Skip to main content

Modicon M340 Bmxp3420302Cl Firmware

15 CVEs product

Monthly

CVE-2020-7549 MEDIUM This Month

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Modicon M340 Bmxp341000 Firmware Modicon M340 Bmxp342000 Firmware Modicon M340 Bmxp3420102 Firmware Modicon M340 Bmxp3420102Cl Firmware +15
NVD VulDB
CVSS 3.1
5.3
EPSS
0.5%
CVE-2020-7543 HIGH This Week

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see security notifications. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Modicon M580 Bmep584040 Firmware Modicon M580 Bmep582040 Firmware Modicon M580 Bmep586040 Firmware Modicon M580 Bmep585040 Firmware +12
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-7542 HIGH This Week

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see security notifications. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Modicon M580 Bmep584040 Firmware Modicon M580 Bmep582040 Firmware Modicon M580 Bmep586040 Firmware Modicon M580 Bmep585040 Firmware +16
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-7541 MEDIUM This Month

A CWE-425: Direct Request ('Forced Browsing') vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Modicon M340 Bmxp341000 Firmware Modicon M340 Bmxp342000 Firmware Modicon M340 Bmxp3420102 Firmware Modicon M340 Bmxp3420102Cl Firmware +16
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2020-7540 CRITICAL Act Now

A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Modicon M340 Bmxp341000 Firmware Modicon M340 Bmxp342000 Firmware Modicon M340 Bmxp3420102 Firmware Modicon M340 Bmxp3420102Cl Firmware +19
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2020-7539 HIGH This Week

A CWE-754 Improper Check for Unusual or Exceptional Conditions vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Modicon M340 Bmxp341000 Firmware Modicon M340 Bmxp342000 Firmware Modicon M340 Bmxp3420102 Firmware Modicon M340 Bmxp3420102Cl Firmware +16
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-7537 HIGH This Week

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see security notifications. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Modicon M580 Bmep584040 Firmware Modicon M580 Bmep582040 Firmware Modicon M580 Bmep586040 Firmware Modicon M580 Bmep585040 Firmware +15
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-7536 HIGH This Week

A CWE-754:Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M340 CPUs (BMXP34* versions prior to V3.30) Modicon M340 Communication Ethernet modules (BMXNOE0100 (H). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Modicon M340 Bmxp341000 Firmware Modicon M340 Bmxp342000 Firmware Modicon M340 Bmxp3420102 Firmware Modicon M340 Bmxp3420102Cl Firmware +6
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-7535 HIGH This Week

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal' Vulnerability Type) vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Modicon M340 Bmxp341000 Firmware Modicon M340 Bmxp342000 Firmware Modicon M340 Bmxp3420102 Firmware Modicon M340 Bmxp3420102Cl Firmware +17
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2018-7762 HIGH This Week

A vulnerability exists in the web services to process SOAP requests in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200 which could allow result in a buffer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Buffer Overflow Bmxnor0200 Firmware Bmxnor0200H Firmware 140Cpu65150 Firmware +54
NVD
CVSS 3.0
7.5
EPSS
1.3%
CVE-2018-7761 CRITICAL Act Now

A vulnerability exists in the HTTP request parser in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200 which could allow arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric RCE Bmxnor0200 Firmware Bmxnor0200H Firmware 140Cpu65150 Firmware +54
NVD
CVSS 3.0
9.8
EPSS
2.1%
CVE-2018-7760 CRITICAL Act Now

An authorization bypass vulnerability exists in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Authentication Bypass Bmxnor0200 Firmware Bmxnor0200H Firmware 140Cpu65150 Firmware +54
NVD
CVSS 3.0
9.8
EPSS
1.5%
CVE-2018-7759 HIGH This Week

A buffer overflow vulnerability exists in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Buffer Overflow Bmxnor0200 Firmware Bmxnor0200H Firmware 140Cpu65150 Firmware +54
NVD
CVSS 3.0
7.5
EPSS
1.3%
CVE-2018-7242 CRITICAL Act Now

Vulnerable hash algorithms exists in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Information Disclosure Bmxnor0200 Firmware Bmxnor0200H Firmware 140Cpu65150 Firmware +54
NVD
CVSS 3.0
9.8
EPSS
1.9%
CVE-2018-7241 CRITICAL Act Now

Hard coded accounts exist in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Authentication Bypass Bmxnor0200 Firmware Bmxnor0200H Firmware 140Cpu65150 Firmware +54
NVD
CVSS 3.0
9.8
EPSS
3.8%
EPSS 1% CVSS 5.3
MEDIUM This Month

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Modicon M340 Bmxp341000 Firmware Modicon M340 Bmxp342000 Firmware +17
NVD VulDB
EPSS 1% CVSS 7.5
HIGH This Week

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see security notifications. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Modicon M580 Bmep584040 Firmware Modicon M580 Bmep582040 Firmware +14
NVD
EPSS 1% CVSS 7.5
HIGH This Week

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see security notifications. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Modicon M580 Bmep584040 Firmware Modicon M580 Bmep582040 Firmware +18
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

A CWE-425: Direct Request ('Forced Browsing') vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Modicon M340 Bmxp341000 Firmware Modicon M340 Bmxp342000 Firmware +18
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Modicon M340 Bmxp341000 Firmware Modicon M340 Bmxp342000 Firmware +21
NVD
EPSS 1% CVSS 7.5
HIGH This Week

A CWE-754 Improper Check for Unusual or Exceptional Conditions vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Modicon M340 Bmxp341000 Firmware Modicon M340 Bmxp342000 Firmware +18
NVD
EPSS 1% CVSS 7.5
HIGH This Week

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see security notifications. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Modicon M580 Bmep584040 Firmware Modicon M580 Bmep582040 Firmware +17
NVD
EPSS 1% CVSS 7.5
HIGH This Week

A CWE-754:Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M340 CPUs (BMXP34* versions prior to V3.30) Modicon M340 Communication Ethernet modules (BMXNOE0100 (H). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Modicon M340 Bmxp341000 Firmware Modicon M340 Bmxp342000 Firmware +8
NVD
EPSS 1% CVSS 7.5
HIGH This Week

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal' Vulnerability Type) vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Modicon M340 Bmxp341000 Firmware Modicon M340 Bmxp342000 Firmware +19
NVD
EPSS 1% CVSS 7.5
HIGH This Week

A vulnerability exists in the web services to process SOAP requests in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200 which could allow result in a buffer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Buffer Overflow Bmxnor0200 Firmware +56
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

A vulnerability exists in the HTTP request parser in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200 which could allow arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric RCE Bmxnor0200 Firmware +56
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

An authorization bypass vulnerability exists in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Authentication Bypass Bmxnor0200 Firmware +56
NVD
EPSS 1% CVSS 7.5
HIGH This Week

A buffer overflow vulnerability exists in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Buffer Overflow Bmxnor0200 Firmware +56
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

Vulnerable hash algorithms exists in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Information Disclosure Bmxnor0200 Firmware +56
NVD
EPSS 4% CVSS 9.8
CRITICAL Act Now

Hard coded accounts exist in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Authentication Bypass Bmxnor0200 Firmware +56
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy