cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-12142,https://securityvulnerability.io/vulnerability/CVE-2024-12142,Sensitive Information Exposure in Schneider Electric Web Products,"A vulnerability exists within Schneider Electric’s web products that allows unauthorized users to access sensitive information. This exposure could lead to information disclosure of restricted web pages, and potentially allow modifications to such pages. In certain scenarios, the vulnerability may also result in denial of service if restricted functions are improperly invoked. It is crucial for organizations using Schneider Electric's web products to assess their security measures and address any potential risks associated with this vulnerability.",Schneider Electric,"Modicon M340 Processors (part Numbers Bmxp34*),Bmxnoe0100,Bmxnoe0110,Bmxnor0200h",8.8,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-17T10:19:11.768Z,0
CVE-2024-5056,https://securityvulnerability.io/vulnerability/CVE-2024-5056,File Accessibility Issue in Schneider Electric Products,"A vulnerability exists in various Schneider Electric products that allows external parties to access files or directories, potentially hindering users from updating device firmware. This issue arises when specific files or directories are removed from the filesystem, leading to problematic webserver behavior and user experience. Addressing this vulnerability is crucial for maintaining the integrity and functionality of the affected systems.",Schneider Electric,Modicon M340 Firmware,6.5,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-06-12T12:15:00.000Z,0
CVE-2023-6408,https://securityvulnerability.io/vulnerability/CVE-2023-6408,Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability,"A vulnerability exists in Schneider Electric's communication systems which allows for improper enforcement of message integrity during transmission, potentially enabling attackers to execute Man-in-the-Middle attacks. This flaw raises serious concerns for the confidentiality and integrity of data as unauthorized entities might intercept and manipulate communications. If exploited, this vulnerability can result in significant disruptions and a dangerous compromise of sensitive information within the affected systems.",Schneider Electric,"Modicon M340 Cpu (part Numbers Bmxp34*),Modicon M580 Cpu (part Numbers Bmep* And Bmeh*, Excluding M580 Cpu Safety),Modicon M580 Cpu Safety (part Numbers Bmep58*s And Bmeh58*s),Ecostruxure Control Expert,Ecostruxure Process Expert",8.1,HIGH,0.0016599999507889152,false,,false,false,false,,,false,false,,2024-02-14T16:52:24.805Z,0
CVE-2023-25620,https://securityvulnerability.io/vulnerability/CVE-2023-25620,Improper Condition Check Vulnerability in Schneider Electric Controllers,"A security vulnerability exists in Schneider Electric Controllers that may lead to a denial of service if a malicious project file is uploaded by an authenticated user. This improper handling of unusual conditions, classified under CWE-754, exposes the controller to potential disruptions in operation. Users must ensure their systems are updated and secure against such vulnerabilities to maintain operational integrity and safety.",Schneider Electric,"Modicon M340 Cpu (part Numbers Bmxp34*),Modicon M580 Cpu (part Numbers Bmep* And Bmeh*),Modicon M580 Cpu Safety (part Numbers Bmep58*s And Bmeh58*s),Modicon Momentum Unity M1e Processor (171cbu*),Modicon Mc80 (bmkc80),Legacy Modicon Quantum (140cpu65*),Legacy Modicon Premium Cpus (tsxp57*)",6.5,MEDIUM,0.000590000010561198,false,,false,false,false,,,false,false,,2023-04-19T09:15:00.000Z,0
