Schneider-Electric Modicon M580 Bmep585040 Firmware vulnerabilities
9 known vulnerabilities affecting schneider-electric/modicon_m580_bmep585040_firmware.
Total CVEs
9
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH8
Vulnerabilities
Page 1 of 1
CVE-2023-6408HIGHCVSS 8.1fixed in 4.202024-02-14
CVE-2023-6408 [HIGH] CWE-924 CVE-2023-6408:
CWE-924: Improper Enforcement of Message Integrity During Transmission in a
Communication Channel v
CWE-924: Improper Enforcement of Message Integrity During Transmission in a
Communication Channel vulnerability exists that could cause a denial of service and loss of
confidentiality, integrity of controllers when conducting a Man in the Middle attack.
nvd
CVE-2021-22786HIGHCVSS 7.5≤ 3.202023-02-01
CVE-2021-22786 [HIGH] CWE-200 CVE-2021-22786: A CWE-200: Information Exposure vulnerability exists that could cause the exposure of sensitive info
A CWE-200: Information Exposure vulnerability exists that could cause the exposure of sensitive information stored on the memory of the controller when communicating over the Modbus TCP protocol. Affected Products: Modicon M340 CPU (part numbers BMXP34*) (Versions prior to V3.30), Modicon M580 CPU (part numbers BMEP* and BMEH*) (Versions prior to SV3.
nvd
CVE-2022-37301HIGHCVSS 7.5fixed in 4.012022-11-22
CVE-2022-37301 [HIGH] CWE-191 CVE-2022-37301: A CWE-191: Integer Underflow (Wrap or Wraparound) vulnerability exists that could cause a denial of
A CWE-191: Integer Underflow (Wrap or Wraparound) vulnerability exists that could cause a denial of service of the controller due to memory access violations when using the Modbus TCP protocol. Affected products: Modicon M340 CPU (part numbers BMXP34*)(V3.40 and prior), Modicon M580 CPU (part numbers BMEP* and BMEH*)(V3.22 and prior), Legacy Modicon Qu
nvd
CVE-2022-37300CRITICALCVSS 9.8fixed in 4.022022-09-12
CVE-2022-37300 [CRITICAL] CWE-640 CVE-2022-37300: A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could c
A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could cause unauthorized access in read and write mode to the controller when communicating over Modbus. Affected Products: EcoStruxure Control Expert Including all Unity Pro versions (former name of EcoStruxure Control Expert) (V15.0 SP1 and prior), EcoSt
nvd
CVE-2020-7537HIGHCVSS 7.5fixed in 3.202020-12-11
CVE-2020-7537 [HIGH] CWE-754 CVE-2020-7537: A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see security notifications for affected versions), that could cause denial of service when a specially crafted Read Physical Memory request over Modbus is sent to the controller.
nvd
CVE-2020-7543HIGHCVSS 7.5fixed in 3.202020-12-11
CVE-2020-7543 [HIGH] CWE-754 CVE-2020-7543: A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see security notifications for affected versions), that could cause denial of service when a specially crafted Read Physical Memory request over Modbus is sent to the controller.
nvd
CVE-2020-7542HIGHCVSS 7.5fixed in 3.202020-12-11
CVE-2020-7542 [HIGH] CWE-754 CVE-2020-7542: A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see security notifications for affected versions), that could cause denial of service when a specially crafted Read Physical Memory request over Modbus is sent to the controller.
nvd
CVE-2019-6855HIGHCVSS 7.3fixed in 3.102020-01-06
CVE-2019-6855 [HIGH] CWE-863 CVE-2019-6855: Incorrect Authorization vulnerability exists in EcoStruxure Control Expert (all versions prior to 14
Incorrect Authorization vulnerability exists in EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions), Modicon M340 (all versions prior to V3.20) , and Modicon M580 (all versions prior to V3.10), which could cause a bypass of the authentication process between EcoStruxure Control Expert and the M340 and M580 controlle
nvd
CVE-2018-7838HIGHCVSS 7.5fixed in 2.902019-07-15
CVE-2018-7838 [HIGH] CWE-119 CVE-2018-7838: A CWE-119 Buffer Errors vulnerability exists in Modicon M580 CPU - BMEP582040, all versions before V
A CWE-119 Buffer Errors vulnerability exists in Modicon M580 CPU - BMEP582040, all versions before V2.90, and Modicon Ethernet Module BMENOC0301, all versions before V2.16, which could cause denial of service on the FTP service of the controller or the Ethernet BMENOC module when it receives a FTP CWD command with a data length greater than 1020 bytes.
nvd