Vulnerabilites related to Schneider Electric - BMXNOE0110
var-201512-0029
Vulnerability from variot
Stack-based buffer overflow in the GoAhead Web Server on Schneider Electric Modicon M340 PLC BMXNOx and BMXPx devices allows remote attackers to execute arbitrary code via a long password in HTTP Basic Authentication data. Schneider Electric Modicon M340 PLC BMXNOx and BMXPx are programmable controller products from Schneider Electric, France. GoAhead Web Server is one of the embedded web servers. Schneider Electric Modicon M340 is prone to an unspecified stack-based buffer-overflow vulnerability. Failed exploit attempts may crash the application, denying service to legitimate users
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201512-0029",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "bmxnoe0110",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxnoe0100",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxnor0200h",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxnoc0401",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxnoe0100h",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxnor0200",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxnoe0110h",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp342020h",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp342030",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp342020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp3420302h",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxpra0100",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp3420302",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxnoc0401",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxnoe0100",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxnoe0100h",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxnoe0110",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxnoe0110h",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxnor0200",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxnor0200h",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxp342020",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxp342020h",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxp342030",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxp3420302",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxp3420302h",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxpra0100",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "electric modicon m340",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "bmxp342020h",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxp342030",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxp342020",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxpra0100",
"scope": null,
"trust": 0.3,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp3420302h",
"scope": null,
"trust": 0.3,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp3420302",
"scope": null,
"trust": 0.3,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp342030",
"scope": null,
"trust": 0.3,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp342020h",
"scope": null,
"trust": 0.3,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp342020",
"scope": null,
"trust": 0.3,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxnor0200h",
"scope": null,
"trust": 0.3,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxnor0200",
"scope": null,
"trust": 0.3,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxnoe0110h",
"scope": null,
"trust": 0.3,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxnoe0110",
"scope": null,
"trust": 0.3,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxnoe0100h",
"scope": null,
"trust": 0.3,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxnoe0100",
"scope": null,
"trust": 0.3,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxnoc0401",
"scope": null,
"trust": 0.3,
"vendor": "schneider electric",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxnoc0401",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxnoe0100",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxnoe0100h",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxnoe0110",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxnoe0110h",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxnor0200",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxnor0200h",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxp342020",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxp342020h",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxp342030",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxp3420302",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxp3420302h",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxpra0100",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "6d82e7a8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-08446"
},
{
"db": "BID",
"id": "79622"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006488"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-542"
},
{
"db": "NVD",
"id": "CVE-2015-7937"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:schneider_electric:bmxnoc0401",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:schneider_electric:bmxnoe0100",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:schneider_electric:bmxnoe0100h",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:schneider_electric:bmxnoe0110",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:schneider_electric:bmxnoe0110h",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:schneider_electric:bmxnor0200",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:schneider_electric:bmxnor0200h",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:schneider_electric:bmxp342020",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:schneider_electric:bmxp342020h",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:schneider_electric:bmxp342030",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:schneider_electric:bmxp3420302",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:schneider_electric:bmxp3420302h",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:schneider_electric:bmxpra0100",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-006488"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Nir Giller",
"sources": [
{
"db": "BID",
"id": "79622"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-542"
}
],
"trust": 0.9
},
