Vulnerabilities
Vulnerable Software
Schneider-Electric:  Security Vulnerabilities
An authorization bypass vulnerability exists in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200. Requests to CGI functions allow malicious users to bypass authorization.
CVSS Score
9.8
EPSS Score
0.015
Published
2018-04-18
A vulnerability exists in the HTTP request parser in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200 which could allow arbitrary code execution.
CVSS Score
9.8
EPSS Score
0.021
Published
2018-04-18
A vulnerability exists in the web services to process SOAP requests in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200 which could allow result in a buffer overflow.
CVSS Score
7.5
EPSS Score
0.013
Published
2018-04-18
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow retrieving of specially crafted URLs without authentication that can reveal sensitive information to an attacker.
CVSS Score
5.3
EPSS Score
0.012
Published
2018-03-09
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow an unauthenticated, remote attacker to bypass authentication and get the administrator privileges.
CVSS Score
9.8
EPSS Score
0.022
Published
2018-03-09
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow an unauthenticated, remote attacker to bypass authentication and gain administrator privileges because the use of hardcoded credentials.
CVSS Score
9.8
EPSS Score
0.022
Published
2018-03-09
A XML external entity (XXE) vulnerability exists in the import.cgi of the web interface component of the Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67.
CVSS Score
8.8
EPSS Score
0.016
Published
2018-03-09
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow execution of commands due to lack of validation of the shell meta characters with the value of 'system.opkg.remove'.
CVSS Score
9.8
EPSS Score
0.021
Published
2018-03-09
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow execution of commands due to lack of validation of the shell meta characters with the value of 'network.ieee8021x.delete_certs'.
CVSS Score
9.8
EPSS Score
0.021
Published
2018-03-09
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow execution of commands due to lack of validation of the shell meta characters with the value of 'model_name' or 'mac_address'.
CVSS Score
9.8
EPSS Score
0.021
Published
2018-03-09


Contact Us

Shodan ® - All rights reserved