www.schneider-electric.com/download/ww/en/file/36555639-SEVD-2013-023-01.pdf/?fileName=SEVD-2013-023-01.pdf\u0026reference=SEVD-2013-023-01\u0026docType=Technical-paper" }, { "name": "http://ics-cert.us-cert.gov/pdf/ICSA-13-077-01A.pdf", "refsource": "MISC", "url": "http://ics-cert.us-cert.gov/pdf/ICSA-13-077-01A.pdf" } ] } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2013-0664", "datePublished": "2013-04-04T10:00:00Z", "dateReserved": "2012-12-19T00:00:00Z", "dateUpdated": "2024-09-16T19:30:03.282Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-7857
Vulnerability from cvelistv5
Published
2019-05-22 20:04
Modified
2024-08-05 06:37
Severity ?
EPSS score ?
Summary
A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a possible Denial of Service when writing out of bounds variables to the controller over Modbus.
References
▼ | URL | Tags |
---|---|---|
https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/ | x_refsource_MISC | |
https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0768 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Modicon M580 Modicon M340 Modicon Quantum Modicon Premium |
Version: Modicon M580 Modicon M340 Modicon Quantum Modicon Premium |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T06:37:59.621Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0768" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Modicon M580 Modicon M340 Modicon Quantum Modicon Premium", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Modicon M580 Modicon M340 Modicon Quantum Modicon Premium" } ] } ], "descriptions": [ { "lang": "en", "value": "A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a possible Denial of Service when writing out of bounds variables to the controller over Modbus." } ], "problemTypes": [ { "descriptions": [ { "description": "Multiple Vulnerabilities", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-06-10T17:06:04", "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "shortName": "schneider" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0768" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cybersecurity@schneider-electric.com", "ID": "CVE-2018-7857", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Modicon M580 Modicon M340 Modicon Quantum Modicon Premium", "version": { "version_data": [ { "version_value": "Modicon M580 Modicon M340 Modicon Quantum Modicon Premium" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a possible Denial of Service when writing out of bounds variables to the controller over Modbus." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Multiple Vulnerabilities" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/", "refsource": "MISC", "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/" }, { "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0768", "refsource": "MISC", "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0768" } ] } } } }, "cveMetadata": { "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "assignerShortName": "schneider", "cveId": "CVE-2018-7857", "datePublished": "2019-05-22T20:04:10", "dateReserved": "2018-03-08T00:00:00", "dateUpdated": "2024-08-05T06:37:59.621Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-6808
Vulnerability from cvelistv5
Published
2019-05-22 20:05
Modified
2024-08-04 20:31
Severity ?
EPSS score ?
Summary
A CWE-284: Improper Access Control vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a remote code execution by overwriting configuration settings of the controller over Modbus.
References
▼ | URL | Tags |
---|---|---|
https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/ | x_refsource_MISC | |
https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0771 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Modicon M580 Modicon M340 Modicon Quantum Modicon Premium |
Version: Modicon M580 Modicon M340 Modicon Quantum Modicon Premium |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T20:31:04.192Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0771" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Modicon M580 Modicon M340 Modicon Quantum Modicon Premium", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Modicon M580 Modicon M340 Modicon Quantum Modicon Premium" } ] } ], "descriptions": [ { "lang": "en", "value": "A CWE-284: Improper Access Control vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a remote code execution by overwriting configuration settings of the controller over Modbus." } ], "problemTypes": [ { "descriptions": [ { "description": "Multiple Vulnerabilities", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-06-10T17:06:04", "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "shortName": "schneider" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0771" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cybersecurity@schneider-electric.com", "ID": "CVE-2019-6808", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Modicon M580 Modicon M340 Modicon Quantum Modicon Premium", "version": { "version_data": [ { "version_value": "Modicon M580 Modicon M340 Modicon Quantum Modicon Premium" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A CWE-284: Improper Access Control vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a remote code execution by overwriting configuration settings of the controller over Modbus." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Multiple Vulnerabilities" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/", "refsource": "MISC", "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/" }, { "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0771", "refsource": "MISC", "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0771" } ] } } } }, "cveMetadata": { "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "assignerShortName": "schneider", "cveId": "CVE-2019-6808", "datePublished": "2019-05-22T20:05:50", "dateReserved": "2019-01-25T00:00:00", "dateUpdated": "2024-08-04T20:31:04.192Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-6828
Vulnerability from cvelistv5
Published
2019-09-17 19:59
Modified
2024-08-04 20:31
Severity ?
EPSS score ?
Summary
A CWE-248: Uncaught Exception vulnerability exists Modicon M580 (firmware version prior to V2.90), Modicon M340 (firmware version prior to V3.10), Modicon Premium (all versions), and Modicon Quantum (all versions), which could cause a possible denial of service when reading specific coils and registers in the controller over Modbus.
References
▼ | URL | Tags |
---|---|---|
https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/ | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Schneider Electric SE | Modicon M580 |
Version: firmware version prior to V2.90 |
||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T20:31:04.247Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Modicon M580", "vendor": "Schneider Electric SE", "versions": [ { "status": "affected", "version": "firmware version prior to V2.90" } ] }, { "product": "Modicon M340", "vendor": "Schneider Electric SE", "versions": [ { "status": "affected", "version": "firmware version prior to V3.10" } ] }, { "product": "Modicon Premium", "vendor": "Schneider Electric SE", "versions": [ { "status": "affected", "version": "all versions" } ] }, { "product": "Modicon Quantum", "vendor": "Schneider Electric SE", "versions": [ { "status": "affected", "version": "all versions" } ] } ], "descriptions": [ { "lang": "en", "value": "A CWE-248: Uncaught Exception vulnerability exists Modicon M580 (firmware version prior to V2.90), Modicon M340 (firmware version prior to V3.10), Modicon Premium (all versions), and Modicon Quantum (all versions), which could cause a possible denial of service when reading specific coils and registers in the controller over Modbus." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-248", "description": "CWE-248: Uncaught Exception", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2019-09-17T19:59:33", "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "shortName": "schneider" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cybersecurity@schneider-electric.com", "ID": "CVE-2019-6828", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Modicon M580", "version": { "version_data": [ { "version_value": "firmware version prior to V2.90" } ] } }, { "product_name": "Modicon M340", "version": { "version_data": [ { "version_value": "firmware version prior to V3.10" } ] } }, { "product_name": "Modicon Premium", "version": { "version_data": [ { "version_value": "all versions" } ] } }, { "product_name": "Modicon Quantum", "version": { "version_data": [ { "version_value": "all versions" } ] } } ] }, "vendor_name": "Schneider Electric SE" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A CWE-248: Uncaught Exception vulnerability exists Modicon M580 (firmware version prior to V2.90), Modicon M340 (firmware version prior to V3.10), Modicon Premium (all versions), and Modicon Quantum (all versions), which could cause a possible denial of service when reading specific coils and registers in the controller over Modbus." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-248: Uncaught Exception" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/", "refsource": "CONFIRM", "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/" } ] } } } }, "cveMetadata": { "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "assignerShortName": "schneider", "cveId": "CVE-2019-6828", "datePublished": "2019-09-17T19:59:33", "dateReserved": "2019-01-25T00:00:00", "dateUpdated": "2024-08-04T20:31:04.247Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-7842
Vulnerability from cvelistv5
Published
2019-05-22 19:59
Modified
2024-08-05 06:37
Severity ?
EPSS score ?
Summary
A CWE-290: Authentication Bypass by Spoofing vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause an elevation of privilege by conducting a brute force attack on Modbus parameters sent to the controller.
References
▼ | URL | Tags |
---|---|---|
https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/ | x_refsource_MISC | |
https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0741 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Modicon M580 Modicon M340 Modicon Quantum Modicon Premium |
Version: Modicon M580 Modicon M340 Modicon Quantum Modicon Premium |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T06:37:59.544Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0741" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Modicon M580 Modicon M340 Modicon Quantum Modicon Premium", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Modicon M580 Modicon M340 Modicon Quantum Modicon Premium" } ] } ], "descriptions": [ { "lang": "en", "value": "A CWE-290: Authentication Bypass by Spoofing vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause an elevation of privilege by conducting a brute force attack on Modbus parameters sent to the controller." } ], "problemTypes": [ { "descriptions": [ { "description": "Multiple Vulnerabilities", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-06-10T16:06:04", "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "shortName": "schneider" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0741" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cybersecurity@schneider-electric.com", "ID": "CVE-2018-7842", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Modicon M580 Modicon M340 Modicon Quantum Modicon Premium", "version": { "version_data": [ { "version_value": "Modicon M580 Modicon M340 Modicon Quantum Modicon Premium" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A CWE-290: Authentication Bypass by Spoofing vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause an elevation of privilege by conducting a brute force attack on Modbus parameters sent to the controller." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Multiple Vulnerabilities" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/", "refsource": "MISC", "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/" }, { "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0741", "refsource": "MISC", "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0741" } ] } } } }, "cveMetadata": { "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "assignerShortName": "schneider", "cveId": "CVE-2018-7842", "datePublished": "2019-05-22T19:59:46", "dateReserved": "2018-03-08T00:00:00", "dateUpdated": "2024-08-05T06:37:59.544Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-7845
Vulnerability from cvelistv5
Published
2019-05-22 20:00
Modified
2024-08-05 06:37
Severity ?
EPSS score ?
Summary
A CWE-125: Out-of-bounds Read vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause the disclosure of unexpected data from the controller when reading specific memory blocks in the controller over Modbus.
References
▼ | URL | Tags |
---|---|---|
https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/ | x_refsource_MISC | |
https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0745 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Modicon M580 Modicon M340 Modicon Quantum Modicon Premium |
Version: Modicon M580 Modicon M340 Modicon Quantum Modicon Premium |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T06:37:59.558Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0745" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Modicon M580 Modicon M340 Modicon Quantum Modicon Premium", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Modicon M580 Modicon M340 Modicon Quantum Modicon Premium" } ] } ], "descriptions": [ { "lang": "en", "value": "A CWE-125: Out-of-bounds Read vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause the disclosure of unexpected data from the controller when reading specific memory blocks in the controller over Modbus." } ], "problemTypes": [ { "descriptions": [ { "description": "Multiple Vulnerabilities", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-06-10T16:06:05", "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "shortName": "schneider" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0745" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cybersecurity@schneider-electric.com", "ID": "CVE-2018-7845", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Modicon M580 Modicon M340 Modicon Quantum Modicon Premium", "version": { "version_data": [ { "version_value": "Modicon M580 Modicon M340 Modicon Quantum Modicon Premium" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A CWE-125: Out-of-bounds Read vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause the disclosure of unexpected data from the controller when reading specific memory blocks in the controller over Modbus." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Multiple Vulnerabilities" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/", "refsource": "MISC", "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/" }, { "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0745", "refsource": "MISC", "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0745" } ] } } } }, "cveMetadata": { "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "assignerShortName": "schneider", "cveId": "CVE-2018-7845", "datePublished": "2019-05-22T20:00:49", "dateReserved": "2018-03-08T00:00:00", "dateUpdated": "2024-08-05T06:37:59.558Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-7853
Vulnerability from cvelistv5
Published
2019-05-22 20:02
Modified
2024-08-05 06:37
Severity ?
EPSS score ?
Summary
A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service when reading invalid physical memory blocks in the controller over Modbus
References
▼ | URL | Tags |
---|---|---|
https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/ | x_refsource_MISC | |
https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0764 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Modicon M580 Modicon M340 Modicon Quantum Modicon Premium |
Version: Modicon M580 Modicon M340 Modicon Quantum Modicon Premium |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T06:37:59.636Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0764" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Modicon M580 Modicon M340 Modicon Quantum Modicon Premium", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Modicon M580 Modicon M340 Modicon Quantum Modicon Premium" } ] } ], "descriptions": [ { "lang": "en", "value": "A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service when reading invalid physical memory blocks in the controller over Modbus" } ], "problemTypes": [ { "descriptions": [ { "description": "Multiple Vulnerabilities", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-06-10T17:06:04", "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "shortName": "schneider" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0764" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cybersecurity@schneider-electric.com", "ID": "CVE-2018-7853", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Modicon M580 Modicon M340 Modicon Quantum Modicon Premium", "version": { "version_data": [ { "version_value": "Modicon M580 Modicon M340 Modicon Quantum Modicon Premium" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service when reading invalid physical memory blocks in the controller over Modbus" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Multiple Vulnerabilities" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/", "refsource": "MISC", "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/" }, { "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0764", "refsource": "MISC", "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0764" } ] } } } }, "cveMetadata": { "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "assignerShortName": "schneider", "cveId": "CVE-2018-7853", "datePublished": "2019-05-22T20:02:11", "dateReserved": "2018-03-08T00:00:00", "dateUpdated": "2024-08-05T06:37:59.636Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-6821
Vulnerability from cvelistv5
Published
2019-05-22 19:42
Modified
2024-08-04 20:31
Severity ?
