Schneider-electric Bmxnoe0100 Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Schneider-electric Bmxnoe0100 Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (14)
CVE-2020-7540 — CVSS 9.8 (critical): A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon…
CVE-2020-7533 — CVSS 9.8 (critical): CWE-287: Improper Authentication vulnerability exists which could cause the execution of commands on the webserver without authentication…
CVE-2017-6017 — CVSS 7.5 (high): A Resource Exhaustion issue was discovered in Schneider Electric Modicon M340 PLC BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H…
CVE-2020-7535 — CVSS 7.5 (high): A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal' Vulnerability Type) vulnerability exists in the Web…
CVE-2020-7536 — CVSS 7.5 (high): A CWE-754:Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M340 CPUs (BMXP34* versions prior to V3.30)…
CVE-2020-7539 — CVSS 7.5 (high): A CWE-754 Improper Check for Unusual or Exceptional Conditions vulnerability exists in the Web Server on Modicon M340, Legacy Offers…
CVE-2021-22785 — CVSS 7.5 (high): A CWE-200: Information Exposure vulnerability exists that could cause sensitive information of files located in the web root directory to…
CVE-2021-22787 — CVSS 7.5 (high): A CWE-20: Improper Input Validation vulnerability exists that could cause denial of service of the device when an attacker sends a…
CVE-2021-22788 — CVSS 7.5 (high): A CWE-787: Out-of-bounds Write vulnerability exists that could cause denial of service when an attacker sends a specially crafted HTTP…
CVE-2024-5056 — CVSS 6.5 (medium): CWE-552: Files or Directories Accessible to External Parties vulnerability exists which may prevent user to update the device firmware and…
CVE-2015-6462 — CVSS 5.4 (medium): Reflected Cross-Site Scripting (nonpersistent) allows an attacker to craft a specific URL, which contains Java script that will be executed…
CVE-2015-6461 — CVSS 5.4 (medium): Remote file inclusion allows an attacker to craft a specific URL referencing the Schneider Electric Modicon BMXNOC0401, BMXNOE0100…
CVE-2020-7549 — CVSS 5.3 (medium): A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in the Web Server on Modicon M340, Legacy Offers…
CVE-2020-7541 — CVSS 5.3 (medium): A CWE-425: Direct Request ('Forced Browsing') vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and…