cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-12142,https://securityvulnerability.io/vulnerability/CVE-2024-12142,Sensitive Information Exposure in Schneider Electric Web Products,"A vulnerability exists within Schneider Electric’s web products that allows unauthorized users to access sensitive information. This exposure could lead to information disclosure of restricted web pages, and potentially allow modifications to such pages. In certain scenarios, the vulnerability may also result in denial of service if restricted functions are improperly invoked. It is crucial for organizations using Schneider Electric's web products to assess their security measures and address any potential risks associated with this vulnerability.",Schneider Electric,"Modicon M340 Processors (part Numbers Bmxp34*),Bmxnoe0100,Bmxnoe0110,Bmxnor0200h",8.8,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-17T10:19:11.768Z,0
CVE-2024-12476,https://securityvulnerability.io/vulnerability/CVE-2024-12476,Improper XML External Entity Handling in Schneider Electric's Web Designer Tool,"A vulnerability related to improper handling of XML external entities exists within Schneider Electric's Web Designer configuration tool. This issue arises when a specially crafted XML file is imported, potentially leading to information disclosure. The flaw could compromise workstation integrity and may allow an attacker to execute remote code on affected systems, highlighting the significance of secure XML parsing practices.",Schneider Electric,"Web Designer For Bmxnor0200h,Web Designer For Bmxnoe0110(h),Web Designer For Bmenoc0311(c),Web Designer For Bmenoc0321(c)",8.4,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-17T09:42:47.616Z,0
CVE-2022-0222,https://securityvulnerability.io/vulnerability/CVE-2022-0222,Improper Privilege Management in Modicon M340 Ethernet Communication Modules by Schneider Electric,"An improper privilege management vulnerability has been identified in Schneider Electric's Modicon M340 series, which may lead to a denial of service for Ethernet communication. The flaw allows unauthorized users to manipulate SNMP requests, disrupting the communication of the affected controller models. This vulnerability specifically impacts Modicon M340 CPUs and corresponding Ethernet communication modules, making it critical for users to review and patch affected versions.",Schneider Electric,"Modicon M340 CPUs,Modicon M340 X80 Ethernet Communication modules: BMXNOE0100 (H) BMXNOE0110 (H) BMXNOR0200H RTU",7.5,HIGH,0.0008900000248104334,false,,false,false,false,,,false,false,,2022-11-22T00:00:00.000Z,0
CVE-2021-22788,https://securityvulnerability.io/vulnerability/CVE-2021-22788,Out-of-bounds Write Vulnerability in Schneider Electric Modicon Products,"An out-of-bounds write vulnerability exists in Schneider Electric's Modicon products, which can be exploited by attackers to cause denial of service. By sending specially crafted HTTP requests to the affected devices, attackers may disrupt the normal operation of the web server, potentially leading to significant service downtime. This vulnerability affects various Modicon processors and communication modules, necessitating immediate attention from users to implement corrective measures.",Schneider Electric,"Modicon M340 Cpus: Bmxp34 (versions Prior To V3.40), Modicon M340 X80 Ethernet Communication Modules: Bmxnoe0100 (h), Bmxnoe0110 (h), Bmxnoc0401, Bmxnor0200h Rtu (all Versions), Modicon Premium Processors With Integrated Ethernet (copro): Tsxp574634, Tsxp575634, Tsxp576634 (all Versions), Modicon Quantum Processors With Integrated Ethernet (copro): 140cpu65xxxxx (all Versions), Modicon Quantum Communication Modules: 140noe771x1, 140noc78x00, 140noc77101 (all Versions), Modicon Premium Communication Modules: Tsxety4103, Tsxety5103 (all Versions)",7.5,HIGH,0.0015800000401213765,false,,false,false,false,,,false,false,,2022-02-11T17:40:33.000Z,0
