漏洞标题
N/A
漏洞描述信息
CWE-125:越界读取漏洞,在通过特别编写的项目文件更新控制器应用程序时,可能导致Modicon PLC控制器/模拟器拒绝服务。此漏洞存在于Modicon M580 CPU(BMEP*和BMEH*,所有版本)、Modicon M340 CPU(BMXP34*,所有版本)、Modicon MC80(BMKC80*,所有版本)、Modicon Momentum Ethernet CPU(171CBU*,所有版本)、Modicon EcoStruxurea Control Expert PLC模拟器,包括所有Unity Pro版本(EcoStruxurea Control Expert的过去名称,所有版本)、Modicon EcoStruxurea Process Expert PLC模拟器,包括所有HDCS版本(EcoStruxurea Process Expert的过去名称,所有版本)、Modicon Quantum CPU(140CPU*,所有版本)、Modicon Premium CPU(TSXP5*,所有版本)。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
A CWE-125: Out-of-bounds Read vulnerability that could cause a Denial of Service on the Modicon PLC controller / simulator when updating the controller application with a specially crafted project file exists in Modicon M580 CPU (part numbers BMEP* and BMEH*, all versions), Modicon M340 CPU (part numbers BMXP34*, all versions), Modicon MC80 (part numbers BMKC80*, all versions), Modicon Momentum Ethernet CPU (part numbers 171CBU*, all versions), PLC Simulator for EcoStruxureª Control Expert, including all Unity Pro versions (former name of EcoStruxureª Control Expert, all versions), PLC Simulator for EcoStruxureª Process Expert including all HDCS versions (former name of EcoStruxureª Process Expert, all versions), Modicon Quantum CPU (part numbers 140CPU*, all versions), Modicon Premium CPU (part numbers TSXP5*, all versions).
CVSS信息
N/A
漏洞类别
跨界内存读
漏洞标题
Schneider Electric Modicon M580 CPU 缓冲区错误漏洞
漏洞描述信息
Schneider Electric Modicon M580 CPU是法国施耐德电气(Schneider Electric)公司的一款M580以太网可编程自动化控制器的处理器模块。 Schneider Electric Modicon M580 CPU 存在安全漏洞,该漏洞源于Modicon M580 CPU(部件号 BMEP* 和 BMEH*)中存在一个越界读取。攻击者可利用该漏洞导致 Modicon PLC 控制器/模拟器拒绝服务。
CVSS信息
N/A
漏洞类别
缓冲区错误