Vulnerabilities (CVE)

Filtered by vendor Schneider-electric Subscribe
Filtered by product Modicon M580
Total 40 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-25620 1 Schneider-electric 16 140cpu65, 140cpu65 Firmware, Bmeh58s and 13 more 2024-02-28 N/A 6.5 MEDIUM
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause denial of service of the controller when a malicious project file is loaded onto the controller by an authenticated user.
CVE-2023-25619 1 Schneider-electric 14 Bmeh58s, Bmeh58s Firmware, Bmep58s and 11 more 2024-02-28 N/A 7.5 HIGH
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause denial of service of the controller when communicating over the Modbus TCP protocol.
CVE-2020-7475 1 Schneider-electric 6 Ecostruxure Control Expert, Modicon M340, Modicon M340 Firmware and 3 more 2024-02-28 7.5 HIGH 9.8 CRITICAL
A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'), reflective DLL, vulnerability exists in EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions), Modicon M340 (all versions prior to V3.20), Modicon M580 (all versions prior to V3.10), which, if exploited, could allow attackers to transfer malicious code to the controller.
CVE-2019-6842 1 Schneider-electric 8 Modicon 140cra, Modicon 140cra Firmware, Modicon Bmxcra and 5 more 2024-02-28 4.0 MEDIUM 4.9 MEDIUM
A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause a Denial of Service attack on the PLC when upgrading the firmware with a missing web server image inside the package using FTP protocol.
CVE-2019-6848 1 Schneider-electric 6 Modicon Bmenoc 0311, Modicon Bmenoc 0311 Firmware, Modicon Bmenoc 0321 and 3 more 2024-02-28 5.0 MEDIUM 8.6 HIGH
A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580 CPU (BMEx58*) and Modicon M580 communication module (BMENOC0311, BMENOC0321) (see notification for version info), which could cause a Denial of Service attack on the PLC when sending specific data on the REST API of the controller/communication module.
CVE-2019-6851 1 Schneider-electric 46 Modicon M340, Modicon M340 Firmware, Modicon M580 and 43 more 2024-02-28 5.0 MEDIUM 7.5 HIGH
A CWE-538: File and Directory Information Exposure vulnerability exists in Modicon M580, Modicon M340, Modicon Premium , Modicon Quantum (all firmware versions), which could cause the disclosure of information from the controller when using TFTP protocol.
CVE-2019-6856 1 Schneider-electric 58 140cpu65150, 140cpu65150 Firmware, 140cpu65160 and 55 more 2024-02-28 5.0 MEDIUM 7.5 HIGH
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service when writing specific physical memory blocks using Modbus TCP.
CVE-2019-6857 1 Schneider-electric 58 140cpu65150, 140cpu65150 Firmware, 140cpu65160 and 55 more 2024-02-28 5.0 MEDIUM 7.5 HIGH
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service of the controller when reading specific memory blocks using Modbus TCP.
CVE-2019-6849 1 Schneider-electric 6 Modicon Bmenoc 0311, Modicon Bmenoc 0311 Firmware, Modicon Bmenoc 0321 and 3 more 2024-02-28 5.0 MEDIUM 7.5 HIGH
A CWE-200: Information Exposure vulnerability exists in Modicon M580, Modicon BMENOC 0311, and Modicon BMENOC 0321, which could cause the disclosure of sensitive information when using specific Modbus services provided by the REST API of the controller/communication module.
CVE-2019-6847 1 Schneider-electric 8 Modicon 140cra, Modicon 140cra Firmware, Modicon Bmxcra and 5 more 2024-02-28 4.0 MEDIUM 4.9 MEDIUM
A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause a Denial of Service attack on the FTP service when upgrading the firmware with a version incompatible with the application in the controller using FTP protocol.
CVE-2019-6850 1 Schneider-electric 6 Modicon Bmenoc 0311, Modicon Bmenoc 0311 Firmware, Modicon Bmenoc 0321 and 3 more 2024-02-28 5.0 MEDIUM 7.5 HIGH
A CWE-200: Information Exposure vulnerability exists in Modicon M580, Modicon BMENOC 0311, and Modicon BMENOC 0321, which could cause the disclosure of sensitive information when reading specific registers with the REST API of the controller/communication module.
CVE-2019-6846 1 Schneider-electric 8 Modicon 140cra, Modicon 140cra Firmware, Modicon Bmxcra and 5 more 2024-02-28 4.3 MEDIUM 6.5 MEDIUM
A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause information disclosure when using the FTP protocol.
CVE-2019-6845 1 Schneider-electric 46 Modicon M340, Modicon M340 Firmware, Modicon M580 and 43 more 2024-02-28 5.0 MEDIUM 7.5 HIGH
A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists in Modicon M580, Modicon M340, Modicon Premium , Modicon Quantum (all firmware versions), which could cause the disclosure of information when transferring applications to the controller using Modbus TCP protocol.
CVE-2019-6844 1 Schneider-electric 8 Modicon 140cra, Modicon 140cra Firmware, Modicon Bmxcra and 5 more 2024-02-28 4.0 MEDIUM 4.9 MEDIUM
A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause a Denial of Service atack on the PLC when upgrading the controller with a firmware package containing an invalid web server image using FTP protocol.
CVE-2019-6841 1 Schneider-electric 8 Modicon 140cra, Modicon 140cra Firmware, Modicon Bmxcra and 5 more 2024-02-28 4.0 MEDIUM 4.9 MEDIUM
A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580 with firmware (version prior to V3.10), Modicon M340 (all firmware versions), and Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause a Denial of Service attack on the PLC when upgrading the firmware with no firmware image inside the package using FTP protocol.
CVE-2018-7794 1 Schneider-electric 58 140cpu65150, 140cpu65150 Firmware, 140cpu65160 and 55 more 2024-02-28 5.0 MEDIUM 7.5 HIGH
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service when reading data with invalid index using Modbus TCP.
CVE-2019-6843 1 Schneider-electric 8 Modicon 140cra, Modicon 140cra Firmware, Modicon Bmxcra and 5 more 2024-02-28 4.0 MEDIUM 4.9 MEDIUM
A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580 with firmware (version prior to V3.10), Modicon M340 (all firmware versions), and Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause a Denial of Service attack on the PLC when upgrading the controller with an empty firmware package using FTP protocol.
CVE-2019-6821 1 Schneider-electric 8 Modicon M340, Modicon M340 Firmware, Modicon M580 and 5 more 2024-02-28 6.4 MEDIUM 6.5 MEDIUM
CWE-330: Use of Insufficiently Random Values vulnerability, which could cause the hijacking of the TCP connection when using Ethernet communication in Modicon M580 firmware versions prior to V2.30, and all firmware versions of Modicon M340, Modicon Premium, Modicon Quantum.
CVE-2018-7848 1 Schneider-electric 8 Modicon M340, Modicon M340 Firmware, Modicon M580 and 5 more 2024-02-28 5.0 MEDIUM 7.5 HIGH
A CWE-200: Information Exposure vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause the disclosure of SNMP information when reading files from the controller over Modbus
CVE-2018-7845 1 Schneider-electric 8 Modicon M340, Modicon M340 Firmware, Modicon M580 and 5 more 2024-02-28 5.0 MEDIUM 7.5 HIGH
A CWE-125: Out-of-bounds Read vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause the disclosure of unexpected data from the controller when reading specific memory blocks in the controller over Modbus.