"cve": "CVE-2015-7937",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2015-7937",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-08446",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "6d82e7a8-2351-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-85898",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-7937",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2015-7937",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2015-08446",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201512-542",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "6d82e7a8-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-85898",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "6d82e7a8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-08446"
},
{
"db": "VULHUB",
"id": "VHN-85898"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006488"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-542"
},
{
"db": "NVD",
"id": "CVE-2015-7937"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stack-based buffer overflow in the GoAhead Web Server on Schneider Electric Modicon M340 PLC BMXNOx and BMXPx devices allows remote attackers to execute arbitrary code via a long password in HTTP Basic Authentication data. Schneider Electric Modicon M340 PLC BMXNOx and BMXPx are programmable controller products from Schneider Electric, France. GoAhead Web Server is one of the embedded web servers. Schneider Electric Modicon M340 is prone to an unspecified stack-based buffer-overflow vulnerability. Failed exploit attempts may crash the application, denying service to legitimate users",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-7937"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006488"
},
{
"db": "CNVD",
"id": "CNVD-2015-08446"
},
{
"db": "BID",
"id": "79622"
},
{
"db": "IVD",
"id": "6d82e7a8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-85898"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-7937",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-15-351-01",
"trust": 3.4
},
{
"db": "BID",
"id": "79622",
"trust": 2.6
},
{
"db": "SCHNEIDER",
"id": "SEVD-2015-344-01",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-201512-542",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2015-08446",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006488",
"trust": 0.8
},
{
"db": "IVD",
"id": "6D82E7A8-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-85898",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "6d82e7a8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-08446"
},
{
"db": "VULHUB",
"id": "VHN-85898"
},
{
"db": "BID",
"id": "79622"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006488"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-542"
},
{
"db": "NVD",
"id": "CVE-2015-7937"
}
]
},
"id": "VAR-201512-0029",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "6d82e7a8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-08446"
},
{
"db": "VULHUB",
"id": "VHN-85898"
}
],
"trust": 1.6454545666666667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "6d82e7a8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-08446"
}
]
},
"last_update_date": "2024-11-23T22:01:39.956000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2015-344-01",
"trust": 0.8,
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-344-01"
},
{
"title": "Schneider Electric Modicon M340 PLC BMXNOx and BMXPx Stack Buffer Overflow Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/68892"
},
{
"title": "Schneider Electric Modicon M340 PLC BMXNOx and BMXPx Fixes for stack-based buffer overflow vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=59311"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-08446"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006488"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-542"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-85898"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006488"
},
{
"db": "NVD",
"id": "CVE-2015-7937"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-351-01"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/79622"
},
{
"trust": 1.7,
"url": "http://download.schneider-electric.com/files?p_doc_ref=sevd-2015-344-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7937"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7937"
},
{
"trust": 0.3,
"url": "http://www.schneider-electric.com/en/all-products"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-08446"
},
{
"db": "VULHUB",
"id": "VHN-85898"
},
{
"db": "BID",
"id": "79622"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006488"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-542"
},
{
"db": "NVD",
"id": "CVE-2015-7937"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "6d82e7a8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-08446"
},
{
"db": "VULHUB",
"id": "VHN-85898"
},
{
"db": "BID",
"id": "79622"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006488"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-542"
},
{
"db": "NVD",
"id": "CVE-2015-7937"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-12-24T00:00:00",
"db": "IVD",
"id": "6d82e7a8-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2015-12-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-08446"
},
{
"date": "2015-12-21T00:00:00",
"db": "VULHUB",
"id": "VHN-85898"
},
{
"date": "2015-12-17T00:00:00",
"db": "BID",
"id": "79622"
},
{
"date": "2015-12-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-006488"
},
{
"date": "2015-12-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201512-542"
},
{
"date": "2015-12-21T11:59:12.097000",
"db": "NVD",
"id": "CVE-2015-7937"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-12-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-08446"
},
{
"date": "2016-11-28T00:00:00",
"db": "VULHUB",
"id": "VHN-85898"
},
{
"date": "2015-12-17T00:00:00",
"db": "BID",
"id": "79622"
},
{
"date": "2015-12-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-006488"
},
{
"date": "2015-12-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201512-542"
},
{
"date": "2024-11-21T02:37:41.870000",
"db": "NVD",
"id": "CVE-2015-7937"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201512-542"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric Modicon M340 PLC BMXNOx and BMXPx Device stack-based buffer overflow vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-006488"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "6d82e7a8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-542"
}
],
"trust": 0.8
}
}
var-201410-1134
Vulnerability from variot
