Vulnerabilities > Schneider Electric > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-05-22 | CVE-2018-7853 | Improper Check for Unusual or Exceptional Conditions vulnerability in Schneider-Electric products A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service when reading invalid physical memory blocks in the controller over Modbus | 7.5 |
| 2019-05-22 | CVE-2018-7844 | Information Exposure vulnerability in Schneider-Electric products A CWE-200: Information Exposure vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause the disclosure of SNMP information when reading memory blocks from the controller over Modbus. | 7.5 |
| 2019-05-22 | CVE-2019-6820 | Missing Authentication for Critical Function vulnerability in Schneider-Electric products A CWE-306: Missing Authentication for Critical Function vulnerability exists which could cause a modification of device IP configuration (IP address, network mask and gateway IP address) when a specific Ethernet frame is received in all versions of: Modicon M100, Modicon M200, Modicon M221, ATV IMC drive controller, Modicon M241, Modicon M251, Modicon M258, Modicon LMC058, Modicon LMC078, PacDrive Eco ,PacDrive Pro, PacDrive Pro2 | 8.2 |
| 2019-05-22 | CVE-2019-6819 | Improper Check for Unusual or Exceptional Conditions vulnerability in Schneider-Electric products A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists which could cause a possible Denial of Service when specific Modbus frames are sent to the controller in the products: Modicon M340 - firmware versions prior to V3.01, Modicon M580 - firmware versions prior to V2.80, All firmware versions of Modicon Quantum and Modicon Premium. | 7.5 |
| 2019-05-22 | CVE-2019-6812 | Use of Hard-coded Credentials vulnerability in Schneider-Electric Bmx-Nor-0200H Firmware 1.7 A CWE-798 use of hardcoded credentials vulnerability exists in BMX-NOR-0200H with firmware versions prior to V1.7 IR 19 which could cause a confidentiality issue when using FTP protocol. | 7.2 |
| 2019-05-22 | CVE-2018-7852 | Improper Handling of Exceptional Conditions vulnerability in Schneider-Electric products A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service when an invalid private command parameter is sent to the controller over Modbus. | 7.5 |
| 2019-05-22 | CVE-2018-7849 | Improper Handling of Exceptional Conditions vulnerability in Schneider-Electric products A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum and Modicon Premium which could cause a possible Denial of Service due to improper data integrity check when sending files the controller over Modbus. | 7.5 |
| 2019-05-22 | CVE-2018-7848 | Information Exposure vulnerability in Schneider-Electric products A CWE-200: Information Exposure vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause the disclosure of SNMP information when reading files from the controller over Modbus | 7.5 |
| 2019-05-22 | CVE-2018-7845 | Out-of-bounds Read vulnerability in Schneider-Electric products A CWE-125: Out-of-bounds Read vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause the disclosure of unexpected data from the controller when reading specific memory blocks in the controller over Modbus. | 7.5 |
| 2019-05-22 | CVE-2018-7843 | Out-of-bounds Read vulnerability in Schneider-Electric products A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service when reading memory blocks with an invalid data size or with an invalid data offset in the controller over Modbus. | 7.5 |