Stay Informed
Register to our security notification mailing list and we will notify you via email on newly released or updated Security Notifications.
Register now
| Date | Product | CVE | Description | Products and versions affected | More information |
|---|---|---|---|---|---|
| Date | Product | CVE | Description | Products and versions affected | More information |
| 2019/05/16 | Intel Microarchitectural Data Sampling (Zombieload) | CVE-2018-12126, CVE-2018-12130, CVE-2018-12127, CVE-2019-11091 | Side Channel Attacks | See Security Bulletin | SESB-2019-136-01 |
| 2019/05/16 | Remote Desktop Services (RDS) | CVE-2019-0708 | Remote Code Execution | See Security Bulletin | SESB-2019-136-02 |
| 2019/05/14 | Modicon Controllers | CVE-2018-7851 | CWE-119: Buffer errors | Modicon M580 with firmware prior to V2.50 Modicon M340 with firmware prior to V3.01 BMxCRA312xx with firmware prior to V2.40 All firmware versions of Modicon Premium and 140CRA312xxx | SEVD-2019-134-10 |
| 2019/05/14 | Modicon Quantum | CVE-2019-6815, CVE-2019-6816 | Multiple Vulnerabilities | Modicon Quantum - all firmware versions | SEVD-2019-134-09 |
| 2019/05/14 | Modicon Quantum | CVE-2018-7788 | CWE-255: Credentials Management | Modicon Quantum with firmware versions prior to V2.40. | SEVD-2019-134-08 |
| 2019/05/14 | Modicon RTU Module | CVE-2019-6812 | CWE-798: Use of hardcoded credentials | BMX-NOR-0200H with firmware versions prior to V1.7 IR 19 | SEVD-2019-134-06 |
| 2019/05/14 | Modicon Controllers | CVE-2019-6819 | CWE-754: Improper Check for Unusual or Exceptional Conditions | Modicon M340 - firmware versions prior to V3.01 Modicon M580 - firmware versions prior to V2.80 All firmware versions of Modicon Quantum and Modicon Premium | SEVD-2019-134-05 |
| 2019/05/14 | Modicon Controllers | CVE-2019-6821 | CWE-330: Use of Insufficiently Random Values | Modicon M580 firmware versions prior to V2.30, and all firmware versions of Modicon M340, Modicon Premium, Modicon Quantum | SEVD-2019-134-03 |
| 2019/05/14 | Modicon and PacDrive Controller | CVE-2019-6820 | CWE-306: Missing Authentication for Critical Function | All versions of: Modicon M100, Modicon M200, Modicon M221, ATV IMC drive controller, Modicon M241, Modicon M251, Modicon M258, Modicon LMC058, Modicon LMC078, PacDrive Eco ,PacDrive Pro, PacDrive Pro2 | SEVD-2019-134-02 |
| 2019/05/14 | Pelco Endura NET55XX Encoder | CVE-2019-6814 | CWE-284: Improper Access Control | NET55XX Encoder with firmware prior to version 2.1.9.7 | SEVD-2019-134-01 |
| 2019/04/09 | Schneider Electric Modbus Serial Driver | CVE-2018-7824 | Externally Controlled Reference to a Resource (CWE-610) | For 64-bit Windows OS: V3.17 IE 37 and prior. For 32-bit Windows OS: V2.17 IE 27 and prior. As part of the Driver Suite version: V14.12 and prior | SEVD-2019-099-01 |
| 2019/03/12 | Pelco VideoXpert OpsCenter | CVE-2018-7840 | Uncontrolled Search Path Element (CWE-427) | VideoXpert OpsCenter versions prior to 3.1 | SEVD-2019-071-01 |
| 2019/02/14 | SoMachine Basic and Modicon M221 | CVE-2018-7821, CVE-2018-7822, CVE-2018-7823 | Multiple Vulnerabilities | SoMachine Basic, all versions Modicon M221, all references, all versions prior to firmware V1.10.0.0 | SEVD-2019-045-01 |
