Modicon m340 bmxp342020 firmware

This hub aggregates every CVE we track for Modicon m340 bmxp342020 firmware, a product in the ics ot iot space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Modicon m340 bmxp342020 firmware.

• CVE-2023-6408 CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability exists that could cause a denial of service and loss of confidentiality, integrity o...8.1Feb 14, 2024
• CVE-2021-22786A CWE-200: Information Exposure vulnerability exists that could cause the exposure of sensitive information stored on the memory of the controller when communicating over the Modbus TCP protocol. A...7.5Feb 1, 2023
• CVE-2022-45789A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause execution of unauthorized Modbus functions on the controller when hijacking an authenticated Modbus session....8.1Jan 31, 2023
• CVE-2022-45788A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause arbitrary code execution, denial of service and loss of confidentiality & integrity when a mali...7.5Jan 30, 2023
• CVE-2022-0222A CWE-269: Improper Privilege Management vulnerability exists that could cause a denial of service of the Ethernet communication of the controller when sending a specific request over SNMP. Affecte...7.5Nov 22, 2022
• CVE-2022-37300A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could cause unauthorized access in read and write mode to the controller when communicating over Modbus....9.8Sep 12, 2022
• CVE-2021-22788A CWE-787: Out-of-bounds Write vulnerability exists that could cause denial of service when an attacker sends a specially crafted HTTP request to the web server of the device. Affected Product: Mod...7.5Feb 11, 2022
• CVE-2021-22787A CWE-20: Improper Input Validation vulnerability exists that could cause denial of service of the device when an attacker sends a specially crafted HTTP request to the web server of the device. Af...7.5Feb 11, 2022
• CVE-2021-22785A CWE-200: Information Exposure vulnerability exists that could cause sensitive information of files located in the web root directory to leak when an attacker sends a HTTP request to the web serve...7.5Feb 11, 2022
• CVE-2020-7534A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists on the web server used, that could cause a leak of sensitive data or unauthorized actions on the web server during the time the use...8.8Feb 4, 2022
• CVE-2021-22779Authentication Bypass by Spoofing vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Control Expert V15.0 SP1, Ec...9.1Jul 14, 2021
• CVE-2020-7549A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communicatio...5.3Dec 11, 2020
• CVE-2020-7543A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see security notifications ...7.5Dec 11, 2020
• CVE-2020-7542A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see security notifications ...7.5Dec 11, 2020
• CVE-2020-7541A CWE-425: Direct Request ('Forced Browsing') vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see sec...5.3Dec 11, 2020