CVE-2023-25619,https://securityvulnerability.io/vulnerability/CVE-2023-25619,Denial of Service Vulnerability in Schneider Electric Modicon Controllers,"A vulnerability exists in Schneider Electric's Modicon controllers, where improper checks for unusual or exceptional conditions can lead to a denial of service when devices communicate using the Modbus TCP protocol. This could disrupt operations and requires immediate attention for proper remediation to ensure the integrity and availability of the affected controllers.",Schneider Electric,"Modicon M340 Cpu (part Numbers Bmxp34*),Modicon M580 Cpu (part Numbers Bmep* And Bmeh*),Modicon M580 Cpu Safety (part Numbers Bmep58*s And Bmeh58*s),Modicon Momentum Unity M1e Processor (171cbu*),Modicon Mc80 (bmkc80),Legacy Modicon Quantum (140cpu65*),Legacy Modicon Premium Cpus (tsxp57*)",7.5,HIGH,0.0006300000241026282,false,,false,false,false,,,false,false,,2023-04-19T08:15:00.000Z,0
CVE-2021-22786,https://securityvulnerability.io/vulnerability/CVE-2021-22786,Information Exposure Vulnerability in Modicon Controllers by Schneider Electric,"A vulnerability exists in Schneider Electric's Modicon controllers that allows for sensitive information stored in memory to be accessed during communication via the Modbus TCP protocol. This information exposure could potentially compromise confidential data, making it imperative for users to ensure their systems are updated to mitigate such risks. Preventative measures should be taken to secure network communications and maintain confidentiality of data processed by these controllers.",Schneider Electric,"Modicon M340 Cpu (part Numbers Bmxp34*),Modicon M580 Cpu (part Numbers Bmep* And Bmeh*),Modicon M580 Cpu Safety (part Numbers Bmep58*s And Bmeh58*s),Modicon Mc80 (bmkc80),Modicon Momentum Cpu (171cbu*),Legacy Modicon Quantum",7.5,HIGH,0.0019600000232458115,false,,false,false,false,,,false,false,,2023-02-01T00:00:00.000Z,0
CVE-2022-45789,https://securityvulnerability.io/vulnerability/CVE-2022-45789,Authentication Bypass Vulnerability in EcoStruxure Controllers by Schneider Electric,"An authentication bypass vulnerability allows unauthorized execution of Modbus functions on Schneider Electric controllers. By hijacking an authenticated Modbus session, attackers can exploit this flaw, enabling them to execute unauthorized commands across various EcoStruxure products, including EcoStruxure Control Expert and EcoStruxure Process Expert, as well as Modicon CPUs. This poses significant risks to industrial control systems and requires immediate attention to secure affected systems.",Schneider Electric,"Ecostruxure Control Expert,Ecostruxure Process Expert,Modicon M340 Cpu (part Numbers Bmxp34*),Modicon M580 Cpu (part Numbers Bmep* And Bmeh*),Modicon M580 Cpu Safety (part Numbers Bmep58*s And Bmeh58*s)",8.1,HIGH,0.0025100000202655792,false,,false,false,false,,,false,false,,2023-01-31T00:00:00.000Z,0
CVE-2022-45788,https://securityvulnerability.io/vulnerability/CVE-2022-45788,Improper Condition Check in EcoStruxure Control Expert and Modicon Products,"A vulnerability exists within Schneider Electric's EcoStruxure Control Expert and various Modicon products due to improper checks for unusual or exceptional conditions. When a malicious project file is loaded onto the controller, it can lead to extensive security risks, including arbitrary code execution, potential denial of service, and a compromise of confidentiality and integrity. The scope of this vulnerability spans multiple versions of several products, indicating a widespread potential impact across Schneider Electric's portfolio.",Schneider Electric,"Ecostruxure Control Expert,Ecostruxure Process Expert,Modicon M340 Cpu (part Numbers Bmxp34*),Modicon M580 Cpu (part Numbers Bmep* And Bmeh*),Modicon M580 Cpu Safety (part Numbers Bmep58*s And Bmeh58*s),Modicon Momentum Unity M1e Processor (171cbu*),Modicon Mc80 (bmkc80),Legacy Modicon Quantum (140cpu65*) And Premium Cpus (tsxp57*)",7.5,HIGH,0.0018400000408291817,false,,false,false,false,,,false,false,,2023-01-30T00:00:00.000Z,0
