cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-25620,https://securityvulnerability.io/vulnerability/CVE-2023-25620,Improper Condition Check Vulnerability in Schneider Electric Controllers,"A security vulnerability exists in Schneider Electric Controllers that may lead to a denial of service if a malicious project file is uploaded by an authenticated user. This improper handling of unusual conditions, classified under CWE-754, exposes the controller to potential disruptions in operation. Users must ensure their systems are updated and secure against such vulnerabilities to maintain operational integrity and safety.",Schneider Electric,"Modicon M340 Cpu (part Numbers Bmxp34*),Modicon M580 Cpu (part Numbers Bmep* And Bmeh*),Modicon M580 Cpu Safety (part Numbers Bmep58*s And Bmeh58*s),Modicon Momentum Unity M1e Processor (171cbu*),Modicon Mc80 (bmkc80),Legacy Modicon Quantum (140cpu65*),Legacy Modicon Premium Cpus (tsxp57*)",6.5,MEDIUM,0.000590000010561198,false,,false,false,false,,,false,false,,2023-04-19T09:15:00.000Z,0
CVE-2023-25619,https://securityvulnerability.io/vulnerability/CVE-2023-25619,Denial of Service Vulnerability in Schneider Electric Modicon Controllers,"A vulnerability exists in Schneider Electric's Modicon controllers, where improper checks for unusual or exceptional conditions can lead to a denial of service when devices communicate using the Modbus TCP protocol. This could disrupt operations and requires immediate attention for proper remediation to ensure the integrity and availability of the affected controllers.",Schneider Electric,"Modicon M340 Cpu (part Numbers Bmxp34*),Modicon M580 Cpu (part Numbers Bmep* And Bmeh*),Modicon M580 Cpu Safety (part Numbers Bmep58*s And Bmeh58*s),Modicon Momentum Unity M1e Processor (171cbu*),Modicon Mc80 (bmkc80),Legacy Modicon Quantum (140cpu65*),Legacy Modicon Premium Cpus (tsxp57*)",7.5,HIGH,0.0006300000241026282,false,,false,false,false,,,false,false,,2023-04-19T08:15:00.000Z,0
CVE-2021-22786,https://securityvulnerability.io/vulnerability/CVE-2021-22786,Information Exposure Vulnerability in Modicon Controllers by Schneider Electric,"A vulnerability exists in Schneider Electric's Modicon controllers that allows for sensitive information stored in memory to be accessed during communication via the Modbus TCP protocol. This information exposure could potentially compromise confidential data, making it imperative for users to ensure their systems are updated to mitigate such risks. Preventative measures should be taken to secure network communications and maintain confidentiality of data processed by these controllers.",Schneider Electric,"Modicon M340 Cpu (part Numbers Bmxp34*),Modicon M580 Cpu (part Numbers Bmep* And Bmeh*),Modicon M580 Cpu Safety (part Numbers Bmep58*s And Bmeh58*s),Modicon Mc80 (bmkc80),Modicon Momentum Cpu (171cbu*),Legacy Modicon Quantum",7.5,HIGH,0.0019600000232458115,false,,false,false,false,,,false,false,,2023-02-01T00:00:00.000Z,0
CVE-2022-45788,https://securityvulnerability.io/vulnerability/CVE-2022-45788,Improper Condition Check in EcoStruxure Control Expert and Modicon Products,"A vulnerability exists within Schneider Electric's EcoStruxure Control Expert and various Modicon products due to improper checks for unusual or exceptional conditions. When a malicious project file is loaded onto the controller, it can lead to extensive security risks, including arbitrary code execution, potential denial of service, and a compromise of confidentiality and integrity. The scope of this vulnerability spans multiple versions of several products, indicating a widespread potential impact across Schneider Electric's portfolio.",Schneider Electric,"Ecostruxure Control Expert,Ecostruxure Process Expert,Modicon M340 Cpu (part Numbers Bmxp34*),Modicon M580 Cpu (part Numbers Bmep* And Bmeh*),Modicon M580 Cpu Safety (part Numbers Bmep58*s And Bmeh58*s),Modicon Momentum Unity M1e Processor (171cbu*),Modicon Mc80 (bmkc80),Legacy Modicon Quantum (140cpu65*) And Premium Cpus (tsxp57*)",7.5,HIGH,0.0018400000408291817,false,,false,false,false,,,false,false,,2023-01-30T00:00:00.000Z,0
