Vulnerabilities - Yack CVE

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2019-6837 1Schneider Electric 4Meg6260 0410 Firmware Meg6260 0415 FirmwareMeg6501 0001 Firmware+1 more Jun 17, 2026 Sep 17, 2019 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 A Server-Side Request Forgery (SSRF): CWE-918 vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG62...Show more A Server-Side Request Forgery (SSRF): CWE-918 vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15), which could cause server configuration data to be exposed when an attacker modifies a URL.Show less
CVE-2019-6836 1Schneider Electric 4Meg6260 0410 Firmware Meg6260 0415 FirmwareMeg6501 0001 Firmware+1 more Jun 17, 2026 Sep 17, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A CWE-863: Incorrect Authorization vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U...Show more A CWE-863: Incorrect Authorization vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15), which could allow the file system to access the wrong file.Show less
CVE-2019-6835 1Schneider Electric 4Meg6260 0410 Firmware Meg6260 0415 FirmwareMeg6501 0001 Firmware+1 more Jun 17, 2026 Sep 17, 2019 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 A Cross-Site Scripting (XSS) CWE-79 vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 -...Show more A Cross-Site Scripting (XSS) CWE-79 vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15), which could allow an attacker to inject client-side script when a user visits a web page.Show less
CVE-2019-6833 1Schneider Electric 9Hmigto Firmware Hmigtu FirmwareHmigxo Firmware+6 more Jun 17, 2026 Sep 17, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 A CWE-754 – Improper Check for Unusual or Exceptional Conditions vulnerability exists in Magelis HMI Panels (all versions of - HMIGTO, HMISTO, XBTGH, HMIGTU, HMIGTUX, HMISCU, HMISTU, XBTGT, XBTGT, HMIGXO, HMIGXU), which...Show more A CWE-754 – Improper Check for Unusual or Exceptional Conditions vulnerability exists in Magelis HMI Panels (all versions of - HMIGTO, HMISTO, XBTGH, HMIGTU, HMIGTUX, HMISCU, HMISTU, XBTGT, XBTGT, HMIGXO, HMIGXU), which could cause a temporary freeze of the HMI when a high rate of frames is received. When the attack stops, the buffered commands are processed by the HMI panel.Show less
CVE-2019-6832 1Schneider Electric 2Spacelynk Firmware Wiser For Knx Firmware Jun 17, 2026 Sep 17, 2019 N/A· v4 8.3 HIGH· v3 6.8 MEDIUM· v2 A CWE-287: Authentication vulnerability exists in spaceLYnk (all versions before 2.4.0) and Wiser for KNX (all versions before 2.4.0 - formerly known as homeLYnk), which could cause loss of control when an attacker bypas...Show more A CWE-287: Authentication vulnerability exists in spaceLYnk (all versions before 2.4.0) and Wiser for KNX (all versions before 2.4.0 - formerly known as homeLYnk), which could cause loss of control when an attacker bypasses the authentication.Show less
CVE-2019-6831 1Schneider Electric 1Bmxnor0200h Firmware Jun 17, 2026 Sep 17, 2019 N/A· v4 8.6 HIGH· v3 5.0 MEDIUM· v2 A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in BMXNOR0200H Ethernet / Serial RTU module (all firmware versions), which could cause disconnection of active connections when an unus...Show more A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in BMXNOR0200H Ethernet / Serial RTU module (all firmware versions), which could cause disconnection of active connections when an unusually high number of IEC 60870- 5-104 packets are received by the module on port 2404/TCP.Show less
CVE-2019-6830 1Schneider Electric 1Modicon M580 Firmware Jun 17, 2026 Sep 17, 2019 N/A· v4 5.9 MEDIUM· v3 7.1 HIGH· v2 A CWE-248: Uncaught Exception vulnerability exists IN Modicon M580 all versions prior to V2.80, which could cause a possible denial of service when sending an appropriately timed HTTP request to the controller.
CVE-2019-6829 1Schneider Electric 2Modicon M340 Firmware Modicon M580 Firmware Jun 17, 2026 Sep 17, 2019 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 A CWE-248: Uncaught Exception vulnerability exists in Modicon M580 (firmware version prior to V2.90) and Modicon M340 (firmware version prior to V3.10), which could cause a possible denial of service when writing to spec...Show more A CWE-248: Uncaught Exception vulnerability exists in Modicon M580 (firmware version prior to V2.90) and Modicon M340 (firmware version prior to V3.10), which could cause a possible denial of service when writing to specific memory addresses in the controller over Modbus.Show less
CVE-2019-6828 1Schneider Electric 4Modicon M340 Firmware Modicon M580 FirmwareModicon Premium Firmware+1 more Jun 17, 2026 Sep 17, 2019 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 A CWE-248: Uncaught Exception vulnerability exists Modicon M580 (firmware version prior to V2.90), Modicon M340 (firmware version prior to V3.10), Modicon Premium (all versions), and Modicon Quantum (all versions), which...Show more A CWE-248: Uncaught Exception vulnerability exists Modicon M580 (firmware version prior to V2.90), Modicon M340 (firmware version prior to V3.10), Modicon Premium (all versions), and Modicon Quantum (all versions), which could cause a possible denial of service when reading specific coils and registers in the controller over Modbus.Show less
CVE-2019-6827 1Schneider Electric 1Interactive Graphical Scada System Jun 17, 2026 Jul 15, 2019 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 A CWE-787: Out-of-bounds Write vulnerability exists in Interactive Graphical SCADA System (IGSS), Version 14 and prior, which could cause a software crash when data in the mdb database is manipulated.
CVE-2019-6826 1Schneider Electric 1Somachine Hvac Jun 17, 2026 Sep 17, 2019 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 A CWE-426: Untrusted Search Path vulnerability exists in SoMachine HVAC v2.4.1 and earlier versions, which could cause arbitrary code execution on the system running SoMachine HVAC when a malicious DLL library is loaded...Show more A CWE-426: Untrusted Search Path vulnerability exists in SoMachine HVAC v2.4.1 and earlier versions, which could cause arbitrary code execution on the system running SoMachine HVAC when a malicious DLL library is loaded by the product.Show less
CVE-2019-6825 1Schneider Electric 1Proclima Jun 17, 2026 Jul 15, 2019 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 A CWE-427: Uncontrolled Search Path Element vulnerability exists in ProClima (all versions prior to version 8.0.0) which could allow a malicious DLL file, with the same name of any resident DLLs inside the software insta...Show more A CWE-427: Uncontrolled Search Path Element vulnerability exists in ProClima (all versions prior to version 8.0.0) which could allow a malicious DLL file, with the same name of any resident DLLs inside the software installation, to execute arbitrary code in all versions of ProClima prior to version 8.0.0.Show less
CVE-2019-6824 1Schneider Electric 1Proclima Jun 17, 2026 Jul 15, 2019 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 A CWE-119: Buffer Errors vulnerability exists in ProClima (all versions prior to version 8.0.0) which allows an unauthenticated, remote attacker to execute arbitrary code on the targeted system in all versions of ProClim...Show more A CWE-119: Buffer Errors vulnerability exists in ProClima (all versions prior to version 8.0.0) which allows an unauthenticated, remote attacker to execute arbitrary code on the targeted system in all versions of ProClima prior to version 8.0.0.Show less
CVE-2019-6823 1Schneider Electric 1Proclima Jun 17, 2026 Jul 15, 2019 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 A CWE-94: Code Injection vulnerability exists in ProClima (all versions prior to version 8.0.0) which could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system in all versions of Pr...Show more A CWE-94: Code Injection vulnerability exists in ProClima (all versions prior to version 8.0.0) which could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system in all versions of ProClima prior to version 8.0.0.Show less
CVE-2019-6822 1Schneider Electric 1Zelio Soft 2 Jun 17, 2026 Jul 15, 2019 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 A Use After Free: CWE-416 vulnerability exists in Zelio Soft 2, V5.2 and earlier, which could cause remote code execution when opening a specially crafted Zelio Soft 2 project file.
CVE-2019-6821 1Schneider Electric 4Modicon M340 Firmware Modicon M580 FirmwareModicon Premium Firmware+1 more Jun 17, 2026 May 22, 2019 N/A· v4 6.5 MEDIUM· v3 6.4 MEDIUM· v2 CWE-330: Use of Insufficiently Random Values vulnerability, which could cause the hijacking of the TCP connection when using Ethernet communication in Modicon M580 firmware versions prior to V2.30, and all firmware versi...Show more CWE-330: Use of Insufficiently Random Values vulnerability, which could cause the hijacking of the TCP connection when using Ethernet communication in Modicon M580 firmware versions prior to V2.30, and all firmware versions of Modicon M340, Modicon Premium, Modicon Quantum.Show less
CVE-2019-6820 1Schneider Electric 12Atv Imc Drive Controller Firmware Modicon Lmc058 FirmwareModicon Lmc078 Firmware+9 more Jun 17, 2026 May 22, 2019 N/A· v4 8.2 HIGH· v3 6.4 MEDIUM· v2 A CWE-306: Missing Authentication for Critical Function vulnerability exists which could cause a modification of device IP configuration (IP address, network mask and gateway IP address) when a specific Ethernet frame is...Show more A CWE-306: Missing Authentication for Critical Function vulnerability exists which could cause a modification of device IP configuration (IP address, network mask and gateway IP address) when a specific Ethernet frame is received in all versions of: Modicon M100, Modicon M200, Modicon M221, ATV IMC drive controller, Modicon M241, Modicon M251, Modicon M258, Modicon LMC058, Modicon LMC078, PacDrive Eco ,PacDrive Pro, PacDrive Pro2Show less
CVE-2019-6819 1Schneider Electric 4Modicon M340 Firmware Modicon M580 FirmwareModicon Premium Firmware+1 more Jun 17, 2026 May 22, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists which could cause a possible Denial of Service when specific Modbus frames are sent to the controller in the products: Modicon M340 - f...Show more A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists which could cause a possible Denial of Service when specific Modbus frames are sent to the controller in the products: Modicon M340 - firmware versions prior to V3.01, Modicon M580 - firmware versions prior to V2.80, All firmware versions of Modicon Quantum and Modicon Premium.Show less
CVE-2019-6816 1Schneider Electric 1Modicon Quantum Firmware Jun 17, 2026 May 22, 2019 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 In Modicon Quantum all firmware versions, a CWE-94: Code Injection vulnerability could cause an unauthorized firmware modification with possible Denial of Service when using Modbus protocol.
