Schneider-Electric Modicon M580 Bmeh586040C Firmware vulnerabilities

CVE-2023-6408 [HIGH] CWE-924 CVE-2023-6408: CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel v CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability exists that could cause a denial of service and loss of confidentiality, integrity of controllers when conducting a Man in the Middle attack.

CVE-2021-22786 [HIGH] CWE-200 CVE-2021-22786: A CWE-200: Information Exposure vulnerability exists that could cause the exposure of sensitive info A CWE-200: Information Exposure vulnerability exists that could cause the exposure of sensitive information stored on the memory of the controller when communicating over the Modbus TCP protocol. Affected Products: Modicon M340 CPU (part numbers BMXP34*) (Versions prior to V3.30), Modicon M580 CPU (part numbers BMEP* and BMEH*) (Versions prior to SV3.

CVE-2022-37301 [HIGH] CWE-191 CVE-2022-37301: A CWE-191: Integer Underflow (Wrap or Wraparound) vulnerability exists that could cause a denial of A CWE-191: Integer Underflow (Wrap or Wraparound) vulnerability exists that could cause a denial of service of the controller due to memory access violations when using the Modbus TCP protocol. Affected products: Modicon M340 CPU (part numbers BMXP34*)(V3.40 and prior), Modicon M580 CPU (part numbers BMEP* and BMEH*)(V3.22 and prior), Legacy Modicon Qu

CVE-2022-37300 [CRITICAL] CWE-640 CVE-2022-37300: A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could c A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could cause unauthorized access in read and write mode to the controller when communicating over Modbus. Affected Products: EcoStruxure Control Expert Including all Unity Pro versions (former name of EcoStruxure Control Expert) (V15.0 SP1 and prior), EcoSt