CVE-2021-22787,https://securityvulnerability.io/vulnerability/CVE-2021-22787,Improper Input Validation Vulnerability in Modicon M340 and Quantum Products by Schneider Electric,"An improper input validation vulnerability in Schneider Electric's Modicon products could lead to a denial of service. This issue arises when an attacker sends a specially crafted HTTP request to the affected device’s web server, exploiting the lack of proper validation mechanisms. This vulnerability affects various models within the Modicon M340 series, Quantum processors, and other communication modules, impacting their operational stability. Users of these devices are advised to implement appropriate security measures and consider upgrading to secure versions.",Schneider Electric,"Modicon M340 Cpus: Bmxp34 (versions Prior To V3.40), Modicon M340 X80 Ethernet Communication Modules: Bmxnoe0100 (h), Bmxnoe0110 (h), Bmxnoc0401, Bmxnor0200h Rtu (all Versions), Modicon Premium Processors With Integrated Ethernet (copro): Tsxp574634, Tsxp575634, Tsxp576634 (all Versions), Modicon Quantum Processors With Integrated Ethernet (copro): 140cpu65xxxxx (all Versions), Modicon Quantum Communication Modules: 140noe771x1, 140noc78x00, 140noc77101 (all Versions), Modicon Premium Communication Modules: Tsxety4103, Tsxety5103 (all Versions)",7.5,HIGH,0.0010999999940395355,false,,false,false,false,,,false,false,,2022-02-11T17:40:32.000Z,0
CVE-2021-22785,https://securityvulnerability.io/vulnerability/CVE-2021-22785,Information Exposure Vulnerability in Modicon M340 and Premium Processors by Schneider Electric,"An information exposure vulnerability has been identified in Schneider Electric’s Modicon CPUs, which allows an unauthorized attacker to access sensitive data residing in the web root directory. This exposure can occur when a malicious actor sends a specially crafted HTTP request to the device's web server, enabling them to leak confidential information. Affected devices include various models of Modicon M340, Premium, and Quantum processors, highlighting the significance of timely updates and securing network environments against potential exploits.",Schneider Electric,"Modicon M340 Cpus: Bmxp34 (versions Prior To V3.40), Modicon M340 X80 Ethernet Communication Modules: Bmxnoe0100 (h), Bmxnoe0110 (h), Bmxnoc0401, Bmxnor0200h Rtu (all Versions), Modicon Premium Processors With Integrated Ethernet (copro): Tsxp574634, Tsxp575634, Tsxp576634 (all Versions), Modicon Quantum Processors With Integrated Ethernet (copro): 140cpu65xxxxx (all Versions), Modicon Quantum Communication Modules: 140noe771x1, 140noc78x00, 140noc77101 (all Versions), Modicon Premium Communication Modules: Tsxety4103, Tsxety5103 (all Versions)",7.5,HIGH,0.002199999988079071,false,,false,false,false,,,false,false,,2022-02-11T17:40:31.000Z,0
CVE-2020-7534,https://securityvulnerability.io/vulnerability/CVE-2020-7534,Cross-Site Request Forgery Vulnerability in Modicon CPUs by Schneider Electric,"A Cross-Site Request Forgery (CSRF) vulnerability has been identified in Schneider Electric's Modicon CPUs, which could potentially allow attackers to execute unauthorized actions and expose sensitive information while a user is logged into the web server. This vulnerability affects various models including Modicon M340, Quantum, and Premium CPUs with integrated Ethernet, as well as specific ethernet modules and communication modules. Proper safeguards should be implemented to mitigate the risks associated with this vulnerability.",Schneider Electric,"Modicon M340 Cpus: Bmxp34 (all Versions), Modicon Quantum Cpus With Integrated Ethernet (copro): 140cpu65 (all Versions), Modicon Premium Cpus With Integrated Ethernet (copro): Tsxp57 (all Versions), Modicon M340 Ethernet Modules: (bmxnoc0401, Bmxnoe01, Bmxnor0200h) (all Versions), Modicon Quantum And Premium Factory Cast Communication Modules: (140noe77111, 140noc78*00, Tsxety5103, Tsxety4103)",8.8,HIGH,0.0007300000288523734,false,,false,false,false,,,false,false,,2022-02-04T22:29:36.000Z,0
