Vulnerabilities > Schneider Electric
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-09-17 | CVE-2019-6830 | Improper Handling of Exceptional Conditions vulnerability in Schneider-Electric Modicon M580 Firmware A CWE-248: Uncaught Exception vulnerability exists IN Modicon M580 all versions prior to V2.80, which could cause a possible denial of service when sending an appropriately timed HTTP request to the controller. | 5.9 |
| 2019-09-17 | CVE-2019-6829 | Improper Handling of Exceptional Conditions vulnerability in Schneider-Electric Modicon M340 Firmware and Modicon M580 Firmware A CWE-248: Uncaught Exception vulnerability exists in Modicon M580 (firmware version prior to V2.90) and Modicon M340 (firmware version prior to V3.10), which could cause a possible denial of service when writing to specific memory addresses in the controller over Modbus. | 7.5 |
| 2019-09-17 | CVE-2019-6828 | Improper Handling of Exceptional Conditions vulnerability in Schneider-Electric products A CWE-248: Uncaught Exception vulnerability exists Modicon M580 (firmware version prior to V2.90), Modicon M340 (firmware version prior to V3.10), Modicon Premium (all versions), and Modicon Quantum (all versions), which could cause a possible denial of service when reading specific coils and registers in the controller over Modbus. | 7.5 |
| 2019-09-17 | CVE-2019-6826 | Untrusted Search Path vulnerability in Schneider-Electric Somachine Hvac 2.1.0/2.4.1 A CWE-426: Untrusted Search Path vulnerability exists in SoMachine HVAC v2.4.1 and earlier versions, which could cause arbitrary code execution on the system running SoMachine HVAC when a malicious DLL library is loaded by the product. | 7.8 |
| 2019-09-17 | CVE-2019-6813 | Improper Check for Unusual or Exceptional Conditions vulnerability in Schneider-Electric Bmxnor0200H Firmware and Modicon M340 Firmware A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in BMXNOR0200H Ethernet / Serial RTU module (all firmware versions) and Modicon M340 controller (all firmware versions), which could cause denial of service when truncated SNMP packets on port 161/UDP are received by the device. | 7.5 |
| 2019-09-17 | CVE-2019-6811 | Improper Check for Unusual or Exceptional Conditions vulnerability in Schneider-Electric products An Improper Check for Unusual or Exceptional Conditions (CWE-754) vulnerability exists in Modicon Quantum 140 NOE771x1 version 6.9 and earlier, which could cause denial of service when the module receives an IP fragmented packet with a length greater than 65535 bytes. | 7.5 |
| 2019-09-17 | CVE-2019-6810 | Unspecified vulnerability in Schneider-Electric Bmxnor0200H Firmware CWE-284: Improper Access Control vulnerability exists in BMXNOR0200H Ethernet / Serial RTU module (all firmware versions), which could cause the execution of commands by unauthorized users when using IEC 60870-5-104 protocol. | 8.8 |
| 2019-09-17 | CVE-2019-6809 | Improper Handling of Exceptional Conditions vulnerability in Schneider-Electric products A CWE-248: Uncaught Exception vulnerability exists in Modicon M580 (firmware versions prior to V2.90), Modicon M340 (firmware versions prior to V3.10), Modicon Premium (all versions), Modicon Quantum (all versions), which could cause a possible denial of service when reading invalid data from the controller. | 7.5 |
| 2019-09-17 | CVE-2018-7820 | Insufficiently Protected Credentials vulnerability in Schneider-Electric products A Credentials Management CWE-255 vulnerability exists in the APC UPS Network Management Card 2 AOS v6.5.6, which could cause Remote Monitoring Credentials to be viewed in plaintext when Remote Monitoring is enabled, and then disabled. | 9.8 |
| 2019-07-15 | CVE-2019-6827 | Out-of-bounds Write vulnerability in Schneider-Electric Interactive Graphical Scada System A CWE-787: Out-of-bounds Write vulnerability exists in Interactive Graphical SCADA System (IGSS), Version 14 and prior, which could cause a software crash when data in the mdb database is manipulated. | 7.8 |