Vulnerabilities > Schneider Electric > 140Cpu65260 Firmware > Critical

DATE CVE VULNERABILITY TITLE RISK
2020-12-01 CVE-2020-7533 Unspecified vulnerability in Schneider-Electric products
A CWE-255: Credentials Management vulnerability exists in Web Server on Modicon M340, Modicon Quantum and ModiconPremium Legacy offers and their Communication Modules (see security notification for version information) which could cause the execution of commands on the webserver without authentication when sending specially crafted HTTP requests.
network
low complexity
schneider-electric
critical
 9.8
9.8
2018-04-18 CVE-2018-7241 Use of Hard-coded Credentials vulnerability in Schneider-Electric products
Hard coded accounts exist in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules.
network
low complexity
schneider-electric CWE-798
critical
 9.8
9.8
2018-04-18 CVE-2018-7242 Inadequate Encryption Strength vulnerability in Schneider-Electric products
Vulnerable hash algorithms exists in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules.
network
low complexity
schneider-electric CWE-326
critical
 9.8
9.8
2018-04-18 CVE-2018-7760 Improper Authentication vulnerability in Schneider-Electric products
An authorization bypass vulnerability exists in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200.
network
low complexity
schneider-electric CWE-287
critical
 9.8
9.8
2018-04-18 CVE-2018-7761 Improper Input Validation vulnerability in Schneider-Electric products
A vulnerability exists in the HTTP request parser in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200 which could allow arbitrary code execution.
network
low complexity
schneider-electric CWE-20
critical
 9.8
9.8