cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-6408,https://securityvulnerability.io/vulnerability/CVE-2023-6408,Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability,"A vulnerability exists in Schneider Electric's communication systems which allows for improper enforcement of message integrity during transmission, potentially enabling attackers to execute Man-in-the-Middle attacks. This flaw raises serious concerns for the confidentiality and integrity of data as unauthorized entities might intercept and manipulate communications. If exploited, this vulnerability can result in significant disruptions and a dangerous compromise of sensitive information within the affected systems.",Schneider Electric,"Modicon M340 Cpu (part Numbers Bmxp34*),Modicon M580 Cpu (part Numbers Bmep* And Bmeh*, Excluding M580 Cpu Safety),Modicon M580 Cpu Safety (part Numbers Bmep58*s And Bmeh58*s),Ecostruxure Control Expert,Ecostruxure Process Expert",8.1,HIGH,0.0016599999507889152,false,,false,false,false,,,false,false,,2024-02-14T16:52:24.805Z,0
CVE-2023-25620,https://securityvulnerability.io/vulnerability/CVE-2023-25620,Improper Condition Check Vulnerability in Schneider Electric Controllers,"A security vulnerability exists in Schneider Electric Controllers that may lead to a denial of service if a malicious project file is uploaded by an authenticated user. This improper handling of unusual conditions, classified under CWE-754, exposes the controller to potential disruptions in operation. Users must ensure their systems are updated and secure against such vulnerabilities to maintain operational integrity and safety.",Schneider Electric,"Modicon M340 Cpu (part Numbers Bmxp34*),Modicon M580 Cpu (part Numbers Bmep* And Bmeh*),Modicon M580 Cpu Safety (part Numbers Bmep58*s And Bmeh58*s),Modicon Momentum Unity M1e Processor (171cbu*),Modicon Mc80 (bmkc80),Legacy Modicon Quantum (140cpu65*),Legacy Modicon Premium Cpus (tsxp57*)",6.5,MEDIUM,0.000590000010561198,false,,false,false,false,,,false,false,,2023-04-19T09:15:00.000Z,0
CVE-2023-25619,https://securityvulnerability.io/vulnerability/CVE-2023-25619,Denial of Service Vulnerability in Schneider Electric Modicon Controllers,"A vulnerability exists in Schneider Electric's Modicon controllers, where improper checks for unusual or exceptional conditions can lead to a denial of service when devices communicate using the Modbus TCP protocol. This could disrupt operations and requires immediate attention for proper remediation to ensure the integrity and availability of the affected controllers.",Schneider Electric,"Modicon M340 Cpu (part Numbers Bmxp34*),Modicon M580 Cpu (part Numbers Bmep* And Bmeh*),Modicon M580 Cpu Safety (part Numbers Bmep58*s And Bmeh58*s),Modicon Momentum Unity M1e Processor (171cbu*),Modicon Mc80 (bmkc80),Legacy Modicon Quantum (140cpu65*),Legacy Modicon Premium Cpus (tsxp57*)",7.5,HIGH,0.0006300000241026282,false,,false,false,false,,,false,false,,2023-04-19T08:15:00.000Z,0
CVE-2021-22786,https://securityvulnerability.io/vulnerability/CVE-2021-22786,Information Exposure Vulnerability in Modicon Controllers by Schneider Electric,"A vulnerability exists in Schneider Electric's Modicon controllers that allows for sensitive information stored in memory to be accessed during communication via the Modbus TCP protocol. This information exposure could potentially compromise confidential data, making it imperative for users to ensure their systems are updated to mitigate such risks. Preventative measures should be taken to secure network communications and maintain confidentiality of data processed by these controllers.",Schneider Electric,"Modicon M340 Cpu (part Numbers Bmxp34*),Modicon M580 Cpu (part Numbers Bmep* And Bmeh*),Modicon M580 Cpu Safety (part Numbers Bmep58*s And Bmeh58*s),Modicon Mc80 (bmkc80),Modicon Momentum Cpu (171cbu*),Legacy Modicon Quantum",7.5,HIGH,0.0019600000232458115,false,,false,false,false,,,false,false,,2023-02-01T00:00:00.000Z,0
CVE-2022-45789,https://securityvulnerability.io/vulnerability/CVE-2022-45789,Authentication Bypass Vulnerability in EcoStruxure Controllers by Schneider Electric,"An authentication bypass vulnerability allows unauthorized execution of Modbus functions on Schneider Electric controllers. By hijacking an authenticated Modbus session, attackers can exploit this flaw, enabling them to execute unauthorized commands across various EcoStruxure products, including EcoStruxure Control Expert and EcoStruxure Process Expert, as well as Modicon CPUs. This poses significant risks to industrial control systems and requires immediate attention to secure affected systems.",Schneider Electric,"Ecostruxure Control Expert,Ecostruxure Process Expert,Modicon M340 Cpu (part Numbers Bmxp34*),Modicon M580 Cpu (part Numbers Bmep* And Bmeh*),Modicon M580 Cpu Safety (part Numbers Bmep58*s And Bmeh58*s)",8.1,HIGH,0.0025100000202655792,false,,false,false,false,,,false,false,,2023-01-31T00:00:00.000Z,0
CVE-2022-45788,https://securityvulnerability.io/vulnerability/CVE-2022-45788,Improper Condition Check in EcoStruxure Control Expert and Modicon Products,"A vulnerability exists within Schneider Electric's EcoStruxure Control Expert and various Modicon products due to improper checks for unusual or exceptional conditions. When a malicious project file is loaded onto the controller, it can lead to extensive security risks, including arbitrary code execution, potential denial of service, and a compromise of confidentiality and integrity. The scope of this vulnerability spans multiple versions of several products, indicating a widespread potential impact across Schneider Electric's portfolio.",Schneider Electric,"Ecostruxure Control Expert,Ecostruxure Process Expert,Modicon M340 Cpu (part Numbers Bmxp34*),Modicon M580 Cpu (part Numbers Bmep* And Bmeh*),Modicon M580 Cpu Safety (part Numbers Bmep58*s And Bmeh58*s),Modicon Momentum Unity M1e Processor (171cbu*),Modicon Mc80 (bmkc80),Legacy Modicon Quantum (140cpu65*) And Premium Cpus (tsxp57*)",7.5,HIGH,0.0018400000408291817,false,,false,false,false,,,false,false,,2023-01-30T00:00:00.000Z,0
CVE-2022-37301,https://securityvulnerability.io/vulnerability/CVE-2022-37301,Integer Underflow Vulnerability in Modicon Controllers by Schneider Electric,"A vulnerability exists in Schneider Electric's Modicon controllers that allows for an integer underflow, causing a potential denial of service. This issue arises when using the Modbus TCP protocol, leading to memory access violations. As a result, affected controllers may become unresponsive, impacting operational reliability. Users are encouraged to review their systems and implement necessary updates to mitigate this vulnerability.",Schneider Electric,"Modicon M340 Cpu (part Numbers Bmxp34*),Modicon M580 Cpu (part Numbers Bmep* And Bmeh*),Legacy Modicon Quantum/premium,Modicon Momentum Mdi (171cbu*),Modicon Mc80 (bmkc80)",7.5,HIGH,0.0008900000248104334,false,,false,false,false,,,false,false,,2022-11-22T00:00:00.000Z,0
CVE-2021-22792,https://securityvulnerability.io/vulnerability/CVE-2021-22792,NULL Pointer Dereference Vulnerability in Schneider Electric Modicon Series,"A vulnerability exists in various Schneider Electric Modicon PLC controllers and simulators that allows a specially crafted project file to cause a NULL Pointer Dereference. This can lead to a Denial of Service, affecting the operational capabilities of the affected devices. Users are advised to apply the latest security updates to mitigate potential risks. This vulnerability impacts a range of products, including the Modicon M580, M340, MC80, and others.",Schneider Electric,"Modicon M580 Cpu (part Numbers Bmep* And Bmeh*, All Versions), Modicon M340 Cpu (part Numbers Bmxp34*, All Versions), Modicon Mc80 (part Numbers Bmkc80*, All Versions), Modicon Momentum Ethernet Cpu (part Numbers 171cbu*, All Versions), Plc Simulator For Ecostruxureª Control Expert, Including All Unity Pro Versions (former Name Of Ecostruxureª Control Expert, All Versions), Plc Simulator For Ecostruxureª Process Expert Including All Hdcs Versions (former Name Of Ecostruxureª Process Expert, All Versions), Modicon Quantum Cpu (part Numbers 140cpu*, All Versions), Modicon Premium Cpu (part Numbers Tsxp5*, All Versions)",7.5,HIGH,0.0007099999929778278,false,,false,false,false,,,false,false,,2021-09-02T16:53:00.000Z,0
CVE-2021-22791,https://securityvulnerability.io/vulnerability/CVE-2021-22791,Out-of-bounds Write Vulnerability in Modicon PLC Controllers by Schneider Electric,"An out-of-bounds write vulnerability exists in various Modicon PLC controllers and simulators from Schneider Electric, which could be exploited when a specially crafted project file is used to update controller applications. This flaw may enable an attacker to cause a Denial of Service, potentially disrupting PLC operations and affecting system stability. It is critical for users of the affected products to ensure they are applying relevant updates and implementing security best practices to safeguard their systems.",Schneider Electric,"Modicon M580 Cpu (part Numbers Bmep* And Bmeh*, All Versions), Modicon M340 Cpu (part Numbers Bmxp34*, All Versions), Modicon Mc80 (part Numbers Bmkc80*, All Versions), Modicon Momentum Ethernet Cpu (part Numbers 171cbu*, All Versions), Plc Simulator For Ecostruxureª Control Expert, Including All Unity Pro Versions (former Name Of Ecostruxureª Control Expert, All Versions), Plc Simulator For Ecostruxureª Process Expert Including All Hdcs Versions (former Name Of Ecostruxureª Process Expert, All Versions), Modicon Quantum Cpu (part Numbers 140cpu*, All Versions), Modicon Premium Cpu (part Numbers Tsxp5*, All Versions)",6.5,MEDIUM,0.0006799999973736703,false,,false,false,false,,,false,false,,2021-09-02T16:52:51.000Z,0
CVE-2021-22790,https://securityvulnerability.io/vulnerability/CVE-2021-22790,Denial of Service Vulnerability in Schneider Electric Modicon Controllers,"A vulnerability exists within Schneider Electric's Modicon PLC controllers and simulators that allows for an out-of-bounds read, potentially triggering a Denial of Service condition. This issue can arise when a specially crafted project file is used to update the controller application, impacting various models including Modicon M580, M340, MC80, Momentum Ethernet CPU, as well as simulators associated with their EcoStruxure Control Expert and Process Expert platforms.",Schneider Electric,"Modicon M580 Cpu (part Numbers Bmep* And Bmeh*, All Versions), Modicon M340 Cpu (part Numbers Bmxp34*, All Versions), Modicon Mc80 (part Numbers Bmkc80*, All Versions), Modicon Momentum Ethernet Cpu (part Numbers 171cbu*, All Versions), Plc Simulator For Ecostruxureª Control Expert, Including All Unity Pro Versions (former Name Of Ecostruxureª Control Expert, All Versions), Plc Simulator For Ecostruxureª Process Expert Including All Hdcs Versions (former Name Of Ecostruxureª Process Expert, All Versions), Modicon Quantum Cpu (part Numbers 140cpu*, All Versions), Modicon Premium Cpu (part Numbers Tsxp5*, All Versions)",6.5,MEDIUM,0.0006799999973736703,false,,false,false,false,,,false,false,,2021-09-02T16:52:39.000Z,0
CVE-2021-22789,https://securityvulnerability.io/vulnerability/CVE-2021-22789,Buffer Overflow Vulnerability in Modicon PLC Controllers by Schneider Electric,"A vulnerability associated with improper memory boundary restrictions exists in various Modicon PLC controllers and simulators developed by Schneider Electric. This flaw can be exploited when a specially crafted project file is used to update the controller application, potentially leading to a Denial of Service condition. The affected products include multiple models of the Modicon PLC series as well as their associated simulators, affecting numerous deployment environments.",Schneider Electric,"Modicon M580 Cpu (part Numbers Bmep* And Bmeh*, All Versions), Modicon M340 Cpu (part Numbers Bmxp34*, All Versions), Modicon Mc80 (part Numbers Bmkc80*, All Versions), Modicon Momentum Ethernet Cpu (part Numbers 171cbu*, All Versions), Plc Simulator For Ecostruxureª Control Expert, Including All Unity Pro Versions (former Name Of Ecostruxureª Control Expert, All Versions), Plc Simulator For Ecostruxureª Process Expert Including All Hdcs Versions (former Name Of Ecostruxureª Process Expert, All Versions), Modicon Quantum Cpu (part Numbers 140cpu*, All Versions), Modicon Premium Cpu (part Numbers Tsxp5*, All Versions)",6.5,MEDIUM,0.0008099999977275729,false,,false,false,false,,,false,false,,2021-09-02T16:52:25.000Z,0
CVE-2021-22779,https://securityvulnerability.io/vulnerability/CVE-2021-22779,Authentication Bypass Vulnerability in Schneider Electric EcoStruxure Products,"A significant vulnerability exists in various Schneider Electric EcoStruxure products, enabling attackers to exploit an authentication bypass by spoofing the Modbus communication. This flaw allows unauthorized individuals to gain read and write access to controllers, raising critical security concerns for industrial environments. The vulnerability affects multiple product lines, including EcoStruxure Control Expert, Unity Pro, and various Modicon CPUs, emphasizing the need for prompt action to mitigate risks.",Schneider Electric,"Ecostruxure Control Expert (all Versions Prior To V15.0 Sp1, Including All Versions Of Unity Pro), Ecostruxure Control Expert V15.0 Sp1, Ecostruxure Process Expert (all Versions, Including All Versions Of Ecostruxure Hybrid Dcs), Scadapack Remoteconnect For X70 (all Versions), Modicon M580 Cpu (all Versions - Part Numbers Bmep* And Bmeh*), Modicon M340 Cpu (all Versions - Part Numbers Bmxp34*)",9.1,CRITICAL,0.0016499999910593033,false,,false,false,false,,,false,false,,2021-07-14T14:26:41.000Z,0