CVEInsight.

Free vulnerability intelligence for developers, security teams, and researchers. Data sourced from public databases for informational purposes only.

Explore

Legal

CVE data sourced from NVD / NIST & public disclosures.

schneider-electric

140noe77101_firmware

3 known vulnerabilities · sorted by CVSS score

CVE-2020-7540

CRITICAL9.8

A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause unauthenticated command execution in the controller when sending special HTTP requests.

schneider-electric / modicon_m340_bmxp341000_firmware+22

Network

Published Dec 11, 2020

CVE-2020-7477

HIGH7.5

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Quantum Ethernet Network module 140NOE771x1 (Versions 7.0 and prior), Quantum processors with integrated Ethernet – 140CPU65xxxxx (all Versions), and Premium processors with integrated Ethernet (all Versions), which could cause a Denial of Service when sending a specially crafted command over Modbus.

schneider-electric / 140noe77101_firmware+28

Network

Published Mar 23, 2020

CVE-2020-7535

HIGH7.5

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal' Vulnerability Type) vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause disclosure of information when sending a specially crafted request to the controller over HTTP.

schneider-electric / modicon_m340_bmxp341000_firmware+20

Network

Published Dec 11, 2020