| 2019/02/14 | Vijeo Designer Lite | - | Buffer Error (CWE-119) | Vijeo Designer Lite V1.3SP1 | SEVD-2019-045-02 |
| 2019/02/14 | Pelco Sarix Enhanced and Spectra Enhanced | CVE-2018-7816, CVE-2018-7825, CVE-2018-7826, CVE-2018-7827, CVE-2018-7828,CVE-2018-7829 | Multiple Vulnerabilities | Pelco Sarix Enhanced 1st generation and Spectra Enhanced PTZ | SEVD-2019-045-03 |
| 2019/01/14 | IIoT Monitor | CVE-2018-7835, CVE-2018-7836, CVE-2018-7837, CVE-2018-7839 | Multiple Vulnerabilities (Notification Updated) | IIoT Monitor 3.1.38 | SEVD-2018-354-03 |
| 2018/12/27 | Zelio Soft | CVE-2018-7817 | Use after free vulnerability | Zelio Soft 2 v5.1 and prior versions | SEVD-2018-361-01 |
| 2018/12/20 | EVLink Parking | CVE-2018-7800, CVE-2018-7801, CVE-2018-7802 | Multiple Vulnerabilities | EVLink Parking v3.2.0-12_v1 and earlier. | SEVD-2018-354-01 |
| 2018/12/20 | Pro-Face GP-Pro EX | CVE-2018-7832 | Improper Input Validation | Pro-Face GP-Pro EX v4.08 and previous versions | SEVD-2018-354-02 |
| 2018/12/18 | PowerSuite 2 | CVE-2018-7796 | Buffer Error Vulnerability | All released versions of PowerSuite2 | SEVD-2018-351-01 |
| 2018/12/18 | Modicon Controllers | CVE-2017-6017 | Improper Check for Unusual or Exceptional Conditions Vulnerability (Notification Updated) | M340 CPUs with firmware prior to V2.9, M580 CPUs with firmware prior to V2.3, Quantum CPUs with firmware prior to V3.52, Premium CPUs all versions, M1E CPUs all versions | SEVD-2017-048-02 |
| 2018/12/14 | Triconex | Malware Discovered Affecting Triconex Safety Controllers | Malware Discovered Affecting Triconex Safety Controllers | Tricon Model MP3008, versions 10.0 – 10.4 | SEVD-2017-347-01 |
| 2018/12/13 | Power Monitoring Expert, Energy Expert (formerly Power Manager) | CVE-2018-7797 | URL redirection vulnerability | EcoStruxure™ Power Monitoring Expert (PME) v8.2 (all editions), EcoStruxure™ Energy Expert 1.3 (formerly Power Manager), EcoStruxure™ Power SCADA Operation (PSO) 8.2 Advanced Reports and Dashboards Module, EcoStruxure™ Power Monitoring Expert (PME) v9.0, EcoStruxure™ Energy Expert v2.0, EcoStruxure™ Power SCADA Operation (PSO) 9.0 Advanced Reports and Dashboards Module | SEVD-2018-347-01 |
| 2018/12/04 | Eurotherm by Schneider Electric GUIcon V2.0 | CVE-2018-7813, CVE-2018-7814, CVE-2018-7815 | Multiple Vulnerabilities | GUIcon Version 2.0 (Gold Build 683.0) | SEVD-2018-338-01 |
| 2018/02/06 | Spectre and Meltdown | CVE-2017-5754, CVE-2017-5753, CVE-2017-5715 | side channel attacks | See Security Notification | Security Notification- Spectre and Meltdown |
| 2018/02/06 | IGSS SCADA Software | CVE-2017-9967 | Security Misconfiguration | V12 and all previous versions | Security Notification – IGSS SCADA Software |
| 2018/02/08 | StruxureOn Gateway | CVE-2017-9970 | Remote Code Execution | V1.1.3 and prior versions | Security Notification – StruxureOn Gateway |
| 2018/02/08 | IGSS Mobile | CVE-2017-9968, CVE-2017-9969 | Lack of certificate pinning, cleartext storage of password and other sensitive data | Android and iOS, version 3.01 and prior versions | Security Notification – IGSS Mobile |
| 2018/02/15 | EcoStruxure Power Monitoring Expert, Energy Expert (formerly Power Manager), EcoStruxure Power SCADA Operations (formerly PowerSCADA Expert) | CVE-2016-10395 | CVE-2016-10395 | EcoStruxure Power Monitoring Expert 8.2 (Standard, DC, HC Editions) StruxureWare Power Monitoring Expert 8.1 (Standard, DC, HC Editions) StruxureWare Power Monitoring Expert 8.0 (Standard, DC, HC, Buildings Editions) StruxureWare Power Monitoring Expert 7.2.x Energy Expert 1.x (formerly Power Manager) EcoStruxure Power SCADA Operations 8.x (formerly PowerSCADA Expert) (Only with Advanced Reports and Dashboards Module | Security Notification – EcoStruxure Power Monitoring Expert, Energy Expert (formerly Power Manager), EcoStruxure Power SCADA Operations (formerly PowerSCADA |
| 2018/02/15 | SCADA Expert Vijeo Citect / CitectSCADA, Vijeo Historian / Citect Historian™ ,CitectHistorian, and Citect™ Anywhere | CVE-2016-10395, CVE-2017-5571, CVE-2016-2177 | CVE-2016-10395, CVE-2017-5571, CVE-2016-2177 | Version 7.30, 7.40 of SCADA Expert Vijeo Citect / CitectSCADA™ Version 2015, 2016 of CitectSCADA Version 4.40, 4.50 of Vijeo Historian / Citect Historian™ Version 2016 of CitectHistorian Citect™ Anywhere | Vulnerability within Schneider Electric Floating License Manager |
| 2018/02/20 | Saitel DP | CVE-2016-5195 | CVE-2016-5195 | all versions prior to 11.06.04 | Security Notification – Saitel DP |
| 2018/02/27 | Pelco Sarix Professional | CVE-2018-7227, CVE-2018-7228, CVE-2018-7229, CVE-2018-7230, CVE-2018-7231, CVE-2018-7232, CVE-2018-7233, CVE-2018-7234, CVE-2018-7235, CVE-2018-7236, CVE-2018-7237, CVE-2018-7238 | Information disclosure Authentication Bypass XML external entity Command execution Arbitrary file download Arbitrary file delete Buffer overflow | all versions prior to 3.29.67 | Security Notification – Pelco Sarix Professional |
| 2018/03/01 | SoMove | CVE-2018-7239 | DLL Hijacking | V2.6.2 and prior | Security Notification – SoMove |
| 2018/03/15 | MGE Network Management Card Transverse installed in MGE UPS and MGE STS | CVE-2018-7243, CVE-2018-7244, CVE-2018-7245, CVE-2018-7246 | Authorization Bypass, Information Exposure, Improper Authorization, Cleartext Transmission of Sensitive Information | MGE Network Management Card Transverse, part number: SF66074. All card versions affected, when installed in following products: MGE Galaxy 5000, MGE Galaxy 6000, MGE Galaxy 9000, MGE EPS 7000, MGE EPS 8000, MGE EPS 6000, MGE Comet UPS, MGE Comet 3000, MGE Galaxy PW, MGE Galaxy 3000, MGE Galaxy 4000, MGE STS (Upsilon and Epsilon) | Security Notification – MGE Network Management Card Transverse installed in MGE UPS and MGE STS |
| 2018/03/15 | MiCOM P540D Range with Legacy Ethernet Board | CVE-2018-7758 | Denial of Service | Within this list of product versions only products with CORTEC digit 9 = “8” (DNP3oE protocol -enabled) are affected : MiCOM P445 versions: 35, 36, 37, E0, F0*, F1, F2 MiCOM P443, P446 versions: 54, 55, 57, B0, D0*, D1, D2 MiCOM P543 to P546 versions: 44, 54, 45, 55, 47, 57, A0, B0, C0*, DO*, D1, D2 MiCOM P841A versions: 44, 45, 47, A0, C0(*), C1, C2 MiCOM P841B versions: 54, 55, 57, B0, D0*), D1, D2 *Excluding minor revision F | Security Notification – MiCOM P540D Range with Legacy Ethernet Board |