CVE-2022-37301,https://securityvulnerability.io/vulnerability/CVE-2022-37301,Integer Underflow Vulnerability in Modicon Controllers by Schneider Electric,"A vulnerability exists in Schneider Electric's Modicon controllers that allows for an integer underflow, causing a potential denial of service. This issue arises when using the Modbus TCP protocol, leading to memory access violations. As a result, affected controllers may become unresponsive, impacting operational reliability. Users are encouraged to review their systems and implement necessary updates to mitigate this vulnerability.",Schneider Electric,"Modicon M340 Cpu (part Numbers Bmxp34*),Modicon M580 Cpu (part Numbers Bmep* And Bmeh*),Legacy Modicon Quantum/premium,Modicon Momentum Mdi (171cbu*),Modicon Mc80 (bmkc80)",7.5,HIGH,0.0008900000248104334,false,,false,false,false,,,false,false,,2022-11-22T00:00:00.000Z,0
CVE-2022-0222,https://securityvulnerability.io/vulnerability/CVE-2022-0222,Improper Privilege Management in Modicon M340 Ethernet Communication Modules by Schneider Electric,"An improper privilege management vulnerability has been identified in Schneider Electric's Modicon M340 series, which may lead to a denial of service for Ethernet communication. The flaw allows unauthorized users to manipulate SNMP requests, disrupting the communication of the affected controller models. This vulnerability specifically impacts Modicon M340 CPUs and corresponding Ethernet communication modules, making it critical for users to review and patch affected versions.",Schneider Electric,"Modicon M340 CPUs,Modicon M340 X80 Ethernet Communication modules: BMXNOE0100 (H) BMXNOE0110 (H) BMXNOR0200H RTU",7.5,HIGH,0.0008900000248104334,false,,false,false,false,,,false,false,,2022-11-22T00:00:00.000Z,0
CVE-2022-37300,https://securityvulnerability.io/vulnerability/CVE-2022-37300,Weak Password Recovery Mechanism in EcoStruxure Control Expert and Modicon CPUs,"A vulnerability exists due to a weak password recovery mechanism that enables unauthorized access with read and write capabilities to the controller through Modbus communication. This can compromise the integrity and security of industrial control systems, affecting products like EcoStruxure Control Expert and various Modicon CPUs, posing significant risks for operational technology environments.",Schneider Electric,"Ecostruxure Control Expert,Ecostruxure Process Expert,Modicon M340 Cpu,Modicon M580 Cpu",9.8,CRITICAL,0.002630000002682209,false,,false,false,false,,,false,false,,2022-09-12T17:40:10.000Z,0
CVE-2021-22788,https://securityvulnerability.io/vulnerability/CVE-2021-22788,Out-of-bounds Write Vulnerability in Schneider Electric Modicon Products,"An out-of-bounds write vulnerability exists in Schneider Electric's Modicon products, which can be exploited by attackers to cause denial of service. By sending specially crafted HTTP requests to the affected devices, attackers may disrupt the normal operation of the web server, potentially leading to significant service downtime. This vulnerability affects various Modicon processors and communication modules, necessitating immediate attention from users to implement corrective measures.",Schneider Electric,"Modicon M340 Cpus: Bmxp34 (versions Prior To V3.40), Modicon M340 X80 Ethernet Communication Modules: Bmxnoe0100 (h), Bmxnoe0110 (h), Bmxnoc0401, Bmxnor0200h Rtu (all Versions), Modicon Premium Processors With Integrated Ethernet (copro): Tsxp574634, Tsxp575634, Tsxp576634 (all Versions), Modicon Quantum Processors With Integrated Ethernet (copro): 140cpu65xxxxx (all Versions), Modicon Quantum Communication Modules: 140noe771x1, 140noc78x00, 140noc77101 (all Versions), Modicon Premium Communication Modules: Tsxety4103, Tsxety5103 (all Versions)",7.5,HIGH,0.0015800000401213765,false,,false,false,false,,,false,false,,2022-02-11T17:40:33.000Z,0