Directory traversal vulnerability in SchneiderWEB on Schneider Electric Modicon PLC Ethernet modules 140CPU65x Exec before 5.5, 140NOC78x Exec before 1.62, 140NOE77x Exec before 6.2, BMXNOC0401 before 2.05, BMXNOE0100 before 2.9, BMXNOE0110x Exec before 6.0, TSXETC101 Exec before 2.04, TSXETY4103x Exec before 5.7, TSXETY5103x Exec before 5.9, TSXP57x ETYPort Exec before 5.7, and TSXP57x Ethernet Copro Exec before 5.5 allows remote attackers to visit arbitrary resources via a crafted HTTP request. Schneider Electric provides products and services in the areas of energy and infrastructure, industry, data centers and networks, buildings and residential. Exploiting this issue can allow an attacker to gain access to arbitrary files. Information harvested may aid in launching further attacks. Schneider Electric Modicon PLC Ethernet is an Ethernet programmable controller produced by French Schneider Electric (Schneider Electric). The following versions are affected: Schneider Electric Modicon PLC Ethernet modules 140CPU65x Version, 140NOC78x Version, 140NOE77x Version, BMXNOC0401 Version, BMXNOC0402 Version, BMXNOE0100 Version, BMXNOE0110x Version, TSXETC101 Version, TSXETC0101 Version, TSXETY4103x Version, TSXETY5103x Version, TSXP57x Version, TSXP57x Version
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201410-1134",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "modicon m340 bmxp342030h",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp575634m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp574823am",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxnoe0110h",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxety4103c",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxntp100",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp574823m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxnoe0110",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxnoc0401",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxety5103c",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp573634m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "171ccc96020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp342020h",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp571634m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "stbnic2212",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp3420302h",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "171ccc98020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxwmy100",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxetc0101",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "stbnip2212",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "171ccc96020c",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp574634m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxetz510",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp342030",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp3420302",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxetz410",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp342020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxety110wsc",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp573623mc",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxety110ws",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxety4103",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxnoe0100",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "171ccc98030",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxety5103",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxwmy100c",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m580 bmxnoc0402",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxetc100",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "171ccc96030c",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp572634m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxnor0200h",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp576634m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp574823mc",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "171ccc96030",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon plc ethernet communication module",
"scope": "lt",
"trust": 0.8,
"vendor": "schneider electric",
"version": "140cpu65x exec 5.5"
},
{
"model": "modicon plc ethernet communication module",
"scope": "lt",
"trust": 0.8,
"vendor": "schneider electric",
"version": "140noc78x exec 1.62"
},
{
"model": "modicon plc ethernet communication module",
"scope": "lt",
"trust": 0.8,
"vendor": "schneider electric",
"version": "140noe77x exec 6.2"
},
{
"model": "modicon plc ethernet communication module",
"scope": "lt",
"trust": 0.8,
"vendor": "schneider electric",
"version": "bmxnoc0401 2.05"
},
{
"model": "modicon plc ethernet communication module",
"scope": "lt",
"trust": 0.8,
"vendor": "schneider electric",
"version": "bmxnoe0100 2.9"
},
{
"model": "modicon plc ethernet communication module",
"scope": "lt",
"trust": 0.8,
"vendor": "schneider electric",
"version": "bmxnoe0110x exec 6.0"
},
{
"model": "modicon plc ethernet communication module",
"scope": "lt",
"trust": 0.8,
"vendor": "schneider electric",
"version": "tsxetc101 exec 2.04"
},
{
"model": "modicon plc ethernet communication module",
"scope": "lt",
"trust": 0.8,
"vendor": "schneider electric",
"version": "tsxety4103x exec 5.7"
},
{
"model": "modicon plc ethernet communication module",
"scope": "lt",
"trust": 0.8,
"vendor": "schneider electric",
"version": "tsxety5103x exec 5.9"
},
{
"model": "modicon plc ethernet communication module",
"scope": "lt",
"trust": 0.8,
"vendor": "schneider electric",
"version": "tsxp57x ethernet copro exec 5.5"
},
{
"model": "modicon plc ethernet communication module",
"scope": "lt",
"trust": 0.8,
"vendor": "schneider electric",
"version": "tsxp57x etyport exec 5.7"
},
{
"model": "electric modicon plc ethernet module",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "modicon plc ethernet module",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "bmxp3420302h"
},
{
"model": "modicon plc ethernet module",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "bmxp342030h"
},
{
"model": "modicon plc ethernet module",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "tsxp573634m"
},
{
"model": "modicon plc ethernet module",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "140cpu65160"
},
{
"model": "modicon plc ethernet module",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "tsxp572623mc"
},
{
"model": "modicon plc ethernet module",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "tsxp572623m"
},
{
