A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause unauthenticated command execution in the controller when sending special HTTP requests.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
schneider-electric modicon_m340_bmxp341000_firmware |
||
schneider-electric modicon_m340_bmxp342000_firmware |
||
schneider-electric modicon_m340_bmxp3420102_firmware |
||
schneider-electric modicon_m340_bmxp3420102cl_firmware |
||
schneider-electric modicon_m340_bmxp342020_firmware |
||
schneider-electric modicon_m340_bmxp3420302_firmware |
||
schneider-electric modicon_m340_bmxp3420302cl_firmware |
||
schneider-electric bmxnoe0100_firmware |
||
schneider-electric bmxnoe0110_firmware |
||
schneider-electric 140noe77101_firmware |
||
schneider-electric 140noe77111_firmware |
||
schneider-electric 140cpu65150_firmware |
||
schneider-electric 140cpu65160_firmware |
||
schneider-electric 140noc78000_firmware |
||
schneider-electric 140noc78100_firmware |
||
schneider-electric 140noc77101_firmware |
||
schneider-electric tsxp574634_firmware |
||
schneider-electric tsxp575634_firmware |
||
schneider-electric tsxp576634_firmware |
||
schneider-electric tsxety4103_firmware |
||
schneider-electric tsxety5103_firmware |
||
schneider-electric bmxnoc0401_firmware |
||
schneider-electric bmxnor200h_firmware |