CVE-2021-22788,https://securityvulnerability.io/vulnerability/CVE-2021-22788,Out-of-bounds Write Vulnerability in Schneider Electric Modicon Products,"An out-of-bounds write vulnerability exists in Schneider Electric's Modicon products, which can be exploited by attackers to cause denial of service. By sending specially crafted HTTP requests to the affected devices, attackers may disrupt the normal operation of the web server, potentially leading to significant service downtime. This vulnerability affects various Modicon processors and communication modules, necessitating immediate attention from users to implement corrective measures.",Schneider Electric,"Modicon M340 Cpus: Bmxp34 (versions Prior To V3.40), Modicon M340 X80 Ethernet Communication Modules: Bmxnoe0100 (h), Bmxnoe0110 (h), Bmxnoc0401, Bmxnor0200h Rtu (all Versions), Modicon Premium Processors With Integrated Ethernet (copro): Tsxp574634, Tsxp575634, Tsxp576634 (all Versions), Modicon Quantum Processors With Integrated Ethernet (copro): 140cpu65xxxxx (all Versions), Modicon Quantum Communication Modules: 140noe771x1, 140noc78x00, 140noc77101 (all Versions), Modicon Premium Communication Modules: Tsxety4103, Tsxety5103 (all Versions)",7.5,HIGH,0.0015800000401213765,false,,false,false,false,,,false,false,,2022-02-11T17:40:33.000Z,0
CVE-2021-22787,https://securityvulnerability.io/vulnerability/CVE-2021-22787,Improper Input Validation Vulnerability in Modicon M340 and Quantum Products by Schneider Electric,"An improper input validation vulnerability in Schneider Electric's Modicon products could lead to a denial of service. This issue arises when an attacker sends a specially crafted HTTP request to the affected device’s web server, exploiting the lack of proper validation mechanisms. This vulnerability affects various models within the Modicon M340 series, Quantum processors, and other communication modules, impacting their operational stability. Users of these devices are advised to implement appropriate security measures and consider upgrading to secure versions.",Schneider Electric,"Modicon M340 Cpus: Bmxp34 (versions Prior To V3.40), Modicon M340 X80 Ethernet Communication Modules: Bmxnoe0100 (h), Bmxnoe0110 (h), Bmxnoc0401, Bmxnor0200h Rtu (all Versions), Modicon Premium Processors With Integrated Ethernet (copro): Tsxp574634, Tsxp575634, Tsxp576634 (all Versions), Modicon Quantum Processors With Integrated Ethernet (copro): 140cpu65xxxxx (all Versions), Modicon Quantum Communication Modules: 140noe771x1, 140noc78x00, 140noc77101 (all Versions), Modicon Premium Communication Modules: Tsxety4103, Tsxety5103 (all Versions)",7.5,HIGH,0.0010999999940395355,false,,false,false,false,,,false,false,,2022-02-11T17:40:32.000Z,0
CVE-2021-22785,https://securityvulnerability.io/vulnerability/CVE-2021-22785,Information Exposure Vulnerability in Modicon M340 and Premium Processors by Schneider Electric,"An information exposure vulnerability has been identified in Schneider Electric’s Modicon CPUs, which allows an unauthorized attacker to access sensitive data residing in the web root directory. This exposure can occur when a malicious actor sends a specially crafted HTTP request to the device's web server, enabling them to leak confidential information. Affected devices include various models of Modicon M340, Premium, and Quantum processors, highlighting the significance of timely updates and securing network environments against potential exploits.",Schneider Electric,"Modicon M340 Cpus: Bmxp34 (versions Prior To V3.40), Modicon M340 X80 Ethernet Communication Modules: Bmxnoe0100 (h), Bmxnoe0110 (h), Bmxnoc0401, Bmxnor0200h Rtu (all Versions), Modicon Premium Processors With Integrated Ethernet (copro): Tsxp574634, Tsxp575634, Tsxp576634 (all Versions), Modicon Quantum Processors With Integrated Ethernet (copro): 140cpu65xxxxx (all Versions), Modicon Quantum Communication Modules: 140noe771x1, 140noc78x00, 140noc77101 (all Versions), Modicon Premium Communication Modules: Tsxety4103, Tsxety5103 (all Versions)",7.5,HIGH,0.002199999988079071,false,,false,false,false,,,false,false,,2022-02-11T17:40:31.000Z,0