"model": "modicon plc ethernet module",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "140cpu65150"
},
{
"model": "modicon plc ethernet module",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "171ccc96020"
},
{
"model": "modicon plc ethernet module",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "140cpu65260"
},
{
"model": "modicon plc ethernet module",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "171ccc96020c"
},
{
"model": "tsxwmy100",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "tsxwmy10",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "tsxp576634",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "tsxp575634",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "tsxp574823m",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "tsxp574823a",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "tsxp574823",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "tsxp574634",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "tsxp573634",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "tsxp573623m",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "tsxp573623a",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "tsxp573623",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "tsxp572823m",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "tsxp572823",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "tsxp572634",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "tsxp572623mc",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "tsxp572623m",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "tsxp571634m",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "tsxntp100",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "tsxetz510",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "tsxetz410",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "tsxety5103c",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "tsxety5103",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "tsxety4103c",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "tsxety4103",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "tsxety110wsc",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "tsxety110ws",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "tsxetc100",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "tsxetc0101",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "bmxprmxxxx",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "bmxp342030h",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "bmxp3420302h",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "bmxp342030",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "bmxp342020h",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "bmxp342020",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "bmxnor0200h",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "bmxnoe0110h",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "bmxnoe0110",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "bmxnoe0100",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "bmxnoc0402",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "bmxnoc0401",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "bmx noe",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "01100"
},
{
"model": "171ccc98030",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "171ccc98020",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "171ccc96030c",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "171ccc96030",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "171ccc96020c",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "171ccc96020",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "170ent11002",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "170ent11001",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "140nwm10000",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "140noe77111c",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "140noe77111",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "140noe77110",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "140noe77101c",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "140noe77101",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "140noe77100",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "140noc78100",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "140noc78000",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "140noc77100",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "140cpu65260",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "140cpu65160",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "140cpu65150",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "bmxnor0200h",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "140cpu65150",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "140cpu65160",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "140cpu65260",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "140noc77100",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "140noc78000",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "140noe77100",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "140noe77101",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "140noe77101c",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "140noe77110",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "140noe77111",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "140noe77111c",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "140nwm10000",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "170ent11001",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "170ent11002",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "170ent11002c",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "171ccc96020",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "171ccc96020c",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "171ccc96030",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "171ccc96030c",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "171ccc98020",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "171ccc98030",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "bmxnoc0401",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "bmxnoc0402",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "bmxnoe0100",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "bmxnoe0110",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "bmxnoe0110h",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "bmxp342020",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "bmxp342020h",