Vulnerabilities (CVE)

Filtered by vendor Schneider-electric Subscribe

Filtered by product Bmxnoc0401

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 2 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2020-7533	1 Schneider-electric	32 140cpu65260, 140cpu65260 Firmware, 140noc77101 and 29 more	2022-04-25	7.5 HIGH	9.8 CRITICAL
A CWE-255: Credentials Management vulnerability exists in Web Server on Modicon M340, Modicon Quantum and ModiconPremium Legacy offers and their Communication Modules (see security notification for version information) which could cause the execution of commands on the webserver without authentication when sending specially crafted HTTP requests.
CVE-2020-7540	1 Schneider-electric	46 140cpu65150, 140cpu65150 Firmware, 140cpu65160 and 43 more	2020-12-14	7.5 HIGH	9.8 CRITICAL
A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause unauthenticated command execution in the controller when sending special HTTP requests.