Filtered by vendor Schneider-electric Subscriptions
Filtered by product Modicon M218 Subscriptions
Total 5 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2021-22800 1 Schneider-electric 2 Modicon M218, Modicon M218 Firmware 2022-02-18 7.5 High
A CWE-20: Improper Input Validation vulnerability exists that could cause a Denial of Service when a crafted packet is sent to the controller over network port 1105/TCP. Affected Product: Modicon M218 Logic Controller (V5.1.0.6 and prior)
CVE-2020-7488 1 Schneider-electric 11 Ecostruxure Machine Expert, Modicon M218, Modicon M218 Firmware and 8 more 2022-02-03 7.5 High
A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists which could leak sensitive information transmitted between the software and the Modicon M218, M241, M251, and M258 controllers.
CVE-2020-7487 1 Schneider-electric 11 Ecostruxure Machine Expert, Modicon M218, Modicon M218 Firmware and 8 more 2022-02-03 9.8 Critical
A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists which could allow the attacker to execute malicious code on the Modicon M218, M241, M251, and M258 controllers.
CVE-2020-7524 1 Schneider-electric 2 Modicon M218, Modicon M218 Firmware 2022-01-31 7.5 High
Out-of-bounds Write vulnerability exists in Modicon M218 Logic Controller (V5.0.0.7 and prior) which could cause Denial of Service when sending specific crafted IPV4 packet to the controller: Sending a specific IPv4 protocol package to Schneider Electric Modicon M218 Logic Controller can cause IPv4 devices to go down. The device does not work properly and must be powered back on to return to normal.
CVE-2020-7502 1 Schneider-electric 2 Modicon M218, Modicon M218 Firmware 2022-01-31 7.5 High
A CWE-787: Out-of-bounds Write vulnerability exists in Modicon M218 Logic Controller (Firmware version 4.3 and prior), which may cause a Denial of Service when specific TCP/IP crafted packets are sent to the Modicon M218 Logic Controller.