EPSS score ?
Summary
CWE-330: Use of Insufficiently Random Values vulnerability, which could cause the hijacking of the TCP connection when using Ethernet communication in Modicon M580 firmware versions prior to V2.30, and all firmware versions of Modicon M340, Modicon Premium, Modicon Quantum.
References
▼ | URL | Tags |
---|---|---|
https://ics-cert.us-cert.gov/advisories/ICSA-19-136-01 | x_refsource_MISC | |
http://www.securityfocus.com/bid/108366 | vdb-entry, x_refsource_BID | |
https://www.schneider-electric.com/en/download/document/SEVD-2019-134-03/ | x_refsource_MISC |
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Modicon Controllers, Modicon M580 firmware versions prior to V2.30, and all firmware versions of Modicon M340, Modicon Premium, Modicon Quantum |
Version: Modicon Controllers, Modicon M580 firmware versions prior to V2.30, and all firmware versions of Modicon M340, Modicon Premium, Modicon Quantum |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T20:31:04.471Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-136-01" }, { "name": "108366", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/108366" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-03/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Modicon Controllers, Modicon M580 firmware versions prior to V2.30, and all firmware versions of Modicon M340, Modicon Premium, Modicon Quantum", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Modicon Controllers, Modicon M580 firmware versions prior to V2.30, and all firmware versions of Modicon M340, Modicon Premium, Modicon Quantum" } ] } ], "descriptions": [ { "lang": "en", "value": "CWE-330: Use of Insufficiently Random Values vulnerability, which could cause the hijacking of the TCP connection when using Ethernet communication in Modicon M580 firmware versions prior to V2.30, and all firmware versions of Modicon M340, Modicon Premium, Modicon Quantum." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-330", "description": "CWE-330: Use of Insufficiently Random Values", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2019-06-17T19:34:06", "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "shortName": "schneider" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-136-01" }, { "name": "108366", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/108366" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-03/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cybersecurity@schneider-electric.com", "ID": "CVE-2019-6821", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Modicon Controllers, Modicon M580 firmware versions prior to V2.30, and all firmware versions of Modicon M340, Modicon Premium, Modicon Quantum", "version": { "version_data": [ { "version_value": "Modicon Controllers, Modicon M580 firmware versions prior to V2.30, and all firmware versions of Modicon M340, Modicon Premium, Modicon Quantum" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "CWE-330: Use of Insufficiently Random Values vulnerability, which could cause the hijacking of the TCP connection when using Ethernet communication in Modicon M580 firmware versions prior to V2.30, and all firmware versions of Modicon M340, Modicon Premium, Modicon Quantum." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-330: Use of Insufficiently Random Values" } ] } ] }, "references": { "reference_data": [ { "name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-136-01", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-136-01" }, { "name": "108366", "refsource": "BID", "url": "http://www.securityfocus.com/bid/108366" }, { "name": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-03/", "refsource": "MISC", "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-03/" } ] } } } }, "cveMetadata": { "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "assignerShortName": "schneider", "cveId": "CVE-2019-6821", "datePublished": "2019-05-22T19:42:06", "dateReserved": "2019-01-25T00:00:00", "dateUpdated": "2024-08-04T20:31:04.471Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-7846
Vulnerability from cvelistv5
Published
2019-05-22 19:57
Modified
2024-08-05 06:37
Severity ?
EPSS score ?
Summary
A CWE-501: Trust Boundary Violation vulnerability on connection to the Controller exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum and Modicon Premium which could cause unauthorized access by conducting a brute force attack on Modbus protocol to the controller.
References
▼ | URL | Tags |
---|---|---|
https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/ | x_refsource_MISC | |
https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0735 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Modicon M580 Modicon M340 Modicon Quantum Modicon Premium |
Version: Modicon M580 Modicon M340 Modicon Quantum Modicon Premium |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T06:37:59.620Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0735" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Modicon M580 Modicon M340 Modicon Quantum Modicon Premium", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Modicon M580 Modicon M340 Modicon Quantum Modicon Premium" } ] } ], "descriptions": [ { "lang": "en", "value": "A CWE-501: Trust Boundary Violation vulnerability on connection to the Controller exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum and Modicon Premium which could cause unauthorized access by conducting a brute force attack on Modbus protocol to the controller." } ], "problemTypes": [ { "descriptions": [ { "description": "Multiple Vulnerabilities", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-06-10T16:06:06", "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "shortName": "schneider" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0735" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cybersecurity@schneider-electric.com", "ID": "CVE-2018-7846", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Modicon M580 Modicon M340 Modicon Quantum Modicon Premium", "version": { "version_data": [ { "version_value": "Modicon M580 Modicon M340 Modicon Quantum Modicon Premium" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A CWE-501: Trust Boundary Violation vulnerability on connection to the Controller exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum and Modicon Premium which could cause unauthorized access by conducting a brute force attack on Modbus protocol to the controller." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Multiple Vulnerabilities" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/", "refsource": "MISC", "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/" }, { "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0735", "refsource": "MISC", "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0735" } ] } } } }, "cveMetadata": { "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "assignerShortName": "schneider", "cveId": "CVE-2018-7846", "datePublished": "2019-05-22T19:57:42", "dateReserved": "2018-03-08T00:00:00", "dateUpdated": "2024-08-05T06:37:59.620Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-7854
Vulnerability from cvelistv5
Published
2019-05-22 20:02
Modified
2024-08-05 06:37
Severity ?
EPSS score ?
Summary
A CWE-248 Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a denial of Service when sending invalid debug parameters to the controller over Modbus.
References
▼ | URL | Tags |
---|---|---|
https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/ | x_refsource_MISC | |
https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0765 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Modicon M580 Modicon M340 Modicon Quantum Modicon Premium |
Version: Modicon M580 Modicon M340 Modicon Quantum Modicon Premium |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T06:37:59.623Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0765" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Modicon M580 Modicon M340 Modicon Quantum Modicon Premium", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Modicon M580 Modicon M340 Modicon Quantum Modicon Premium" } ] } ], "descriptions": [ { "lang": "en", "value": "A CWE-248 Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a denial of Service when sending invalid debug parameters to the controller over Modbus." } ], "problemTypes": [ { "descriptions": [ { "description": "Multiple Vulnerabilities", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-06-10T17:06:04", "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "shortName": "schneider" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0765" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cybersecurity@schneider-electric.com", "ID": "CVE-2018-7854", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Modicon M580 Modicon M340 Modicon Quantum Modicon Premium", "version": { "version_data": [ { "version_value": "Modicon M580 Modicon M340 Modicon Quantum Modicon Premium" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A CWE-248 Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a denial of Service when sending invalid debug parameters to the controller over Modbus." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Multiple Vulnerabilities" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/", "refsource": "MISC", "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/" }, { "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0765", "refsource": "MISC", "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0765" } ] } } } }, "cveMetadata": { "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "assignerShortName": "schneider", "cveId": "CVE-2018-7854", "datePublished": "2019-05-22T20:02:52", "dateReserved": "2018-03-08T00:00:00", "dateUpdated": "2024-08-05T06:37:59.623Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-7850
Vulnerability from cvelistv5
Published
2019-05-22 20:00
Modified
2024-08-05 06:37
Severity ?
EPSS score ?
Summary
A CWE-807: Reliance on Untrusted Inputs in a Security Decision vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause invalid information displayed in Unity Pro software.
References
▼ | URL | Tags |
---|---|---|
https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/ | x_refsource_MISC | |
https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0743 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Modicon M580 Modicon M340 Modicon Quantum Modicon Premium |
Version: Modicon M580 Modicon M340 Modicon Quantum Modicon Premium |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T06:37:59.544Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0743" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Modicon M580 Modicon M340 Modicon Quantum Modicon Premium", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Modicon M580 Modicon M340 Modicon Quantum Modicon Premium" } ] } ], "descriptions": [ { "lang": "en", "value": "A CWE-807: Reliance on Untrusted Inputs in a Security Decision vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause invalid information displayed in Unity Pro software." } ], "problemTypes": [ { "descriptions": [ { "description": "Multiple Vulnerabilities", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-06-11T16:06:04", "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "shortName": "schneider" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0743" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cybersecurity@schneider-electric.com", "ID": "CVE-2018-7850", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Modicon M580 Modicon M340 Modicon Quantum Modicon Premium", "version": { "version_data": [ { "version_value": "Modicon M580 Modicon M340 Modicon Quantum Modicon Premium" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A CWE-807: Reliance on Untrusted Inputs in a Security Decision vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause invalid information displayed in Unity Pro software." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Multiple Vulnerabilities" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/", "refsource": "MISC", "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/" }, { "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0743", "refsource": "MISC", "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0743" } ] } } } }, "cveMetadata": { "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "assignerShortName": "schneider", "cveId": "CVE-2018-7850", "datePublished": "2019-05-22T20:00:27", "dateReserved": "2018-03-08T00:00:00", "dateUpdated": "2024-08-05T06:37:59.544Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Vulnerability from fkie_nvd
Published
2019-05-22 21:29
Modified
2024-11-21 04:47
Severity ?
Summary
A CWE-284: Improper Access Control vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a remote code execution by overwriting configuration settings of the controller over Modbus.
References
▼ | URL | Tags | |
---|---|---|---|
cybersecurity@se.com | https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/ | Mitigation, Vendor Advisory | |
cybersecurity@se.com | https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0771 | Exploit, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/ | Mitigation, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0771 | Exploit, Third Party Advisory |
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:schneider-electric:modicon_premium_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "919AE16A-6F30-408D-8E3B-C2142329395E", "versionEndIncluding": "3.20", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:schneider-electric:modicon_premium:-:*:*:*:*:*:*:*", "matchCriteriaId": "F00936E2-E6EF-4ABF-8666-7D83BE424F42", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:schneider-electric:modicon_quantum_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "56FD0A73-4B33-4247-9DD6-3C6C397F76AC", "versionEndIncluding": "3.60", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:schneider-electric:modicon_quantum:-:*:*:*:*:*:*:*", "matchCriteriaId": "A9B7CEF7-B9BA-4923-808F-DA2931569EBB", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3FD2397C-67A1-4AFD-BC42-6ECC3BD88C24", "versionEndExcluding": "3.10", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:schneider-electric:modicon_m340:-:*:*:*:*:*:*:*", "matchCriteriaId": "138681A2-0146-492B-8E10-06849FC27C6E", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B9C5B0D1-D3A4-468A-807E-6BB3F98CC116", "versionEndExcluding": "2.90", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:schneider-electric:modicon_m580:-:*:*:*:*:*:*:*", "matchCriteriaId": "E876C738-ABF6-4864-98A6-1E06E96A0DF4", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A CWE-284: Improper Access Control vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a remote code execution by overwriting configuration settings of the controller over Modbus." }, { "lang": "es", "value": "Una CWE-284: Vulnerabilidad de Control de Acceso inapropiado en todas las versiones de Modicon M580, Modicon M340, Modicon Quantum y Modicon Premium, podr\u00eda generar una ejecuci\u00f3n remota de c\u00f3digo al sobrescribir en los ajustes de configuraci\u00f3n del controlador sobre el protocolo Modbus." } ], "id": "CVE-2019-6808", "lastModified": "2024-11-21T04:47:12.017", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2019-05-22T21:29:00.697", "references": [ { "source": "cybersecurity@se.com", "tags": [ "Mitigation", "Vendor Advisory" ], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/" }, { "source": "cybersecurity@se.com", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0771" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mitigation", "Vendor Advisory" ], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0771" } ], "sourceIdentifier": "cybersecurity@se.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-306" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2019-05-22 20:29
Modified
2024-11-21 04:12
Severity ?
