Vulnerabilities for Bmxp3420102 firmware (...) - CXSECURITY.COM

Vulnerabilities for 'Bmxp3420102 firmware'

2018-04-18

CVE-2018-7762

CWE-119

A vulnerability exists in the web services to process SOAP requests in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200 which could allow result in a buffer overflow.

CVE-2018-7761

CWE-20

A vulnerability exists in the HTTP request parser in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200 which could allow arbitrary code execution.

CVE-2018-7760

CWE-287

An authorization bypass vulnerability exists in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200. Requests to CGI functions allow malicious users to bypass authorization.

CVE-2018-7759

CWE-119

A buffer overflow vulnerability exists in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200. The buffer overflow vulnerability is caused by the length of the source string specified (instead of the buffer size) as the number of bytes to be copied.

CVE-2018-7242

CWE-326

Vulnerable hash algorithms exists in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules. The algorithm used to encrypt the password is vulnerable to hash collision attacks.

CVE-2018-7241

CWE-798

Hard coded accounts exist in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules.

2017-06-29

CVE-2017-6017

CWE-400

A Resource Exhaustion issue was discovered in Schneider Electric Modicon M340 PLC BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP341000, BMXP342000, BMXP3420102, BMXP3420102CL, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, and BMXP342030H. A remote attacker could send a specially crafted set of packets to the PLC causing it to freeze, requiring the operator to physically press the reset button on the PLC in order to recover.

>>> Vendor: Schneider-electric 299 Products

Software update

Citectfacilities

Clearscada 2005

Clearscada 2007

Clearscada 2009

Opc factory server

Telemecanique driver pack

Citecthistorian

Citectscada reports

Vijeo historian

M340 ethernet module bmxnoe0100

M340 ethernet module bmxnoe0110

M340 ethernet module bmxp342020

M340 ethernet module bmxp342030

Premium ethernet module tsxety4103

Premium ethernet module tsxety5103

Premium ethernet module tsxp57163m

Premium ethernet module tsxp572634m

Premium ethernet module tsxp573634m

Premium ethernet module tsxp574634m

Premium ethernet module tsxp575634m

Premium ethernet module tsxp576634m

Quantum ethernet module 140cpu65150

Quantum ethernet module 140cpu65160

Quantum ethernet module 140cpu65260

Quantum ethernet module 140noe77100

Quantum ethernet module 140noe77101

Quantum ethernet module 140noe77111

Stb dio ethernet module stbnic2212

Stb dio ethernet module stbnip2212

Stb dio ethernet module stbnip2311

Modicon quantum plc

Wonderware historian

Wonderware intouch

Software update utility

Interactive graphical scada system

Accutech manager

Modicon premium

Magelis xbt hmi

Micom s1 studio

Tburjr900 firmware

Scada expert clearscada

Telvent sage 3030

Telvent sage 3030 firmware

Struxureware scada expert vijeo citect

Struxureware powerscada expert

Powerlogic scada

Floating license manager

Ofs test client tlxcdlfofs33

Ofs test client tlxcdltofs33

Ofs test client tlxcdluofs33

Ofs test client tlxcdstofs33

Ofs test client tlxcdsuofs33

Modbus serial driver

Modbuscommdtm sl

Opc factory server tlxcdlfofs

Opc factory server tlxcdltofs

Opc factory server tlxcdluofs

Opc factory server tlxcdstofs

Opc factory server tlxcdsuofs

Modicon plc ethernet module

Wonderware intouch access anywhere server

Etg3000 factorycast hmi gateway firmware

Device type manager

Indusoft web studio

Wonderware intouch 2014

Wonderware system platform 2014

Imt25 magnetic flow dtm

See all Products for Vendor Schneider-electric

Copyright 2024, cxsecurity.com