| 2018/03/15 | MiCOM Px4x with Legacy Ethernet Board | CVE-2018-7758 | Denial of Service | Within this list of product versions only products with CORTEC digit 9 = “8” (DNP3oE protocol) and last digit = “J” or “K” (Hardware version) are affected MiCOM P14x version 46, MiCOM P44x version D6 excluding D6(E), MiCOM P64x all versions, MiCOM P849 all versions | Security Notification – MiCOM Px4x with Legacy Ethernet Board |
| 2018/03/15 | MiCOM Px4x Rejuvenated | CVE-2018-7758 | Denial of Service | Within this list of product versions only products with CORTEC digit 9 = “8” (DNP3oE protocol) and last digit = “L” or “M” (Hardware version) are affected MiCOM P540D range:MiCOM P443 version H4, MiCOM P445 version H4, MiCOM P446 version H4, MiCOM All P54x version H4, MiCOM P841A version H4, MiCOM P841B version H4 MiCOM Px4x: MiCOM P14x all versions except B2(B), MiCOM P44x all versions, MiCOM P64x all versions, MiCOM P746 all versions, MiCOM P849 all versions | Security Notification – MiCOM Px4x Rejuvenated |
| 2018/03/22 | Modicon | CVE-2018-7240, CVE-2018-7241, CVE-2018-7242 | Arbitrary code execution, hardcoded accounts, vulnerable hash algorithms | All Modicon Premium, Quantum, M340 and BMXNOR0200 controllers | Security Notification - Embedded FTP Servers for Modicon |
| 2018/03/22 | Modicon | CVE-2018-7759, CVE-2018-7760, CVE-2018-7761, CVE-2018-7762 | Denial of service, authorization bypass, arbitrary code execution, buffer overflow | All Modicon M340, Premium, Quantum PLCs and BMXNOR0200 | Security Notification - Embedded Web Servers for Modicon |
| 2018/04/05 | U.motion Builder | CVE-2018-7763, CVE-2018-7764, CVE-2018-7765, CVE-2018-7766, CVE-2018-7767, CVE-2018-7768, CVE-2018-7769, CVE-2018-7770, CVE-2018-7771, CVE-2018-7772, CVE-2018-7773, CVE-2018-7774, CVE-2018-7776, CVE-2018-7777, CVE-2018-7494 | Multiple vulnerabilities | All versions prior to v1.3.4 | Security Notification – U.motion Builder |
| 2018/04/19 | EVlink Charging Station | CVE-2018-7778 | CVE-2018-7778 | All versions prior to v3.2.0-12_v1 | SEVD-2018-109-01 |
| 2018/04/19 | Wiser for KNX (formerly homeLYnk / spaceLYnk) | CVE-2018-7779 | CVE-2018-7779 | • Wiser for KNX, V2.1.0 and prior • homeLYnk V2.0.1 and prior • spaceLYnk V2.1.0 and prior | SEVD-2018-109-02 |
| 2018/04/24 | Pelco Sarix Professional | CVE-2018-7780, CVE-2018-7781, CVE-2018-7782 | Multiple Vulnerabilities CVE-2018-7780, CVE-2018-7781, CVE-2018-7782 | 1st Generation with firmware versions prior to 3.29.69 | SEVD-2018-114-01 |
| 2018/05/17 | PlantStruxure PES | CVE-2016-10395 CVE-2017-5571 CVE-2016-2177 | Multiple Vulnerabilities • CVE-2016-10395 • CVE-2017-5571 • CVE-2016-2177 | V4.3 SP1 and prior versions | SEVD-2018-137-01 |
| 2018/05/22 | SoMachine Basic | CVE-2018-7783 | CVE-2018-7783 Out-Of-Band Remote Arbitrary Data Retrieval | All versions prior to v1.6 SP1 | SEVD-2018-142-01 |
| 2018/05/24 | EcoStruxure Modicon Builder | CVE-2016-10395, CVE-2017-5571, CVE-2016-2177 | Multiple Vulnerabilities CVE-2016-10395 CVE-2017-5571 CVE-2016-2177 | V3.0 and prior versions | SEVD-2018-144-01 |
| 2018/05/31 | U.Motion Builder | CVE-2018-7784 CVE-2018-7785 CVE-2018-7786 CVE-2018-7787 | Multiple Vulnerabilities CVE-2018-7784 CVE-2018-7785 CVE-2018-7786 CVE-2018-7787 | All versions prior to 1.3.4 | SEVD-2018-151-01 |