Summary
CWE-119: Buffer errors vulnerability exists in Modicon M580 with firmware prior to V2.50, Modicon M340 with firmware prior to V3.01, BMxCRA312xx with firmware prior to V2.40, All firmware versions of Modicon Premium and 140CRA312xxx when sending a specially crafted Modbus packet, which could cause a denial of service to the device that would force a restart to restore availability.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:schneider-electric:m580_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B538C424-0F99-4D98-AB1F-CFE9D07DA37B", "versionEndExcluding": "2.50", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:schneider-electric:bmeh582040:-:*:*:*:*:*:*:*", "matchCriteriaId": "4E6E5E62-BBA8-4370-A232-8E1196757C3E", "vulnerable": false }, { "criteria": "cpe:2.3:h:schneider-electric:bmeh582040c:-:*:*:*:*:*:*:*", "matchCriteriaId": "9C393EAE-D2A1-42BC-8CE8-2DCAC96EB769", "vulnerable": false }, { "criteria": "cpe:2.3:h:schneider-electric:bmeh584040:-:*:*:*:*:*:*:*", "matchCriteriaId": "E2A8BF9D-AFD1-4F19-A0DB-5EB6F343D890", "vulnerable": false }, { "criteria": "cpe:2.3:h:schneider-electric:bmeh584040c:-:*:*:*:*:*:*:*", "matchCriteriaId": "63D48211-A734-4F98-A4D5-569268335757", "vulnerable": false }, { "criteria": "cpe:2.3:h:schneider-electric:bmeh586040:-:*:*:*:*:*:*:*", "matchCriteriaId": "38D22DD5-677B-42E8-AE1F-11601D4BF110", "vulnerable": false }, { "criteria": "cpe:2.3:h:schneider-electric:bmeh586040c:-:*:*:*:*:*:*:*", "matchCriteriaId": "79907FE7-B4B0-4732-9287-B7ED13115F6C", "vulnerable": false }, { "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep581020:-:*:*:*:*:*:*:*", "matchCriteriaId": "2317F260-7AA2-4178-B468-03DF36223E26", "vulnerable": false }, { "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep581020h:-:*:*:*:*:*:*:*", "matchCriteriaId": "3D7DDC42-37A1-43B0-AD46-2E0D098564BA", "vulnerable": false }, { "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582020:-:*:*:*:*:*:*:*", "matchCriteriaId": "765E4FEE-255E-4C47-824A-5661B84B490B", "vulnerable": false }, { "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582020h:-:*:*:*:*:*:*:*", "matchCriteriaId": "B1FEA377-3C45-4F88-B233-088A24BD0771", "vulnerable": false }, { "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582040:-:*:*:*:*:*:*:*", "matchCriteriaId": "EBCCDD6D-35CE-4680-8B0C-86584B1D8958", "vulnerable": false }, { "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582040h:-:*:*:*:*:*:*:*", "matchCriteriaId": "68FD5968-C522-4231-A98C-93D3101B6148", "vulnerable": false }, { "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582040s:-:*:*:*:*:*:*:*", "matchCriteriaId": "C02B27F6-B8CF-4D3B-9DA6-054F540EA6B6", "vulnerable": false }, { "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep583020:-:*:*:*:*:*:*:*", "matchCriteriaId": "BBC38FF1-693E-4899-883C-1B7B80A52F2C", "vulnerable": false }, { "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep583040:-:*:*:*:*:*:*:*", "matchCriteriaId": "002E7F33-6729-4C35-9DDA-7D8383BD5668", "vulnerable": false }, { "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep584020:-:*:*:*:*:*:*:*", "matchCriteriaId": "47DFEBAC-2F1D-4870-8425-2199BF80B425", "vulnerable": false }, { "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep584040:-:*:*:*:*:*:*:*", "matchCriteriaId": "FC4A1DF2-FF4C-4DBE-BF74-6A4A09E3DECE", "vulnerable": false }, { "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep584040s:-:*:*:*:*:*:*:*", "matchCriteriaId": "6222C1F8-BE52-4666-B7F5-2E8BBC214F70", "vulnerable": false }, { "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep585040:-:*:*:*:*:*:*:*", "matchCriteriaId": "5376D9F4-8AFB-4909-A11B-33C54C4220DB", "vulnerable": false }, { "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep585040c:-:*:*:*:*:*:*:*", "matchCriteriaId": "CADB178B-FEFD-48A9-B155-0E8F6D490229", "vulnerable": false }, { "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep586040:-:*:*:*:*:*:*:*", "matchCriteriaId": "6B3C1879-269B-47EB-891B-EF2E90C911D7", "vulnerable": false }, { "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep586040c:-:*:*:*:*:*:*:*", "matchCriteriaId": "5771A1A5-3DAF-4869-A24F-F9B0A38B5DA5", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:schneider-electric:m340_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B8ED6BE5-14D0-4B3C-B00D-5274D9233247", "versionEndExcluding": "3.01", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp341000:-:*:*:*:*:*:*:*", "matchCriteriaId": "178D2338-E48E-493C-992F-337AACE794DE", "vulnerable": false }, { "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp341000h:-:*:*:*:*:*:*:*", "matchCriteriaId": "69222495-4F18-434E-B86C-F63C5A2C1242", "vulnerable": false }, { "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342000:-:*:*:*:*:*:*:*", "matchCriteriaId": "6D150239-27E2-4CBE-A931-5107C15E362F", "vulnerable": false }, { "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420102:-:*:*:*:*:*:*:*", "matchCriteriaId": "98212CF5-BCF4-4A55-B62A-484569687B4E", "vulnerable": false }, { "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420102cl:-:*:*:*:*:*:*:*", "matchCriteriaId": "D30336F0-EDCF-486C-B52E-D0C53BCDFC65", "vulnerable": false }, { "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020:-:*:*:*:*:*:*:*", "matchCriteriaId": "99F2F851-C18F-4CB8-B47C-516F2AC7955D", "vulnerable": false }, { "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020h:-:*:*:*:*:*:*:*", "matchCriteriaId": "56BAED8B-EEFA-45D7-A5A3-9B62067CE24C", "vulnerable": false }, { "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302:-:*:*:*:*:*:*:*", "matchCriteriaId": "354968F7-C41B-4C21-8E47-81DC07DF0EA5", "vulnerable": false }, { "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302cl:-:*:*:*:*:*:*:*", "matchCriteriaId": "32091F91-9397-4506-8801-C68B9E8B60F0", "vulnerable": false }, { "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302h:-:*:*:*:*:*:*:*", "matchCriteriaId": "075A16D1-F4DF-4DCB-8DF9-152E282CE01F", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:schneider-electric:bmx\\/e_cra_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "FB34942D-0DBD-43CB-847A-C5349EB9A92A", "versionEndExcluding": "2.40", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:schneider-electric:bmxcra31200:-:*:*:*:*:*:*:*", "matchCriteriaId": "887930A9-2577-4E69-AB81-0C8582A13F34", "vulnerable": false }, { "criteria": "cpe:2.3:h:schneider-electric:bmxcra31210c:-:*:*:*:*:*:*:*", "matchCriteriaId": "46150F0B-D3A6-44C4-94A1-448D1B4294EB", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:schneider-electric:modicon_premium_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "619CFD8D-9652-4AAB-AFC4-796B3F10F61F", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:schneider-electric:modicon_premium:-:*:*:*:*:*:*:*", "matchCriteriaId": "F00936E2-E6EF-4ABF-8666-7D83BE424F42", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:schneider-electric:140cra312xxx_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "BCE700BF-EEFD-4349-9B33-432281EA23BE", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:schneider-electric:140cra312xxx:-:*:*:*:*:*:*:*", "matchCriteriaId": "8CC7AABD-9260-4F6C-A6C9-AE738263F90A", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "CWE-119: Buffer errors vulnerability exists in Modicon M580 with firmware prior to V2.50, Modicon M340 with firmware prior to V3.01, BMxCRA312xx with firmware prior to V2.40, All firmware versions of Modicon Premium and 140CRA312xxx when sending a specially crafted Modbus packet, which could cause a denial of service to the device that would force a restart to restore availability." }, { "lang": "es", "value": "CWE-119: Existe una vulnerabilidad de errores de b\u00fafer en Modicon M580 con firmware anterior a V2.50, Modicon M340 con firmware anterior a V3.01, BMxCRA312xx con firmware anterior a V2.40 y todas las versiones de firmware de Modicon Premium y 140CRA312xxx al enviar un paquete Modbus especialmente creado, que podr\u00eda generar una Denegaci\u00f3n de Servicio al dispositivo que forzar\u00eda un reinicio para restaurar la disponibilidad." } ], "id": "CVE-2018-7851", "lastModified": "2024-11-21T04:12:52.710", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 6.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C", "version": "2.0" }, "exploitabilityScore": 8.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2019-05-22T20:29:01.853", "references": [ { "source": "cybersecurity@se.com", "tags": [ "Vendor Advisory" ], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-10/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-10/" } ], "sourceIdentifier": "cybersecurity@se.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-119" } ], "source": "cybersecurity@se.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-119" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2019-05-22 21:29
Modified
2024-11-21 04:12
Severity ?
Summary
A CWE-200: Information Exposure vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause the disclosure of SNMP information when reading memory blocks from the controller over Modbus.
References
▼ | URL | Tags | |
---|---|---|---|
cybersecurity@se.com | https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/ | Mitigation, Vendor Advisory | |
cybersecurity@se.com | https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0739 | Exploit, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/ | Mitigation, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0739 | Exploit, Third Party Advisory |
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:schneider-electric:modicon_premium_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "619CFD8D-9652-4AAB-AFC4-796B3F10F61F", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:schneider-electric:modicon_premium:-:*:*:*:*:*:*:*", "matchCriteriaId": "F00936E2-E6EF-4ABF-8666-7D83BE424F42", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:schneider-electric:modicon_quantum_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "745CC7A7-70FB-4551-8EBF-600B7A6236D7", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:schneider-electric:modicon_quantum:-:*:*:*:*:*:*:*", "matchCriteriaId": "A9B7CEF7-B9BA-4923-808F-DA2931569EBB", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "05CBA9AD-ECB7-453F-8551-DD176FDE8043", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:schneider-electric:modicon_m340:-:*:*:*:*:*:*:*", "matchCriteriaId": "138681A2-0146-492B-8E10-06849FC27C6E", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D52D735D-8AB5-40FE-A83F-266977601571", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:schneider-electric:modicon_m580:-:*:*:*:*:*:*:*", "matchCriteriaId": "E876C738-ABF6-4864-98A6-1E06E96A0DF4", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A CWE-200: Information Exposure vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause the disclosure of SNMP information when reading memory blocks from the controller over Modbus." }, { "lang": "es", "value": "Una CWE-200: Existe una vulnerabilidad de Exposici\u00f3n de Informaci\u00f3n en todas las versiones de Modicon M580, Modicon M340, Modicon Quantum y Modicon Premium, lo que podr\u00eda generar la divulgaci\u00f3n de informaci\u00f3n SNMP cuando se leen bloques de memoria desde el controlador sobre protocolo Modbus." } ], "id": "CVE-2018-7844", "lastModified": "2024-11-21T04:12:51.913", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2019-05-22T21:29:00.323", "references": [ { "source": "cybersecurity@se.com", "tags": [ "Mitigation", "Vendor Advisory" ], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/" }, { "source": "cybersecurity@se.com", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0739" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mitigation", "Vendor Advisory" ], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0739" } ], "sourceIdentifier": "cybersecurity@se.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-200" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2019-05-22 20:29
Modified
2024-11-21 04:12
Severity ?
Summary
A CWE-284: Improper Access Control vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service or potential code execution by overwriting configuration settings of the controller over Modbus.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D52D735D-8AB5-40FE-A83F-266977601571", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:schneider-electric:modicon_m580:-:*:*:*:*:*:*:*", "matchCriteriaId": "E876C738-ABF6-4864-98A6-1E06E96A0DF4", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "05CBA9AD-ECB7-453F-8551-DD176FDE8043", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:schneider-electric:modicon_m340:-:*:*:*:*:*:*:*", "matchCriteriaId": "138681A2-0146-492B-8E10-06849FC27C6E", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:schneider-electric:modicon_quantum_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "745CC7A7-70FB-4551-8EBF-600B7A6236D7", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:schneider-electric:modicon_quantum:-:*:*:*:*:*:*:*", "matchCriteriaId": "A9B7CEF7-B9BA-4923-808F-DA2931569EBB", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:schneider-electric:modicon_premium_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "619CFD8D-9652-4AAB-AFC4-796B3F10F61F", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:schneider-electric:modicon_premium:-:*:*:*:*:*:*:*", "matchCriteriaId": "F00936E2-E6EF-4ABF-8666-7D83BE424F42", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A CWE-284: Improper Access Control vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service or potential code execution by overwriting configuration settings of the controller over Modbus." }, { "lang": "es", "value": "CWE-284: Existe una vulnerabilidad de Control de Acceso inapropiado en todas las versiones de Modicon M580, Modicon M340, Modicon Quantum y Modicon Premium, que podr\u00eda generar la Denegaci\u00f3n de Servicio o la potencial ejecuci\u00f3n de c\u00f3digo al sobrescribir en los ajustes de configuraci\u00f3n del controlador sobre protocolo Modbus." } ], "id": "CVE-2018-7847", "lastModified": "2024-11-21T04:12:52.250", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2019-05-22T20:29:01.697", "references": [ { "source": "cybersecurity@se.com", "tags": [ "Vendor Advisory" ], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/" }, { "source": "cybersecurity@se.com", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0742" }, { "source": "cybersecurity@se.com", "tags": [ "Third Party Advisory" ], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0743" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0742" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0743" } ], "sourceIdentifier": "cybersecurity@se.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-287" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2019-05-22 21:29
Modified
2024-11-21 04:12
Severity ?
