S

Schneider-Electric Security Vulnerabilities (CVE)

Explore vulnerabilities and security advisories affecting Schneider-Electric products.

55 known CVE vulnerabilities tracked

Critical
12
High
29
Medium
14
Low
0
None
0

Vulnerabilities By Year

1
2014
4
2017
6
2018
6
2019
18
2020
15
2021
5
2022

Products Affected

Modicon M221 Firmware 9 Modicon M580 Firmware 5 Powerlogic Egx100 Firmware 4 Modicon M340 Bmxp341000 4 Modicon M340 Bmxp342020 Firmware 4 Powerlogic Pm5560 Firmware 3 Modicon Tsxety4103 Firmware 3 Powerlogic Ion7400 Firmware 3 Ecostruxure Machine Expert 2 Modicon Tm221Ce16R Firmware 2 Somachine Basic 2 Floating License Manager 1 Modbus Firmware 1 Modicon M100 Firmware 1 Bmx P34X Firmware 1 140Noe77101 Firmware 1 Ecostruxure Building Operation 1 Enterprise Server Installer 1 Modicon M258 Firmware 1 Modicon M241 Firmware 1 Modicon M340 Firmware 1 Modicon M340 Bmxp341000 Firmware 1 Powerlogic Ion8650 Firmware 1 Ecostruxure Control Expert 1 Smt Series 1015 Ups Firmware 1

All Schneider-Electric CVEs

Recent Highest Score Oldest
CVE-2020-7567
5.7 medium

A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to find the password hash when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller and broke th

Modicon M221 Firmware Nov 19, 2020
CVE-2020-7566
7.3 high

A CWE-334: Small Space of Random Values vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to break the encryption keys when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller.

Modicon M221 Firmware Nov 19, 2020
CVE-2020-7565
7.3 high

A CWE-326: Inadequate Encryption Strength vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to break the encryption key when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller.

Modicon M221 Firmware Nov 19, 2020
CVE-2020-28209
7.0 high

A CWE-428 Windows Unquoted Search Path vulnerability exists in EcoStruxure Building Operation Enterprise Server installer V1.9 - V3.1 and Enterprise Central installer V2.0 - V3.1 that could cause any local Windows user who has write permission on at least one of the subfolders of the Connect Agent s

Enterprise Server Installer Nov 19, 2020
CVE-2020-28210
6.1 medium

A CWE-79 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) vulnerability exists in EcoStruxure Building Operation WebStation V2.0 - V3.1 that could cause an attacker to inject HTML and JavaScript code into the user's browser.

Ecostruxure Building Operation Nov 19, 2020
CVE-2020-7564
8.8 high

A CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details) which could cause write access and the execution

Modicon Tsxety4103 Firmware Nov 18, 2020
CVE-2020-7563
8.8 high

A CWE-787: Out-of-bounds Write vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details) which could cause corruption of data, a crash, or code execution when uploading a specially crafted

Modicon Tsxety4103 Firmware Nov 18, 2020
CVE-2020-7562
8.1 high

A CWE-125: Out-of-Bounds Read vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details) which could cause a segmentation fault or a buffer overflow when uploading a specially crafted file o

Modicon Tsxety4103 Firmware Nov 18, 2020
CVE-2020-7489
9.8 critical

A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability exists on EcoStruxure Machine Expert – Basic or SoMachine Basic programming software (versions in security notification). The result of this vulnerability, DLL substitution, cou

Ecostruxure Machine Expert Apr 22, 2020
CVE-2020-7488
7.5 high

A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists which could leak sensitive information transmitted between the software and the Modicon M218, M241, M251, and M258 controllers.

Ecostruxure Machine Expert Apr 22, 2020
CVE-2020-7477
7.5 high

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Quantum Ethernet Network module 140NOE771x1 (Versions 7.0 and prior), Quantum processors with integrated Ethernet – 140CPU65xxxxx (all Versions), and Premium processors with integrated Ethernet (all Versions), wh

140Noe77101 Firmware Mar 23, 2020
CVE-2019-6857
7.5 high

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service of the controller when reading specific memory blocks using Mod

Modicon M580 Firmware Jan 6, 2020
CVE-2019-6856
7.5 high

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service when writing specific physical memory blocks using Modbus TCP.

Modicon M580 Firmware Jan 6, 2020
CVE-2018-7794
7.5 high

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service when reading data with invalid index using Modbus TCP.

Modicon M580 Firmware Jan 6, 2020
CVE-2019-6852
7.5 high

A CWE-200: Information Exposure vulnerability exists in Modicon Controllers (M340 CPUs, M340 communication modules, Premium CPUs, Premium communication modules, Quantum CPUs, Quantum communication modules - see security notification for specific versions), which could cause the disclosure of FTP har

Bmx P34X Firmware Nov 20, 2019
CVE-2019-6829
7.5 high

A CWE-248: Uncaught Exception vulnerability exists in Modicon M580 (firmware version prior to V2.90) and Modicon M340 (firmware version prior to V3.10), which could cause a possible denial of service when writing to specific memory addresses in the controller over Modbus.

Modicon M580 Firmware Sep 17, 2019
CVE-2019-6819
7.5 high

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists which could cause a possible Denial of Service when specific Modbus frames are sent to the controller in the products: Modicon M340 - firmware versions prior to V3.01, Modicon M580 - firmware versions prior to V2.80

Modicon M340 Firmware May 22, 2019
CVE-2019-6820
8.2 high

A CWE-306: Missing Authentication for Critical Function vulnerability exists which could cause a modification of device IP configuration (IP address, network mask and gateway IP address) when a specific Ethernet frame is received in all versions of: Modicon M100, Modicon M200, Modicon M221, ATV IMC

Modicon M100 Firmware May 22, 2019
CVE-2018-7852
7.5 high

A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service when an invalid private command parameter is sent to the controller over Modbus.

Modicon M580 Firmware May 22, 2019
CVE-2018-7821
7.5 high

An Environment (CWE-2) vulnerability exists in SoMachine Basic, all versions, and Modicon M221(all references, all versions prior to firmware V1.10.0.0) which could cause cycle time impact when flooding the M221 ethernet interface while the Ethernet/IP adapter is activated.

Somachine Basic May 22, 2019
CVE-2018-7798
8.2 high

A Insufficient Verification of Data Authenticity (CWE-345) vulnerability exists in the Modicon M221, all versions, which could cause a change of IPv4 configuration (IP address, mask and gateway) when remotely connected to the device.

Somachine Basic Nov 2, 2018
CVE-2018-7792
7.5 high

A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to decode the password using rainbow table.

Modicon M221 Firmware Aug 29, 2018
CVE-2018-7791
9.8 critical

A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to overwrite the original password with their password. If an attacker exploits this

Modicon M221 Firmware Aug 29, 2018
CVE-2018-7790
9.8 critical

An Information Management Error vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to replay authentication sequences. If an attacker exploits this vulnerability and connects to a Mo

Modicon M221 Firmware Aug 29, 2018