A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could cause unauthorized access in read and write mode to the controller when communicating over Modbus. Affected Products: EcoStruxure Control Expert Including all Unity Pro versions (former name of EcoStruxure Control Expert) (V15.0 SP1 and prior), EcoStruxure Process Expert, Including all versions of EcoStruxure Hybrid DCS (former name of EcoStruxure Process Expert) (V2021 and prior), Modicon M340 CPU (part numbers BMXP34*) (V3.40 and prior), Modicon M580 CPU (part numbers BMEP* and BMEH*) (V3.20 and prior).
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HSchneider Electric Ecostruxure Control Expert
APPSchneider-Electric< 15.1Schneider Electric Ecostruxure Process Expert
APPSchneider-Electric≤ 2021Schneider Electric Modicon M340 Bmxp341000
HWSchneider-Electricwszystkie wersjeSchneider Electric Modicon M340 Bmxp341000 Firmware
OSSchneider-Electric< 3.50Schneider Electric Modicon M340 Bmxp342000
HWSchneider-Electricwszystkie wersjeSchneider Electric Modicon M340 Bmxp342000 Firmware
OSSchneider-Electric< 3.50Schneider Electric Modicon M340 Bmxp342010
HWSchneider-Electricwszystkie wersjeSchneider Electric Modicon M340 Bmxp3420102
HWSchneider-Electricwszystkie wersjeSchneider Electric Modicon M340 Bmxp3420102 Firmware
OSSchneider-Electric< 3.50Schneider Electric Modicon M340 Bmxp342010 Firmware
OSSchneider-Electric< 3.50Schneider Electric Modicon M340 Bmxp342020
HWSchneider-Electricwszystkie wersjeSchneider Electric Modicon M340 Bmxp342020 Firmware
OSSchneider-Electric< 3.50Schneider Electric Modicon M340 Bmxp342020h
HWSchneider-Electricwszystkie wersjeSchneider Electric Modicon M340 Bmxp342020h Firmware
OSSchneider-Electric< 3.50Schneider Electric Modicon M340 Bmxp342030
HWSchneider-Electricwszystkie wersjeSchneider Electric Modicon M340 Bmxp3420302
HWSchneider-Electricwszystkie wersjeSchneider Electric Modicon M340 Bmxp3420302 Firmware
OSSchneider-Electric< 3.50Schneider Electric Modicon M340 Bmxp3420302h
HWSchneider-Electricwszystkie wersjeSchneider Electric Modicon M340 Bmxp3420302h Firmware
OSSchneider-Electric< 3.50Schneider Electric Modicon M340 Bmxp342030 Firmware
OSSchneider-Electric< 3.50Schneider Electric Modicon M340 Bmxp342030h
HWSchneider-Electricwszystkie wersjeSchneider Electric Modicon M340 Bmxp342030h Firmware
OSSchneider-Electric< 3.50Schneider Electric Modicon M580 Bmeh582040
HWSchneider-Electricwszystkie wersjeSchneider Electric Modicon M580 Bmeh582040c
HWSchneider-Electricwszystkie wersjeSchneider Electric Modicon M580 Bmeh582040c Firmware
OSSchneider-Electric< 4.02Schneider Electric Modicon M580 Bmeh582040 Firmware
OSSchneider-Electric< 4.02Schneider Electric Modicon M580 Bmeh582040s
HWSchneider-Electricwszystkie wersjeSchneider Electric Modicon M580 Bmeh582040s Firmware
OSSchneider-Electric< 4.02Schneider Electric Modicon M580 Bmeh584040
HWSchneider-Electricwszystkie wersjeSchneider Electric Modicon M580 Bmeh584040c
HWSchneider-Electricwszystkie wersje
Related vulnerabilities
A heap-based buffer overflow exists in XML Decompression DecodeTreeBlock in AT&T Labs Xmill 0.7. A crafted inp...
Authentication Bypass by Spoofing vulnerability exists in EcoStruxure Control Expert (all versions prior to V1...
A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Web Server on Modicon M340...
CWE-287: Improper Authentication vulnerability exists which could cause the execution of commands on the webse...
A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists in PLC Simulator on ...