Summary
A CWE-248 Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a denial of Service when sending invalid debug parameters to the controller over Modbus.
References
▼ | URL | Tags | |
---|---|---|---|
cybersecurity@se.com | https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/ | Mitigation, Vendor Advisory | |
cybersecurity@se.com | https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0765 | Exploit, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/ | Mitigation, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0765 | Exploit, Third Party Advisory |
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:schneider-electric:modicon_premium_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "619CFD8D-9652-4AAB-AFC4-796B3F10F61F", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:schneider-electric:modicon_premium:-:*:*:*:*:*:*:*", "matchCriteriaId": "F00936E2-E6EF-4ABF-8666-7D83BE424F42", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:schneider-electric:modicon_quantum_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "745CC7A7-70FB-4551-8EBF-600B7A6236D7", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:schneider-electric:modicon_quantum:-:*:*:*:*:*:*:*", "matchCriteriaId": "A9B7CEF7-B9BA-4923-808F-DA2931569EBB", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3FD2397C-67A1-4AFD-BC42-6ECC3BD88C24", "versionEndExcluding": "3.10", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:schneider-electric:modicon_m340:-:*:*:*:*:*:*:*", "matchCriteriaId": "138681A2-0146-492B-8E10-06849FC27C6E", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B9C5B0D1-D3A4-468A-807E-6BB3F98CC116", "versionEndExcluding": "2.90", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:schneider-electric:modicon_m580:-:*:*:*:*:*:*:*", "matchCriteriaId": "E876C738-ABF6-4864-98A6-1E06E96A0DF4", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A CWE-248 Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a denial of Service when sending invalid debug parameters to the controller over Modbus." }, { "lang": "es", "value": "Una CWE-248: Existe una vulnerabilidad de Excepci\u00f3n no Detectada en todas las versiones de Modicon M580, Modicon M340, Modicon Quantum y Modicon Premium, que podr\u00eda generar una Denegaci\u00f3n de Servicio al enviar par\u00e1metros Debug no v\u00e1lidos hacia el controlador mediante Modbus." } ], "id": "CVE-2018-7854", "lastModified": "2024-11-21T04:12:53.053", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2019-05-22T21:29:00.447", "references": [ { "source": "cybersecurity@se.com", "tags": [ "Mitigation", "Vendor Advisory" ], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/" }, { "source": "cybersecurity@se.com", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0765" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mitigation", "Vendor Advisory" ], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0765" } ], "sourceIdentifier": "cybersecurity@se.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-754" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2019-05-22 20:29
Modified
2024-11-21 04:12
Severity ?
Summary
A CWE-290: Authentication Bypass by Spoofing vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause an elevation of privilege by conducting a brute force attack on Modbus parameters sent to the controller.
References
▼ | URL | Tags | |
---|---|---|---|
cybersecurity@se.com | https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/ | Vendor Advisory | |
cybersecurity@se.com | https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0741 | Exploit, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/ | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0741 | Exploit, Third Party Advisory |
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D52D735D-8AB5-40FE-A83F-266977601571", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:schneider-electric:modicon_m580:-:*:*:*:*:*:*:*", "matchCriteriaId": "E876C738-ABF6-4864-98A6-1E06E96A0DF4", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "05CBA9AD-ECB7-453F-8551-DD176FDE8043", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:schneider-electric:modicon_m340:-:*:*:*:*:*:*:*", "matchCriteriaId": "138681A2-0146-492B-8E10-06849FC27C6E", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:schneider-electric:modicon_quantum_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "745CC7A7-70FB-4551-8EBF-600B7A6236D7", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:schneider-electric:modicon_quantum:-:*:*:*:*:*:*:*", "matchCriteriaId": "A9B7CEF7-B9BA-4923-808F-DA2931569EBB", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:schneider-electric:modicon_premium_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "619CFD8D-9652-4AAB-AFC4-796B3F10F61F", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:schneider-electric:modicon_premium:-:*:*:*:*:*:*:*", "matchCriteriaId": "F00936E2-E6EF-4ABF-8666-7D83BE424F42", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A CWE-290: Authentication Bypass by Spoofing vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause an elevation of privilege by conducting a brute force attack on Modbus parameters sent to the controller." }, { "lang": "es", "value": "CWE-290: Existe una vulnerabilidad de Omisi\u00f3n de Autenticaci\u00f3n por suplantaci\u00f3n de identidad en todas las versiones de Modicon M580, Modicon M340, Modicon Quantum y Modicon Premium, que podr\u00eda generar una elevaci\u00f3n de privilegios al realizar un ataque de fuerza bruta en los par\u00e1metros de Modbus enviados al controlador." } ], "id": "CVE-2018-7842", "lastModified": "2024-11-21T04:12:51.697", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2019-05-22T20:29:01.557", "references": [ { "source": "cybersecurity@se.com", "tags": [ "Vendor Advisory" ], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/" }, { "source": "cybersecurity@se.com", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0741" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0741" } ], "sourceIdentifier": "cybersecurity@se.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-290" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2013-04-04 11:58
Modified
2024-11-21 01:47
Severity ?
Summary
The FactoryCast service on the Schneider Electric Quantum 140NOE77111 and 140NWM10000, M340 BMXNOE0110x, and Premium TSXETY5103 PLC modules allows remote authenticated users to send Modbus messages, and consequently execute arbitrary code, by embedding these messages in SOAP HTTP POST requests.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
schneider-electric | modicon_quantum_plc | 140noe77111 | |
schneider-electric | modicon_quantum_plc | 140nwm10000 | |
schneider-electric | modicon_m340 | bmxnoe0110x | |
schneider-electric | modicon_premium | tsxety5103 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:h:schneider-electric:modicon_quantum_plc:140noe77111:*:*:*:*:*:*:*", "matchCriteriaId": "56FB594F-638A-4E8B-9072-475E64CDE999", "vulnerable": true }, { "criteria": "cpe:2.3:h:schneider-electric:modicon_quantum_plc:140nwm10000:*:*:*:*:*:*:*", "matchCriteriaId": "AD53FEBF-FF81-4563-B80C-CE67ABDA233B", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:h:schneider-electric:modicon_m340:bmxnoe0110x:*:*:*:*:*:*:*", "matchCriteriaId": "5E2D7BD5-2273-41E1-A446-4F7729003381", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:h:schneider-electric:modicon_premium:tsxety5103:*:*:*:*:*:*:*", "matchCriteriaId": "D7579763-6663-41F7-A162-5FEBA9A9CE70", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The FactoryCast service on the Schneider Electric Quantum 140NOE77111 and 140NWM10000, M340 BMXNOE0110x, and Premium TSXETY5103 PLC modules allows remote authenticated users to send Modbus messages, and consequently execute arbitrary code, by embedding these messages in SOAP HTTP POST requests." }, { "lang": "es", "value": "El servicio FactoryCast en los m\u00f3dulos Electric Quantum 140NOE77111 y 140NWM10000, M340 BMXNOE0110x, y Premium TSXETY5103 PLC , permite a usuarios autenticados remotamente el env\u00edo de mensajes Modbus, y por consiguiente la ejecuci\u00f3n de c\u00f3digo arbitrario embebiendo estos mensajes en peticiones SOAP HTTP POST." } ], "id": "CVE-2013-0664", "lastModified": "2024-11-21T01:47:58.130", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 8.5, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 6.8, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2013-04-04T11:58:49.823", "references": [ { "source": "ics-cert@hq.dhs.gov", "tags": [ "US Government Resource" ], "url": "http://ics-cert.us-cert.gov/pdf/ICSA-13-077-01A.pdf" }, { "source": "ics-cert@hq.dhs.gov", "tags": [ "Vendor Advisory" ], "url": "http://www.schneider-electric.com/download/ww/en/details/35081317-Vulnerability-Disclosure-for-Quantum-Premium-and-M340/" }, { "source": "ics-cert@hq.dhs.gov", "tags": [ "Vendor Advisory" ], "url": "http://www.schneider-electric.com/download/ww/en/file/36555639-SEVD-2013-023-01.pdf/?fileName=SEVD-2013-023-01.pdf\u0026reference=SEVD-2013-023-01\u0026docType=Technical-paper" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://ics-cert.us-cert.gov/pdf/ICSA-13-077-01A.pdf" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.schneider-electric.com/download/ww/en/details/35081317-Vulnerability-Disclosure-for-Quantum-Premium-and-M340/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.schneider-electric.com/download/ww/en/file/36555639-SEVD-2013-023-01.pdf/?fileName=SEVD-2013-023-01.pdf\u0026reference=SEVD-2013-023-01\u0026docType=Technical-paper" } ], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2013-04-04 11:58
Modified
2024-11-21 01:47
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability on the Schneider Electric Quantum 140NOE77111, 140NOE77101, and 140NWM10000; M340 BMXNOC0401, BMXNOE0100x, and BMXNOE011xx; and Premium TSXETY4103, TSXETY5103, and TSXWMY100 PLC modules allows remote attackers to hijack the authentication of arbitrary users for requests that execute commands, as demonstrated by modifying HTTP credentials.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
schneider-electric | modicon_quantum_plc | 140noe77101 | |
schneider-electric | modicon_quantum_plc | 140noe77111 | |
schneider-electric | modicon_quantum_plc | 140nwm10000 | |
schneider-electric | modicon_m340 | bmxnoc0401 | |
schneider-electric | modicon_m340 | bmxnoe011xx | |
schneider-electric | modicon_m340 | bmxnoe0100x | |
schneider-electric | modicon_premium | tsxety4103 | |
schneider-electric | modicon_premium | tsxety5103 | |
schneider-electric | modicon_premium | tsxwmy100 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:h:schneider-electric:modicon_quantum_plc:140noe77101:*:*:*:*:*:*:*", "matchCriteriaId": "18705050-B954-4AB9-A8D0-BDCB09A9839A", "vulnerable": true }, { "criteria": "cpe:2.3:h:schneider-electric:modicon_quantum_plc:140noe77111:*:*:*:*:*:*:*", "matchCriteriaId": "56FB594F-638A-4E8B-9072-475E64CDE999", "vulnerable": true }, { "criteria": "cpe:2.3:h:schneider-electric:modicon_quantum_plc:140nwm10000:*:*:*:*:*:*:*", "matchCriteriaId": "AD53FEBF-FF81-4563-B80C-CE67ABDA233B", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:h:schneider-electric:modicon_m340:bmxnoc0401:*:*:*:*:*:*:*", "matchCriteriaId": "00C02342-50B0-4883-9430-9CAB7968081B", "vulnerable": true }, { "criteria": "cpe:2.3:h:schneider-electric:modicon_m340:bmxnoe011xx:*:*:*:*:*:*:*", "matchCriteriaId": "21E85599-1298-4B8C-8255-42D165F905F4", "vulnerable": true }, { "criteria": "cpe:2.3:h:schneider-electric:modicon_m340:bmxnoe0100x:*:*:*:*:*:*:*", "matchCriteriaId": "1F41B43D-038F-4775-A1BB-486918806E7E", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:h:schneider-electric:modicon_premium:tsxety4103:*:*:*:*:*:*:*", "matchCriteriaId": "FEEA7CF9-59A9-4B40-9E20-F179D40815C9", "vulnerable": true }, { "criteria": "cpe:2.3:h:schneider-electric:modicon_premium:tsxety5103:*:*:*:*:*:*:*", "matchCriteriaId": "D7579763-6663-41F7-A162-5FEBA9A9CE70", "vulnerable": true }, { "criteria": "cpe:2.3:h:schneider-electric:modicon_premium:tsxwmy100:*:*:*:*:*:*:*", "matchCriteriaId": "42C34DAA-D856-4E59-A98F-2DF47E600612", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability on the Schneider Electric Quantum 140NOE77111, 140NOE77101, and 140NWM10000; M340 BMXNOC0401, BMXNOE0100x, and BMXNOE011xx; and Premium TSXETY4103, TSXETY5103, and TSXWMY100 PLC modules allows remote attackers to hijack the authentication of arbitrary users for requests that execute commands, as demonstrated by modifying HTTP credentials." }, { "lang": "es", "value": "Vulnerabilidad CSRF en los m\u00f3dulos Schneider Electric Quantum 140NOE77111, 140NOE77101, y 140NWM10000; M340 BMXNOC0401, BMXNOE0100x, y BMXNOE011xx; y Premium TSXETY4103, TSXETY5103, y TSXWMY100 PLC, permite a atacantes remotos secuestrar la autenticaci\u00f3n de los usuarios para peticiones que ejecutan comandos, como se ha demostrado mediante la modificaci\u00f3n de de peticiones HTTP." } ], "id": "CVE-2013-0663", "lastModified": "2024-11-21T01:47:58.017", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2013-04-04T11:58:48.687", "references": [ { "source": "ics-cert@hq.dhs.gov", "tags": [ "US Government Resource" ], "url": "http://ics-cert.us-cert.gov/pdf/ICSA-13-077-01A.pdf" }, { "source": "ics-cert@hq.dhs.gov", "tags": [ "Vendor Advisory" ], "url": "http://www.schneider-electric.com/download/ww/en/details/35081317-Vulnerability-Disclosure-for-Quantum-Premium-and-M340/" }, { "source": "ics-cert@hq.dhs.gov", "tags": [ "Vendor Advisory" ], "url": "http://www.schneider-electric.com/download/ww/en/file/36555639-SEVD-2013-023-01.pdf/?fileName=SEVD-2013-023-01.pdf\u0026reference=SEVD-2013-023-01\u0026docType=Technical-paper" }, { "source": "ics-cert@hq.dhs.gov", "url": "https://www.exploit-db.com/exploits/44678/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://ics-cert.us-cert.gov/pdf/ICSA-13-077-01A.pdf" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.schneider-electric.com/download/ww/en/details/35081317-Vulnerability-Disclosure-for-Quantum-Premium-and-M340/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.schneider-electric.com/download/ww/en/file/36555639-SEVD-2013-023-01.pdf/?fileName=SEVD-2013-023-01.pdf\u0026reference=SEVD-2013-023-01\u0026docType=Technical-paper" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.exploit-db.com/exploits/44678/" } ], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-352" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2019-05-22 21:29
Modified
2024-11-21 04:47
Severity ?
