Vulnerabilities > Schneider Electric > Modicon M580 Firmware > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-29 | CVE-2019-6845 | Cleartext Transmission of Sensitive Information vulnerability in Schneider-Electric products A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists in Modicon M580, Modicon M340, Modicon Premium , Modicon Quantum (all firmware versions), which could cause the disclosure of information when transferring applications to the controller using Modbus TCP protocol. | 5.0 |
| 2019-10-29 | CVE-2019-6844 | Improper Handling of Exceptional Conditions vulnerability in Schneider-Electric products A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause a Denial of Service atack on the PLC when upgrading the controller with a firmware package containing an invalid web server image using FTP protocol. | 4.0 |
| 2019-10-29 | CVE-2019-6843 | Improper Handling of Exceptional Conditions vulnerability in Schneider-Electric products A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580 with firmware (version prior to V3.10), Modicon M340 (all firmware versions), and Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause a Denial of Service attack on the PLC when upgrading the controller with an empty firmware package using FTP protocol. | 4.0 |
| 2019-10-29 | CVE-2019-6842 | Improper Handling of Exceptional Conditions vulnerability in Schneider-Electric products A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause a Denial of Service attack on the PLC when upgrading the firmware with a missing web server image inside the package using FTP protocol. | 4.0 |
| 2019-10-29 | CVE-2019-6841 | Improper Handling of Exceptional Conditions vulnerability in Schneider-Electric products A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580 with firmware (version prior to V3.10), Modicon M340 (all firmware versions), and Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause a Denial of Service attack on the PLC when upgrading the firmware with no firmware image inside the package using FTP protocol. | 4.0 |
| 2019-09-17 | CVE-2019-6830 | Improper Handling of Exceptional Conditions vulnerability in Schneider-Electric Modicon M580 Firmware A CWE-248: Uncaught Exception vulnerability exists IN Modicon M580 all versions prior to V2.80, which could cause a possible denial of service when sending an appropriately timed HTTP request to the controller. | 5.9 |
| 2019-05-22 | CVE-2019-6807 | Improper Handling of Exceptional Conditions vulnerability in Schneider-Electric products A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a possible denial of service when writing sensitive application variables to the controller over Modbus. | 5.0 |
| 2019-05-22 | CVE-2019-6806 | Unspecified vulnerability in Schneider-Electric products A CWE-200: Information Exposure vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause the disclosure of SNMP information when reading variables in the controller using Modbus. | 5.0 |
| 2019-05-22 | CVE-2018-7857 | Improper Check for Unusual or Exceptional Conditions vulnerability in Schneider-Electric products A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a possible Denial of Service when writing out of bounds variables to the controller over Modbus. | 5.0 |
| 2019-05-22 | CVE-2018-7856 | Improper Check for Unusual or Exceptional Conditions vulnerability in Schneider-Electric products A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a possible denial of Service when writing invalid memory blocks to the controller over Modbus. | 5.0 |