CVE-2021-22749,https://securityvulnerability.io/vulnerability/CVE-2021-22749,Information Leakage in Modicon X80 by Schneider Electric,"A vulnerability exists in Schneider Electric's Modicon X80 BMXNOR0200H RTU that allows unauthorized actors to gain access to sensitive information regarding the RTU's current configuration, including communication parameters intended for telemetry purposes. This information can be exposed when the web server of the module receives a specially crafted HTTP request, potentially leading to further exploitation.",Schneider Electric,Modicon X80 Bmxnor0200h Rtu Sv1.70 Ir22 And Prior,5.3,MEDIUM,0.0015699999639764428,false,,false,false,false,,,false,false,,2021-06-11T15:40:45.000Z,0
CVE-2020-7536,https://securityvulnerability.io/vulnerability/CVE-2020-7536,Improper Check for Unusual Conditions in Modicon M340 by Schneider Electric,"A vulnerability exists in Schneider Electric's Modicon M340 series, specifically impacting certain versions of the Modicon M340 CPUs and Communication Ethernet modules. This flaw arises from an improper check for unusual or exceptional conditions, which may render the device unreachable when network parameters are modified via SNMP. Affected users are advised to consult the vendor's documentation and update to the latest versions to mitigate potential risks.",Schneider Electric,"Modicon M340 Cpus (bmxp34* Versions Prior To V3.30) And Modicon M340 Communication Ethernet Modules (bmxnoe0100 (h) Versions Prior To V3.4,  Bmxnoe0110 (h) Versions Prior To V6.6, And Bmxnor0200h All Versions)",7.5,HIGH,0.0011599999852478504,false,,false,false,false,,,false,false,,2020-12-11T00:46:18.000Z,0
CVE-2019-6810,https://securityvulnerability.io/vulnerability/CVE-2019-6810,Improper Access Control in BMXNOR0200H Ethernet/Serial RTU Module by Schneider Electric,An improper access control vulnerability exists in the BMXNOR0200H Ethernet/Serial RTU module from Schneider Electric. This issue allows unauthorized users to execute commands via the IEC 60870-5-104 protocol. Organizations utilizing this module should assess their systems immediately to mitigate risk and ensure that access control measures are effectively implemented.,Schneider Electric,Bmxnor0200h Ethernet / Serial Rtu Module,8.8,HIGH,0.001290000043809414,false,,false,false,false,,,false,false,,2019-09-17T19:52:38.000Z,0
CVE-2019-6831,https://securityvulnerability.io/vulnerability/CVE-2019-6831,Improper Check for Unusual or Exceptional Conditions in Schneider Electric Ethernet / Serial RTU Module,"A vulnerability in the BMXNOR0200H Ethernet / Serial RTU module, present across all firmware versions, allows for unintended disconnection of active connections. This occurs when the module receives an excessive amount of IEC 60870-5-104 packets on TCP port 2404, highlighting the need for robust network management and security measures. Mitigating this vulnerability is crucial for maintaining reliable communication in industrial applications.",Schneider Electric,Bmxnor0200h Ethernet / Serial Rtu Module,8.6,HIGH,0.001449999981559813,false,,false,false,false,,,false,false,,2019-09-17T19:22:59.000Z,0
CVE-2015-7937,https://securityvulnerability.io/vulnerability/CVE-2015-7937,,Stack-based buffer overflow in the GoAhead Web Server on Schneider Electric Modicon M340 PLC BMXNOx and BMXPx devices allows remote attackers to execute arbitrary code via a long password in HTTP Basic Authentication data.,Schneider Electric,"Bmxp3420302,Bmxnoe0110h,Bmxpra0100,Bmxnoc0401,Bmxp342020,Bmxnor0200h,Bmxnoe0100,Bmxnor0200,Bmxp3420302h,Bmxp342020h,Bmxnoe0110,Bmxp342030,Bmxnoe0100h",,,0.16304999589920044,false,,false,false,false,,,false,false,,2015-12-21T11:00:00.000Z,0