Vulnerabilities > Schneider Electric > Modicon Premium Firmware > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-05-22 CVE-2018-7851 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Schneider-Electric products
CWE-119: Buffer errors vulnerability exists in Modicon M580 with firmware prior to V2.50, Modicon M340 with firmware prior to V3.01, BMxCRA312xx with firmware prior to V2.40, All firmware versions of Modicon Premium and 140CRA312xxx when sending a specially crafted Modbus packet, which could cause a denial of service to the device that would force a restart to restore availability.
network
low complexity
schneider-electric CWE-119
6.5
2019-05-22 CVE-2018-7850 Unspecified vulnerability in Schneider-Electric products
A CWE-807: Reliance on Untrusted Inputs in a Security Decision vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause invalid information displayed in Unity Pro software.
network
low complexity
schneider-electric
5.0
2019-05-22 CVE-2018-7849 Improper Handling of Exceptional Conditions vulnerability in Schneider-Electric products
A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum and Modicon Premium which could cause a possible Denial of Service due to improper data integrity check when sending files the controller over Modbus.
network
low complexity
schneider-electric CWE-755
5.0
2019-05-22 CVE-2018-7848 Information Exposure vulnerability in Schneider-Electric products
A CWE-200: Information Exposure vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause the disclosure of SNMP information when reading files from the controller over Modbus
network
low complexity
schneider-electric CWE-200
5.0
2019-05-22 CVE-2018-7846 Exposure of Resource to Wrong Sphere vulnerability in Schneider-Electric products
A CWE-501: Trust Boundary Violation vulnerability on connection to the Controller exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum and Modicon Premium which could cause unauthorized access by conducting a brute force attack on Modbus protocol to the controller.
network
low complexity
schneider-electric CWE-668
5.0
2019-05-22 CVE-2018-7845 Out-of-bounds Read vulnerability in Schneider-Electric products
A CWE-125: Out-of-bounds Read vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause the disclosure of unexpected data from the controller when reading specific memory blocks in the controller over Modbus.
network
low complexity
schneider-electric CWE-125
5.0
2019-05-22 CVE-2018-7843 Out-of-bounds Read vulnerability in Schneider-Electric products
A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service when reading memory blocks with an invalid data size or with an invalid data offset in the controller over Modbus.
network
low complexity
schneider-electric CWE-125
5.0