Schneider Electric Modicon M580 Cpu Safety vulnerabilities
7 known vulnerabilities affecting schneider_electric/modicon_m580_cpu_safety.
Total CVEs
7
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH4MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2024-11425HIGHCVSS 8.7vVersions prior to SV4.212025-01-17
CVE-2024-11425 [HIGH] CWE-131 CVE-2024-11425: CWE-131: Incorrect Calculation of Buffer Size vulnerability exists that could cause Denial-of-Servic
CWE-131: Incorrect Calculation of Buffer Size vulnerability exists that could cause Denial-of-Service of the
product when an unauthenticated user is sending a crafted HTTPS packet to the webserver.
cvelistv5nvd
CVE-2023-6408HIGHCVSS 8.1vAll Versions2024-02-14
CVE-2023-6408 [HIGH] CWE-924 CVE-2023-6408:
CWE-924: Improper Enforcement of Message Integrity During Transmission in a
Communication Channel v
CWE-924: Improper Enforcement of Message Integrity During Transmission in a
Communication Channel vulnerability exists that could cause a denial of service and loss of
confidentiality, integrity of controllers when conducting a Man in the Middle attack.
cvelistv5nvd
CVE-2023-25619HIGHCVSS 7.5vAll 2023-04-19
CVE-2023-25619 [HIGH] CWE-754 CVE-2023-25619:
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that
could cau
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that
could cause denial of service of the controller when communicating over the Modbus TCP
protocol.
cvelistv5nvd
CVE-2023-25620MEDIUMCVSS 6.5vAll 2023-04-19
CVE-2023-25620 [MEDIUM] CWE-754 CVE-2023-25620:
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that
could c
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that
could cause denial of service of the controller when a malicious project file is loaded onto the
controller by an authenticated user.
cvelistv5nvd
CVE-2021-22786HIGHCVSS 7.5vAll Versions2023-02-01
CVE-2021-22786 [HIGH] CWE-200 CVE-2021-22786: A CWE-200: Information Exposure vulnerability exists that could cause the exposure of sensitive info
A CWE-200: Information Exposure vulnerability exists that could cause the exposure of sensitive information stored on the memory of the controller when communicating over the Modbus TCP protocol. Affected Products: Modicon M340 CPU (part numbers BMXP34*) (Versions prior to V3.30), Modicon M580 CPU (part numbers BMEP* and BMEH*) (Versions prior to SV3.
cvelistv5nvd
CVE-2022-45789CRITICALCVSS 9.8vAll Versions2023-01-31
CVE-2022-45789 [CRITICAL] CWE-294 CVE-2022-45789: A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause execution o
A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause execution of unauthorized Modbus functions on the controller when hijacking an authenticated Modbus session. Affected Products: EcoStruxure Control Expert (All Versions), EcoStruxure Process Expert (All Versions), Modicon M340 CPU - part numbers BMXP34* (All V
cvelistv5nvd
CVE-2022-45788CRITICALCVSS 9.8vAll Versions2023-01-30
CVE-2022-45788 [CRITICAL] CWE-754 CVE-2022-45788: A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could caus
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause arbitrary code execution, denial of service and loss of confidentiality & integrity when a malicious project file is loaded onto the controller. Affected Products: EcoStruxure Control Expert (All Versions), EcoStruxure Process Expert (All Versions
cvelistv5nvd