cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-11425,https://securityvulnerability.io/vulnerability/CVE-2024-11425,Incorrect Buffer Size Calculation in Schneider Electric's Webserver Product,"A vulnerability exists in Schneider Electric's webserver that allows an unauthenticated user to send a specially crafted HTTPS packet, which can lead to a Denial-of-Service condition. This issue highlights improper buffer size calculations, enabling attackers to exploit the webserver, potentially rendering it inoperable. It is crucial for users to evaluate their systems and apply appropriate mitigations to safeguard against such vulnerabilities.",Schneider Electric,"Modicon M580 Cpu (part Numbers Bmep* And Bmeh*, Excluding M580 Cpu Safety),Modicon M580 Cpu Safety (part Numbers Bmep58*s And Bmeh58*s),Bmenor2200h,Evlink Pro Ac",8.7,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-17T09:00:32.335Z,0
CVE-2023-6408,https://securityvulnerability.io/vulnerability/CVE-2023-6408,Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability,"A vulnerability exists in Schneider Electric's communication systems which allows for improper enforcement of message integrity during transmission, potentially enabling attackers to execute Man-in-the-Middle attacks. This flaw raises serious concerns for the confidentiality and integrity of data as unauthorized entities might intercept and manipulate communications. If exploited, this vulnerability can result in significant disruptions and a dangerous compromise of sensitive information within the affected systems.",Schneider Electric,"Modicon M340 Cpu (part Numbers Bmxp34*),Modicon M580 Cpu (part Numbers Bmep* And Bmeh*, Excluding M580 Cpu Safety),Modicon M580 Cpu Safety (part Numbers Bmep58*s And Bmeh58*s),Ecostruxure Control Expert,Ecostruxure Process Expert",8.1,HIGH,0.0016599999507889152,false,,false,false,false,,,false,false,,2024-02-14T16:52:24.805Z,0
CVE-2023-25620,https://securityvulnerability.io/vulnerability/CVE-2023-25620,Improper Condition Check Vulnerability in Schneider Electric Controllers,"A security vulnerability exists in Schneider Electric Controllers that may lead to a denial of service if a malicious project file is uploaded by an authenticated user. This improper handling of unusual conditions, classified under CWE-754, exposes the controller to potential disruptions in operation. Users must ensure their systems are updated and secure against such vulnerabilities to maintain operational integrity and safety.",Schneider Electric,"Modicon M340 Cpu (part Numbers Bmxp34*),Modicon M580 Cpu (part Numbers Bmep* And Bmeh*),Modicon M580 Cpu Safety (part Numbers Bmep58*s And Bmeh58*s),Modicon Momentum Unity M1e Processor (171cbu*),Modicon Mc80 (bmkc80),Legacy Modicon Quantum (140cpu65*),Legacy Modicon Premium Cpus (tsxp57*)",6.5,MEDIUM,0.000590000010561198,false,,false,false,false,,,false,false,,2023-04-19T09:15:00.000Z,0
CVE-2023-25619,https://securityvulnerability.io/vulnerability/CVE-2023-25619,Denial of Service Vulnerability in Schneider Electric Modicon Controllers,"A vulnerability exists in Schneider Electric's Modicon controllers, where improper checks for unusual or exceptional conditions can lead to a denial of service when devices communicate using the Modbus TCP protocol. This could disrupt operations and requires immediate attention for proper remediation to ensure the integrity and availability of the affected controllers.",Schneider Electric,"Modicon M340 Cpu (part Numbers Bmxp34*),Modicon M580 Cpu (part Numbers Bmep* And Bmeh*),Modicon M580 Cpu Safety (part Numbers Bmep58*s And Bmeh58*s),Modicon Momentum Unity M1e Processor (171cbu*),Modicon Mc80 (bmkc80),Legacy Modicon Quantum (140cpu65*),Legacy Modicon Premium Cpus (tsxp57*)",7.5,HIGH,0.0006300000241026282,false,,false,false,false,,,false,false,,2023-04-19T08:15:00.000Z,0
CVE-2021-22786,https://securityvulnerability.io/vulnerability/CVE-2021-22786,Information Exposure Vulnerability in Modicon Controllers by Schneider Electric,"A vulnerability exists in Schneider Electric's Modicon controllers that allows for sensitive information stored in memory to be accessed during communication via the Modbus TCP protocol. This information exposure could potentially compromise confidential data, making it imperative for users to ensure their systems are updated to mitigate such risks. Preventative measures should be taken to secure network communications and maintain confidentiality of data processed by these controllers.",Schneider Electric,"Modicon M340 Cpu (part Numbers Bmxp34*),Modicon M580 Cpu (part Numbers Bmep* And Bmeh*),Modicon M580 Cpu Safety (part Numbers Bmep58*s And Bmeh58*s),Modicon Mc80 (bmkc80),Modicon Momentum Cpu (171cbu*),Legacy Modicon Quantum",7.5,HIGH,0.0019600000232458115,false,,false,false,false,,,false,false,,2023-02-01T00:00:00.000Z,0
CVE-2022-45789,https://securityvulnerability.io/vulnerability/CVE-2022-45789,Authentication Bypass Vulnerability in EcoStruxure Controllers by Schneider Electric,"An authentication bypass vulnerability allows unauthorized execution of Modbus functions on Schneider Electric controllers. By hijacking an authenticated Modbus session, attackers can exploit this flaw, enabling them to execute unauthorized commands across various EcoStruxure products, including EcoStruxure Control Expert and EcoStruxure Process Expert, as well as Modicon CPUs. This poses significant risks to industrial control systems and requires immediate attention to secure affected systems.",Schneider Electric,"Ecostruxure Control Expert,Ecostruxure Process Expert,Modicon M340 Cpu (part Numbers Bmxp34*),Modicon M580 Cpu (part Numbers Bmep* And Bmeh*),Modicon M580 Cpu Safety (part Numbers Bmep58*s And Bmeh58*s)",8.1,HIGH,0.0025100000202655792,false,,false,false,false,,,false,false,,2023-01-31T00:00:00.000Z,0
CVE-2022-45788,https://securityvulnerability.io/vulnerability/CVE-2022-45788,Improper Condition Check in EcoStruxure Control Expert and Modicon Products,"A vulnerability exists within Schneider Electric's EcoStruxure Control Expert and various Modicon products due to improper checks for unusual or exceptional conditions. When a malicious project file is loaded onto the controller, it can lead to extensive security risks, including arbitrary code execution, potential denial of service, and a compromise of confidentiality and integrity. The scope of this vulnerability spans multiple versions of several products, indicating a widespread potential impact across Schneider Electric's portfolio.",Schneider Electric,"Ecostruxure Control Expert,Ecostruxure Process Expert,Modicon M340 Cpu (part Numbers Bmxp34*),Modicon M580 Cpu (part Numbers Bmep* And Bmeh*),Modicon M580 Cpu Safety (part Numbers Bmep58*s And Bmeh58*s),Modicon Momentum Unity M1e Processor (171cbu*),Modicon Mc80 (bmkc80),Legacy Modicon Quantum (140cpu65*) And Premium Cpus (tsxp57*)",7.5,HIGH,0.0018400000408291817,false,,false,false,false,,,false,false,,2023-01-30T00:00:00.000Z,0