CVE-2020-7534,https://securityvulnerability.io/vulnerability/CVE-2020-7534,Cross-Site Request Forgery Vulnerability in Modicon CPUs by Schneider Electric,"A Cross-Site Request Forgery (CSRF) vulnerability has been identified in Schneider Electric's Modicon CPUs, which could potentially allow attackers to execute unauthorized actions and expose sensitive information while a user is logged into the web server. This vulnerability affects various models including Modicon M340, Quantum, and Premium CPUs with integrated Ethernet, as well as specific ethernet modules and communication modules. Proper safeguards should be implemented to mitigate the risks associated with this vulnerability.",Schneider Electric,"Modicon M340 Cpus: Bmxp34 (all Versions), Modicon Quantum Cpus With Integrated Ethernet (copro): 140cpu65 (all Versions), Modicon Premium Cpus With Integrated Ethernet (copro): Tsxp57 (all Versions), Modicon M340 Ethernet Modules: (bmxnoc0401, Bmxnoe01, Bmxnor0200h) (all Versions), Modicon Quantum And Premium Factory Cast Communication Modules: (140noe77111, 140noc78*00, Tsxety5103, Tsxety4103)",8.8,HIGH,0.0007300000288523734,false,,false,false,false,,,false,false,,2022-02-04T22:29:36.000Z,0
CVE-2021-22792,https://securityvulnerability.io/vulnerability/CVE-2021-22792,NULL Pointer Dereference Vulnerability in Schneider Electric Modicon Series,"A vulnerability exists in various Schneider Electric Modicon PLC controllers and simulators that allows a specially crafted project file to cause a NULL Pointer Dereference. This can lead to a Denial of Service, affecting the operational capabilities of the affected devices. Users are advised to apply the latest security updates to mitigate potential risks. This vulnerability impacts a range of products, including the Modicon M580, M340, MC80, and others.",Schneider Electric,"Modicon M580 Cpu (part Numbers Bmep* And Bmeh*, All Versions), Modicon M340 Cpu (part Numbers Bmxp34*, All Versions), Modicon Mc80 (part Numbers Bmkc80*, All Versions), Modicon Momentum Ethernet Cpu (part Numbers 171cbu*, All Versions), Plc Simulator For Ecostruxureª Control Expert, Including All Unity Pro Versions (former Name Of Ecostruxureª Control Expert, All Versions), Plc Simulator For Ecostruxureª Process Expert Including All Hdcs Versions (former Name Of Ecostruxureª Process Expert, All Versions), Modicon Quantum Cpu (part Numbers 140cpu*, All Versions), Modicon Premium Cpu (part Numbers Tsxp5*, All Versions)",7.5,HIGH,0.0007099999929778278,false,,false,false,false,,,false,false,,2021-09-02T16:53:00.000Z,0
CVE-2021-22791,https://securityvulnerability.io/vulnerability/CVE-2021-22791,Out-of-bounds Write Vulnerability in Modicon PLC Controllers by Schneider Electric,"An out-of-bounds write vulnerability exists in various Modicon PLC controllers and simulators from Schneider Electric, which could be exploited when a specially crafted project file is used to update controller applications. This flaw may enable an attacker to cause a Denial of Service, potentially disrupting PLC operations and affecting system stability. It is critical for users of the affected products to ensure they are applying relevant updates and implementing security best practices to safeguard their systems.",Schneider Electric,"Modicon M580 Cpu (part Numbers Bmep* And Bmeh*, All Versions), Modicon M340 Cpu (part Numbers Bmxp34*, All Versions), Modicon Mc80 (part Numbers Bmkc80*, All Versions), Modicon Momentum Ethernet Cpu (part Numbers 171cbu*, All Versions), Plc Simulator For Ecostruxureª Control Expert, Including All Unity Pro Versions (former Name Of Ecostruxureª Control Expert, All Versions), Plc Simulator For Ecostruxureª Process Expert Including All Hdcs Versions (former Name Of Ecostruxureª Process Expert, All Versions), Modicon Quantum Cpu (part Numbers 140cpu*, All Versions), Modicon Premium Cpu (part Numbers Tsxp5*, All Versions)",6.5,MEDIUM,0.0006799999973736703,false,,false,false,false,,,false,false,,2021-09-02T16:52:51.000Z,0
CVE-2021-22790,https://securityvulnerability.io/vulnerability/CVE-2021-22790,Denial of Service Vulnerability in Schneider Electric Modicon Controllers,"A vulnerability exists within Schneider Electric's Modicon PLC controllers and simulators that allows for an out-of-bounds read, potentially triggering a Denial of Service condition. This issue can arise when a specially crafted project file is used to update the controller application, impacting various models including Modicon M580, M340, MC80, Momentum Ethernet CPU, as well as simulators associated with their EcoStruxure Control Expert and Process Expert platforms.",Schneider Electric,"Modicon M580 Cpu (part Numbers Bmep* And Bmeh*, All Versions), Modicon M340 Cpu (part Numbers Bmxp34*, All Versions), Modicon Mc80 (part Numbers Bmkc80*, All Versions), Modicon Momentum Ethernet Cpu (part Numbers 171cbu*, All Versions), Plc Simulator For Ecostruxureª Control Expert, Including All Unity Pro Versions (former Name Of Ecostruxureª Control Expert, All Versions), Plc Simulator For Ecostruxureª Process Expert Including All Hdcs Versions (former Name Of Ecostruxureª Process Expert, All Versions), Modicon Quantum Cpu (part Numbers 140cpu*, All Versions), Modicon Premium Cpu (part Numbers Tsxp5*, All Versions)",6.5,MEDIUM,0.0006799999973736703,false,,false,false,false,,,false,false,,2021-09-02T16:52:39.000Z,0
