CVEs (5)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
1Schneider Electric 1Modicon M218 Firmware Nov 21, 2024 Feb 11, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A CWE-20: Improper Input Validation vulnerability exists that could cause a Denial of Service when a crafted packet is sent to the controller over network port 1105/TCP. Affected Product: Modicon M218 Logic Controller (V...Show more |
1Schneider Electric 1Modicon M218 Firmware Nov 21, 2024 Aug 31, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Out-of-bounds Write vulnerability exists in Modicon M218 Logic Controller (V5.0.0.7 and prior) which could cause Denial of Service when sending specific crafted IPV4 packet to the controller: Sending a specific IPv4 prot...Show more |
1Schneider Electric 1Modicon M218 Firmware Nov 21, 2024 Jun 16, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A CWE-787: Out-of-bounds Write vulnerability exists in Modicon M218 Logic Controller (Firmware version 4.3 and prior), which may cause a Denial of Service when specific TCP/IP crafted packets are sent to the Modicon M218...Show more |
1Schneider Electric 7Ecostruxure Machine Expert Modicon M218 FirmwareModicon M241 Firmware+4 moreMay 28, 2026 Apr 22, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists which could leak sensitive information transmitted between the software and the Modicon M218, M241, M251, and M258 controllers. |
1Schneider Electric 7Ecostruxure Machine Expert Modicon M218 FirmwareModicon M241 Firmware+4 moreNov 21, 2024 Apr 22, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists which could allow the attacker to execute malicious code on the Modicon M218, M241, M251, and M258 controllers. |