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "bmxp342030",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "bmxp342030h",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "bmxp3420302",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "bmxp3420302h",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "bmxprmxxxx",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "stbnic2212",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "stbnip2212",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "tsxetc100",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "tsxetc0101",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "tsxety110ws",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "tsxety110wsc",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "tsxety4103",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "tsxety4103c",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "tsxety5103",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "tsxety5103c",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "tsxetz410",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "tsxetz510",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "tsxntp100",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "tsxp571634m",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "tsxp572623m",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "tsxp572623mc",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "tsxp572823m",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "tsxp572823mc",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "tsxp573623am",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "tsxp573623m",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "tsxp573623mc",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "tsxp573634m",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "tsxp574634m",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "tsxp574823am",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "tsxp574823m",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "tsxp574823mc",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "tsxp575634m",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "tsxp576634m",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "tsxwmy100",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "tsxwmy100c",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "cce5fe38-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06695"
},
{
"db": "BID",
"id": "70193"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004531"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-075"
},
{
"db": "NVD",
"id": "CVE-2014-0754"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:schneider_electric:modicon_plc_ethernet_module",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-004531"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Billy Rios",
"sources": [
{
"db": "BID",
"id": "70193"
}
],
"trust": 0.3
},
"cve": "CVE-2014-0754",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2014-0754",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-06695",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "cce5fe38-2351-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-68247",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-0754",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2014-0754",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2014-06695",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201410-075",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "cce5fe38-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-68247",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "cce5fe38-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06695"
},
{
"db": "VULHUB",
"id": "VHN-68247"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004531"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-075"
},
{
"db": "NVD",
"id": "CVE-2014-0754"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Directory traversal vulnerability in SchneiderWEB on Schneider Electric Modicon PLC Ethernet modules 140CPU65x Exec before 5.5, 140NOC78x Exec before 1.62, 140NOE77x Exec before 6.2, BMXNOC0401 before 2.05, BMXNOE0100 before 2.9, BMXNOE0110x Exec before 6.0, TSXETC101 Exec before 2.04, TSXETY4103x Exec before 5.7, TSXETY5103x Exec before 5.9, TSXP57x ETYPort Exec before 5.7, and TSXP57x Ethernet Copro Exec before 5.5 allows remote attackers to visit arbitrary resources via a crafted HTTP request. Schneider Electric provides products and services in the areas of energy and infrastructure, industry, data centers and networks, buildings and residential. \nExploiting this issue can allow an attacker to gain access to arbitrary files. Information harvested may aid in launching further attacks. Schneider Electric Modicon PLC Ethernet is an Ethernet programmable controller produced by French Schneider Electric (Schneider Electric). The following versions are affected: Schneider Electric Modicon PLC Ethernet modules 140CPU65x Version, 140NOC78x Version, 140NOE77x Version, BMXNOC0401 Version, BMXNOC0402 Version, BMXNOE0100 Version, BMXNOE0110x Version, TSXETC101 Version, TSXETC0101 Version, TSXETY4103x Version, TSXETY5103x Version, TSXP57x Version, TSXP57x Version",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-0754"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004531"
},
{
"db": "CNVD",
"id": "CNVD-2014-06695"
},
{
"db": "BID",
"id": "70193"
},
{
"db": "IVD",
"id": "cce5fe38-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-68247"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-0754",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-14-273-01",
"trust": 3.4
},
{
"db": "BID",
"id": "70193",
"trust": 2.6
},
{
"db": "SCHNEIDER",
"id": "SEVD-2014-260-01",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-201410-075",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2014-06695",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004531",
"trust": 0.8
},
{
"db": "IVD",
"id": "CCE5FE38-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-68247",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "cce5fe38-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06695"
},
{
"db": "VULHUB",
"id": "VHN-68247"
},
{
"db": "BID",
"id": "70193"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004531"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-075"
},
{
"db": "NVD",
"id": "CVE-2014-0754"
}
]
},
"id": "VAR-201410-1134",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "cce5fe38-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06695"
},
{
"db": "VULHUB",
"id": "VHN-68247"
}
],
"trust": 1.691666675
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "cce5fe38-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06695"
}
]
},
"last_update_date": "2024-11-23T22:13:39.284000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Modicon PLC Ethernet Communication Modules",
"trust": 0.8,
"url": "http://download.schneider-electric.com/files?p_Reference=SEVD-2014-260-01\u0026p_EnDocType=Software%20-%20Updates\u0026p_File_Id=608959359\u0026p_File_Name=SEVD-2014-260-01.pdf"
},
{
"title": "Patches for multiple Schneider Electric product catalog traversal vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/50841"
},
{
"title": "BMXNOE0100+Exec",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54170"
},
{
"title": "BMXNOE0110+Web+and+Exec",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54171"
},
{
"title": "140NOE77101+Exec+For+Unity+Users",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54184"
},
{
"title": "140NOE77101+Exec+For+Non+Unity+Users",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54183"
},
{
"title": "140NOE77111+Exec+For+Unity+and+Non+Unity+Users",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54185"
},
{
"title": "140CPU65260+Quantum+Copro+Exec",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54180"
},
{
"title": "140CPU65160+Quantum+Copro+Exec",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54179"
},
{
"title": "140CPU65150+Quantum+CoPro+Exec",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54178"
},
{
"title": "140NOC78000+Exec",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54181"
},
{
"title": "TSXP575634M+Premium+Copro+Exec",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54176"
},
{
"title": "TSXP574634M+Premium+Copro+Exec",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54175"
},
{
"title": "TSXP576634M+Premium+Copro+Exec",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54177"
},
{
"title": "TSXETC101+Exec",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54172"
},
{
"title": "140NOC78100+Exec",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54182"
},
{
"title": "TSXP573634M+ETY+Port+Exec",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54188"
},
{
"title": "TSXP572634M+ETY+Port+Exec",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54187"
},
{
"title": "TSXETY5103+Exec",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54174"
},
{
"title": "TSXP571634M+ETY+Port+Exec",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54186"
},
{
"title": "TSXETY4103+Exec",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54173"
},
{
"title": "BMXNOC0401+Exec",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54169"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-06695"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004531"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-075"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-68247"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004531"
},
{
"db": "NVD",
"id": "CVE-2014-0754"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-14-273-01"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/70193"
},
{
"trust": 1.6,
"url": "http://download.schneider-electric.com/files?p_reference=sevd-2014-260-01\u0026p_endoctype=software%20-%20updates\u0026p_file_id=608959359\u0026p_file_name=sevd-2014-260-01.pdf"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0754"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0754"
},
{
"trust": 0.3,
"url": "http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true"
},
{
"trust": 0.3,
"url": "http://download.schneider-electric.com/files?p_doc_ref=sevd-2014-260-01"
},
{
"trust": 0.1,
"url": "http://download.schneider-electric.com/files?p_reference=sevd-2014-260-01\u0026amp;p_endoctype=software%20-%20updates\u0026amp;p_file_id=608959359\u0026amp;p_file_name=sevd-2014-260-01.pdf"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-06695"
},
{
"db": "VULHUB",
"id": "VHN-68247"
},
{
"db": "BID",
"id": "70193"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004531"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-075"
},
{
"db": "NVD",
"id": "CVE-2014-0754"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "cce5fe38-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06695"
},
{
"db": "VULHUB",
"id": "VHN-68247"
},
{
"db": "BID",
"id": "70193"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004531"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-075"
},
{
"db": "NVD",
"id": "CVE-2014-0754"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-10-14T00:00:00",
"db": "IVD",
"id": "cce5fe38-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2014-10-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-06695"
},
{
"date": "2014-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-68247"
},
{
"date": "2014-09-30T00:00:00",
"db": "BID",
"id": "70193"
},
{
"date": "2014-10-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004531"
},
{
"date": "2014-10-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201410-075"
},
{
"date": "2014-10-03T18:55:06.017000",
"db": "NVD",
"id": "CVE-2014-0754"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-10-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-06695"
},
{
"date": "2016-04-04T00:00:00",
"db": "VULHUB",
"id": "VHN-68247"
},
{
"date": "2014-09-30T00:00:00",
"db": "BID",
"id": "70193"
},
{
"date": "2014-10-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004531"
},
{
"date": "2022-02-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201410-075"
},
{
"date": "2024-11-21T02:02:44.980000",
"db": "NVD",
"id": "CVE-2014-0754"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201410-075"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric Modicon PLC Ethernet Module SchneiderWEB Vulnerable to directory traversal",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-004531"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Path traversal",
"sources": [
{
"db": "IVD",
"id": "cce5fe38-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-075"
}
],
"trust": 0.8
}
}
var-202202-1168
Vulnerability from variot
