RSS   Vulnerabilities for 'Bmxnor0200h firmware'   RSS

2019-09-17
 
CVE-2019-6831

CWE-754
 

 
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in BMXNOR0200H Ethernet / Serial RTU module (all firmware versions), which could cause disconnection of active connections when an unusually high number of IEC 60870- 5-104 packets are received by the module on port 2404/TCP.

 
 
CVE-2019-6813

CWE-754
 

 
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in BMXNOR0200H Ethernet / Serial RTU module (all firmware versions) and Modicon M340 controller (all firmware versions), which could cause denial of service when truncated SNMP packets on port 161/UDP are received by the device.

 
 
CVE-2019-6810

CWE-863
 

 
CWE-284: Improper Access Control vulnerability exists in BMXNOR0200H Ethernet / Serial RTU module (all firmware versions), which could cause the execution of commands by unauthorized users when using IEC 60870-5-104 protocol.

 
2019-03-21
 
CVE-2015-6462

CWE-79
 

 
Reflected Cross-Site Scripting (nonpersistent) allows an attacker to craft a specific URL, which contains Java script that will be executed on the Schneider Electric Modicon BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, or BMXP342030H PLC client browser.

 
 
CVE-2015-6461

CWE-20
 

 
Remote file inclusion allows an attacker to craft a specific URL referencing the Schneider Electric Modicon BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, or BMXP342030H PLC web server, which, when launched, will result in the browser redirecting to a remote file via a Java script loaded with the web page.

 
2018-04-18
 
CVE-2018-7762

CWE-119
 

 
A vulnerability exists in the web services to process SOAP requests in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200 which could allow result in a buffer overflow.

 
 
CVE-2018-7761

CWE-20
 

 
A vulnerability exists in the HTTP request parser in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200 which could allow arbitrary code execution.

 
 
CVE-2018-7760

CWE-287
 

 
An authorization bypass vulnerability exists in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200. Requests to CGI functions allow malicious users to bypass authorization.

 
 
CVE-2018-7759

CWE-119
 

 
A buffer overflow vulnerability exists in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200. The buffer overflow vulnerability is caused by the length of the source string specified (instead of the buffer size) as the number of bytes to be copied.

 
 
CVE-2018-7242

CWE-326
 

 
Vulnerable hash algorithms exists in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules. The algorithm used to encrypt the password is vulnerable to hash collision attacks.

 


Copyright 2022, cxsecurity.com

 

Back to Top