Schneider-electric Modicon M340 Bmxp3420102 Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Schneider-electric Modicon M340 Bmxp3420102 Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (25)
CVE-2018-7761 — CVSS 9.8 (critical): A vulnerability exists in the HTTP request parser in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200…
CVE-2020-7540 — CVSS 9.8 (critical): A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon…
CVE-2018-7242 — CVSS 9.8 (critical): Vulnerable hash algorithms exists in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all…
CVE-2020-7533 — CVSS 9.8 (critical): CWE-287: Improper Authentication vulnerability exists which could cause the execution of commands on the webserver without authentication…
CVE-2022-37300 — CVSS 9.8 (critical): A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could cause unauthorized access in read and…
CVE-2018-7241 — CVSS 9.8 (critical): Hard coded accounts exist in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all…
CVE-2022-45789 — CVSS 8.1 (high): A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause execution of unauthorized Modbus functions on the…
CVE-2023-6408 — CVSS 8.1 (high): CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability exists that could cause a…
CVE-2021-22786 — CVSS 7.5 (high): A CWE-200: Information Exposure vulnerability exists that could cause the exposure of sensitive information stored on the memory of the…
CVE-2022-0222 — CVSS 7.5 (high): A CWE-269: Improper Privilege Management vulnerability exists that could cause a denial of service of the Ethernet communication of the…
CVE-2022-22724 — CVSS 7.5 (high): A CWE-400: Uncontrolled Resource Consumption vulnerability exists that could cause a denial of service on ports 80 (HTTP) and 502 (Modbus)…
CVE-2020-7539 — CVSS 7.5 (high): A CWE-754 Improper Check for Unusual or Exceptional Conditions vulnerability exists in the Web Server on Modicon M340, Legacy Offers…
CVE-2018-7759 — CVSS 7.5 (high): A buffer overflow vulnerability exists in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200. The buffer…
CVE-2018-7762 — CVSS 7.5 (high): A vulnerability exists in the web services to process SOAP requests in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum…
CVE-2020-7535 — CVSS 7.5 (high): A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal' Vulnerability Type) vulnerability exists in the Web…
CVE-2020-7536 — CVSS 7.5 (high): A CWE-754:Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M340 CPUs (BMXP34* versions prior to V3.30)…
CVE-2020-7537 — CVSS 7.5 (high): A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers…
CVE-2017-6017 — CVSS 7.5 (high): A Resource Exhaustion issue was discovered in Schneider Electric Modicon M340 PLC BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H…
CVE-2020-7542 — CVSS 7.5 (high): A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers…
CVE-2020-7543 — CVSS 7.5 (high): A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers…
CVE-2022-45788 — CVSS 7.5 (high): A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause arbitrary code execution, denial of…
CVE-2019-6855 — CVSS 7.3 (high): Incorrect Authorization vulnerability exists in EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions)…
CVE-2020-7541 — CVSS 5.3 (medium): A CWE-425: Direct Request ('Forced Browsing') vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and…
CVE-2020-7549 — CVSS 5.3 (medium): A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in the Web Server on Modicon M340, Legacy Offers…