RSS   Vulnerabilities for 'Bmxp3420302 firmware'   RSS

2019-03-21
 
CVE-2015-6462

CWE-79
 

 
Reflected Cross-Site Scripting (nonpersistent) allows an attacker to craft a specific URL, which contains Java script that will be executed on the Schneider Electric Modicon BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, or BMXP342030H PLC client browser.

 
 
CVE-2015-6461

CWE-20
 

 
Remote file inclusion allows an attacker to craft a specific URL referencing the Schneider Electric Modicon BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, or BMXP342030H PLC web server, which, when launched, will result in the browser redirecting to a remote file via a Java script loaded with the web page.

 
2018-04-18
 
CVE-2018-7762

CWE-119
 

 
A vulnerability exists in the web services to process SOAP requests in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200 which could allow result in a buffer overflow.

 
 
CVE-2018-7761

CWE-20
 

 
A vulnerability exists in the HTTP request parser in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200 which could allow arbitrary code execution.

 
 
CVE-2018-7760

CWE-287
 

 
An authorization bypass vulnerability exists in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200. Requests to CGI functions allow malicious users to bypass authorization.

 
 
CVE-2018-7759

CWE-119
 

 
A buffer overflow vulnerability exists in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200. The buffer overflow vulnerability is caused by the length of the source string specified (instead of the buffer size) as the number of bytes to be copied.

 
 
CVE-2018-7242

CWE-326
 

 
Vulnerable hash algorithms exists in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules. The algorithm used to encrypt the password is vulnerable to hash collision attacks.

 
 
CVE-2018-7241

CWE-798
 

 
Hard coded accounts exist in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules.

 
2017-06-29
 
CVE-2017-6017

CWE-400
 

 
A Resource Exhaustion issue was discovered in Schneider Electric Modicon M340 PLC BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP341000, BMXP342000, BMXP3420102, BMXP3420102CL, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, and BMXP342030H. A remote attacker could send a specially crafted set of packets to the PLC causing it to freeze, requiring the operator to physically press the reset button on the PLC in order to recover.

 

 >>> Vendor: Schneider-electric 299 Products
Power manager
Software update
Citectfacilities
Citectscada
Clearscada 2005
Clearscada 2007
Clearscada 2009
Monitor pro
Opc factory server
Pl7 pro
Telemecanique driver pack
Unity pro
Vijeo citect
Citecthistorian
Citectscada reports
Vijeo historian
M340 ethernet module bmxnoe0100
M340 ethernet module bmxnoe0110
M340 ethernet module bmxp342020
M340 ethernet module bmxp342030
Premium ethernet module tsxety4103
Premium ethernet module tsxety5103
Premium ethernet module tsxp57163m
Premium ethernet module tsxp572634m
Premium ethernet module tsxp573634m
Premium ethernet module tsxp574634m
Premium ethernet module tsxp575634m
Premium ethernet module tsxp576634m
Quantum ethernet module 140cpu65150
Quantum ethernet module 140cpu65160
Quantum ethernet module 140cpu65260
Quantum ethernet module 140noe77100
Quantum ethernet module 140noe77101
Quantum ethernet module 140noe77111
Stb dio ethernet module stbnic2212
Stb dio ethernet module stbnip2212
Stb dio ethernet module stbnip2311
Modicon quantum plc
Wonderware historian
Wonderware intouch
Software update utility
Interactive graphical scada system
Accutech manager
Modicon m340
Modicon premium
Magelis xbt hmi
Micom s1 studio
Kerweb
Kerwin
Tburjr900
Tburjr900 firmware
Clearscada
Scada expert clearscada
Telvent sage 3030
Telvent sage 3030 firmware
Struxureware scada expert vijeo citect
Struxureware powerscada expert
Powerlogic scada
Floating license manager
Ofs test client tlxcdlfofs33
Ofs test client tlxcdltofs33
Ofs test client tlxcdluofs33
Ofs test client tlxcdstofs33
Ofs test client tlxcdsuofs33
Concept
Modbus serial driver
Modbuscommdtm sl
PL7
Powersuite
Sft2841
Somachine
Somove
Twidosuite
Unityloader
Opc factory server tlxcdlfofs
Opc factory server tlxcdltofs
Opc factory server tlxcdluofs
Opc factory server tlxcdstofs
Opc factory server tlxcdsuofs
Vampset
Modicon plc ethernet module
Proclima
Wonderware intouch access anywhere server
Tsxetg3000
Tsxetg3010
Tsxetg3021
Tsxetg3022
Etg3000 factorycast hmi gateway firmware
Somove lite
Device type manager
Indusoft web studio
Wonderware intouch 2014
Wonderware system platform 2014
Imt25 magnetic flow dtm
Bmxnoc0401
Bmxnoe0100
Bmxnoe0100h
Bmxnoe0110
Bmxnoe0110h
Bmxnor0200
See all Products for Vendor Schneider-electric


Copyright 2024, cxsecurity.com

 

Back to Top