Skip to main content

Modicon M340 Bmxp342010 Firmware

4 CVEs product

Monthly

CVE-2022-0222 HIGH This Week

A CWE-269: Improper Privilege Management vulnerability exists that could cause a denial of service of the Ethernet communication of the controller when sending a specific request over SNMP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Denial Of Service Modicon M340 Bmxp341000 Firmware Modicon M340 Bmxp342000 Firmware Modicon M340 Bmxp342010 Firmware +11
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-37300 CRITICAL PATCH Act Now

A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could cause unauthorized access in read and write mode to the controller when communicating over Modbus. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Ecostruxure Control Expert Ecostruxure Process Expert Modicon M340 Bmxp341000 Firmware Modicon M340 Bmxp342000 Firmware +32
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2021-22779 CRITICAL Act Now

Authentication Bypass by Spoofing vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Control Expert V15.0 SP1,. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ecostruxure Control Expert Ecostruxure Process Expert Remoteconnect Modicon M580 Bmep581020 Firmware +28
NVD VulDB
CVSS 3.1
9.1
EPSS
0.2%
CVE-2013-2763 MEDIUM This Month

The Schneider Electric M340 PLC modules allow remote attackers to cause a denial of service (resource consumption) via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Schneider Electric Modicon M340 Bmx Noc 0401 Firmware Modicon M340 Bmx Noe 0100 Firmware Modicon M340 Bmx Noe 0100H Firmware +9
NVD
CVSS 2.0
5.0
EPSS
0.7%
EPSS 1% CVSS 7.5
HIGH This Week

A CWE-269: Improper Privilege Management vulnerability exists that could cause a denial of service of the Ethernet communication of the controller when sending a specific request over SNMP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Denial Of Service Modicon M340 Bmxp341000 Firmware +13
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could cause unauthorized access in read and write mode to the controller when communicating over Modbus. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Ecostruxure Control Expert Ecostruxure Process Expert +34
NVD
EPSS 0% CVSS 9.1
CRITICAL Act Now

Authentication Bypass by Spoofing vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Control Expert V15.0 SP1,. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ecostruxure Control Expert Ecostruxure Process Expert +30
NVD VulDB
EPSS 1% CVSS 5.0
MEDIUM This Month

The Schneider Electric M340 PLC modules allow remote attackers to cause a denial of service (resource consumption) via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Schneider Electric Modicon M340 Bmx Noc 0401 Firmware +11
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy