Schneider-Electric Modicon M580 Bmeh586040 Firmware vulnerabilities
5 known vulnerabilities affecting schneider-electric/modicon_m580_bmeh586040_firmware.
Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH4
Vulnerabilities
Page 1 of 1
CVE-2023-6408HIGHCVSS 8.1fixed in 4.202024-02-14
CVE-2023-6408 [HIGH] CWE-924 CVE-2023-6408:
CWE-924: Improper Enforcement of Message Integrity During Transmission in a
Communication Channel v
CWE-924: Improper Enforcement of Message Integrity During Transmission in a
Communication Channel vulnerability exists that could cause a denial of service and loss of
confidentiality, integrity of controllers when conducting a Man in the Middle attack.
nvd
CVE-2021-22786HIGHCVSS 7.5≤ 3.202023-02-01
CVE-2021-22786 [HIGH] CWE-200 CVE-2021-22786: A CWE-200: Information Exposure vulnerability exists that could cause the exposure of sensitive info
A CWE-200: Information Exposure vulnerability exists that could cause the exposure of sensitive information stored on the memory of the controller when communicating over the Modbus TCP protocol. Affected Products: Modicon M340 CPU (part numbers BMXP34*) (Versions prior to V3.30), Modicon M580 CPU (part numbers BMEP* and BMEH*) (Versions prior to SV3.
nvd
CVE-2022-37301HIGHCVSS 7.5fixed in 4.012022-11-22
CVE-2022-37301 [HIGH] CWE-191 CVE-2022-37301: A CWE-191: Integer Underflow (Wrap or Wraparound) vulnerability exists that could cause a denial of
A CWE-191: Integer Underflow (Wrap or Wraparound) vulnerability exists that could cause a denial of service of the controller due to memory access violations when using the Modbus TCP protocol. Affected products: Modicon M340 CPU (part numbers BMXP34*)(V3.40 and prior), Modicon M580 CPU (part numbers BMEP* and BMEH*)(V3.22 and prior), Legacy Modicon Qu
nvd
CVE-2022-37300CRITICALCVSS 9.8fixed in 4.022022-09-12
CVE-2022-37300 [CRITICAL] CWE-640 CVE-2022-37300: A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could c
A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could cause unauthorized access in read and write mode to the controller when communicating over Modbus. Affected Products: EcoStruxure Control Expert Including all Unity Pro versions (former name of EcoStruxure Control Expert) (V15.0 SP1 and prior), EcoSt
nvd
CVE-2019-6855HIGHCVSS 7.3fixed in 3.102020-01-06
CVE-2019-6855 [HIGH] CWE-863 CVE-2019-6855: Incorrect Authorization vulnerability exists in EcoStruxure Control Expert (all versions prior to 14
Incorrect Authorization vulnerability exists in EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions), Modicon M340 (all versions prior to V3.20) , and Modicon M580 (all versions prior to V3.10), which could cause a bypass of the authentication process between EcoStruxure Control Expert and the M340 and M580 controlle
nvd