Summary
A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a possible denial of service when writing sensitive application variables to the controller over Modbus.
References
▼ | URL | Tags | |
---|---|---|---|
cybersecurity@se.com | https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/ | Mitigation, Vendor Advisory | |
cybersecurity@se.com | https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0770 | Exploit, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/ | Mitigation, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0770 | Exploit, Third Party Advisory |
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:schneider-electric:modicon_premium_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "619CFD8D-9652-4AAB-AFC4-796B3F10F61F", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:schneider-electric:modicon_premium:-:*:*:*:*:*:*:*", "matchCriteriaId": "F00936E2-E6EF-4ABF-8666-7D83BE424F42", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:schneider-electric:modicon_quantum_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "745CC7A7-70FB-4551-8EBF-600B7A6236D7", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:schneider-electric:modicon_quantum:-:*:*:*:*:*:*:*", "matchCriteriaId": "A9B7CEF7-B9BA-4923-808F-DA2931569EBB", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3FD2397C-67A1-4AFD-BC42-6ECC3BD88C24", "versionEndExcluding": "3.10", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:schneider-electric:modicon_m340:-:*:*:*:*:*:*:*", "matchCriteriaId": "138681A2-0146-492B-8E10-06849FC27C6E", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B9C5B0D1-D3A4-468A-807E-6BB3F98CC116", "versionEndExcluding": "2.90", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:schneider-electric:modicon_m580:-:*:*:*:*:*:*:*", "matchCriteriaId": "E876C738-ABF6-4864-98A6-1E06E96A0DF4", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a possible denial of service when writing sensitive application variables to the controller over Modbus." }, { "lang": "es", "value": "Una CWE-248: Vulnerabilidad de Excepci\u00f3n no Detectada en todas las versiones de Modicon M580, Modicon M340, Modicon Quantum y Modicon Premium, que podr\u00eda generar una posible Denegaci\u00f3n de Servicio cuando se escriben variables de aplicaci\u00f3n sensibles hacia el controlador sobre el protocolo Modbus." } ], "id": "CVE-2019-6807", "lastModified": "2024-11-21T04:47:11.900", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2019-05-22T21:29:00.667", "references": [ { "source": "cybersecurity@se.com", "tags": [ "Mitigation", "Vendor Advisory" ], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/" }, { "source": "cybersecurity@se.com", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0770" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mitigation", "Vendor Advisory" ], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0770" } ], "sourceIdentifier": "cybersecurity@se.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-755" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2019-05-22 20:29
Modified
2024-11-21 04:12
Severity ?
Summary
A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum and Modicon Premium which could cause a possible Denial of Service due to improper data integrity check when sending files the controller over Modbus.
References
▼ | URL | Tags | |
---|---|---|---|
cybersecurity@se.com | https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/ | Vendor Advisory | |
cybersecurity@se.com | https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0737 | Exploit, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/ | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0737 | Exploit, Third Party Advisory |
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D52D735D-8AB5-40FE-A83F-266977601571", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:schneider-electric:modicon_m580:-:*:*:*:*:*:*:*", "matchCriteriaId": "E876C738-ABF6-4864-98A6-1E06E96A0DF4", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "05CBA9AD-ECB7-453F-8551-DD176FDE8043", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:schneider-electric:modicon_m340:-:*:*:*:*:*:*:*", "matchCriteriaId": "138681A2-0146-492B-8E10-06849FC27C6E", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:schneider-electric:modicon_quantum_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "745CC7A7-70FB-4551-8EBF-600B7A6236D7", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:schneider-electric:modicon_quantum:-:*:*:*:*:*:*:*", "matchCriteriaId": "A9B7CEF7-B9BA-4923-808F-DA2931569EBB", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:schneider-electric:modicon_premium_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "619CFD8D-9652-4AAB-AFC4-796B3F10F61F", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:schneider-electric:modicon_premium:-:*:*:*:*:*:*:*", "matchCriteriaId": "F00936E2-E6EF-4ABF-8666-7D83BE424F42", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum and Modicon Premium which could cause a possible Denial of Service due to improper data integrity check when sending files the controller over Modbus." }, { "lang": "es", "value": "CWE-248: Existe una vulnerabilidad de Excepci\u00f3n no Detectada en todas las versiones de Modicon M580, Modicon M340, Modicon Quantum y Modicon Premium, que podr\u00eda generar una posible Denegaci\u00f3n de Servicio debido a una comprobaci\u00f3n de integridad de datos inapropiada cuando se env\u00edan archivos hacia el controlador sobre protocolo Modbus." } ], "id": "CVE-2018-7849", "lastModified": "2024-11-21T04:12:52.480", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2019-05-22T20:29:01.777", "references": [ { "source": "cybersecurity@se.com", "tags": [ "Vendor Advisory" ], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/" }, { "source": "cybersecurity@se.com", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0737" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0737" } ], "sourceIdentifier": "cybersecurity@se.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-755" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2019-09-17 20:15
Modified
2024-11-21 04:47
Severity ?
Summary
A CWE-248: Uncaught Exception vulnerability exists in Modicon M580 (firmware versions prior to V2.90), Modicon M340 (firmware versions prior to V3.10), Modicon Premium (all versions), Modicon Quantum (all versions), which could cause a possible denial of service when reading invalid data from the controller.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B9C5B0D1-D3A4-468A-807E-6BB3F98CC116", "versionEndExcluding": "2.90", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:schneider-electric:modicon_m580:-:*:*:*:*:*:*:*", "matchCriteriaId": "E876C738-ABF6-4864-98A6-1E06E96A0DF4", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3FD2397C-67A1-4AFD-BC42-6ECC3BD88C24", "versionEndExcluding": "3.10", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:schneider-electric:modicon_m340:-:*:*:*:*:*:*:*", "matchCriteriaId": "138681A2-0146-492B-8E10-06849FC27C6E", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:schneider-electric:modicon_premium_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "619CFD8D-9652-4AAB-AFC4-796B3F10F61F", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:schneider-electric:modicon_premium:-:*:*:*:*:*:*:*", "matchCriteriaId": "F00936E2-E6EF-4ABF-8666-7D83BE424F42", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:schneider-electric:modicon_quantum_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "745CC7A7-70FB-4551-8EBF-600B7A6236D7", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:schneider-electric:modicon_quantum:-:*:*:*:*:*:*:*", "matchCriteriaId": "A9B7CEF7-B9BA-4923-808F-DA2931569EBB", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A CWE-248: Uncaught Exception vulnerability exists in Modicon M580 (firmware versions prior to V2.90), Modicon M340 (firmware versions prior to V3.10), Modicon Premium (all versions), Modicon Quantum (all versions), which could cause a possible denial of service when reading invalid data from the controller." }, { "lang": "es", "value": "Una CWE-248: Se presenta una vulnerabilidad de Excepci\u00f3n No Capturada en Modicon M580 (versiones de firmware anteriores a V2.90), Modicon M340 (versiones de firmware anteriores a V3.10), Modicon Premium (todas las versiones), Modicon Quantum (todas las versiones), que podr\u00eda causar una posible denegaci\u00f3n de servicio durante la lectura de datos no v\u00e1lidos desde el controlador." } ], "id": "CVE-2019-6809", "lastModified": "2024-11-21T04:47:12.130", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2019-09-17T20:15:11.780", "references": [ { "source": "cybersecurity@se.com", "tags": [ "Vendor Advisory" ], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/" } ], "sourceIdentifier": "cybersecurity@se.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-248" } ], "source": "cybersecurity@se.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-755" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2019-05-22 20:29
Modified
2024-11-21 04:12
Severity ?
Summary
A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service when reading memory blocks with an invalid data size or with an invalid data offset in the controller over Modbus.
References
▼ | URL | Tags | |
---|---|---|---|
cybersecurity@se.com | https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/ | Vendor Advisory | |
cybersecurity@se.com | https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0738 | Exploit, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/ | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0738 | Exploit, Third Party Advisory |
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D52D735D-8AB5-40FE-A83F-266977601571", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:schneider-electric:modicon_m580:-:*:*:*:*:*:*:*", "matchCriteriaId": "E876C738-ABF6-4864-98A6-1E06E96A0DF4", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "05CBA9AD-ECB7-453F-8551-DD176FDE8043", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:schneider-electric:modicon_m340:-:*:*:*:*:*:*:*", "matchCriteriaId": "138681A2-0146-492B-8E10-06849FC27C6E", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:schneider-electric:modicon_quantum_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "745CC7A7-70FB-4551-8EBF-600B7A6236D7", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:schneider-electric:modicon_quantum:-:*:*:*:*:*:*:*", "matchCriteriaId": "A9B7CEF7-B9BA-4923-808F-DA2931569EBB", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:schneider-electric:modicon_premium_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "619CFD8D-9652-4AAB-AFC4-796B3F10F61F", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:schneider-electric:modicon_premium:-:*:*:*:*:*:*:*", "matchCriteriaId": "F00936E2-E6EF-4ABF-8666-7D83BE424F42", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service when reading memory blocks with an invalid data size or with an invalid data offset in the controller over Modbus." }, { "lang": "es", "value": "CWE-248: Existe una vulnerabilidad de Excepci\u00f3n no Detectada en todas las versiones de Modicon M580, Modicon M340, Modicon Quantum y Modicon Premium, lo que podr\u00eda generar una Denegaci\u00f3n de Servicio cuando se lee bloques de memoria con un tama\u00f1o de datos no v\u00e1lido o con un desplazamiento de datos no v\u00e1lido en el controlador sobre protocolo Modbus." } ], "id": "CVE-2018-7843", "lastModified": "2024-11-21T04:12:51.810", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2019-05-22T20:29:01.590", "references": [ { "source": "cybersecurity@se.com", "tags": [ "Vendor Advisory" ], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/" }, { "source": "cybersecurity@se.com", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0738" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0738" } ], "sourceIdentifier": "cybersecurity@se.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-125" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2019-05-22 21:29
Modified
2024-11-21 04:12
Severity ?
Summary
A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a possible denial of Service when writing invalid memory blocks to the controller over Modbus.
References
▼ | URL | Tags | |
---|---|---|---|
cybersecurity@se.com | https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/ | Mitigation, Vendor Advisory | |
cybersecurity@se.com | https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0767 | Exploit, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/ | Mitigation, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0767 | Exploit, Third Party Advisory |
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:schneider-electric:modicon_premium_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "14A20823-667A-423E-BB4B-2530B3EF1AF7", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:schneider-electric:modicon_premium:-:*:*:*:*:*:*:*", "matchCriteriaId": "F00936E2-E6EF-4ABF-8666-7D83BE424F42", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:schneider-electric:modicon_quantum_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "1B52EEB1-70EF-4D6E-82A7-73576462F7FB", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:schneider-electric:modicon_quantum:-:*:*:*:*:*:*:*", "matchCriteriaId": "A9B7CEF7-B9BA-4923-808F-DA2931569EBB", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3FD2397C-67A1-4AFD-BC42-6ECC3BD88C24", "versionEndExcluding": "3.10", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:schneider-electric:modicon_m340:-:*:*:*:*:*:*:*", "matchCriteriaId": "138681A2-0146-492B-8E10-06849FC27C6E", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B9C5B0D1-D3A4-468A-807E-6BB3F98CC116", "versionEndExcluding": "2.90", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:schneider-electric:modicon_m580:-:*:*:*:*:*:*:*", "matchCriteriaId": "E876C738-ABF6-4864-98A6-1E06E96A0DF4", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a possible denial of Service when writing invalid memory blocks to the controller over Modbus." }, { "lang": "es", "value": "Una CWE-248: Existe una vulnerabilidad de Excepci\u00f3n no Detectada en todas las versiones de Modicon M580, Modicon M340, Modicon Quantum y Modicon Premium, que podr\u00eda generar una posible Denegaci\u00f3n de Servicio cuando se escriben bloques de memoria no v\u00e1lidos hacia el controlador sobre protocolo Modbus." } ], "id": "CVE-2018-7856", "lastModified": "2024-11-21T04:12:53.270", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2019-05-22T21:29:00.527", "references": [ { "source": "cybersecurity@se.com", "tags": [ "Mitigation", "Vendor Advisory" ], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/" }, { "source": "cybersecurity@se.com", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0767" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mitigation", "Vendor Advisory" ], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0767" } ], "sourceIdentifier": "cybersecurity@se.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-754" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2019-05-22 20:29
Modified
2024-11-21 04:12
Severity ?
Summary
A CWE-200: Information Exposure vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause the disclosure of SNMP information when reading files from the controller over Modbus
References
▼ | URL | Tags | |
---|---|---|---|
cybersecurity@se.com | https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/ | Vendor Advisory | |
cybersecurity@se.com | https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0740 | Exploit, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/ | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0740 | Exploit, Third Party Advisory |
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B9C5B0D1-D3A4-468A-807E-6BB3F98CC116", "versionEndExcluding": "2.90", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:schneider-electric:modicon_m580:-:*:*:*:*:*:*:*", "matchCriteriaId": "E876C738-ABF6-4864-98A6-1E06E96A0DF4", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3FD2397C-67A1-4AFD-BC42-6ECC3BD88C24", "versionEndExcluding": "3.10", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:schneider-electric:modicon_m340:-:*:*:*:*:*:*:*", "matchCriteriaId": "138681A2-0146-492B-8E10-06849FC27C6E", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:schneider-electric:modicon_quantum_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "745CC7A7-70FB-4551-8EBF-600B7A6236D7", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:schneider-electric:modicon_quantum:-:*:*:*:*:*:*:*", "matchCriteriaId": "A9B7CEF7-B9BA-4923-808F-DA2931569EBB", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:schneider-electric:modicon_premium_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "619CFD8D-9652-4AAB-AFC4-796B3F10F61F", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:schneider-electric:modicon_premium:-:*:*:*:*:*:*:*", "matchCriteriaId": "F00936E2-E6EF-4ABF-8666-7D83BE424F42", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A CWE-200: Information Exposure vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause the disclosure of SNMP information when reading files from the controller over Modbus" }, { "lang": "es", "value": "CWE-200: Existe una vulnerabilidad de Exposici\u00f3n de Informaci\u00f3n en todas las versiones de Modicon M580, Modicon M340, Modicon Quantum y Modicon Premium, que podr\u00eda generar la divulgaci\u00f3n de informaci\u00f3n SNMP cuando se leen archivos desde el controlador sobre protocolo Modbus." } ], "id": "CVE-2018-7848", "lastModified": "2024-11-21T04:12:52.373", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2019-05-22T20:29:01.747", "references": [ { "source": "cybersecurity@se.com", "tags": [ "Vendor Advisory" ], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/" }, { "source": "cybersecurity@se.com", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0740" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0740" } ], "sourceIdentifier": "cybersecurity@se.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-200" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2019-05-22 20:29
Modified
2024-11-21 04:12
Severity ?
Summary
A CWE-501: Trust Boundary Violation vulnerability on connection to the Controller exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum and Modicon Premium which could cause unauthorized access by conducting a brute force attack on Modbus protocol to the controller.
References
▼ | URL | Tags | |
---|---|---|---|
cybersecurity@se.com | https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/ | Vendor Advisory | |
cybersecurity@se.com | https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0735 | Exploit, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/ | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0735 | Exploit, Third Party Advisory |
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D52D735D-8AB5-40FE-A83F-266977601571", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:schneider-electric:modicon_m580:-:*:*:*:*:*:*:*", "matchCriteriaId": "E876C738-ABF6-4864-98A6-1E06E96A0DF4", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "05CBA9AD-ECB7-453F-8551-DD176FDE8043", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:schneider-electric:modicon_m340:-:*:*:*:*:*:*:*", "matchCriteriaId": "138681A2-0146-492B-8E10-06849FC27C6E", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:schneider-electric:modicon_quantum_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "745CC7A7-70FB-4551-8EBF-600B7A6236D7", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:schneider-electric:modicon_quantum:-:*:*:*:*:*:*:*", "matchCriteriaId": "A9B7CEF7-B9BA-4923-808F-DA2931569EBB", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:schneider-electric:modicon_premium_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "619CFD8D-9652-4AAB-AFC4-796B3F10F61F", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:schneider-electric:modicon_premium:-:*:*:*:*:*:*:*", "matchCriteriaId": "F00936E2-E6EF-4ABF-8666-7D83BE424F42", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A CWE-501: Trust Boundary Violation vulnerability on connection to the Controller exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum and Modicon Premium which could cause unauthorized access by conducting a brute force attack on Modbus protocol to the controller." }, { "lang": "es", "value": "CWE-501: Existe una vulnerabilidad de violaci\u00f3n de l\u00edmite de confianza en la conexi\u00f3n al controlador, en todas las versiones de Modicon M580, Modicon M340, Modicon Quantum y Modicon Premium, lo que podr\u00eda generar un acceso no autorizado al realizar un ataque de fuerza bruta sobre el protocolo Modbus hacia el controlador." } ], "id": "CVE-2018-7846", "lastModified": "2024-11-21T04:12:52.140", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2019-05-22T20:29:01.667", "references": [ { "source": "cybersecurity@se.com", "tags": [ "Vendor Advisory" ], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/" }, { "source": "cybersecurity@se.com", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0735" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0735" } ], "sourceIdentifier": "cybersecurity@se.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-668" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2019-05-22 20:29
Modified
2024-11-21 04:12
Severity ?
Summary
A CWE-125: Out-of-bounds Read vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause the disclosure of unexpected data from the controller when reading specific memory blocks in the controller over Modbus.
References
▼ | URL | Tags | |
---|---|---|---|
cybersecurity@se.com | https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/ | Vendor Advisory | |
cybersecurity@se.com | https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0745 | Exploit, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/ | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0745 | Exploit, Third Party Advisory |
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D52D735D-8AB5-40FE-A83F-266977601571", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:schneider-electric:modicon_m580:-:*:*:*:*:*:*:*", "matchCriteriaId": "E876C738-ABF6-4864-98A6-1E06E96A0DF4", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "05CBA9AD-ECB7-453F-8551-DD176FDE8043", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:schneider-electric:modicon_m340:-:*:*:*:*:*:*:*", "matchCriteriaId": "138681A2-0146-492B-8E10-06849FC27C6E", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:schneider-electric:modicon_quantum_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "745CC7A7-70FB-4551-8EBF-600B7A6236D7", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:schneider-electric:modicon_quantum:-:*:*:*:*:*:*:*", "matchCriteriaId": "A9B7CEF7-B9BA-4923-808F-DA2931569EBB", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:schneider-electric:modicon_premium_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "619CFD8D-9652-4AAB-AFC4-796B3F10F61F", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:schneider-electric:modicon_premium:-:*:*:*:*:*:*:*", "matchCriteriaId": "F00936E2-E6EF-4ABF-8666-7D83BE424F42", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A CWE-125: Out-of-bounds Read vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause the disclosure of unexpected data from the controller when reading specific memory blocks in the controller over Modbus." }, { "lang": "es", "value": "CWE-125: Existe una vulnerabilidad de lectura fuera de l\u00edmites en todas las versiones de Modicon M580, Modicon M340, Modicon Quantum y Modicon Premium, lo que podr\u00eda provocar la divulgaci\u00f3n de datos inesperados del controlador cuando se lee bloques de memoria espec\u00edficos en el controlador sobre protocolo Modbus." } ], "id": "CVE-2018-7845", "lastModified": "2024-11-21T04:12:52.027", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2019-05-22T20:29:01.620", "references": [ { "source": "cybersecurity@se.com", "tags": [ "Vendor Advisory" ], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/" }, { "source": "cybersecurity@se.com", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0745" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0745" } ], "sourceIdentifier": "cybersecurity@se.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-125" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2019-05-22 20:29
Modified
2024-11-21 04:12
Severity ?
Summary
A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service when an invalid private command parameter is sent to the controller over Modbus.
References
▼ | URL | Tags | |
---|---|---|---|
cybersecurity@se.com | https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/ | Vendor Advisory | |
cybersecurity@se.com | https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0763 | Exploit, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/ | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0763 | Exploit, Third Party Advisory |
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D52D735D-8AB5-40FE-A83F-266977601571", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:schneider-electric:modicon_m580:-:*:*:*:*:*:*:*", "matchCriteriaId": "E876C738-ABF6-4864-98A6-1E06E96A0DF4", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "05CBA9AD-ECB7-453F-8551-DD176FDE8043", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:schneider-electric:modicon_m340:-:*:*:*:*:*:*:*", "matchCriteriaId": "138681A2-0146-492B-8E10-06849FC27C6E", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:schneider-electric:modicon_quantum_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "745CC7A7-70FB-4551-8EBF-600B7A6236D7", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:schneider-electric:modicon_quantum:-:*:*:*:*:*:*:*", "matchCriteriaId": "A9B7CEF7-B9BA-4923-808F-DA2931569EBB", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:schneider-electric:modicon_premium_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "619CFD8D-9652-4AAB-AFC4-796B3F10F61F", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:schneider-electric:modicon_premium:-:*:*:*:*:*:*:*", "matchCriteriaId": "F00936E2-E6EF-4ABF-8666-7D83BE424F42", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service when an invalid private command parameter is sent to the controller over Modbus." }, { "lang": "es", "value": "CWE-248: Existe una vulnerabilidad de Excepci\u00f3n no Detectada en todas las versiones de Modicon M580, Modicon M340, Modicon Quantum y Modicon Premium, lo que podr\u00eda provocar una Denegaci\u00f3n de Servicio cuando se env\u00eda un par\u00e1metro de comando privado no v\u00e1lido hacia el controlador sobre protocolo Modbus." } ], "id": "CVE-2018-7852", "lastModified": "2024-11-21T04:12:52.833", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2019-05-22T20:29:01.900", "references": [ { "source": "cybersecurity@se.com", "tags": [ "Vendor Advisory" ], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/" }, { "source": "cybersecurity@se.com", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0763" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0763" } ], "sourceIdentifier": "cybersecurity@se.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-755" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2019-09-17 20:15
Modified
2024-11-21 04:47
Severity ?
Summary
A CWE-248: Uncaught Exception vulnerability exists Modicon M580 (firmware version prior to V2.90), Modicon M340 (firmware version prior to V3.10), Modicon Premium (all versions), and Modicon Quantum (all versions), which could cause a possible denial of service when reading specific coils and registers in the controller over Modbus.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B9C5B0D1-D3A4-468A-807E-6BB3F98CC116", "versionEndExcluding": "2.90", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:schneider-electric:modicon_m580:-:*:*:*:*:*:*:*", "matchCriteriaId": "E876C738-ABF6-4864-98A6-1E06E96A0DF4", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3FD2397C-67A1-4AFD-BC42-6ECC3BD88C24", "versionEndExcluding": "3.10", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:schneider-electric:modicon_m340:-:*:*:*:*:*:*:*", "matchCriteriaId": "138681A2-0146-492B-8E10-06849FC27C6E", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:schneider-electric:modicon_premium_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "619CFD8D-9652-4AAB-AFC4-796B3F10F61F", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:schneider-electric:modicon_premium:-:*:*:*:*:*:*:*", "matchCriteriaId": "F00936E2-E6EF-4ABF-8666-7D83BE424F42", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:schneider-electric:modicon_quantum_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "745CC7A7-70FB-4551-8EBF-600B7A6236D7", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:schneider-electric:modicon_quantum:-:*:*:*:*:*:*:*", "matchCriteriaId": "A9B7CEF7-B9BA-4923-808F-DA2931569EBB", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A CWE-248: Uncaught Exception vulnerability exists Modicon M580 (firmware version prior to V2.90), Modicon M340 (firmware version prior to V3.10), Modicon Premium (all versions), and Modicon Quantum (all versions), which could cause a possible denial of service when reading specific coils and registers in the controller over Modbus." }, { "lang": "es", "value": "Una CWE-248: Se presenta una vulnerabilidad de Excepci\u00f3n No Capturada en Modicon M580 (versi\u00f3n de firmware anterior a V2.90), Modicon M340 (versi\u00f3n de firmware anterior a V3.10), Modicon Premium (todas las versiones) y Modicon Quantum (todas las versiones), lo que podr\u00eda causar una posible denegaci\u00f3n de servicio durante la lectura de bobinas y registros espec\u00edficos en el controlador sobre protocolo Modbus." } ], "id": "CVE-2019-6828", "lastModified": "2024-11-21T04:47:14.033", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2019-09-17T20:15:12.140", "references": [ { "source": "cybersecurity@se.com", "tags": [ "Vendor Advisory" ], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/" } ], "sourceIdentifier": "cybersecurity@se.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-248" } ], "source": "cybersecurity@se.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-755" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2019-05-22 21:29
Modified
2024-11-21 04:12
Severity ?