CVE-2021-22789,https://securityvulnerability.io/vulnerability/CVE-2021-22789,Buffer Overflow Vulnerability in Modicon PLC Controllers by Schneider Electric,"A vulnerability associated with improper memory boundary restrictions exists in various Modicon PLC controllers and simulators developed by Schneider Electric. This flaw can be exploited when a specially crafted project file is used to update the controller application, potentially leading to a Denial of Service condition. The affected products include multiple models of the Modicon PLC series as well as their associated simulators, affecting numerous deployment environments.",Schneider Electric,"Modicon M580 Cpu (part Numbers Bmep* And Bmeh*, All Versions), Modicon M340 Cpu (part Numbers Bmxp34*, All Versions), Modicon Mc80 (part Numbers Bmkc80*, All Versions), Modicon Momentum Ethernet Cpu (part Numbers 171cbu*, All Versions), Plc Simulator For Ecostruxureª Control Expert, Including All Unity Pro Versions (former Name Of Ecostruxureª Control Expert, All Versions), Plc Simulator For Ecostruxureª Process Expert Including All Hdcs Versions (former Name Of Ecostruxureª Process Expert, All Versions), Modicon Quantum Cpu (part Numbers 140cpu*, All Versions), Modicon Premium Cpu (part Numbers Tsxp5*, All Versions)",6.5,MEDIUM,0.0008099999977275729,false,,false,false,false,,,false,false,,2021-09-02T16:52:25.000Z,0
CVE-2020-7549,https://securityvulnerability.io/vulnerability/CVE-2020-7549,Improper Check Vulnerability in Modicon Controllers by Schneider Electric,"A vulnerability exists in the Web Server of Schneider Electric's Modicon M340, Quantum, and Premium controllers, including associated Communication Modules. This issue arises due to an improper check for unusual conditions, potentially allowing an attacker to send a series of specially crafted requests to the controller over HTTP. As a result, this may lead to a denial of HTTP and FTP services, disrupting normal operations and potentially impacting industrial processes.",Schneider Electric,"Web Server On Modicon M340, Legacy Offers Modicon Quantum And Modicon Premium And Associated Communication Modules (see Security Notification For Affected Versions)",5.3,MEDIUM,0.0009200000204145908,false,,false,false,false,,,false,false,,2020-12-11T00:52:26.000Z,0
CVE-2020-7543,https://securityvulnerability.io/vulnerability/CVE-2020-7543,Denial of Service Vulnerability in Modicon Controllers by Schneider Electric,"A vulnerability exists within Modicon controllers produced by Schneider Electric that can lead to a denial of service condition. This occurs when a specially crafted Read Physical Memory request is sent over the Modbus protocol to the affected controllers. Such exploitation may disrupt the regular operations of the devices, posing a risk to the stability and security of the control system. It is critical for users of Modicon M580, M340, Quantum, and Premium controllers to update their systems and apply necessary mitigations as per the latest security advisories.",Schneider Electric,"Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see Security Notifications For Affected Versions)",7.5,HIGH,0.0010300000431016088,false,,false,false,false,,,false,false,,2020-12-11T00:52:21.000Z,0
CVE-2020-7542,https://securityvulnerability.io/vulnerability/CVE-2020-7542,Improper Condition Check Vulnerability in Modicon Controllers by Schneider Electric,"A vulnerability exists in Schneider Electric's Modicon controllers, including models M580, M340, Quantum, and Premium, due to inadequate checks for exceptional conditions. When an attacker sends a specially crafted Read Physical Memory request over the Modbus protocol, it may lead to a denial of service, disrupting operations and potentially impacting the availability of the affected controllers.",Schneider Electric,"Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see Security Notifications For Affected Versions)",7.5,HIGH,0.0010300000431016088,false,,false,false,false,,,false,false,,2020-12-11T00:52:14.000Z,0