CVE-2019-6815 1Schneider Electric 1Modicon Quantum Firmware Jun 17, 2026 May 22, 2019 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 In Modicon Quantum all firmware versions, CWE-264: Permissions, Privileges, and Access Control vulnerabilities could cause a denial of service or unauthorized modifications of the PLC configuration when using Ethernet/IP...Show more In Modicon Quantum all firmware versions, CWE-264: Permissions, Privileges, and Access Control vulnerabilities could cause a denial of service or unauthorized modifications of the PLC configuration when using Ethernet/IP protocol.Show less
CVE-2019-6814 1Schneider Electric 7Net5500 Firmware Net5501 I FirmwareNet5501 Xt Firmware+4 more Jun 17, 2026 May 22, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A CWE-287: Improper Authentication vulnerability exists in the NET55XX Encoder with firmware prior to version 2.1.9.7 which could cause impact to confidentiality, integrity, and availability when a remote attacker crafts...Show more A CWE-287: Improper Authentication vulnerability exists in the NET55XX Encoder with firmware prior to version 2.1.9.7 which could cause impact to confidentiality, integrity, and availability when a remote attacker crafts a malicious request to the encoder webUI.Show less
CVE-2019-6813 1Schneider Electric 2Bmxnor0200h Firmware Modicon M340 Firmware Jun 17, 2026 Sep 17, 2019 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in BMXNOR0200H Ethernet / Serial RTU module (all firmware versions) and Modicon M340 controller (all firmware versions), which could ca...Show more A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in BMXNOR0200H Ethernet / Serial RTU module (all firmware versions) and Modicon M340 controller (all firmware versions), which could cause denial of service when truncated SNMP packets on port 161/UDP are received by the device.Show less
CVE-2019-6812 1Schneider Electric 1Bmx Nor 0200h Firmware Jun 17, 2026 May 22, 2019 N/A· v4 7.2 HIGH· v3 4.0 MEDIUM· v2 A CWE-798 use of hardcoded credentials vulnerability exists in BMX-NOR-0200H with firmware versions prior to V1.7 IR 19 which could cause a confidentiality issue when using FTP protocol.
CVE-2019-6811 1Schneider Electric 2Modicon Quantum 140noe77101 Firmware Modicon Quantum 140noe77111 Firmware Jun 17, 2026 Sep 17, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An Improper Check for Unusual or Exceptional Conditions (CWE-754) vulnerability exists in Modicon Quantum 140 NOE771x1 version 6.9 and earlier, which could cause denial of service when the module receives an IP fragmente...Show more An Improper Check for Unusual or Exceptional Conditions (CWE-754) vulnerability exists in Modicon Quantum 140 NOE771x1 version 6.9 and earlier, which could cause denial of service when the module receives an IP fragmented packet with a length greater than 65535 bytes. The module then requires a power cycle to recover.Show less
CVE-2019-6810 1Schneider Electric 1Bmxnor0200h Firmware Jun 17, 2026 Sep 17, 2019 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 CWE-284: Improper Access Control vulnerability exists in BMXNOR0200H Ethernet / Serial RTU module (all firmware versions), which could cause the execution of commands by unauthorized users when using IEC 60870-5-104 prot...Show more CWE-284: Improper Access Control vulnerability exists in BMXNOR0200H Ethernet / Serial RTU module (all firmware versions), which could cause the execution of commands by unauthorized users when using IEC 60870-5-104 protocol.Show less

Previous 1...727374...14337 Next

Vulnerabilities (CVE)