Summary
A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service when reading invalid physical memory blocks in the controller over Modbus
References
▼ | URL | Tags | |
---|---|---|---|
cybersecurity@se.com | https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/ | Mitigation, Vendor Advisory | |
cybersecurity@se.com | https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0764 | Exploit, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/ | Mitigation, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0764 | Exploit, Third Party Advisory |
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:schneider-electric:modicon_premium_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "14A20823-667A-423E-BB4B-2530B3EF1AF7", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:schneider-electric:modicon_premium:-:*:*:*:*:*:*:*", "matchCriteriaId": "F00936E2-E6EF-4ABF-8666-7D83BE424F42", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:schneider-electric:modicon_quantum_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "1B52EEB1-70EF-4D6E-82A7-73576462F7FB", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:schneider-electric:modicon_quantum:-:*:*:*:*:*:*:*", "matchCriteriaId": "A9B7CEF7-B9BA-4923-808F-DA2931569EBB", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3FD2397C-67A1-4AFD-BC42-6ECC3BD88C24", "versionEndExcluding": "3.10", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:schneider-electric:modicon_m340:-:*:*:*:*:*:*:*", "matchCriteriaId": "138681A2-0146-492B-8E10-06849FC27C6E", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B9C5B0D1-D3A4-468A-807E-6BB3F98CC116", "versionEndExcluding": "2.90", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:schneider-electric:modicon_m580:-:*:*:*:*:*:*:*", "matchCriteriaId": "E876C738-ABF6-4864-98A6-1E06E96A0DF4", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service when reading invalid physical memory blocks in the controller over Modbus" }, { "lang": "es", "value": "Una CWE-248: Existe una vulnerabilidad de Excepci\u00f3n no Detectada en todas las versiones de Modicon M580, Modicon M340, Modicon Quantum y Modicon Premium, que podr\u00eda generar una Denegaci\u00f3n de Servicio cuando se leen bloques de memoria f\u00edsica no v\u00e1lidos en el controlador sobre protocolo Modbus." } ], "id": "CVE-2018-7853", "lastModified": "2024-11-21T04:12:52.947", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2019-05-22T21:29:00.370", "references": [ { "source": "cybersecurity@se.com", "tags": [ "Mitigation", "Vendor Advisory" ], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/" }, { "source": "cybersecurity@se.com", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0764" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mitigation", "Vendor Advisory" ], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0764" } ], "sourceIdentifier": "cybersecurity@se.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-754" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2019-05-22 21:29
Modified
2024-11-21 04:12
Severity ?
Summary
A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a possible Denial of Service when writing out of bounds variables to the controller over Modbus.
References
▼ | URL | Tags | |
---|---|---|---|
cybersecurity@se.com | https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/ | Mitigation, Vendor Advisory | |
cybersecurity@se.com | https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0768 | Exploit, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/ | Mitigation, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0768 | Exploit, Third Party Advisory |
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:schneider-electric:modicon_premium_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "BAB33433-AFFA-4224-86E0-BB24D8CF5641", "versionEndExcluding": "3.20", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:schneider-electric:modicon_premium:-:*:*:*:*:*:*:*", "matchCriteriaId": "F00936E2-E6EF-4ABF-8666-7D83BE424F42", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:schneider-electric:modicon_quantum_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "7A2FBAA3-A4E5-405E-A786-20C3D8C75B25", "versionEndExcluding": "3.60", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:schneider-electric:modicon_quantum:-:*:*:*:*:*:*:*", "matchCriteriaId": "A9B7CEF7-B9BA-4923-808F-DA2931569EBB", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "606AFE88-8C9A-4D18-9209-1193B628669F", "versionEndExcluding": "3.01", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:schneider-electric:modicon_m340:-:*:*:*:*:*:*:*", "matchCriteriaId": "138681A2-0146-492B-8E10-06849FC27C6E", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6FDEB227-D50B-402C-9C11-E29F52BC10BB", "versionEndExcluding": "2.80", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:schneider-electric:modicon_m580:-:*:*:*:*:*:*:*", "matchCriteriaId": "E876C738-ABF6-4864-98A6-1E06E96A0DF4", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a possible Denial of Service when writing out of bounds variables to the controller over Modbus." }, { "lang": "es", "value": "CWE-248: Existe una vulnerabilidad de Excepci\u00f3n no Detectada en todas las versiones de Modicon M580, Modicon M340, Modicon Quantum y Modicon Premium, que podr\u00eda generar una posible Denegaci\u00f3n de Servicio cuando se escriben variables fuera de l\u00edmites hacia el controlador sobre protocolo Modbus." } ], "id": "CVE-2018-7857", "lastModified": "2024-11-21T04:12:53.383", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2019-05-22T21:29:00.573", "references": [ { "source": "cybersecurity@se.com", "tags": [ "Mitigation", "Vendor Advisory" ], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/" }, { "source": "cybersecurity@se.com", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0768" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mitigation", "Vendor Advisory" ], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0768" } ], "sourceIdentifier": "cybersecurity@se.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-754" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2019-05-22 21:29
Modified
2024-11-21 04:47
Severity ?
Summary
A CWE-200: Information Exposure vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause the disclosure of SNMP information when reading variables in the controller using Modbus.
References
▼ | URL | Tags | |
---|---|---|---|
cybersecurity@se.com | https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/ | Mitigation, Vendor Advisory | |
cybersecurity@se.com | https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0769 | Exploit, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/ | Mitigation, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0769 | Exploit, Third Party Advisory |
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:schneider-electric:modicon_premium_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "14A20823-667A-423E-BB4B-2530B3EF1AF7", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:schneider-electric:modicon_premium:-:*:*:*:*:*:*:*", "matchCriteriaId": "F00936E2-E6EF-4ABF-8666-7D83BE424F42", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:schneider-electric:modicon_quantum_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "1B52EEB1-70EF-4D6E-82A7-73576462F7FB", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:schneider-electric:modicon_quantum:-:*:*:*:*:*:*:*", "matchCriteriaId": "A9B7CEF7-B9BA-4923-808F-DA2931569EBB", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3FD2397C-67A1-4AFD-BC42-6ECC3BD88C24", "versionEndExcluding": "3.10", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:schneider-electric:modicon_m340:-:*:*:*:*:*:*:*", "matchCriteriaId": "138681A2-0146-492B-8E10-06849FC27C6E", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B9C5B0D1-D3A4-468A-807E-6BB3F98CC116", "versionEndExcluding": "2.90", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:schneider-electric:modicon_m580:-:*:*:*:*:*:*:*", "matchCriteriaId": "E876C738-ABF6-4864-98A6-1E06E96A0DF4", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A CWE-200: Information Exposure vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause the disclosure of SNMP information when reading variables in the controller using Modbus." }, { "lang": "es", "value": "Una CWE-200: Existe una vulnerabilidad de Exposici\u00f3n de Informaci\u00f3n en todas las versiones de Modicon M580, Modicon M340, Modicon Quantum y Modicon Premium, que podr\u00eda generar la divulgaci\u00f3n de informaci\u00f3n SNMP cuando se leen variables en el controlador usando protocolo Modbus." } ], "id": "CVE-2019-6806", "lastModified": "2024-11-21T04:47:11.773", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2019-05-22T21:29:00.603", "references": [ { "source": "cybersecurity@se.com", "tags": [ "Mitigation", "Vendor Advisory" ], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/" }, { "source": "cybersecurity@se.com", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0769" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mitigation", "Vendor Advisory" ], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0769" } ], "sourceIdentifier": "cybersecurity@se.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2019-05-22 21:29
Modified
2024-11-21 04:12
Severity ?
Summary
A CWE-248 Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a Denial of Service when sending invalid breakpoint parameters to the controller over Modbus
References
▼ | URL | Tags | |
---|---|---|---|
cybersecurity@se.com | https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/ | Mitigation, Vendor Advisory | |
cybersecurity@se.com | https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0766 | Exploit, Third Party Advisory | |
cybersecurity@se.com | https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0767 | Exploit, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/ | Mitigation, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0766 | Exploit, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0767 | Exploit, Third Party Advisory |
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:schneider-electric:modicon_premium_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "14A20823-667A-423E-BB4B-2530B3EF1AF7", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:schneider-electric:modicon_premium:-:*:*:*:*:*:*:*", "matchCriteriaId": "F00936E2-E6EF-4ABF-8666-7D83BE424F42", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:schneider-electric:modicon_quantum_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "1B52EEB1-70EF-4D6E-82A7-73576462F7FB", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:schneider-electric:modicon_quantum:-:*:*:*:*:*:*:*", "matchCriteriaId": "A9B7CEF7-B9BA-4923-808F-DA2931569EBB", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3FD2397C-67A1-4AFD-BC42-6ECC3BD88C24", "versionEndExcluding": "3.10", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:schneider-electric:modicon_m340:-:*:*:*:*:*:*:*", "matchCriteriaId": "138681A2-0146-492B-8E10-06849FC27C6E", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B9C5B0D1-D3A4-468A-807E-6BB3F98CC116", "versionEndExcluding": "2.90", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:schneider-electric:modicon_m580:-:*:*:*:*:*:*:*", "matchCriteriaId": "E876C738-ABF6-4864-98A6-1E06E96A0DF4", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A CWE-248 Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a Denial of Service when sending invalid breakpoint parameters to the controller over Modbus" }, { "lang": "es", "value": "Una CWE-248: Existe una vulnerabilidad de Excepci\u00f3n no Detectada en todas las versiones de Modicon M580, Modicon M340, Modicon Quantum y Modicon Premium, que podr\u00eda generar una Denegaci\u00f3n de Servicio al enviar par\u00e1metros Breakpoint no v\u00e1lidos hacia el controlador sobre el protocolo Modbus." } ], "id": "CVE-2018-7855", "lastModified": "2024-11-21T04:12:53.160", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2019-05-22T21:29:00.493", "references": [ { "source": "cybersecurity@se.com", "tags": [ "Mitigation", "Vendor Advisory" ], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/" }, { "source": "cybersecurity@se.com", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0766" }, { "source": "cybersecurity@se.com", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0767" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mitigation", "Vendor Advisory" ], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0766" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0767" } ], "sourceIdentifier": "cybersecurity@se.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-754" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2019-05-22 20:29
Modified
2024-11-21 04:47
Severity ?