CVE-2021-22787,https://securityvulnerability.io/vulnerability/CVE-2021-22787,Improper Input Validation Vulnerability in Modicon M340 and Quantum Products by Schneider Electric,"An improper input validation vulnerability in Schneider Electric's Modicon products could lead to a denial of service. This issue arises when an attacker sends a specially crafted HTTP request to the affected device’s web server, exploiting the lack of proper validation mechanisms. This vulnerability affects various models within the Modicon M340 series, Quantum processors, and other communication modules, impacting their operational stability. Users of these devices are advised to implement appropriate security measures and consider upgrading to secure versions.",Schneider Electric,"Modicon M340 Cpus: Bmxp34 (versions Prior To V3.40), Modicon M340 X80 Ethernet Communication Modules: Bmxnoe0100 (h), Bmxnoe0110 (h), Bmxnoc0401, Bmxnor0200h Rtu (all Versions), Modicon Premium Processors With Integrated Ethernet (copro): Tsxp574634, Tsxp575634, Tsxp576634 (all Versions), Modicon Quantum Processors With Integrated Ethernet (copro): 140cpu65xxxxx (all Versions), Modicon Quantum Communication Modules: 140noe771x1, 140noc78x00, 140noc77101 (all Versions), Modicon Premium Communication Modules: Tsxety4103, Tsxety5103 (all Versions)",7.5,HIGH,0.0010999999940395355,false,,false,false,false,,,false,false,,2022-02-11T17:40:32.000Z,0
CVE-2021-22785,https://securityvulnerability.io/vulnerability/CVE-2021-22785,Information Exposure Vulnerability in Modicon M340 and Premium Processors by Schneider Electric,"An information exposure vulnerability has been identified in Schneider Electric’s Modicon CPUs, which allows an unauthorized attacker to access sensitive data residing in the web root directory. This exposure can occur when a malicious actor sends a specially crafted HTTP request to the device's web server, enabling them to leak confidential information. Affected devices include various models of Modicon M340, Premium, and Quantum processors, highlighting the significance of timely updates and securing network environments against potential exploits.",Schneider Electric,"Modicon M340 Cpus: Bmxp34 (versions Prior To V3.40), Modicon M340 X80 Ethernet Communication Modules: Bmxnoe0100 (h), Bmxnoe0110 (h), Bmxnoc0401, Bmxnor0200h Rtu (all Versions), Modicon Premium Processors With Integrated Ethernet (copro): Tsxp574634, Tsxp575634, Tsxp576634 (all Versions), Modicon Quantum Processors With Integrated Ethernet (copro): 140cpu65xxxxx (all Versions), Modicon Quantum Communication Modules: 140noe771x1, 140noc78x00, 140noc77101 (all Versions), Modicon Premium Communication Modules: Tsxety4103, Tsxety5103 (all Versions)",7.5,HIGH,0.002199999988079071,false,,false,false,false,,,false,false,,2022-02-11T17:40:31.000Z,0
CVE-2020-7534,https://securityvulnerability.io/vulnerability/CVE-2020-7534,Cross-Site Request Forgery Vulnerability in Modicon CPUs by Schneider Electric,"A Cross-Site Request Forgery (CSRF) vulnerability has been identified in Schneider Electric's Modicon CPUs, which could potentially allow attackers to execute unauthorized actions and expose sensitive information while a user is logged into the web server. This vulnerability affects various models including Modicon M340, Quantum, and Premium CPUs with integrated Ethernet, as well as specific ethernet modules and communication modules. Proper safeguards should be implemented to mitigate the risks associated with this vulnerability.",Schneider Electric,"Modicon M340 Cpus: Bmxp34 (all Versions), Modicon Quantum Cpus With Integrated Ethernet (copro): 140cpu65 (all Versions), Modicon Premium Cpus With Integrated Ethernet (copro): Tsxp57 (all Versions), Modicon M340 Ethernet Modules: (bmxnoc0401, Bmxnoe01, Bmxnor0200h) (all Versions), Modicon Quantum And Premium Factory Cast Communication Modules: (140noe77111, 140noc78*00, Tsxety5103, Tsxety4103)",8.8,HIGH,0.0007300000288523734,false,,false,false,false,,,false,false,,2022-02-04T22:29:36.000Z,0
