Multiple authentication bypass vulnerabilities exist in Schneider Electric Modicon. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted HTTP request to the affected page. Successful exploitation results in the attacker being able to change the password for arbitrary accounts.
You can read the full article here.