Summary
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists which could cause a possible Denial of Service when specific Modbus frames are sent to the controller in the products: Modicon M340 - firmware versions prior to V3.01, Modicon M580 - firmware versions prior to V2.80, All firmware versions of Modicon Quantum and Modicon Premium.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "606AFE88-8C9A-4D18-9209-1193B628669F", "versionEndExcluding": "3.01", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp341000:-:*:*:*:*:*:*:*", "matchCriteriaId": "178D2338-E48E-493C-992F-337AACE794DE", "vulnerable": false }, { "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp341000h:-:*:*:*:*:*:*:*", "matchCriteriaId": "69222495-4F18-434E-B86C-F63C5A2C1242", "vulnerable": false }, { "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342000:-:*:*:*:*:*:*:*", "matchCriteriaId": "6D150239-27E2-4CBE-A931-5107C15E362F", "vulnerable": false }, { "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420102:-:*:*:*:*:*:*:*", "matchCriteriaId": "98212CF5-BCF4-4A55-B62A-484569687B4E", "vulnerable": false }, { "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420102cl:-:*:*:*:*:*:*:*", "matchCriteriaId": "D30336F0-EDCF-486C-B52E-D0C53BCDFC65", "vulnerable": false }, { "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020:-:*:*:*:*:*:*:*", "matchCriteriaId": "99F2F851-C18F-4CB8-B47C-516F2AC7955D", "vulnerable": false }, { "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020h:-:*:*:*:*:*:*:*", "matchCriteriaId": "56BAED8B-EEFA-45D7-A5A3-9B62067CE24C", "vulnerable": false }, { "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302:-:*:*:*:*:*:*:*", "matchCriteriaId": "354968F7-C41B-4C21-8E47-81DC07DF0EA5", "vulnerable": false }, { "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302cl:-:*:*:*:*:*:*:*", "matchCriteriaId": "32091F91-9397-4506-8801-C68B9E8B60F0", "vulnerable": false }, { "criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302h:-:*:*:*:*:*:*:*", "matchCriteriaId": "075A16D1-F4DF-4DCB-8DF9-152E282CE01F", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6FDEB227-D50B-402C-9C11-E29F52BC10BB", "versionEndExcluding": "2.80", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:schneider-electric:bmeh582040:-:*:*:*:*:*:*:*", "matchCriteriaId": "4E6E5E62-BBA8-4370-A232-8E1196757C3E", "vulnerable": false }, { "criteria": "cpe:2.3:h:schneider-electric:bmeh582040c:-:*:*:*:*:*:*:*", "matchCriteriaId": "9C393EAE-D2A1-42BC-8CE8-2DCAC96EB769", "vulnerable": false }, { "criteria": "cpe:2.3:h:schneider-electric:bmeh584040:-:*:*:*:*:*:*:*", "matchCriteriaId": "E2A8BF9D-AFD1-4F19-A0DB-5EB6F343D890", "vulnerable": false }, { "criteria": "cpe:2.3:h:schneider-electric:bmeh584040c:-:*:*:*:*:*:*:*", "matchCriteriaId": "63D48211-A734-4F98-A4D5-569268335757", "vulnerable": false }, { "criteria": "cpe:2.3:h:schneider-electric:bmeh586040:-:*:*:*:*:*:*:*", "matchCriteriaId": "38D22DD5-677B-42E8-AE1F-11601D4BF110", "vulnerable": false }, { "criteria": "cpe:2.3:h:schneider-electric:bmeh586040c:-:*:*:*:*:*:*:*", "matchCriteriaId": "79907FE7-B4B0-4732-9287-B7ED13115F6C", "vulnerable": false }, { "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep581020:-:*:*:*:*:*:*:*", "matchCriteriaId": "2317F260-7AA2-4178-B468-03DF36223E26", "vulnerable": false }, { "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep581020h:-:*:*:*:*:*:*:*", "matchCriteriaId": "3D7DDC42-37A1-43B0-AD46-2E0D098564BA", "vulnerable": false }, { "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582020:-:*:*:*:*:*:*:*", "matchCriteriaId": "765E4FEE-255E-4C47-824A-5661B84B490B", "vulnerable": false }, { "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582020h:-:*:*:*:*:*:*:*", "matchCriteriaId": "B1FEA377-3C45-4F88-B233-088A24BD0771", "vulnerable": false }, { "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582040:-:*:*:*:*:*:*:*", "matchCriteriaId": "EBCCDD6D-35CE-4680-8B0C-86584B1D8958", "vulnerable": false }, { "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582040h:-:*:*:*:*:*:*:*", "matchCriteriaId": "68FD5968-C522-4231-A98C-93D3101B6148", "vulnerable": false }, { "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582040s:-:*:*:*:*:*:*:*", "matchCriteriaId": "C02B27F6-B8CF-4D3B-9DA6-054F540EA6B6", "vulnerable": false }, { "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep583020:-:*:*:*:*:*:*:*", "matchCriteriaId": "BBC38FF1-693E-4899-883C-1B7B80A52F2C", "vulnerable": false }, { "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep583040:-:*:*:*:*:*:*:*", "matchCriteriaId": "002E7F33-6729-4C35-9DDA-7D8383BD5668", "vulnerable": false }, { "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep584020:-:*:*:*:*:*:*:*", "matchCriteriaId": "47DFEBAC-2F1D-4870-8425-2199BF80B425", "vulnerable": false }, { "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep584040:-:*:*:*:*:*:*:*", "matchCriteriaId": "FC4A1DF2-FF4C-4DBE-BF74-6A4A09E3DECE", "vulnerable": false }, { "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep584040s:-:*:*:*:*:*:*:*", "matchCriteriaId": "6222C1F8-BE52-4666-B7F5-2E8BBC214F70", "vulnerable": false }, { "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep585040:-:*:*:*:*:*:*:*", "matchCriteriaId": "5376D9F4-8AFB-4909-A11B-33C54C4220DB", "vulnerable": false }, { "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep585040c:-:*:*:*:*:*:*:*", "matchCriteriaId": "CADB178B-FEFD-48A9-B155-0E8F6D490229", "vulnerable": false }, { "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep586040:-:*:*:*:*:*:*:*", "matchCriteriaId": "6B3C1879-269B-47EB-891B-EF2E90C911D7", "vulnerable": false }, { "criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep586040c:-:*:*:*:*:*:*:*", "matchCriteriaId": "5771A1A5-3DAF-4869-A24F-F9B0A38B5DA5", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:schneider-electric:modicon_quantum_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "745CC7A7-70FB-4551-8EBF-600B7A6236D7", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:schneider-electric:modicon_quantum:-:*:*:*:*:*:*:*", "matchCriteriaId": "A9B7CEF7-B9BA-4923-808F-DA2931569EBB", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:schneider-electric:modicon_premium_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "619CFD8D-9652-4AAB-AFC4-796B3F10F61F", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:schneider-electric:modicon_premium:-:*:*:*:*:*:*:*", "matchCriteriaId": "F00936E2-E6EF-4ABF-8666-7D83BE424F42", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists which could cause a possible Denial of Service when specific Modbus frames are sent to the controller in the products: Modicon M340 - firmware versions prior to V3.01, Modicon M580 - firmware versions prior to V2.80, All firmware versions of Modicon Quantum and Modicon Premium." }, { "lang": "es", "value": "Una CWE-754: Existe una vulnerabilidad de Comprobaci\u00f3n Inapropiada para condiciones inusuales o excepcionales, que podr\u00eda generar una posible Denegaci\u00f3n de Servicio cuando se env\u00edan tramas Modbus espec\u00edficas hacia el controlador en los productos: Modicon M340 - versiones de firmware anteriores a la V3.01, Modicon M580 - versiones de firmware anteriores a V2.80, y todas las versiones de firmware de Modicon Quantum y Modicon Premium." } ], "id": "CVE-2019-6819", "lastModified": "2024-11-21T04:47:12.980", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2019-05-22T20:29:02.090", "references": [ { "source": "cybersecurity@se.com", "tags": [ "Broken Link" ], "url": "http://www.securityfocus.com/bid/109004" }, { "source": "cybersecurity@se.com", "tags": [ "Vendor Advisory" ], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-05/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.securityfocus.com/bid/109004" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-05/" } ], "sourceIdentifier": "cybersecurity@se.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-754" } ], "source": "cybersecurity@se.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-754" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2019-05-22 20:29
Modified
2024-11-21 04:47
Severity ?
Summary
CWE-330: Use of Insufficiently Random Values vulnerability, which could cause the hijacking of the TCP connection when using Ethernet communication in Modicon M580 firmware versions prior to V2.30, and all firmware versions of Modicon M340, Modicon Premium, Modicon Quantum.
References
▼ | URL | Tags | |
---|---|---|---|
cybersecurity@se.com | http://www.securityfocus.com/bid/108366 | Third Party Advisory, VDB Entry | |
cybersecurity@se.com | https://ics-cert.us-cert.gov/advisories/ICSA-19-136-01 | Third Party Advisory, US Government Resource | |
cybersecurity@se.com | https://www.schneider-electric.com/en/download/document/SEVD-2019-134-03/ | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/108366 | Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-19-136-01 | Third Party Advisory, US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.schneider-electric.com/en/download/document/SEVD-2019-134-03/ | Patch, Vendor Advisory |
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6C29962C-3387-47C9-AA01-76AF84E4D4A0", "versionEndExcluding": "2.30", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:schneider-electric:modicon_m580:-:*:*:*:*:*:*:*", "matchCriteriaId": "E876C738-ABF6-4864-98A6-1E06E96A0DF4", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "05CBA9AD-ECB7-453F-8551-DD176FDE8043", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:schneider-electric:modicon_m340:-:*:*:*:*:*:*:*", "matchCriteriaId": "138681A2-0146-492B-8E10-06849FC27C6E", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:schneider-electric:modicon_quantum_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "745CC7A7-70FB-4551-8EBF-600B7A6236D7", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:schneider-electric:modicon_quantum:-:*:*:*:*:*:*:*", "matchCriteriaId": "A9B7CEF7-B9BA-4923-808F-DA2931569EBB", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:schneider-electric:modicon_premium_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "619CFD8D-9652-4AAB-AFC4-796B3F10F61F", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:schneider-electric:modicon_premium:-:*:*:*:*:*:*:*", "matchCriteriaId": "F00936E2-E6EF-4ABF-8666-7D83BE424F42", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "CWE-330: Use of Insufficiently Random Values vulnerability, which could cause the hijacking of the TCP connection when using Ethernet communication in Modicon M580 firmware versions prior to V2.30, and all firmware versions of Modicon M340, Modicon Premium, Modicon Quantum." }, { "lang": "es", "value": "Una CWE-330: Una vulnerabilidad de Uso Insuficientes de valores aleatorios, podr\u00eda generar el secuestro de la conexi\u00f3n TCP cuando se utiliza el protocolo de comunicaci\u00f3n Ethernet en Modicon M580 versiones de firmware anteriores a V2.30, y todas las versiones de firmware de Modicon M340, Modicon Premium, Modicon Quantum." } ], "id": "CVE-2019-6821", "lastModified": "2024-11-21T04:47:13.233", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2019-05-22T20:29:02.183", "references": [ { "source": "cybersecurity@se.com", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/108366" }, { "source": "cybersecurity@se.com", "tags": [ "Third Party Advisory", "US Government Resource" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-136-01" }, { "source": "cybersecurity@se.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-03/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/108366" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "US Government Resource" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-136-01" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-03/" } ], "sourceIdentifier": "cybersecurity@se.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-330" } ], "source": "cybersecurity@se.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-330" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2019-05-22 20:29
Modified
2024-11-21 04:12
Severity ?
Summary
A CWE-807: Reliance on Untrusted Inputs in a Security Decision vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause invalid information displayed in Unity Pro software.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:schneider-electric:modicon_m580_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D52D735D-8AB5-40FE-A83F-266977601571", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:schneider-electric:modicon_m580:-:*:*:*:*:*:*:*", "matchCriteriaId": "E876C738-ABF6-4864-98A6-1E06E96A0DF4", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:schneider-electric:modicon_m340_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "05CBA9AD-ECB7-453F-8551-DD176FDE8043", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:schneider-electric:modicon_m340:-:*:*:*:*:*:*:*", "matchCriteriaId": "138681A2-0146-492B-8E10-06849FC27C6E", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:schneider-electric:modicon_quantum_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "745CC7A7-70FB-4551-8EBF-600B7A6236D7", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:schneider-electric:modicon_quantum:-:*:*:*:*:*:*:*", "matchCriteriaId": "A9B7CEF7-B9BA-4923-808F-DA2931569EBB", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:schneider-electric:modicon_premium_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "619CFD8D-9652-4AAB-AFC4-796B3F10F61F", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:schneider-electric:modicon_premium:-:*:*:*:*:*:*:*", "matchCriteriaId": "F00936E2-E6EF-4ABF-8666-7D83BE424F42", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A CWE-807: Reliance on Untrusted Inputs in a Security Decision vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause invalid information displayed in Unity Pro software." }, { "lang": "es", "value": "CWE-807: Existe una vulnerabilidad por confianza en entradas dudosas en una decisi\u00f3n de seguridad en todas las versiones de Modicon M580, Modicon M340, Modicon Quantum y Modicon Premium, que podr\u00eda generar que informaci\u00f3n no v\u00e1lida sea mostrada en el Unity Pro software" } ], "id": "CVE-2018-7850", "lastModified": "2024-11-21T04:12:52.597", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2019-05-22T20:29:01.823", "references": [ { "source": "cybersecurity@se.com", "tags": [ "Vendor Advisory" ], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/" }, { "source": "cybersecurity@se.com", "tags": [ "Third Party Advisory" ], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0743" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0743" } ], "sourceIdentifier": "cybersecurity@se.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }