Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
schneider-electric modicon m221 firmware vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2017-6030
A Predictable Value Range from Previous Values issue exists in Schneider Electric Modicon PLCs Modicon M221, firmware versions prior to Version 1.5.0.0, Modicon M241, firmware versions prior to Version 4.0.5.11, and Modicon M251, firmware versions prior to Version 4.0.5.11. The a...
Schneider-electric Modicon M241 Firmware
Schneider-electric Modicon M251 Firmware
Schneider-electric Modicon M221 Firmware
9.8
CVSSv3
CVE-2020-7489
A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability exists on EcoStruxure Machine Expert – Basic or SoMachine Basic programming software (versions in security notification). The result of this ...
Schneider-electric Somachine Basic
Schneider-electric Ecostruxure Machine Expert
Schneider-electric Modicon M100 Firmware
Schneider-electric Modicon M200 Firmware
Schneider-electric Modicon M221 Firmware
7.5
CVSSv3
CVE-2018-7821
An Environment (CWE-2) vulnerability exists in SoMachine Basic, all versions, and Modicon M221(all references, all versions prior to firmware V1.10.0.0) which could cause cycle time impact when flooding the M221 ethernet interface while the Ethernet/IP adapter is activated.
Schneider-electric Somachine Basic
Schneider-electric Modicon M221 Firmware
5.5
CVSSv3
CVE-2018-7822
An Incorrect Default Permissions (CWE-276) vulnerability exists in SoMachine Basic, all versions, and Modicon M221(all references, all versions prior to firmware V1.10.0.0) which could cause unauthorized access to SoMachine Basic resource files when logged on the system hosting S...
Schneider-electric Somachine Basic
Schneider-electric Modicon M221 Firmware
5.3
CVSSv3
CVE-2018-7823
A Environment (CWE-2) vulnerability exists in SoMachine Basic, all versions, and Modicon M221(all references, all versions prior to firmware V1.10.0.0) which could cause remote launch of SoMachine Basic when sending crafted ethernet message.
Schneider-electric Somachine Basic
Schneider-electric Modicon M221 Firmware
7.3
CVSSv3
CVE-2020-7566
A CWE-334: Small Space of Random Values vulnerability exists in Modicon M221 (all references, all versions) that could allow the malicious user to break the encryption keys when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 co...
Schneider-electric Modicon M221 Firmware -
5.7
CVSSv3
CVE-2020-7567
A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Modicon M221 (all references, all versions) that could allow the malicious user to find the password hash when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M2...
Schneider-electric Modicon M221 Firmware -
4.3
CVSSv3
CVE-2020-7568
A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Modicon M221 (all references, all versions) that could allow non sensitive information disclosure when the attacker has captured the traffic between EcoStruxure Machine - Basic software ...
Schneider-electric Modicon M221 Firmware -
9.8
CVSSv3
CVE-2018-7791
A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to overwrite the original password with their password. If a...
Schneider-electric Modicon M221 Firmware
5.5
CVSSv3
CVE-2020-28214
A CWE-760: Use of a One-Way Hash with a Predictable Salt vulnerability exists in Modicon M221 (all references, all versions), that could allow an malicious user to pre-compute the hash value using dictionary attack technique such as rainbow tables, effectively disabling the prote...
Schneider-electric Modicon M221 Firmware
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30078
CVE-2024-37896
code injection
CVE-2024-3080
CVE-2024-5172
cross-site request forgery
CVE-2024-6111
firmware
CVE-2024-38504
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »