Schneider-electric Modicon M340 Bmxp342030 Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Schneider-electric Modicon M340 Bmxp342030 Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (13)
CVE-2014-0754 — CVSS 10.0 (critical): Directory traversal vulnerability in SchneiderWEB on Schneider Electric Modicon PLC Ethernet modules 140CPU65x Exec before 5.5, 140NOC78x…
CVE-2022-37300 — CVSS 9.8 (critical): A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could cause unauthorized access in read and…
CVE-2021-22779 — CVSS 9.1 (critical): Authentication Bypass by Spoofing vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all…
CVE-2023-6408 — CVSS 8.1 (high): CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability exists that could cause a…
CVE-2022-45789 — CVSS 8.1 (high): A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause execution of unauthorized Modbus functions on the…
CVE-2021-22786 — CVSS 7.5 (high): A CWE-200: Information Exposure vulnerability exists that could cause the exposure of sensitive information stored on the memory of the…
CVE-2017-6017 — CVSS 7.5 (high): A Resource Exhaustion issue was discovered in Schneider Electric Modicon M340 PLC BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H…
CVE-2022-0222 — CVSS 7.5 (high): A CWE-269: Improper Privilege Management vulnerability exists that could cause a denial of service of the Ethernet communication of the…
CVE-2022-22724 — CVSS 7.5 (high): A CWE-400: Uncontrolled Resource Consumption vulnerability exists that could cause a denial of service on ports 80 (HTTP) and 502 (Modbus)…
CVE-2022-45788 — CVSS 7.5 (high): A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause arbitrary code execution, denial of…
CVE-2015-6461 — CVSS 5.4 (medium): Remote file inclusion allows an attacker to craft a specific URL referencing the Schneider Electric Modicon BMXNOC0401, BMXNOE0100…
CVE-2015-6462 — CVSS 5.4 (medium): Reflected Cross-Site Scripting (nonpersistent) allows an attacker to craft a specific URL, which contains Java script that will be executed…
CVE-2013-2763 — CVSS 5.0 (medium): The Schneider Electric M340 PLC modules allow remote attackers to cause a denial of service (resource consumption) via unspecified vectors…