Schneider-Electric Modicon M340 BMX P34-2030

CPE Details

Schneider-Electric Modicon M340 BMX P34-2030
schneider-electric
modicon_m340_bmx_p34-2030
-
2020-12-01
13h55 +00:00
2021-05-11
15h04 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:h:schneider-electric:modicon_m340_bmx_p34-2030:-:*:*:*:*:*:*:*

Informations

Vendor

schneider-electric

Product

modicon_m340_bmx_p34-2030

Version

-

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2022-37301 2022-11-21 23h00 +00:00 A CWE-191: Integer Underflow (Wrap or Wraparound) vulnerability exists that could cause a denial of service of the controller due to memory access violations when using the Modbus TCP protocol. Affected products: Modicon M340 CPU (part numbers BMXP34*)(V3.40 and prior), Modicon M580 CPU (part numbers BMEP* and BMEH*)(V3.22 and prior), Legacy Modicon Quantum/Premium(All Versions), Modicon Momentum MDI (171CBU*)(All Versions), Modicon MC80 (BMKC80)(V1.7 and prior)
7.5
Haute
CVE-2020-7562 2020-11-18 12h54 +00:00 A CWE-125: Out-of-Bounds Read vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details) which could cause a segmentation fault or a buffer overflow when uploading a specially crafted file on the controller over FTP.
8.1
Haute
CVE-2020-7564 2020-11-18 12h51 +00:00 A CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details) which could cause write access and the execution of commands when uploading a specially crafted file on the controller over FTP.
8.8
Haute
CVE-2020-7563 2020-11-18 12h50 +00:00 A CWE-787: Out-of-bounds Write vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details) which could cause corruption of data, a crash, or code execution when uploading a specially crafted file on the controller over FTP.
8.8
Haute
CVE-2013-2763 2013-04-04 10h00 +00:00 The Schneider Electric M340 PLC modules allow remote attackers to cause a denial of service (resource consumption) via unspecified vectors. NOTE: the vendor reportedly disputes this issue because it "could not be duplicated" and "an attacker could not remotely exploit this observed behavior to deny PLC control functions.
5