Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Schneider-electric Subscribe
Total 675 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-7486 1 Schneider-electric 12 Tricon Tcm 4351, Tricon Tcm 4351 Firmware, Tricon Tcm 4351a and 9 more 2022-02-03 5.0 MEDIUM 7.5 HIGH
**VERSION NOT SUPPORTED WHEN ASSIGNED** A vulnerability could cause TCM modules to reset when under high network load in TCM v10.4.x and in system v10.3.x. This vulnerability was discovered and remediated in version v10.5.x on August 13, 2009. TCMs from v10.5.x and on will no longer exhibit this behavior.
CVE-2018-7856 1 Schneider-electric 8 Modicon M340, Modicon M340 Firmware, Modicon M580 and 5 more 2022-02-03 5.0 MEDIUM 7.5 HIGH
A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a possible denial of Service when writing invalid memory blocks to the controller over Modbus.
CVE-2018-7857 1 Schneider-electric 8 Modicon M340, Modicon M340 Firmware, Modicon M580 and 5 more 2022-02-03 5.0 MEDIUM 7.5 HIGH
A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a possible Denial of Service when writing out of bounds variables to the controller over Modbus.
CVE-2018-7855 1 Schneider-electric 8 Modicon M340, Modicon M340 Firmware, Modicon M580 and 5 more 2022-02-03 5.0 MEDIUM 7.5 HIGH
A CWE-248 Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a Denial of Service when sending invalid breakpoint parameters to the controller over Modbus
CVE-2018-7852 1 Schneider-electric 8 Modicon M340, Modicon M340 Firmware, Modicon M580 and 5 more 2022-02-03 5.0 MEDIUM 7.5 HIGH
A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service when an invalid private command parameter is sent to the controller over Modbus.
CVE-2018-7853 1 Schneider-electric 8 Modicon M340, Modicon M340 Firmware, Modicon M580 and 5 more 2022-02-03 5.0 MEDIUM 7.5 HIGH
A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service when reading invalid physical memory blocks in the controller over Modbus
CVE-2018-7854 1 Schneider-electric 8 Modicon M340, Modicon M340 Firmware, Modicon M580 and 5 more 2022-02-03 5.0 MEDIUM 7.5 HIGH
A CWE-248 Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a denial of Service when sending invalid debug parameters to the controller over Modbus.
CVE-2018-7850 1 Schneider-electric 8 Modicon M340, Modicon M340 Firmware, Modicon M580 and 5 more 2022-02-03 5.0 MEDIUM 5.3 MEDIUM
A CWE-807: Reliance on Untrusted Inputs in a Security Decision vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause invalid information displayed in Unity Pro software.
CVE-2018-7848 1 Schneider-electric 8 Modicon M340, Modicon M340 Firmware, Modicon M580 and 5 more 2022-02-03 5.0 MEDIUM 7.5 HIGH
A CWE-200: Information Exposure vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause the disclosure of SNMP information when reading files from the controller over Modbus
CVE-2018-7849 1 Schneider-electric 8 Modicon M340, Modicon M340 Firmware, Modicon M580 and 5 more 2022-02-03 5.0 MEDIUM 7.5 HIGH
A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum and Modicon Premium which could cause a possible Denial of Service due to improper data integrity check when sending files the controller over Modbus.
CVE-2018-7847 1 Schneider-electric 8 Modicon M340, Modicon M340 Firmware, Modicon M580 and 5 more 2022-02-03 7.5 HIGH 9.8 CRITICAL
A CWE-284: Improper Access Control vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service or potential code execution by overwriting configuration settings of the controller over Modbus.
CVE-2018-7846 1 Schneider-electric 8 Modicon M340, Modicon M340 Firmware, Modicon M580 and 5 more 2022-02-03 5.0 MEDIUM 9.8 CRITICAL
A CWE-501: Trust Boundary Violation vulnerability on connection to the Controller exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum and Modicon Premium which could cause unauthorized access by conducting a brute force attack on Modbus protocol to the controller.
CVE-2018-7843 1 Schneider-electric 8 Modicon M340, Modicon M340 Firmware, Modicon M580 and 5 more 2022-02-03 5.0 MEDIUM 7.5 HIGH
A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service when reading memory blocks with an invalid data size or with an invalid data offset in the controller over Modbus.
CVE-2018-7845 1 Schneider-electric 8 Modicon M340, Modicon M340 Firmware, Modicon M580 and 5 more 2022-02-03 5.0 MEDIUM 7.5 HIGH
A CWE-125: Out-of-bounds Read vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause the disclosure of unexpected data from the controller when reading specific memory blocks in the controller over Modbus.
CVE-2018-7844 1 Schneider-electric 8 Modicon M340, Modicon M340 Firmware, Modicon M580 and 5 more 2022-02-03 5.0 MEDIUM 7.5 HIGH
A CWE-200: Information Exposure vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause the disclosure of SNMP information when reading memory blocks from the controller over Modbus.
CVE-2018-7842 1 Schneider-electric 8 Modicon M340, Modicon M340 Firmware, Modicon M580 and 5 more 2022-02-03 7.5 HIGH 9.8 CRITICAL
A CWE-290: Authentication Bypass by Spoofing vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause an elevation of privilege by conducting a brute force attack on Modbus parameters sent to the controller.
CVE-2013-0662 2 Schneider-electric, Schneider Electric 13 Concept, Modbus Serial Driver, Modbuscommdtm Sl and 10 more 2022-02-03 9.3 HIGH N/A
Multiple stack-based buffer overflows in ModbusDrv.exe in Schneider Electric Modbus Serial Driver 1.10 through 3.2 allow remote attackers to execute arbitrary code via a large buffer-size value in a Modbus Application Header.
CVE-2020-7559 1 Schneider-electric 1 Ecostruxure Control Expert 2022-02-03 5.0 MEDIUM 7.5 HIGH
A CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause a crash of the PLC simulator present in EcoStruxureª Control Expert software when receiving a specially crafted request over Modbus.
CVE-2017-6030 1 Schneider-electric 6 Modicon M221, Modicon M221 Firmware, Modicon M241 and 3 more 2022-02-03 6.4 MEDIUM 6.5 MEDIUM
A Predictable Value Range from Previous Values issue was discovered in Schneider Electric Modicon PLCs Modicon M221, firmware versions prior to Version 1.5.0.0, Modicon M241, firmware versions prior to Version 4.0.5.11, and Modicon M251, firmware versions prior to Version 4.0.5.11. The affected products generate insufficiently random TCP initial sequence numbers that may allow an attacker to predict the numbers from previous values. This may allow an attacker to spoof or disrupt TCP connections.
CVE-2017-6028 1 Schneider-electric 4 Modicon M241, Modicon M241 Firmware, Modicon M251 and 1 more 2022-02-03 5.0 MEDIUM 9.8 CRITICAL
An Insufficiently Protected Credentials issue was discovered in Schneider Electric Modicon PLCs Modicon M241, all firmware versions, and Modicon M251, all firmware versions. Log-in credentials are sent over the network with Base64 encoding leaving them susceptible to sniffing. Sniffed credentials could then be used to log into the web application.