Skip to main content

Modicon M340 Bmxp342020H Firmware

10 CVEs product

Monthly

CVE-2022-0222 HIGH This Week

A CWE-269: Improper Privilege Management vulnerability exists that could cause a denial of service of the Ethernet communication of the controller when sending a specific request over SNMP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Denial Of Service Modicon M340 Bmxp341000 Firmware Modicon M340 Bmxp342000 Firmware Modicon M340 Bmxp342010 Firmware +11
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-37300 CRITICAL PATCH Act Now

A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could cause unauthorized access in read and write mode to the controller when communicating over Modbus. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Ecostruxure Control Expert Ecostruxure Process Expert Modicon M340 Bmxp341000 Firmware Modicon M340 Bmxp342000 Firmware +32
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2018-7762 HIGH This Week

A vulnerability exists in the web services to process SOAP requests in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200 which could allow result in a buffer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Buffer Overflow Bmxnor0200 Firmware Bmxnor0200H Firmware 140Cpu65150 Firmware +54
NVD
CVSS 3.0
7.5
EPSS
1.3%
CVE-2018-7761 CRITICAL Act Now

A vulnerability exists in the HTTP request parser in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200 which could allow arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric RCE Bmxnor0200 Firmware Bmxnor0200H Firmware 140Cpu65150 Firmware +54
NVD
CVSS 3.0
9.8
EPSS
2.1%
CVE-2018-7760 CRITICAL Act Now

An authorization bypass vulnerability exists in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Authentication Bypass Bmxnor0200 Firmware Bmxnor0200H Firmware 140Cpu65150 Firmware +54
NVD
CVSS 3.0
9.8
EPSS
1.5%
CVE-2018-7759 HIGH This Week

A buffer overflow vulnerability exists in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Buffer Overflow Bmxnor0200 Firmware Bmxnor0200H Firmware 140Cpu65150 Firmware +54
NVD
CVSS 3.0
7.5
EPSS
1.3%
CVE-2018-7242 CRITICAL Act Now

Vulnerable hash algorithms exists in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Information Disclosure Bmxnor0200 Firmware Bmxnor0200H Firmware 140Cpu65150 Firmware +54
NVD
CVSS 3.0
9.8
EPSS
1.9%
CVE-2018-7241 CRITICAL Act Now

Hard coded accounts exist in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Authentication Bypass Bmxnor0200 Firmware Bmxnor0200H Firmware 140Cpu65150 Firmware +54
NVD
CVSS 3.0
9.8
EPSS
3.8%
CVE-2017-6017 HIGH This Week

A Resource Exhaustion issue was discovered in Schneider Electric Modicon M340 PLC BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP341000, BMXP342000, BMXP3420102, BMXP3420102CL,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Schneider Electric Bmxnoc0401 Firmware Bmxnoe0100 Firmware Bmxnoe0110 Firmware +12
NVD
CVSS 3.0
7.5
EPSS
5.2%
CVE-2014-0754 CRITICAL PATCH Act Now

Directory traversal vulnerability in SchneiderWEB on Schneider Electric Modicon PLC Ethernet modules 140CPU65x Exec before 5.5, 140NOC78x Exec before 1.62, 140NOE77x Exec before 6.2, BMXNOC0401. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 18.9%.

Path Traversal Schneider Electric Stbnic2212 Firmware Stbnip2212 Firmware Tsxetc0101 Firmware +40
NVD
CVSS 2.0
10.0
EPSS
18.9%
EPSS 1% CVSS 7.5
HIGH This Week

A CWE-269: Improper Privilege Management vulnerability exists that could cause a denial of service of the Ethernet communication of the controller when sending a specific request over SNMP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Denial Of Service Modicon M340 Bmxp341000 Firmware +13
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could cause unauthorized access in read and write mode to the controller when communicating over Modbus. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Ecostruxure Control Expert Ecostruxure Process Expert +34
NVD
EPSS 1% CVSS 7.5
HIGH This Week

A vulnerability exists in the web services to process SOAP requests in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200 which could allow result in a buffer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Buffer Overflow Bmxnor0200 Firmware +56
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

A vulnerability exists in the HTTP request parser in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200 which could allow arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric RCE Bmxnor0200 Firmware +56
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

An authorization bypass vulnerability exists in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Authentication Bypass Bmxnor0200 Firmware +56
NVD
EPSS 1% CVSS 7.5
HIGH This Week

A buffer overflow vulnerability exists in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Buffer Overflow Bmxnor0200 Firmware +56
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

Vulnerable hash algorithms exists in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Information Disclosure Bmxnor0200 Firmware +56
NVD
EPSS 4% CVSS 9.8
CRITICAL Act Now

Hard coded accounts exist in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Authentication Bypass Bmxnor0200 Firmware +56
NVD
EPSS 5% CVSS 7.5
HIGH This Week

A Resource Exhaustion issue was discovered in Schneider Electric Modicon M340 PLC BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP341000, BMXP342000, BMXP3420102, BMXP3420102CL,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Schneider Electric Bmxnoc0401 Firmware +14
NVD
EPSS 19% CVSS 10.0
CRITICAL PATCH Act Now

Directory traversal vulnerability in SchneiderWEB on Schneider Electric Modicon PLC Ethernet modules 140CPU65x Exec before 5.5, 140NOC78x Exec before 1.62, 140NOE77x Exec before 6.2, BMXNOC0401. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 18.9%.

Path Traversal Schneider Electric Stbnic2212 Firmware +42
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy