Vulnerabilities (CVE)

Filtered by vendor Schneider-electric Subscribe
Total 732 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-29412 2 Microsoft, Schneider-electric 7 Windows 10, Windows 11, Windows Server 2016 and 4 more 2024-06-12 N/A 9.8 CRITICAL
CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause remote code execution when manipulating internal methods through Java RMI interface.
CVE-2022-26507 2 Att, Schneider-electric 9 Xmill, Ecostruxure Control Expert, Ecostruxure Process Expert and 6 more 2024-05-17 7.5 HIGH 9.8 CRITICAL
A heap-based buffer overflow exists in XML Decompression DecodeTreeBlock in AT&T Labs Xmill 0.7. A crafted input file can lead to remote code execution. This is not the same as any of: CVE-2021-21810, CVE-2021-21811, CVE-2021-21812, CVE-2021-21815, CVE-2021-21825, CVE-2021-21826, CVE-2021-21828, CVE-2021-21829, or CVE-2021-21830. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
CVE-2021-22768 1 Schneider-electric 4 Powerlogic Egx100, Powerlogic Egx100 Firmware, Powerlogic Egx300 and 1 more 2024-05-17 7.5 HIGH 9.8 CRITICAL
A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service or remote code execution via a specially crafted HTTP packet.This CVE ID is unique from CVE-2021-22767
CVE-2021-22767 1 Schneider-electric 4 Powerlogic Egx100, Powerlogic Egx100 Firmware, Powerlogic Egx300 and 1 more 2024-05-17 7.5 HIGH 9.8 CRITICAL
A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service or remote code execution via a specially crafted HTTP packet.This CVE ID is unique from CVE-2021-2276
CVE-2021-22766 1 Schneider-electric 4 Powerlogic Egx100, Powerlogic Egx100 Firmware, Powerlogic Egx300 and 1 more 2024-05-17 5.0 MEDIUM 7.5 HIGH
A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service via a specially crafted HTTP packet
CVE-2021-22765 1 Schneider-electric 4 Powerlogic Egx100, Powerlogic Egx100 Firmware, Powerlogic Egx300 and 1 more 2024-05-17 7.5 HIGH 9.8 CRITICAL
A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service or remote code execution via a specially crafted HTTP packet
CVE-2013-2763 1 Schneider-electric 24 Modicon M340 Bmx Noc 0401, Modicon M340 Bmx Noc 0401 Firmware, Modicon M340 Bmx Noe 0100 and 21 more 2024-05-17 5.0 MEDIUM N/A
The Schneider Electric M340 PLC modules allow remote attackers to cause a denial of service (resource consumption) via unspecified vectors. NOTE: the vendor reportedly disputes this issue because it "could not be duplicated" and "an attacker could not remotely exploit this observed behavior to deny PLC control functions.
CVE-2020-7534 1 Schneider-electric 20 140cpu65, 140cpu65 Firmware, 140noc78000 and 17 more 2024-04-10 6.8 MEDIUM 8.8 HIGH
A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists on the web server used, that could cause a leak of sensitive data or unauthorized actions on the web server during the time the user is logged in. Affected Products: Modicon M340 CPUs: BMXP34 (All Versions), Modicon Quantum CPUs with integrated Ethernet (Copro): 140CPU65 (All Versions), Modicon Premium CPUs with integrated Ethernet (Copro): TSXP57 (All Versions), Modicon M340 ethernet modules: (BMXNOC0401, BMXNOE01, BMXNOR0200H) (All Versions), Modicon Quantum and Premium factory cast communication modules: (140NOE77111, 140NOC78*00, TSXETY5103, TSXETY4103) (All Versions)
CVE-2018-7760 1 Schneider-electric 114 140cpu31110, 140cpu31110 Firmware, 140cpu31110c and 111 more 2024-04-10 7.5 HIGH 9.8 CRITICAL
An authorization bypass vulnerability exists in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200. Requests to CGI functions allow malicious users to bypass authorization.
CVE-2020-7537 1 Schneider-electric 38 Modicon M340 Bmxp341000, Modicon M340 Bmxp341000 Firmware, Modicon M340 Bmxp342000 and 35 more 2024-04-10 5.0 MEDIUM 7.5 HIGH
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see security notifications for affected versions), that could cause denial of service when a specially crafted Read Physical Memory request over Modbus is sent to the controller.
CVE-2020-7533 1 Schneider-electric 32 140cpu65260, 140cpu65260 Firmware, 140noc77101 and 29 more 2024-04-10 7.5 HIGH 9.8 CRITICAL
A CWE-255: Credentials Management vulnerability exists in Web Server on Modicon M340, Modicon Quantum and ModiconPremium Legacy offers and their Communication Modules (see security notification for version information) which could cause the execution of commands on the webserver without authentication when sending specially crafted HTTP requests.
CVE-2019-6819 1 Schneider-electric 38 Bmeh582040, Bmeh582040c, Bmeh584040 and 35 more 2024-04-10 5.0 MEDIUM 7.5 HIGH
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists which could cause a possible Denial of Service when specific Modbus frames are sent to the controller in the products: Modicon M340 - firmware versions prior to V3.01, Modicon M580 - firmware versions prior to V2.80, All firmware versions of Modicon Quantum and Modicon Premium.
CVE-2020-7540 1 Schneider-electric 46 140cpu65150, 140cpu65150 Firmware, 140cpu65160 and 43 more 2024-04-10 7.5 HIGH 9.8 CRITICAL
A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause unauthenticated command execution in the controller when sending special HTTP requests.
CVE-2020-7535 1 Schneider-electric 42 140cpu65150, 140cpu65150 Firmware, 140cpu65160 and 39 more 2024-04-10 5.0 MEDIUM 7.5 HIGH
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal' Vulnerability Type) vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause disclosure of information when sending a specially crafted request to the controller over HTTP.
CVE-2021-22785 1 Schneider-electric 28 140cpu65150, 140cpu65150 Firmware, 140noc77101 and 25 more 2024-04-10 5.0 MEDIUM 7.5 HIGH
A CWE-200: Information Exposure vulnerability exists that could cause sensitive information of files located in the web root directory to leak when an attacker sends a HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (All Versions), Modicon Premium Processors with integrated Ethernet (Copro): TSXP574634, TSXP575634, TSXP576634 (All Versions), Modicon Quantum Processors with Integrated Ethernet (Copro): 140CPU65xxxxx (All Versions), Modicon Quantum Communication Modules: 140NOE771x1, 140NOC78x00, 140NOC77101 (All Versions), Modicon Premium Communication Modules: TSXETY4103, TSXETY5103 (All Versions)
CVE-2017-6017 1 Schneider-electric 30 Bmxnoc0401, Bmxnoc0401 Firmware, Bmxnoe0100 and 27 more 2024-04-10 7.8 HIGH 7.5 HIGH
A Resource Exhaustion issue was discovered in Schneider Electric Modicon M340 PLC BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP341000, BMXP342000, BMXP3420102, BMXP3420102CL, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, and BMXP342030H. A remote attacker could send a specially crafted set of packets to the PLC causing it to freeze, requiring the operator to physically press the reset button on the PLC in order to recover.
CVE-2020-7542 1 Schneider-electric 40 140cpu65150, 140cpu65150 Firmware, Modicon M340 Bmxp341000 and 37 more 2024-04-10 5.0 MEDIUM 7.5 HIGH
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see security notifications for affected versions), that could cause denial of service when a specially crafted Read Physical Memory request over Modbus is sent to the controller.
CVE-2015-6461 1 Schneider-electric 22 Bmxnoc0401, Bmxnoc0401 Firmware, Bmxnoe0100 and 19 more 2024-04-10 5.5 MEDIUM 5.4 MEDIUM
Remote file inclusion allows an attacker to craft a specific URL referencing the Schneider Electric Modicon BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, or BMXP342030H PLC web server, which, when launched, will result in the browser redirecting to a remote file via a Java script loaded with the web page.
CVE-2018-7762 1 Schneider-electric 114 140cpu31110, 140cpu31110 Firmware, 140cpu31110c and 111 more 2024-04-10 5.0 MEDIUM 7.5 HIGH
A vulnerability exists in the web services to process SOAP requests in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200 which could allow result in a buffer overflow.
CVE-2018-7241 1 Schneider-electric 114 140cpu31110, 140cpu31110 Firmware, 140cpu31110c and 111 more 2024-04-10 10.0 HIGH 9.8 CRITICAL
Hard coded accounts exist in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules.