CPE Details
Schneider Electric MODICON M580 BMEP581020H FIRMWARE 4.02
4.02
2022-09-15
11h21 +00:00
11h21 +00:00
2022-09-15
12h27 +00:00
12h27 +00:00
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
CPE Name: cpe:2.3:o:schneider-electric:modicon_m580_bmep581020h_firmware:4.02:*:*:*:*:*:*:*
Informations
Vendor
schneider-electricProduct
modicon_m580_bmep581020h_firmwareVersion
4.02Related CVE
| CVE ID | Publié | Description | Score | Gravité |
|---|---|---|---|---|
| CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability exists that could cause a denial of service and loss of confidentiality, integrity of controllers when conducting a Man in the Middle attack. | 8.1 |
Haute |
||
| A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause execution of unauthorized Modbus functions on the controller when hijacking an authenticated Modbus session. Affected Products: EcoStruxure Control Expert (All Versions), EcoStruxure Process Expert (All Versions), Modicon M340 CPU - part numbers BMXP34* (All Versions), Modicon M580 CPU - part numbers BMEP* and BMEH* (All Versions), Modicon M580 CPU Safety - part numbers BMEP58*S and BMEH58*S (All Versions) | 9.8 |
Critique |
||
| Authentication Bypass by Spoofing vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Control Expert V15.0 SP1, EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), SCADAPack RemoteConnect for x70 (all versions), Modicon M580 CPU (all versions - part numbers BMEP* and BMEH*), Modicon M340 CPU (all versions - part numbers BMXP34*), that could cause unauthorized access in read and write mode to the controller by spoofing the Modbus communication between the engineering software and the controller. | 9.1 |
Critique |
2025©
tesweb SA
