cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-25620,https://securityvulnerability.io/vulnerability/CVE-2023-25620,Improper Condition Check Vulnerability in Schneider Electric Controllers,"A security vulnerability exists in Schneider Electric Controllers that may lead to a denial of service if a malicious project file is uploaded by an authenticated user. This improper handling of unusual conditions, classified under CWE-754, exposes the controller to potential disruptions in operation. Users must ensure their systems are updated and secure against such vulnerabilities to maintain operational integrity and safety.",Schneider Electric,"Modicon M340 Cpu (part Numbers Bmxp34*),Modicon M580 Cpu (part Numbers Bmep* And Bmeh*),Modicon M580 Cpu Safety (part Numbers Bmep58*s And Bmeh58*s),Modicon Momentum Unity M1e Processor (171cbu*),Modicon Mc80 (bmkc80),Legacy Modicon Quantum (140cpu65*),Legacy Modicon Premium Cpus (tsxp57*)",6.5,MEDIUM,0.000590000010561198,false,,false,false,false,,,false,false,,2023-04-19T09:15:00.000Z,0
CVE-2023-25619,https://securityvulnerability.io/vulnerability/CVE-2023-25619,Denial of Service Vulnerability in Schneider Electric Modicon Controllers,"A vulnerability exists in Schneider Electric's Modicon controllers, where improper checks for unusual or exceptional conditions can lead to a denial of service when devices communicate using the Modbus TCP protocol. This could disrupt operations and requires immediate attention for proper remediation to ensure the integrity and availability of the affected controllers.",Schneider Electric,"Modicon M340 Cpu (part Numbers Bmxp34*),Modicon M580 Cpu (part Numbers Bmep* And Bmeh*),Modicon M580 Cpu Safety (part Numbers Bmep58*s And Bmeh58*s),Modicon Momentum Unity M1e Processor (171cbu*),Modicon Mc80 (bmkc80),Legacy Modicon Quantum (140cpu65*),Legacy Modicon Premium Cpus (tsxp57*)",7.5,HIGH,0.0006300000241026282,false,,false,false,false,,,false,false,,2023-04-19T08:15:00.000Z,0
CVE-2021-22786,https://securityvulnerability.io/vulnerability/CVE-2021-22786,Information Exposure Vulnerability in Modicon Controllers by Schneider Electric,"A vulnerability exists in Schneider Electric's Modicon controllers that allows for sensitive information stored in memory to be accessed during communication via the Modbus TCP protocol. This information exposure could potentially compromise confidential data, making it imperative for users to ensure their systems are updated to mitigate such risks. Preventative measures should be taken to secure network communications and maintain confidentiality of data processed by these controllers.",Schneider Electric,"Modicon M340 Cpu (part Numbers Bmxp34*),Modicon M580 Cpu (part Numbers Bmep* And Bmeh*),Modicon M580 Cpu Safety (part Numbers Bmep58*s And Bmeh58*s),Modicon Mc80 (bmkc80),Modicon Momentum Cpu (171cbu*),Legacy Modicon Quantum",7.5,HIGH,0.0019600000232458115,false,,false,false,false,,,false,false,,2023-02-01T00:00:00.000Z,0
CVE-2022-45788,https://securityvulnerability.io/vulnerability/CVE-2022-45788,Improper Condition Check in EcoStruxure Control Expert and Modicon Products,"A vulnerability exists within Schneider Electric's EcoStruxure Control Expert and various Modicon products due to improper checks for unusual or exceptional conditions. When a malicious project file is loaded onto the controller, it can lead to extensive security risks, including arbitrary code execution, potential denial of service, and a compromise of confidentiality and integrity. The scope of this vulnerability spans multiple versions of several products, indicating a widespread potential impact across Schneider Electric's portfolio.",Schneider Electric,"Ecostruxure Control Expert,Ecostruxure Process Expert,Modicon M340 Cpu (part Numbers Bmxp34*),Modicon M580 Cpu (part Numbers Bmep* And Bmeh*),Modicon M580 Cpu Safety (part Numbers Bmep58*s And Bmeh58*s),Modicon Momentum Unity M1e Processor (171cbu*),Modicon Mc80 (bmkc80),Legacy Modicon Quantum (140cpu65*) And Premium Cpus (tsxp57*)",7.5,HIGH,0.0018400000408291817,false,,false,false,false,,,false,false,,2023-01-30T00:00:00.000Z,0
CVE-2022-37301,https://securityvulnerability.io/vulnerability/CVE-2022-37301,Integer Underflow Vulnerability in Modicon Controllers by Schneider Electric,"A vulnerability exists in Schneider Electric's Modicon controllers that allows for an integer underflow, causing a potential denial of service. This issue arises when using the Modbus TCP protocol, leading to memory access violations. As a result, affected controllers may become unresponsive, impacting operational reliability. Users are encouraged to review their systems and implement necessary updates to mitigate this vulnerability.",Schneider Electric,"Modicon M340 Cpu (part Numbers Bmxp34*),Modicon M580 Cpu (part Numbers Bmep* And Bmeh*),Legacy Modicon Quantum/premium,Modicon Momentum Mdi (171cbu*),Modicon Mc80 (bmkc80)",7.5,HIGH,0.0008900000248104334,false,,false,false,false,,,false,false,,2022-11-22T00:00:00.000Z,0
CVE-2021-22792,https://securityvulnerability.io/vulnerability/CVE-2021-22792,NULL Pointer Dereference Vulnerability in Schneider Electric Modicon Series,"A vulnerability exists in various Schneider Electric Modicon PLC controllers and simulators that allows a specially crafted project file to cause a NULL Pointer Dereference. This can lead to a Denial of Service, affecting the operational capabilities of the affected devices. Users are advised to apply the latest security updates to mitigate potential risks. This vulnerability impacts a range of products, including the Modicon M580, M340, MC80, and others.",Schneider Electric,"Modicon M580 Cpu (part Numbers Bmep* And Bmeh*, All Versions), Modicon M340 Cpu (part Numbers Bmxp34*, All Versions), Modicon Mc80 (part Numbers Bmkc80*, All Versions), Modicon Momentum Ethernet Cpu (part Numbers 171cbu*, All Versions), Plc Simulator For Ecostruxureª Control Expert, Including All Unity Pro Versions (former Name Of Ecostruxureª Control Expert, All Versions), Plc Simulator For Ecostruxureª Process Expert Including All Hdcs Versions (former Name Of Ecostruxureª Process Expert, All Versions), Modicon Quantum Cpu (part Numbers 140cpu*, All Versions), Modicon Premium Cpu (part Numbers Tsxp5*, All Versions)",7.5,HIGH,0.0007099999929778278,false,,false,false,false,,,false,false,,2021-09-02T16:53:00.000Z,0
CVE-2021-22791,https://securityvulnerability.io/vulnerability/CVE-2021-22791,Out-of-bounds Write Vulnerability in Modicon PLC Controllers by Schneider Electric,"An out-of-bounds write vulnerability exists in various Modicon PLC controllers and simulators from Schneider Electric, which could be exploited when a specially crafted project file is used to update controller applications. This flaw may enable an attacker to cause a Denial of Service, potentially disrupting PLC operations and affecting system stability. It is critical for users of the affected products to ensure they are applying relevant updates and implementing security best practices to safeguard their systems.",Schneider Electric,"Modicon M580 Cpu (part Numbers Bmep* And Bmeh*, All Versions), Modicon M340 Cpu (part Numbers Bmxp34*, All Versions), Modicon Mc80 (part Numbers Bmkc80*, All Versions), Modicon Momentum Ethernet Cpu (part Numbers 171cbu*, All Versions), Plc Simulator For Ecostruxureª Control Expert, Including All Unity Pro Versions (former Name Of Ecostruxureª Control Expert, All Versions), Plc Simulator For Ecostruxureª Process Expert Including All Hdcs Versions (former Name Of Ecostruxureª Process Expert, All Versions), Modicon Quantum Cpu (part Numbers 140cpu*, All Versions), Modicon Premium Cpu (part Numbers Tsxp5*, All Versions)",6.5,MEDIUM,0.0006799999973736703,false,,false,false,false,,,false,false,,2021-09-02T16:52:51.000Z,0
CVE-2021-22790,https://securityvulnerability.io/vulnerability/CVE-2021-22790,Denial of Service Vulnerability in Schneider Electric Modicon Controllers,"A vulnerability exists within Schneider Electric's Modicon PLC controllers and simulators that allows for an out-of-bounds read, potentially triggering a Denial of Service condition. This issue can arise when a specially crafted project file is used to update the controller application, impacting various models including Modicon M580, M340, MC80, Momentum Ethernet CPU, as well as simulators associated with their EcoStruxure Control Expert and Process Expert platforms.",Schneider Electric,"Modicon M580 Cpu (part Numbers Bmep* And Bmeh*, All Versions), Modicon M340 Cpu (part Numbers Bmxp34*, All Versions), Modicon Mc80 (part Numbers Bmkc80*, All Versions), Modicon Momentum Ethernet Cpu (part Numbers 171cbu*, All Versions), Plc Simulator For Ecostruxureª Control Expert, Including All Unity Pro Versions (former Name Of Ecostruxureª Control Expert, All Versions), Plc Simulator For Ecostruxureª Process Expert Including All Hdcs Versions (former Name Of Ecostruxureª Process Expert, All Versions), Modicon Quantum Cpu (part Numbers 140cpu*, All Versions), Modicon Premium Cpu (part Numbers Tsxp5*, All Versions)",6.5,MEDIUM,0.0006799999973736703,false,,false,false,false,,,false,false,,2021-09-02T16:52:39.000Z,0
CVE-2021-22789,https://securityvulnerability.io/vulnerability/CVE-2021-22789,Buffer Overflow Vulnerability in Modicon PLC Controllers by Schneider Electric,"A vulnerability associated with improper memory boundary restrictions exists in various Modicon PLC controllers and simulators developed by Schneider Electric. This flaw can be exploited when a specially crafted project file is used to update the controller application, potentially leading to a Denial of Service condition. The affected products include multiple models of the Modicon PLC series as well as their associated simulators, affecting numerous deployment environments.",Schneider Electric,"Modicon M580 Cpu (part Numbers Bmep* And Bmeh*, All Versions), Modicon M340 Cpu (part Numbers Bmxp34*, All Versions), Modicon Mc80 (part Numbers Bmkc80*, All Versions), Modicon Momentum Ethernet Cpu (part Numbers 171cbu*, All Versions), Plc Simulator For Ecostruxureª Control Expert, Including All Unity Pro Versions (former Name Of Ecostruxureª Control Expert, All Versions), Plc Simulator For Ecostruxureª Process Expert Including All Hdcs Versions (former Name Of Ecostruxureª Process Expert, All Versions), Modicon Quantum Cpu (part Numbers 140cpu*, All Versions), Modicon Premium Cpu (part Numbers Tsxp5*, All Versions)",6.5,MEDIUM,0.0008099999977275729,false,,false,false,false,,,false,false,,2021-09-02T16:52:25.000Z,0