| 2018/08/16 | PowerLogic PM5560 | CVE-2018-7795 | Cross Protocol Injection CVE-2018-7795 | PM5560 prior to FW version 2.5.4 | SEVD-2018-228-01 |
| 2018/08/21 | Modicon M221 | CVE-2018-7789 | Improper Check for Unusual or Exceptional Conditions CVE-2018-7789 | Modicon M221, all references, all versions prior to firmware V1.6.2.0. | SEVD-2018-233-01 |
| 2018/08/23 | Modicon M221 | CVE-2018-7790, CVE-2018-7792, CVE-2018-7791 | Multiple Vulnerabilities CVE-2018-7790, CVE-2018-7792, CVE-2018-7791 | Modicon M221, all references, all versions prior to firmware V1.6.2.0. | SEVD-2018-235-01 |
| 2018/08/24 | Conext Combox and Conext Battery Monitor | - | USB removable media shipped with the products may have been exposed to malware | - USB media shipped with Conext Combox (sku 865-1058), all versions - USB media shipped with Conext Battery Monitor (sku 865-1080-01), all versions | SESN-2018-236-01 |
| 2018/09/27 | Modicon M221 | CVE-2018-7798 | Insufficient Verification of Data Authenticity (CWE-345) CVE-2018-7798 | Modicon M221 All Versions | SEVD-2018-270-01 |
| 2018/10/25 | Schneider Electric Software Update | - | DLL hijacking | all versions prior to V2.2.0 | SEVD-2018-298-01 |
| 2019/06/11 | PowerSCADA Expert | CVE-2019-10981 | CWE-255: Credentials Management | "PowerSCADA Expert 7.30 PowerSCADA Expert 7.40 PowerSCADA Expert 8.0 without Service Release 1" | SEVD-2019-162-02 |
| 2019/06/11 | U.motion Builder software V1.1 | CVE-2018-7841 | CWE-89: SQL Injection (Notification Updated) | U.motion Builder version 1.3.4 | SEVD-2019-071-02 V1.1 |
| 2019/07/09 | Zelio Soft 2 | CVE-2019-6822 | CWE-416: Use After Free | V5.2 and earlier versions | SEVD-2019-190-01 |
| 2019/07/09 | Interactive Graphical SCADA System (IGSS) | CVE-2019-6827 | CWE-787: Out-of-bounds Write | Versions 14 and prior | SEVD-2019-190-02 |
| 2019/07/09 | Modicon M580 Controller | CVE-2018-7838 | CWE-119 Buffer Errors | Modicon M580 CPU - BMEP582040 all versions before V2.90 and Modicon Ethernet Module BMENOC0301 all versions before V2.16 | SEVD-2019-190-03 |
| 2019/07/09 | Modicon Controllers | CVE-2019-6819 | CWE-754: Improper Check for Unusual or Exceptional Conditions | Modicon M340 - firmware versions prior to V3.01 Modicon M580 - firmware versions prior to V2.80 All firmware versions of Modicon Quantum and Modicon Premium | SEVD-2019-134-05 (V1.1) |
| 2019/08/13 | Magelis HMI Panels | CVE-2019-6833 | CWE-754 – Improper Check for Unusual or Exceptional Conditions | Magelis HMI Panels | SEVD-2019-225-01 |
| 2019/08/13 | Modicon M340 Controller | CVE-2019-6813 | CWE-754: Improper Check for Unusual or Exceptional Conditions | All firmware versions | SEVD-2019-225-02 |
| 2019/08/13 | Modicon Ethernet / Serial RTU Module | CVE-2019-6831, CVE-2019-6810, CVE-2019-6813 | Multiple Vulnerabilities | All firmware versions | SEVD-2019-225-03 |
| 2019/08/13 | TelevisGo | CVE-2019-8258, CVE-2018-15361, CVE-2019-8259, CVE-2019-8260, CVE-2019-8261, CVE-2019-8262, CVE-2019-8280, CVE-2019-8263, CVE-2019-8264, CVE-2019-8265, CVE-2019-8266, CVE-2019-8267, CVE-2019-8268, CVE-2019-8269, CVE-2019-8270, CVE-2019-8271, CVE-2019-8272, CVE-2019-8273, CVE-2019-8274, CVE-2019-8275, CVE-2019-8276, CVE-2019-8277 | Multiple Vulnerabilities | Versions manufactured prior to 15th July 2019. | SEVD-2019-225-05 |
| 2019/08/13 | Schneider Electric Software Update (SESU) – SUT Service Component | CVE-2019-6834 | CWE-502: Deserialization of Untrusted Data | Versions 2.1.1 to 2.3.0. | SEVD-2019-225-06 |
| 2019/08/13 | spaceLYnk & homeLYnk | CVE-2019-6832 | CWE-287: Authentication Issues | spaceLYnk all versions before 2.4.0 and Wiser for KNX (formerly known as homeLYnk) all versions before 2.4.0 | SEVD-2019-225-07 |
| 2019/08/13 | Modicon Controllers | CVE-2018-7846, CVE-2018-7849, CVE-2018-7843, CVE-2018-7848, CVE-2018-7842, CVE-2018-7847, CVE-2018-7850, CVE-2018-7845, CVE-2018-7852, CVE-2018-7853, CVE-2018-7854, CVE-2018-7855, CVE-2018-7856, CVE-2018-7857, CVE-2019-6806, CVE-2019-6807, CVE-2019-6808, CVE-2018-7844, CVE-2019-6830, CVE-2019-6828, CVE-2019-6829, CVE-2019-6809 | Multiple Vulnerabilities (Notification Updated) | Modicon M580 Modicon M340 Modicon Quantum Modicon Premium | SEVD-2019-134-11(V2.0) |
| 2019/08/13 | Modicon Controllers and SCADAPack | CVE-2017-6034 | Authentication Bypass by Capture-Replay | Modicon Momentum M1E 171CBU98090 (All versions), Modicon Momentum M1E 171CBU98091 (All versions), Modicon M340 (All versions prior to V2.70), Modicon M580 (All versions prior to V2.01), Modicon Premium (All versions prior to V3.10), Modicon Quantum (All versions prior to V3.12), Modicon M221 (All versions), SCADAPack 32 RTU (All Versions), SCADAPack 300 series RTU (314, 330, 334, 350) (All Versions), SCADAPack 300 E and 500 E series RTU (312E, 313E, 314E, 330E, 333E, 337E, 350E, 530E, 535E) (All Versions), SCADAPack 57x RTU (570, 575) (All Versions) | SEVD-2017-065-01 (V3.0) |
| 2019/08/19 | Microsoft Remote Desktop Services – DejaBlue | CVE-2019-1181, CVE-2019-1182, CVE-2019-1222, CVE-2019-1223, CVE-2019-1224, CVE-2019-1225, CVE-2019-1226 | Multiple Vulnerabilities (Updated Bulletin) | See Security Bulletin | SESB-2019-214-01 (V1.2) |
| 2019/09/10 | U.motion Server | CVE-2019-6835, CVE-2019-6836, CVE-2019-6837, CVE-2019-6838, CVE-2019-6839, CVE-2019-6840 | Multiple Vulnerabilities | MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15 | SEVD-2019-253-01 |
| 2019/09/10 | Modicon Quantum 140 NOE771x1 | CVE-2019-6811 | CWE-754 – Improper Check for Unusual or Exceptional Conditions | Quantum 140 NOE771x1 version 6.9 and earlier | SEVD-2019-253-02 |
| 2019/09/10 | TwidoSuite | - | Multiple Vulnerabilities | TwidoSuite v2.20.11 running on Windows 7 SP1 32-bit | SEVD-2019-253-03 |
| 2019/09/19 | ProClima | CVE-2019-6823, CVE-2019-6824, CVE-2019-6825 | Multiple Vulnerabilities (Notification Updated) | All versions of ProClima prior to version 8.0.0 | SEVD-2019-162-01 (V1.1) |
| 2019/10/08 | Modicon Controllers | CVE-2019-6851 | CWE-538: File and Directory Information Exposure | Modicon M580 (all firmware versions) , Modicon M340 (all firmware versions) , Modicon Premium (all firmware versions), Modicon Quantum (all firmware versions) | SEVD-2019-281-01 |
| 2019/10/08 | Modicon Controllers | CVE-2019-6841, CVE-2019-6842, CVE-2019-6843, CVE-2019-6844, CVE-2019-6846, CVE-2019-6847 | Multiple Vulnerabilities | Modicon M580 (all firmware versions) , Modicon M340 (all firmware versions) . Modicon BMxCRA and 140CRA modules (all firmware versions) | SEVD-2019-281-02 |