CVE-2022-22724,https://securityvulnerability.io/vulnerability/CVE-2022-22724,Uncontrolled Resource Consumption Vulnerability in Modicon M340 CPUs by Schneider Electric,"An uncontrolled resource consumption vulnerability allows an attacker to launch a denial of service (DoS) attack on Modicon M340 CPUs. By sending a large volume of TCP RST or FIN packets to open TCP ports, particularly on ports 80 (HTTP) and 502 (Modbus), an attacker can overwhelm the CPU's resources, potentially disrupting its availability and functionality.",Schneider Electric,Modicon M340 Cpus: Bmxp34 (all Versions),7.5,HIGH,0.0010300000431016088,false,,false,false,false,,,false,false,,2022-02-04T22:29:36.000Z,0
CVE-2021-22792,https://securityvulnerability.io/vulnerability/CVE-2021-22792,NULL Pointer Dereference Vulnerability in Schneider Electric Modicon Series,"A vulnerability exists in various Schneider Electric Modicon PLC controllers and simulators that allows a specially crafted project file to cause a NULL Pointer Dereference. This can lead to a Denial of Service, affecting the operational capabilities of the affected devices. Users are advised to apply the latest security updates to mitigate potential risks. This vulnerability impacts a range of products, including the Modicon M580, M340, MC80, and others.",Schneider Electric,"Modicon M580 Cpu (part Numbers Bmep* And Bmeh*, All Versions), Modicon M340 Cpu (part Numbers Bmxp34*, All Versions), Modicon Mc80 (part Numbers Bmkc80*, All Versions), Modicon Momentum Ethernet Cpu (part Numbers 171cbu*, All Versions), Plc Simulator For Ecostruxureª Control Expert, Including All Unity Pro Versions (former Name Of Ecostruxureª Control Expert, All Versions), Plc Simulator For Ecostruxureª Process Expert Including All Hdcs Versions (former Name Of Ecostruxureª Process Expert, All Versions), Modicon Quantum Cpu (part Numbers 140cpu*, All Versions), Modicon Premium Cpu (part Numbers Tsxp5*, All Versions)",7.5,HIGH,0.0007099999929778278,false,,false,false,false,,,false,false,,2021-09-02T16:53:00.000Z,0
CVE-2021-22791,https://securityvulnerability.io/vulnerability/CVE-2021-22791,Out-of-bounds Write Vulnerability in Modicon PLC Controllers by Schneider Electric,"An out-of-bounds write vulnerability exists in various Modicon PLC controllers and simulators from Schneider Electric, which could be exploited when a specially crafted project file is used to update controller applications. This flaw may enable an attacker to cause a Denial of Service, potentially disrupting PLC operations and affecting system stability. It is critical for users of the affected products to ensure they are applying relevant updates and implementing security best practices to safeguard their systems.",Schneider Electric,"Modicon M580 Cpu (part Numbers Bmep* And Bmeh*, All Versions), Modicon M340 Cpu (part Numbers Bmxp34*, All Versions), Modicon Mc80 (part Numbers Bmkc80*, All Versions), Modicon Momentum Ethernet Cpu (part Numbers 171cbu*, All Versions), Plc Simulator For Ecostruxureª Control Expert, Including All Unity Pro Versions (former Name Of Ecostruxureª Control Expert, All Versions), Plc Simulator For Ecostruxureª Process Expert Including All Hdcs Versions (former Name Of Ecostruxureª Process Expert, All Versions), Modicon Quantum Cpu (part Numbers 140cpu*, All Versions), Modicon Premium Cpu (part Numbers Tsxp5*, All Versions)",6.5,MEDIUM,0.0006799999973736703,false,,false,false,false,,,false,false,,2021-09-02T16:52:51.000Z,0
