Vulnerabilities > Schneider Electric > 140Cpu65260C Firmware

DATE CVE VULNERABILITY TITLE RISK
2018-04-18 CVE-2018-7762 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Schneider-Electric products
A vulnerability exists in the web services to process SOAP requests in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200 which could allow result in a buffer overflow.
network
low complexity
schneider-electric CWE-119
7.5
7.5
2018-04-18 CVE-2018-7761 Improper Input Validation vulnerability in Schneider-Electric products
A vulnerability exists in the HTTP request parser in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200 which could allow arbitrary code execution.
network
low complexity
schneider-electric CWE-20
critical
 9.8
9.8
2018-04-18 CVE-2018-7760 Improper Authentication vulnerability in Schneider-Electric products
An authorization bypass vulnerability exists in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200.
network
low complexity
schneider-electric CWE-287
critical
 9.8
9.8
2018-04-18 CVE-2018-7759 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Schneider-Electric products
A buffer overflow vulnerability exists in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200.
network
low complexity
schneider-electric CWE-119
7.5
7.5
2018-04-18 CVE-2018-7242 Inadequate Encryption Strength vulnerability in Schneider-Electric products
Vulnerable hash algorithms exists in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules.
network
low complexity
schneider-electric CWE-326
critical
 9.8
9.8
2018-04-18 CVE-2018-7241 Use of Hard-coded Credentials vulnerability in Schneider-Electric products
Hard coded accounts exist in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules.
network
low complexity
schneider-electric CWE-798
critical
 9.8
9.8
2018-04-18 CVE-2018-7240 Out-of-bounds Write vulnerability in Schneider-Electric products
A vulnerability exists in Schneider Electric's Modicon Quantum in all versions of the communication modules which could allow arbitrary code execution.
network
low complexity
schneider-electric CWE-787
6.5
6.5