Vulnerabilities > Schneider Electric > Modicom M340 Firmware > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-17 | CVE-2018-7833 | Improper Check for Unusual or Exceptional Conditions vulnerability in Schneider-Electric products An Improper Check for Unusual or Exceptional Conditions vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where an unauthenticated user can send a specially crafted XML data via a POST request to cause the web server to become unavailable | 7.5 |
| 2018-12-17 | CVE-2018-7812 | Information Exposure vulnerability in Schneider-Electric products An Information Exposure through Discrepancy vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where the web server sends different responses in a way that exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not. | 7.5 |
| 2018-11-30 | CVE-2018-7831 | Cross-site Scripting vulnerability in Schneider-Electric products An Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 allowing an attacker to send a specially crafted URL to a currently authenticated web server user to execute a password change on the web server. | 8.8 |
| 2018-11-30 | CVE-2018-7830 | HTTP Response Splitting vulnerability in Schneider-Electric products Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where a denial of service can occur for ~1 minute by sending a specially crafted HTTP request. | 7.5 |