Vulnerabilities > Schneider Electric > Modicon Quantum Firmware
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-05-22 | CVE-2018-7844 | Information Exposure vulnerability in Schneider-Electric products A CWE-200: Information Exposure vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause the disclosure of SNMP information when reading memory blocks from the controller over Modbus. | 7.5 |
| 2019-05-22 | CVE-2019-6821 | Use of Insufficiently Random Values vulnerability in Schneider-Electric products CWE-330: Use of Insufficiently Random Values vulnerability, which could cause the hijacking of the TCP connection when using Ethernet communication in Modicon M580 firmware versions prior to V2.30, and all firmware versions of Modicon M340, Modicon Premium, Modicon Quantum. | 6.5 |
| 2019-05-22 | CVE-2019-6819 | Improper Check for Unusual or Exceptional Conditions vulnerability in Schneider-Electric products A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists which could cause a possible Denial of Service when specific Modbus frames are sent to the controller in the products: Modicon M340 - firmware versions prior to V3.01, Modicon M580 - firmware versions prior to V2.80, All firmware versions of Modicon Quantum and Modicon Premium. | 7.5 |
| 2019-05-22 | CVE-2019-6816 | Code Injection vulnerability in Schneider-Electric Modicon Quantum Firmware In Modicon Quantum all firmware versions, a CWE-94: Code Injection vulnerability could cause an unauthorized firmware modification with possible Denial of Service when using Modbus protocol. | 9.1 |
| 2019-05-22 | CVE-2019-6815 | Unspecified vulnerability in Schneider-Electric Modicon Quantum Firmware In Modicon Quantum all firmware versions, CWE-264: Permissions, Privileges, and Access Control vulnerabilities could cause a denial of service or unauthorized modifications of the PLC configuration when using Ethernet/IP protocol. | 9.1 |
| 2019-05-22 | CVE-2018-7852 | Improper Handling of Exceptional Conditions vulnerability in Schneider-Electric products A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service when an invalid private command parameter is sent to the controller over Modbus. | 7.5 |
| 2019-05-22 | CVE-2018-7850 | Unspecified vulnerability in Schneider-Electric products A CWE-807: Reliance on Untrusted Inputs in a Security Decision vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause invalid information displayed in Unity Pro software. | 5.3 |
| 2019-05-22 | CVE-2018-7849 | Improper Handling of Exceptional Conditions vulnerability in Schneider-Electric products A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum and Modicon Premium which could cause a possible Denial of Service due to improper data integrity check when sending files the controller over Modbus. | 7.5 |
| 2019-05-22 | CVE-2018-7848 | Information Exposure vulnerability in Schneider-Electric products A CWE-200: Information Exposure vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause the disclosure of SNMP information when reading files from the controller over Modbus | 7.5 |
| 2019-05-22 | CVE-2018-7847 | Improper Authentication vulnerability in Schneider-Electric products A CWE-284: Improper Access Control vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service or potential code execution by overwriting configuration settings of the controller over Modbus. | 9.8 |