← Back

Opc Ua Module For M580 Firmware

opc_ua_module_for_m580_firmware

Vendor: Schneider Electric • 7 CVEs

CVEs (7)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2022-34765
1Schneider Electric
2Opc Ua Module For M580 Firmware
X80 Advanced Rtu Module Firmware
Nov 21, 2024
Jul 13, 2022
N/A· v4
5.3 MEDIUM· v3
N/A· v2
A CWE-73: External Control of File Name or Path vulnerability exists that could cause loading of unauthorized firmware images when user-controlled data is written to the file path. Affected Products: X80 advanced RTU Com...Show more
A CWE-73: External Control of File Name or Path vulnerability exists that could cause loading of unauthorized firmware images when user-controlled data is written to the file path. Affected Products: X80 advanced RTU Communication Module (BMENOR2200H) (V2.01 and later), OPC UA Modicon Communication Module (BMENUA0100) (V1.10 and prior)Show less
CVE-2022-34764
1Schneider Electric
2Opc Ua Module For M580 Firmware
X80 Advanced Rtu Module Firmware
Nov 21, 2024
Jul 13, 2022
N/A· v4
7.5 HIGH· v3
N/A· v2
A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause denial of service when parsing the URL. Affected Products: X80 advanced RTU Communication Module (B...Show more
A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause denial of service when parsing the URL. Affected Products: X80 advanced RTU Communication Module (BMENOR2200H) (V1.0), OPC UA Modicon Communication Module (BMENUA0100) (V1.10 and prior)Show less
CVE-2022-34763
1Schneider Electric
2Opc Ua Module For M580 Firmware
X80 Advanced Rtu Module Firmware
Nov 21, 2024
Jul 13, 2022
N/A· v4
7.5 HIGH· v3
N/A· v2
A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists that could cause loading of unauthorized firmware images due to improper verification of the firmware signature. Affected Products: X80 advan...Show more
A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists that could cause loading of unauthorized firmware images due to improper verification of the firmware signature. Affected Products: X80 advanced RTU Communication Module (BMENOR2200H) (V2.01 and later), OPC UA Modicon Communication Module (BMENUA0100) (V1.10 and prior)Show less
CVE-2022-34762
1Schneider Electric
2Opc Ua Module For M580 Firmware
X80 Advanced Rtu Module Firmware
Nov 21, 2024
Jul 13, 2022
N/A· v4
7.5 HIGH· v3
N/A· v2
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause unauthorized firmware image loading when unsigned images are added to the firmware image path...Show more
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause unauthorized firmware image loading when unsigned images are added to the firmware image path. Affected Products: X80 advanced RTU Communication Module (BMENOR2200H) (V2.01 and later), OPC UA Modicon Communication Module (BMENUA0100) (V1.10 and prior)Show less
CVE-2022-34761
1Schneider Electric
2Opc Ua Module For M580 Firmware
X80 Advanced Rtu Module Firmware
Nov 21, 2024
Jul 13, 2022
N/A· v4
7.5 HIGH· v3
N/A· v2
A CWE-476: NULL Pointer Dereference vulnerability exists that could cause a denial of service of the webserver when parsing JSON content type. Affected Products: X80 advanced RTU Communication Module (BMENOR2200H) (V2.01...Show more
A CWE-476: NULL Pointer Dereference vulnerability exists that could cause a denial of service of the webserver when parsing JSON content type. Affected Products: X80 advanced RTU Communication Module (BMENOR2200H) (V2.01 and later), OPC UA Modicon Communication Module (BMENUA0100) (V1.10 and prior)Show less
CVE-2022-34760
1Schneider Electric
2Opc Ua Module For M580 Firmware
X80 Advanced Rtu Module Firmware
Nov 21, 2024
Jul 13, 2022
N/A· v4
7.5 HIGH· v3
N/A· v2
A CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability exists that could cause a denial of service of the webserver due to improper handling of the cookies. Affected Products: X80 advanced RTU Co...Show more
A CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability exists that could cause a denial of service of the webserver due to improper handling of the cookies. Affected Products: X80 advanced RTU Communication Module (BMENOR2200H) (V1.0), OPC UA Modicon Communication Module (BMENUA0100) (V1.10 and prior)Show less
CVE-2022-34759
1Schneider Electric
2Opc Ua Module For M580 Firmware
X80 Advanced Rtu Module Firmware
Nov 21, 2024
Jul 13, 2022
N/A· v4
7.5 HIGH· v3
N/A· v2
A CWE-787: Out-of-bounds Write vulnerability exists that could cause a denial of service of the webserver due to improper parsing of the HTTP Headers. Affected Products: X80 advanced RTU Communication Module (BMENOR2200H...Show more
A CWE-787: Out-of-bounds Write vulnerability exists that could cause a denial of service of the webserver due to improper parsing of the HTTP Headers. Affected Products: X80 advanced RTU Communication Module (BMENOR2200H) (V1.0), OPC UA Modicon Communication Module (BMENUA0100) (V1.10 and prior)Show less