Schneider-Electric: >> Modicon M218 Firmware >> 5.1.0.6 Security Vulnerabilities
A CWE-20: Improper Input Validation vulnerability exists that could cause a Denial of Service when a crafted packet is sent to the controller over network port 1105/TCP. Affected Product: Modicon M218 Logic Controller (V5.1.0.6 and prior)
CVSS Score
7.5
EPSS Score
0.004
Published
2022-02-11
A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists which could allow the attacker to execute malicious code on the Modicon M218, M241, M251, and M258 controllers.
CVSS Score
9.8
EPSS Score
0.002
Published
2020-04-22
A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists which could leak sensitive information transmitted between the software and the Modicon M218, M241, M251, and M258 controllers.
CVSS Score
7.5
EPSS Score
0.002
Published
2020-04-22