CVE-2021-22790,https://securityvulnerability.io/vulnerability/CVE-2021-22790,Denial of Service Vulnerability in Schneider Electric Modicon Controllers,"A vulnerability exists within Schneider Electric's Modicon PLC controllers and simulators that allows for an out-of-bounds read, potentially triggering a Denial of Service condition. This issue can arise when a specially crafted project file is used to update the controller application, impacting various models including Modicon M580, M340, MC80, Momentum Ethernet CPU, as well as simulators associated with their EcoStruxure Control Expert and Process Expert platforms.",Schneider Electric,"Modicon M580 Cpu (part Numbers Bmep* And Bmeh*, All Versions), Modicon M340 Cpu (part Numbers Bmxp34*, All Versions), Modicon Mc80 (part Numbers Bmkc80*, All Versions), Modicon Momentum Ethernet Cpu (part Numbers 171cbu*, All Versions), Plc Simulator For Ecostruxureª Control Expert, Including All Unity Pro Versions (former Name Of Ecostruxureª Control Expert, All Versions), Plc Simulator For Ecostruxureª Process Expert Including All Hdcs Versions (former Name Of Ecostruxureª Process Expert, All Versions), Modicon Quantum Cpu (part Numbers 140cpu*, All Versions), Modicon Premium Cpu (part Numbers Tsxp5*, All Versions)",6.5,MEDIUM,0.0006799999973736703,false,,false,false,false,,,false,false,,2021-09-02T16:52:39.000Z,0
CVE-2021-22789,https://securityvulnerability.io/vulnerability/CVE-2021-22789,Buffer Overflow Vulnerability in Modicon PLC Controllers by Schneider Electric,"A vulnerability associated with improper memory boundary restrictions exists in various Modicon PLC controllers and simulators developed by Schneider Electric. This flaw can be exploited when a specially crafted project file is used to update the controller application, potentially leading to a Denial of Service condition. The affected products include multiple models of the Modicon PLC series as well as their associated simulators, affecting numerous deployment environments.",Schneider Electric,"Modicon M580 Cpu (part Numbers Bmep* And Bmeh*, All Versions), Modicon M340 Cpu (part Numbers Bmxp34*, All Versions), Modicon Mc80 (part Numbers Bmkc80*, All Versions), Modicon Momentum Ethernet Cpu (part Numbers 171cbu*, All Versions), Plc Simulator For Ecostruxureª Control Expert, Including All Unity Pro Versions (former Name Of Ecostruxureª Control Expert, All Versions), Plc Simulator For Ecostruxureª Process Expert Including All Hdcs Versions (former Name Of Ecostruxureª Process Expert, All Versions), Modicon Quantum Cpu (part Numbers 140cpu*, All Versions), Modicon Premium Cpu (part Numbers Tsxp5*, All Versions)",6.5,MEDIUM,0.0008099999977275729,false,,false,false,false,,,false,false,,2021-09-02T16:52:25.000Z,0
CVE-2021-22779,https://securityvulnerability.io/vulnerability/CVE-2021-22779,Authentication Bypass Vulnerability in Schneider Electric EcoStruxure Products,"A significant vulnerability exists in various Schneider Electric EcoStruxure products, enabling attackers to exploit an authentication bypass by spoofing the Modbus communication. This flaw allows unauthorized individuals to gain read and write access to controllers, raising critical security concerns for industrial environments. The vulnerability affects multiple product lines, including EcoStruxure Control Expert, Unity Pro, and various Modicon CPUs, emphasizing the need for prompt action to mitigate risks.",Schneider Electric,"Ecostruxure Control Expert (all Versions Prior To V15.0 Sp1, Including All Versions Of Unity Pro), Ecostruxure Control Expert V15.0 Sp1, Ecostruxure Process Expert (all Versions, Including All Versions Of Ecostruxure Hybrid Dcs), Scadapack Remoteconnect For X70 (all Versions), Modicon M580 Cpu (all Versions - Part Numbers Bmep* And Bmeh*), Modicon M340 Cpu (all Versions - Part Numbers Bmxp34*)",9.1,CRITICAL,0.0016499999910593033,false,,false,false,false,,,false,false,,2021-07-14T14:26:41.000Z,0
CVE-2020-7549,https://securityvulnerability.io/vulnerability/CVE-2020-7549,Improper Check Vulnerability in Modicon Controllers by Schneider Electric,"A vulnerability exists in the Web Server of Schneider Electric's Modicon M340, Quantum, and Premium controllers, including associated Communication Modules. This issue arises due to an improper check for unusual conditions, potentially allowing an attacker to send a series of specially crafted requests to the controller over HTTP. As a result, this may lead to a denial of HTTP and FTP services, disrupting normal operations and potentially impacting industrial processes.",Schneider Electric,"Web Server On Modicon M340, Legacy Offers Modicon Quantum And Modicon Premium And Associated Communication Modules (see Security Notification For Affected Versions)",5.3,MEDIUM,0.0009200000204145908,false,,false,false,false,,,false,false,,2020-12-11T00:52:26.000Z,0
CVE-2020-7543,https://securityvulnerability.io/vulnerability/CVE-2020-7543,Denial of Service Vulnerability in Modicon Controllers by Schneider Electric,"A vulnerability exists within Modicon controllers produced by Schneider Electric that can lead to a denial of service condition. This occurs when a specially crafted Read Physical Memory request is sent over the Modbus protocol to the affected controllers. Such exploitation may disrupt the regular operations of the devices, posing a risk to the stability and security of the control system. It is critical for users of Modicon M580, M340, Quantum, and Premium controllers to update their systems and apply necessary mitigations as per the latest security advisories.",Schneider Electric,"Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see Security Notifications For Affected Versions)",7.5,HIGH,0.0010300000431016088,false,,false,false,false,,,false,false,,2020-12-11T00:52:21.000Z,0
CVE-2020-7542,https://securityvulnerability.io/vulnerability/CVE-2020-7542,Improper Condition Check Vulnerability in Modicon Controllers by Schneider Electric,"A vulnerability exists in Schneider Electric's Modicon controllers, including models M580, M340, Quantum, and Premium, due to inadequate checks for exceptional conditions. When an attacker sends a specially crafted Read Physical Memory request over the Modbus protocol, it may lead to a denial of service, disrupting operations and potentially impacting the availability of the affected controllers.",Schneider Electric,"Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see Security Notifications For Affected Versions)",7.5,HIGH,0.0010300000431016088,false,,false,false,false,,,false,false,,2020-12-11T00:52:14.000Z,0
CVE-2020-7541,https://securityvulnerability.io/vulnerability/CVE-2020-7541,Direct Request Vulnerability in Modicon Web Server by Schneider Electric,"A vulnerability in the Web Server of Schneider Electric's Modicon M340, Modicon Quantum, and Modicon Premium products allows unauthorized disclosure of sensitive data. This occurs when a malicious actor sends specially crafted requests to the controller over HTTP. The flaw stems from improper handling of direct requests, potentially exposing critical information if exploited.",Schneider Electric,"Web Server On Modicon M340, Legacy Offers Modicon Quantum And Modicon Premium And Associated Communication Modules (see Security Notification For Affected Versions)",5.3,MEDIUM,0.0008399999933317304,false,,false,false,false,,,false,false,,2020-12-11T00:52:09.000Z,0