CVE-2020-7541,https://securityvulnerability.io/vulnerability/CVE-2020-7541,Direct Request Vulnerability in Modicon Web Server by Schneider Electric,"A vulnerability in the Web Server of Schneider Electric's Modicon M340, Modicon Quantum, and Modicon Premium products allows unauthorized disclosure of sensitive data. This occurs when a malicious actor sends specially crafted requests to the controller over HTTP. The flaw stems from improper handling of direct requests, potentially exposing critical information if exploited.",Schneider Electric,"Web Server On Modicon M340, Legacy Offers Modicon Quantum And Modicon Premium And Associated Communication Modules (see Security Notification For Affected Versions)",5.3,MEDIUM,0.0008399999933317304,false,,false,false,false,,,false,false,,2020-12-11T00:52:09.000Z,0
CVE-2020-7540,https://securityvulnerability.io/vulnerability/CVE-2020-7540,Authentication Bypass in Modicon Controllers from Schneider Electric,"A Missing Authentication for Critical Function vulnerability exists in the web server of Schneider Electric’s Modicon controllers, including M340, Quantum, and Premium, as well as their associated communication modules. This flaw allows an unauthorized entity to execute commands on the controller simply by sending specially crafted HTTP requests. Such unauthorized access can lead to serious security risks and operational disruptions, making it essential for users to implement recommended security updates.",Schneider Electric,"Web Server On Modicon M340, Legacy Offers Modicon Quantum And Modicon Premium And Associated Communication Modules (see Security Notification For Affected Versions)",9.8,CRITICAL,0.0037799999117851257,false,,false,false,false,,,false,false,,2020-12-11T00:52:03.000Z,0
CVE-2020-7539,https://securityvulnerability.io/vulnerability/CVE-2020-7539,Denial of Service Vulnerability in Schneider Electric Modicon Controllers,"A vulnerability exists in the Web Server component of Schneider Electric's Modicon M340, Modicon Quantum, and Modicon Premium controllers. This issue, classified as an improper check for unusual or exceptional conditions, could lead to a denial of service when the controllers are exposed to specially crafted HTTP packets. Such an attack may disrupt the functionality of the affected devices, impacting system reliability and performance.",Schneider Electric,"Web Server On Modicon M340, Legacy Offers Modicon Quantum And Modicon Premium And Associated Communication Modules (see Security Notification For Affected Versions)",7.5,HIGH,0.0010300000431016088,false,,false,false,false,,,false,false,,2020-12-11T00:51:57.000Z,0
CVE-2020-7537,https://securityvulnerability.io/vulnerability/CVE-2020-7537,Improper Check for Unusual Conditions in Modicon Controllers by Schneider Electric,"A vulnerability exists in certain Modicon Controllers from Schneider Electric, particularly affecting the Modicon M580, M340, Quantum, and Premium series. This issue is classified as improper checking for unusual or exceptional conditions. It allows an attacker to potentially cause a denial of service by sending a specially crafted Read Physical Memory request via Modbus to the controller. This vulnerability raises concerns about the stability and reliability of industrial control systems, necessitating prompt attention to security alerts and patches provided by Schneider Electric.",Schneider Electric,"Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see Security Notifications For Affected Versions)",7.5,HIGH,0.0010300000431016088,false,,false,false,false,,,false,false,,2020-12-11T00:51:52.000Z,0
CVE-2020-7535,https://securityvulnerability.io/vulnerability/CVE-2020-7535,Path Traversal Flaw in Modicon Products by Schneider Electric,"A path traversal vulnerability exists in the Web Server of Schneider Electric's Modicon M340, Modicon Quantum, and Modicon Premium series, as well as in their associated communication modules. This security flaw could allow an attacker to craft specific HTTP requests that exploit improper limitations on file paths, potentially leading to the unauthorized disclosure of sensitive information.",Schneider Electric,"Web Server On Modicon M340, Legacy Offers Modicon Quantum And Modicon Premium And Associated Communication Modules (see Security Notification For Affected Versions)",7.5,HIGH,0.0033599999733269215,false,,false,false,false,,,false,false,,2020-12-11T00:51:37.000Z,0
CVE-2020-7533,https://securityvulnerability.io/vulnerability/CVE-2020-7533,Credentials Management Vulnerability in Modicon Web Servers by Schneider Electric,"A credentials management vulnerability exists in the web server component of Schneider Electric's Modicon M340, Modicon Quantum, and Modicon Premium products. This weakness allows attackers to execute commands on the web server without the need for authentication by sending specially crafted HTTP requests. This represents a significant risk, as it can lead to unauthorized access and manipulation of the device configurations.",Schneider Electric,"Web Server On Modicon M340, Modicon Quantum And Modicon Premium Legacy Offers And Their Communication Modules (see Security Notification For Version Information)",9.8,CRITICAL,0.0027199999894946814,false,,false,false,false,,,false,false,,2020-12-01T14:47:02.000Z,0
CVE-2020-7562,https://securityvulnerability.io/vulnerability/CVE-2020-7562,Out-of-Bounds Read Vulnerability in Modicon Controllers by Schneider Electric,"An Out-of-Bounds Read vulnerability is present in the Web Server of specific Modicon controllers by Schneider Electric. This issue affects the Modicon M340, Modicon Quantum, and Modicon Premium along with their respective Communication Modules. When a specially crafted file is uploaded to the controller via FTP, it may lead to a segmentation fault or even a buffer overflow, potentially compromising the system integrity.",Schneider Electric,"Web Server On Modicon M340, Modicon Quantum And Modicon Premium Legacy Offers And Their Communication Modules (see Notification For Details)",8.1,HIGH,0.0009599999757483602,false,,false,false,false,,,false,false,,2020-11-18T13:54:32.000Z,0
CVE-2020-7564,https://securityvulnerability.io/vulnerability/CVE-2020-7564,Buffer Overflow Vulnerability in Schneider Electric Modicon Controllers,"A buffer overflow vulnerability exists within the Web Server of Schneider Electric's Modicon M340, Modicon Quantum, and Modicon Premium Legacy products. This issue arises when a specially crafted file is uploaded via FTP to the controllers, allowing unauthorized write access and execution of commands. Proper validation of input sizes is essential to mitigate risks associated with this vulnerability. For more details, refer to the official notification.",Schneider Electric,"Web Server On Modicon M340, Modicon Quantum And Modicon Premium Legacy Offers And Their Communication Modules (see Notification For Details)",8.8,HIGH,0.0009599999757483602,false,,false,false,false,,,false,false,,2020-11-18T13:51:16.000Z,0
CVE-2020-7563,https://securityvulnerability.io/vulnerability/CVE-2020-7563,Out-of-bounds Write Vulnerability in Modicon Web Server by Schneider Electric,"An out-of-bounds write vulnerability exists in the web server component of Schneider Electric's Modicon M340, Modicon Quantum, and Modicon Premium devices. This issue arises when a specially crafted file is uploaded to the controller over FTP, potentially leading to data corruption, system crashes, or unauthorized code execution. This vulnerability affects legacy offers and their associated communication modules, necessitating immediate attention to mitigate risks.",Schneider Electric,"Web Server On Modicon M340, Modicon Quantum And Modicon Premium Legacy Offers And Their Communication Modules (see Notification For Details)",8.8,HIGH,0.0010400000028312206,false,,false,false,false,,,false,false,,2020-11-18T13:50:57.000Z,0
CVE-2020-7477,https://securityvulnerability.io/vulnerability/CVE-2020-7477,Denial of Service Vulnerability in Schneider Electric Quantum Ethernet Network Module,"A vulnerability exists in Schneider Electric’s Quantum Ethernet Network module and integrated processors, which may lead to a Denial of Service. By sending specially crafted commands over Modbus, an attacker could exploit this weakness, causing disruptions in the operation of affected devices. This flaw affects various versions of the Quantum Ethernet Network module as well as multiple processor series, highlighting the need for urgent security assessments and patches.",Schneider Electric,"Modicon Quantum Ethernet Network Module And Quantum / Premium Copro (quantum Ethernet Network Module 140noe771x1, Versions 7.0 And Prior, Quantum Processors With Integrated Ethernet – 140cpu65xxxxx, All Versions, Premium Processors With Integrated Ethernet, All Versions)",7.5,HIGH,0.0010300000431016088,false,,false,false,false,,,false,false,,2020-03-23T19:14:31.000Z,0