| 2019/10/08 | Modicon Controllers | CVE-2019-6845 | CWE-319: Cleartext Transmission of Sensitive Information | Modicon M580 (all firmware versions) , Modicon M340 (all firmware versions) , Modicon Premium (all firmware versions), Modicon Quantum (all firmware versions) | SEVD-2019-281-03 |
| 2019/10/08 | Modicon Controllers | CVE-2019-6848, CVE-2019-6849, CVE-2019-6850 | Multiple Vulnerabilities | Modicon M580 , Modicon BMENOC 0311 , Modicon BMENOC 0321 | SEVD-2019-281-04 |
| 2019/10/08 | Schneider Electric Floating License Manager | CVE-2019-20031, CVE-2019-20032, CVE-2019-20033, CVE-2019-20034 | Multiple Vulnerabilities (Notification Updated) | Schneider Electric Floating License Manager V2.3.0.0 and earlier (EcoStruxure Machine Expert) | SEVD-2019-134-04 (V2.1) |
| 2019/10/08 | SoMachine HVAC & SoMove | CVE-2019-6826 | CWE-426: Untrusted Search Path (Notification Updated) | SoMachine HVAC v2.4.1 and earlier versions and SoMove FDT v2.7.5 and earlier versions | SEVD-2019-225-04 (V2.0) |
| 2019/10/08 | Embedded Web Servers for Modicon | CVE-2018-7804, CVE-2018-7809, CVE-2018-7810, CVE-2018-7811, CVE-2018-7812, CVE-2018-7830, CVE-2018-7831, CVE-2018-7833 | Multiple Vulnerabilities (Notification Updated) | All Modicon M340, Premium, Quantum PLCs and BMXNOR0200 | SEVD-2018-327-01 (V3) |
| 2019/11/12 | Andover Continuum | CVE-2019-6853 | CWE-79: Failure to Preserve Web Page Structure (Cross-Site Scripting) | Andover Continuum models 9680, 5740 and 5720, bCX4040, bCX9640, 9900, 9940, 9924 and 9702. | SEVD-2019-316-01 |
| 2019/11/12 | Modicon Controllers | CVE-2019-6852 | CWE-200: Information Exposure | M340 CPUs, M340 communication modules, Premium CPUs, , Premium communication modules, Quantum CPUs, Quantum communication modules | SEVD-2019-316-02 |
| 2019/11/12 | Wind River VxWorks (URGENT/11) | CVE-2019-12256, CVE-2019-12257, CVE-2019-12255, CVE-2019-12260, CVE-2019-12261, CVE-2019-12263, CVE-2019-12258, CVE-2019-12259, CVE-2019-12262, CVE-2019-12264, CVE-2019-12265 | Multiple Vulnerabilities (Bulletin Updated) | See Security Bulletin | SESB-2019-214-01 (V2.2) |
| 2019/11/12 | Microsoft Remote Desktop Services (DejaBlue) | CVE-2019-1181, CVE-2019-1182, CVE-2019-1222, CVE-2019-1223, CVE-2019-1224, CVE-2019-1225, CVE-2019-1226 | Multiple Vulnerabilities (Notification Updated) | Multiple Products | SEVD-2019-267-01 (V1.1) |
| 2019/11/12 | Microsoft Remote Desktop Services (BlueKeep) | CVE-2019-0708 | Remote Code Execution (Notification Updated) | Multiple Products | SEVD-2019-193-02 (V1.4) |
| 2019/11/12 | Intel Microarchitectural Data Sampling (ZombieLoad) | CVE-2018-12126, CVE-2018-12130, CVE-2018-12127, CVE-2019-11091 | Multiple Vulnerabilities (Notification Updated) | Multiple Products | SEVD-2019-193-01 (V1.3) |
| 2019/11/12 | ConneXium Gateway TSXETG100 and PowerLogic Ethernet Gateway EGX100 | CVE-2018-7834 | CWE-79: Cross-Site Scripting (Notification Updated) | TSXETG100, EGX100 (all variants), ECI850 (all variants) | SEVD-2019-134-07 (V2) |
| 2019/11/12 | Triconex TriStation Emulator | CVE-2018-7803 | CWE-754: Improper Check for Unusual or Exceptional Conditions (Notification Updated) | Triconex TriStation Emulator V1.2.0 | SEVD-2019-071-03 (V2) |
| 2019/12/10 | Modicon Controllers | CVE-2019-6856, CVE-2019-6857, CVE-2018-7794 | Multiple Vulnerabilities | Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium | SEVD-2019-344-01 |
| 2019/12/10 | EcoStruxure Control Expert | CVE-2019-6855 | CWE-285 Improper Authorization | EcoStruxure™ Control Expert V14.0 and all versions of Unity Pro (previously called EcoStruxure™ Control Expert) | SEVD-2019-344-02 |
| 2019/12/10 | Power SCADA Operation | CVE-2019-13537 | CWE-121 Stack-based Buffer Overflow | Power SCADA Operation 9.0, Power SCADA Expert 8.2, Power SCADA Expert 8.1, Power SCADA Expert 8.0, Power SCADA Expert 7.4, and Power SCADA Expert 7.3 (including all associated Cumulative Updates) | SEVD-2019-344-04 |
| 2019/12/10 | EcoStruxure Geo SCADA Expert (ClearSCADA) | CVE-2019-6854 | CWE-264 Permissions, Privileges, and Access Controls | EcoStruxure Geo SCADA Expert (ClearSCADA) with initial releases before 1 January 2019 | SEVD-2019-344-05 |
| 2019/12/10 | Wind River VxWorks (URGENT/11) | CVE-2019-12256, CVE-2019-12257, CVE-2019-12255, CVE-2019-12260, CVE-2019-12261, CVE-2019-12263, CVE-2019-12258, CVE-2019-12259, CVE-2019-12262, CVE-2019-12264, CVE-2019-12265 | Multiple Vulnerabilities (Bulletin Updated) | See Security Bulletin | SESB-2019-214-01 (V2.2) |
| 2019/12/10 | Modicon Controllers | CVE-2019-6841, CVE-2019-6842, CVE-2019-6843, CVE-2019-6844, CVE-2019-6846, CVE-2019-6847 | Multiple Vulnerabilities (Notification Updated) | Modicon M580 (all firmware versions) , Modicon M340 (all firmware versions) . Modicon BMxCRA and 140CRA modules (all firmware versions) | SEVD-2019-281-02 (V2.0) |
| 2019/12/10 | Modicon Controllers | CVE-2017-6017 | Improper Check for Unusual or Exceptional Conditions Vulnerability (Notification Updated) | M340 CPUs with firmware prior to V2.9, M580 CPUs with firmware prior to V2.3, Quantum CPUs with firmware prior to V3.52, Premium CPUs all versions, M1E CPUs all versions | SEVD-2017-048-02 (V3.0) |
| 2019/12/10 | Schneider Electric Floating License Manager | CVE-2019-20031, CVE-2019-20032, CVE-2019-20033, CVE-2019-20034 | Multiple Vulnerabilities (Notification Updated) | Schneider Electric Floating License Manager V2.3.0.0 and earlier (EcoStruxure Machine Expert) | SEVD-2019-134-04 (V2.2) |
| 2019/12/10 | Modicon Controllers | CVE-2018-7846, CVE-2018-7849, CVE-2018-7843, CVE-2018-7848, CVE-2018-7842, CVE-2018-7847, CVE-2018-7850, CVE-2018-7845, CVE-2018-7852, CVE-2018-7853, CVE-2018-7854, CVE-2018-7855, CVE-2018-7856, CVE-2018-7857, CVE-2019-6806, CVE-2019-6807, CVE-2019-6808, CVE-2018-7844, CVE-2019-6830, CVE-2019-6828, CVE-2019-6829, CVE-2019-6809 | Multiple Vulnerabilities (Notification Updated) | Modicon M580 Modicon M340 Modicon Quantum Modicon Premium | SEVD-2019-134-11(V3.0) |
| 2019/11/27 | Embedded Web Servers for Modicon | CVE-2018-7804, CVE-2018-7809, CVE-2018-7810, CVE-2018-7811, CVE-2018-7812, CVE-2018-7830, CVE-2018-7831, CVE-2018-7833 | Multiple Vulnerabilities (Notification Updated) | All Modicon M340, Premium, Quantum PLCs and BMXNOR0200 | SEVD-2018-327-01 (V3.1) |
See all archived security notifications
See all
