Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Schneider-electric Subscribe
Total 675 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-22701 1 Schneider-electric 21 Powerlogic Ion7400, Powerlogic Ion7400 Firmware, Powerlogic Ion7410 and 18 more 2022-02-03 3.5 LOW 4.5 MEDIUM
A CWE-352: Cross-Site Request Forgery vulnerability exists in PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected versions), that could cause a user to perform an unintended action on the target device when using the HTTP web interface.
CVE-2020-7566 1 Schneider-electric 2 Modicon M221, Modicon M221 Firmware 2022-02-03 4.3 MEDIUM 7.3 HIGH
A CWE-334: Small Space of Random Values vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to break the encryption keys when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller.
CVE-2020-7565 1 Schneider-electric 2 Modicon M221, Modicon M221 Firmware 2022-02-03 4.3 MEDIUM 7.3 HIGH
A CWE-326: Inadequate Encryption Strength vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to break the encryption key when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller.
CVE-2021-22699 1 Schneider-electric 4 Modicon M241, Modicon M241 Firmware, Modicon M251 and 1 more 2022-02-03 7.8 HIGH 7.5 HIGH
Improper Input Validation vulnerability exists in Modicon M241/M251 logic controllers firmware prior to V5.1.9.1 that could cause denial of service when specific crafted requests are sent to the controller over HTTP.
CVE-2020-7511 1 Schneider-electric 2 Easergy T300, Easergy T300 Firmware 2022-02-03 5.0 MEDIUM 7.5 HIGH
A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to acquire a password by brute force.
CVE-2020-7510 1 Schneider-electric 2 Easergy T300, Easergy T300 Firmware 2022-02-03 5.0 MEDIUM 7.5 HIGH
A CWE-200: Information Exposure vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow attacker to obtain private keys.
CVE-2020-7488 1 Schneider-electric 11 Ecostruxure Machine Expert, Modicon M218, Modicon M218 Firmware and 8 more 2022-02-03 5.0 MEDIUM 7.5 HIGH
A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists which could leak sensitive information transmitted between the software and the Modicon M218, M241, M251, and M258 controllers.
CVE-2020-7487 1 Schneider-electric 11 Ecostruxure Machine Expert, Modicon M218, Modicon M218 Firmware and 8 more 2022-02-03 7.5 HIGH 9.8 CRITICAL
A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists which could allow the attacker to execute malicious code on the Modicon M218, M241, M251, and M258 controllers.
CVE-2020-28214 1 Schneider-electric 2 Modicon M221, Modicon M221 Firmware 2022-02-03 2.1 LOW 5.5 MEDIUM
A CWE-760: Use of a One-Way Hash with a Predictable Salt vulnerability exists in Modicon M221 (all references, all versions), that could allow an attacker to pre-compute the hash value using dictionary attack technique such as rainbow tables, effectively disabling the protection that an unpredictable salt would provide.
CVE-2020-28220 1 Schneider-electric 4 Modicon M258, Modicon M258 Firmware, Somachine and 1 more 2022-02-03 5.2 MEDIUM 6.8 MEDIUM
A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Modicon M258 Firmware (All versions prior to V5.0.4.11) and SoMachine/SoMachine Motion software (All versions), that could cause a buffer overflow when the length of a file transferred to the webserver is not verified.
CVE-2019-6851 1 Schneider-electric 46 Modicon M340, Modicon M340 Firmware, Modicon M580 and 43 more 2022-02-03 5.0 MEDIUM 7.5 HIGH
A CWE-538: File and Directory Information Exposure vulnerability exists in Modicon M580, Modicon M340, Modicon Premium , Modicon Quantum (all firmware versions), which could cause the disclosure of information from the controller when using TFTP protocol.
CVE-2020-7475 1 Schneider-electric 6 Ecostruxure Control Expert, Modicon M340, Modicon M340 Firmware and 3 more 2022-02-03 7.5 HIGH 9.8 CRITICAL
A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'), reflective DLL, vulnerability exists in EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions), Modicon M340 (all versions prior to V3.20), Modicon M580 (all versions prior to V3.10), which, if exploited, could allow attackers to transfer malicious code to the controller.
CVE-2019-6847 1 Schneider-electric 8 Modicon 140cra, Modicon 140cra Firmware, Modicon Bmxcra and 5 more 2022-02-03 4.0 MEDIUM 4.9 MEDIUM
A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause a Denial of Service attack on the FTP service when upgrading the firmware with a version incompatible with the application in the controller using FTP protocol.
CVE-2019-6845 1 Schneider-electric 46 Modicon M340, Modicon M340 Firmware, Modicon M580 and 43 more 2022-02-03 5.0 MEDIUM 7.5 HIGH
A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists in Modicon M580, Modicon M340, Modicon Premium , Modicon Quantum (all firmware versions), which could cause the disclosure of information when transferring applications to the controller using Modbus TCP protocol.
CVE-2019-6844 1 Schneider-electric 8 Modicon 140cra, Modicon 140cra Firmware, Modicon Bmxcra and 5 more 2022-02-03 4.0 MEDIUM 4.9 MEDIUM
A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause a Denial of Service atack on the PLC when upgrading the controller with a firmware package containing an invalid web server image using FTP protocol.
CVE-2019-6846 1 Schneider-electric 8 Modicon 140cra, Modicon 140cra Firmware, Modicon Bmxcra and 5 more 2022-02-03 4.3 MEDIUM 6.5 MEDIUM
A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause information disclosure when using the FTP protocol.
CVE-2019-6841 1 Schneider-electric 8 Modicon 140cra, Modicon 140cra Firmware, Modicon Bmxcra and 5 more 2022-02-03 4.0 MEDIUM 4.9 MEDIUM
A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580 with firmware (version prior to V3.10), Modicon M340 (all firmware versions), and Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause a Denial of Service attack on the PLC when upgrading the firmware with no firmware image inside the package using FTP protocol.
CVE-2019-6842 1 Schneider-electric 8 Modicon 140cra, Modicon 140cra Firmware, Modicon Bmxcra and 5 more 2022-02-03 4.0 MEDIUM 4.9 MEDIUM
A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause a Denial of Service attack on the PLC when upgrading the firmware with a missing web server image inside the package using FTP protocol.
CVE-2019-6843 1 Schneider-electric 8 Modicon 140cra, Modicon 140cra Firmware, Modicon Bmxcra and 5 more 2022-02-03 4.0 MEDIUM 4.9 MEDIUM
A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580 with firmware (version prior to V3.10), Modicon M340 (all firmware versions), and Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause a Denial of Service attack on the PLC when upgrading the controller with an empty firmware package using FTP protocol.
CVE-2019-6859 1 Schneider-electric 20 140 Cpu6x, 140 Cpu6x Firmware, 140 Noc 77101 and 17 more 2022-02-03 5.0 MEDIUM 7.5 HIGH
A CWE-798: Use of Hardcoded Credentials vulnerability exists in Modicon Controllers (All versions of the following CPUs and Communication Module product references listed in the Security Notifications), which could cause the disclosure of FTP hardcoded credentials when using the Web server of the controller on an unsecure network.