Schneider-Electric Modicon M340 Bmxp342020H Firmware vulnerabilities

5 known vulnerabilities affecting schneider-electric/modicon_m340_bmxp342020h_firmware.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH4

Vulnerabilities

Page 1 of 1
CVE-2023-6408HIGHCVSS 8.1fixed in 3.602024-02-14
CVE-2023-6408 [HIGH] CWE-924 CVE-2023-6408: CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel v CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability exists that could cause a denial of service and loss of confidentiality, integrity of controllers when conducting a Man in the Middle attack.
nvd
CVE-2021-22786HIGHCVSS 7.5fixed in 3.402023-02-01
CVE-2021-22786 [HIGH] CWE-200 CVE-2021-22786: A CWE-200: Information Exposure vulnerability exists that could cause the exposure of sensitive info A CWE-200: Information Exposure vulnerability exists that could cause the exposure of sensitive information stored on the memory of the controller when communicating over the Modbus TCP protocol. Affected Products: Modicon M340 CPU (part numbers BMXP34*) (Versions prior to V3.30), Modicon M580 CPU (part numbers BMEP* and BMEH*) (Versions prior to SV3.
nvd
CVE-2022-0222HIGHCVSS 7.5fixed in 3.502022-11-22
CVE-2022-0222 [HIGH] CWE-269 CVE-2022-0222: A CWE-269: Improper Privilege Management vulnerability exists that could cause a denial of service o A CWE-269: Improper Privilege Management vulnerability exists that could cause a denial of service of the Ethernet communication of the controller when sending a specific request over SNMP. Affected products: Modicon M340 CPUs(BMXP34* versions prior to V3.40), Modicon M340 X80 Ethernet Communication modules:BMXNOE0100 (H), BMXNOE0110 (H), BMXNOR0200H RT
nvd
CVE-2022-37300CRITICALCVSS 9.8fixed in 3.502022-09-12
CVE-2022-37300 [CRITICAL] CWE-640 CVE-2022-37300: A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could c A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could cause unauthorized access in read and write mode to the controller when communicating over Modbus. Affected Products: EcoStruxure Control Expert Including all Unity Pro versions (former name of EcoStruxure Control Expert) (V15.0 SP1 and prior), EcoSt
nvd
CVE-2017-6017HIGHCVSS 7.5v2.82017-06-30
CVE-2017-6017 [HIGH] CWE-400 CVE-2017-6017: A Resource Exhaustion issue was discovered in Schneider Electric Modicon M340 PLC BMXNOC0401, BMXNOE A Resource Exhaustion issue was discovered in Schneider Electric Modicon M340 PLC BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP341000, BMXP342000, BMXP3420102, BMXP3420102CL, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, and BMXP342030H. A remote attacker could send a specially crafted set of packets to the PLC cau
nvd