Vulnerabilities > Schneider Electric

DATE CVE VULNERABILITY TITLE RISK
2019-05-22 CVE-2018-7856 Improper Check for Unusual or Exceptional Conditions vulnerability in Schneider-Electric products
A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a possible denial of Service when writing invalid memory blocks to the controller over Modbus.
network
low complexity
schneider-electric CWE-754
7.5
2019-05-22 CVE-2018-7855 Improper Check for Unusual or Exceptional Conditions vulnerability in Schneider-Electric products
A CWE-248 Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a Denial of Service when sending invalid breakpoint parameters to the controller over Modbus
network
low complexity
schneider-electric CWE-754
7.5
2019-05-22 CVE-2018-7854 Improper Check for Unusual or Exceptional Conditions vulnerability in Schneider-Electric products
A CWE-248 Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a denial of Service when sending invalid debug parameters to the controller over Modbus.
network
low complexity
schneider-electric CWE-754
7.5
2019-05-22 CVE-2018-7853 Improper Check for Unusual or Exceptional Conditions vulnerability in Schneider-Electric products
A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service when reading invalid physical memory blocks in the controller over Modbus
network
low complexity
schneider-electric CWE-754
7.5
2019-05-22 CVE-2018-7844 Information Exposure vulnerability in Schneider-Electric products
A CWE-200: Information Exposure vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause the disclosure of SNMP information when reading memory blocks from the controller over Modbus.
network
low complexity
schneider-electric CWE-200
7.5
2019-05-22 CVE-2018-7803 Improper Check for Unusual or Exceptional Conditions vulnerability in Schneider-Electric Triconex Tristation Emulator 1.2.0
A CWE-754 Improper Check for Unusual or Exceptional Conditions vulnerability exists in Triconex TriStation Emulator V1.2.0, which could cause the emulator to crash when sending a specially crafted packet.
network
high complexity
schneider-electric CWE-754
5.9
2019-05-22 CVE-2019-6821 Use of Insufficiently Random Values vulnerability in Schneider-Electric products
CWE-330: Use of Insufficiently Random Values vulnerability, which could cause the hijacking of the TCP connection when using Ethernet communication in Modicon M580 firmware versions prior to V2.30, and all firmware versions of Modicon M340, Modicon Premium, Modicon Quantum.
network
low complexity
schneider-electric CWE-330
6.5
2019-05-22 CVE-2019-6820 Missing Authentication for Critical Function vulnerability in Schneider-Electric products
A CWE-306: Missing Authentication for Critical Function vulnerability exists which could cause a modification of device IP configuration (IP address, network mask and gateway IP address) when a specific Ethernet frame is received in all versions of: Modicon M100, Modicon M200, Modicon M221, ATV IMC drive controller, Modicon M241, Modicon M251, Modicon M258, Modicon LMC058, Modicon LMC078, PacDrive Eco ,PacDrive Pro, PacDrive Pro2
network
low complexity
schneider-electric CWE-306
8.2
2019-05-22 CVE-2019-6819 Improper Check for Unusual or Exceptional Conditions vulnerability in Schneider-Electric products
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists which could cause a possible Denial of Service when specific Modbus frames are sent to the controller in the products: Modicon M340 - firmware versions prior to V3.01, Modicon M580 - firmware versions prior to V2.80, All firmware versions of Modicon Quantum and Modicon Premium.
network
low complexity
schneider-electric CWE-754
7.5
2019-05-22 CVE-2019-6816 Code Injection vulnerability in Schneider-Electric Modicon Quantum Firmware
In Modicon Quantum all firmware versions, a CWE-94: Code Injection vulnerability could cause an unauthorized firmware modification with possible Denial of Service when using Modbus protocol.
network
low complexity
schneider-electric CWE-94
critical
9.1