Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Schneider-electric Subscribe
Filtered by product Bmxp341000

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 6 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-7533 1 Schneider-electric 32 140cpu65260, 140cpu65260 Firmware, 140noc77101 and 29 more 2022-04-25 7.5 HIGH 9.8 CRITICAL
A CWE-255: Credentials Management vulnerability exists in Web Server on Modicon M340, Modicon Quantum and ModiconPremium Legacy offers and their Communication Modules (see security notification for version information) which could cause the execution of commands on the webserver without authentication when sending specially crafted HTTP requests.
CVE-2020-7540 1 Schneider-electric 46 140cpu65150, 140cpu65150 Firmware, 140cpu65160 and 43 more 2020-12-14 7.5 HIGH 9.8 CRITICAL
A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause unauthenticated command execution in the controller when sending special HTTP requests.
CVE-2018-7241 1 Schneider-electric 114 140cpu31110, 140cpu31110 Firmware, 140cpu31110c and 111 more 2018-12-05 10.0 HIGH 9.8 CRITICAL
Hard coded accounts exist in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules.
CVE-2018-7242 1 Schneider-electric 114 140cpu31110, 140cpu31110 Firmware, 140cpu31110c and 111 more 2018-12-05 5.0 MEDIUM 9.8 CRITICAL
Vulnerable hash algorithms exists in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules. The algorithm used to encrypt the password is vulnerable to hash collision attacks.
CVE-2018-7761 1 Schneider-electric 114 140cpu31110, 140cpu31110 Firmware, 140cpu31110c and 111 more 2018-05-24 7.5 HIGH 9.8 CRITICAL
A vulnerability exists in the HTTP request parser in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200 which could allow arbitrary code execution.
CVE-2018-7760 1 Schneider-electric 114 140cpu31110, 140cpu31110 Firmware, 140cpu31110c and 111 more 2018-05-24 7.5 HIGH 9.8 CRITICAL
An authorization bypass vulnerability exists in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200. Requests to CGI functions allow malicious users to bypass authorization.