Modicom Premium Firmware

modicom_premium_firmware

CVEs (8)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2018-7833 1Schneider Electric 4Modicom Bmxnor0200h Firmware Modicom M340 FirmwareModicom Premium Firmware+1 more Nov 21, 2024 Dec 17, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An Improper Check for Unusual or Exceptional Conditions vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where an unauthenticated user can send a specially crafte...Show more An Improper Check for Unusual or Exceptional Conditions vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where an unauthenticated user can send a specially crafted XML data via a POST request to cause the web server to become unavailableShow less
CVE-2018-7812 1Schneider Electric 4Modicom Bmxnor0200h Firmware Modicom M340 FirmwareModicom Premium Firmware+1 more Nov 21, 2024 Dec 17, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An Information Exposure through Discrepancy vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where the web server sends different responses in a way that exposes...Show more An Information Exposure through Discrepancy vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where the web server sends different responses in a way that exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.Show less
CVE-2018-7804 1Schneider Electric 4Modicom Bmxnor0200h Firmware Modicom M340 FirmwareModicom Premium Firmware+1 more Nov 21, 2024 Dec 17, 2018 N/A· v4 6.1 MEDIUM· v3 5.8 MEDIUM· v2 A URL Redirection to Untrusted Site vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where a user clicking on a specially crafted link can be redirected to a URL...Show more A URL Redirection to Untrusted Site vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where a user clicking on a specially crafted link can be redirected to a URL of the attacker's choosing.Show less
CVE-2018-7831 1Schneider Electric 4Modicom Bmxnor0200h Firmware Modicom M340 FirmwareModicom Premium Firmware+1 more Nov 21, 2024 Nov 30, 2018 N/A· v4 8.8 HIGH· v3 4.3 MEDIUM· v2 An Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 allowing an attacker to send a s...Show more An Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 allowing an attacker to send a specially crafted URL to a currently authenticated web server user to execute a password change on the web server.Show less
CVE-2018-7830 1Schneider Electric 4Modicom Bmxnor0200h Firmware Modicom M340 FirmwareModicom Premium Firmware+1 more Nov 21, 2024 Nov 30, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where a denial of service c...Show more Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where a denial of service can occur for ~1 minute by sending a specially crafted HTTP request.Show less
CVE-2018-7811 1Schneider Electric 4Modicom Bmxnor0200h Firmware Modicom M340 FirmwareModicom Premium Firmware+1 more Nov 21, 2024 Nov 30, 2018 N/A· v4 9.8 CRITICAL· v3 5.0 MEDIUM· v2 An Unverified Password Change vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 which could allow an unauthenticated remote user to access the change password func...Show more An Unverified Password Change vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 which could allow an unauthenticated remote user to access the change password function of the web serverShow less
CVE-2018-7810 1Schneider Electric 4Modicom Bmxnor0200h Firmware Modicom M340 FirmwareModicom Premium Firmware+1 more Nov 21, 2024 Nov 30, 2018 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 allowing an attacker to c...Show more An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 allowing an attacker to craft a URL containing JavaScript that will be executed within the user's browser, potentially impacting the machine the browser is running on.Show less
CVE-2018-7809 1Schneider Electric 4Modicom Bmxnor0200h Firmware Modicom M340 FirmwareModicom Premium Firmware+1 more Nov 21, 2024 Nov 30, 2018 N/A· v4 9.8 CRITICAL· v3 6.4 MEDIUM· v2 An Unverified Password Change vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 which could allow an unauthenticated remote user to access the password delete func...Show more An Unverified Password Change vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 which could allow an unauthenticated remote user to access the password delete function of the web server.Show less