A CWE-200: Information Exposure vulnerability exists that could cause sensitive information of files located in the web root directory to leak when an attacker sends a HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (All Versions), Modicon Premium Processors with integrated Ethernet (Copro): TSXP574634, TSXP575634, TSXP576634 (All Versions), Modicon Quantum Processors with Integrated Ethernet (Copro): 140CPU65xxxxx (All Versions), Modicon Quantum Communication Modules: 140NOE771x1, 140NOC78x00, 140NOC77101 (All Versions), Modicon Premium Communication Modules: TSXETY4103, TSXETY5103 (All Versions). plural Schneider Electric The product contains an information disclosure vulnerability.Information may be obtained. Schneider Electric Modicon Quantum, etc. are products of the French Schneider Electric (Schneider Electric). The Schneider Electric Modicon Quantum is a large programmable logic controller (PLC) for process applications, high availability and safety solutions. The Schneider Electric Modicon M340 is a mid-range PLC (Programmable Logic Controller) for industrial processes and infrastructure. Schneider Electric Modicon Premium is a programmable controller for industrial environments
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202202-1168",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "140noc78x00",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon m340 bmxp342020",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.40"
},
{
"model": "bmxnoe0100",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "bmxnoc0401",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "140noc77101",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "140cpu65150",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "tsxp576634",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "bmxnoe0110",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "bmxnor0200h rtu",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "140noe771x1",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "tsxety4103",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "tsxety5103",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "tsxp574634",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "tsxp575634",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "bmxnor0200h rtu",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxnoe0100",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxnoe0110",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp574634",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp575634",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxnoc0401",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp576634",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon quantum 140cpu65150",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxp342020",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "140noe771x1",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "electric modicon m340 cpus bmxp34",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "(\u003c=3.40)"
},
{
"model": "electric modicon m340 ethernet communication modules bmxnoe0100",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "x80"
},
{
"model": "electric modicon m340 ethernet communication modules bmxnoe0110",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "x80"
},
{
"model": "electric modicon m340 ethernet communication modules bmxnoc0401",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "x80"
},
{
"model": "electric modicon m340 ethernet communication modules bmxnor0200h rtu",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "x80"
},
{
"model": "electric modicon premium processors with integrated ethernet tsxp574634",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon premium processors with integrated ethernet tsxp575634",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon premium processors with integrated ethernet tsxp576634",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon premium processors with integrated ethernet 140cpu65xxxxx",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon quantum communication modules 140noe771x1",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon quantum communication modules 140noc78x00",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon quantum communication modules 140noc77101",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon quantum communication modules tsxety4103",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon quantum communication modules tsxety5103",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-68925"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-018470"
},
{
"db": "NVD",
"id": "CVE-2021-22785"
}
]
},
"cve": "CVE-2021-22785",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-22785",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2022-68925",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-22785",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-22785",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-22785",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-22785",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2022-68925",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202202-1043",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-22785",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-68925"
},
{
"db": "VULMON",
"id": "CVE-2021-22785"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-018470"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1043"
},
{
"db": "NVD",
"id": "CVE-2021-22785"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A CWE-200: Information Exposure vulnerability exists that could cause sensitive information of files located in the web root directory to leak when an attacker sends a HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (All Versions), Modicon Premium Processors with integrated Ethernet (Copro): TSXP574634, TSXP575634, TSXP576634 (All Versions), Modicon Quantum Processors with Integrated Ethernet (Copro): 140CPU65xxxxx (All Versions), Modicon Quantum Communication Modules: 140NOE771x1, 140NOC78x00, 140NOC77101 (All Versions), Modicon Premium Communication Modules: TSXETY4103, TSXETY5103 (All Versions). plural Schneider Electric The product contains an information disclosure vulnerability.Information may be obtained. Schneider Electric Modicon Quantum, etc. are products of the French Schneider Electric (Schneider Electric). The Schneider Electric Modicon Quantum is a large programmable logic controller (PLC) for process applications, high availability and safety solutions. The Schneider Electric Modicon M340 is a mid-range PLC (Programmable Logic Controller) for industrial processes and infrastructure. Schneider Electric Modicon Premium is a programmable controller for industrial environments",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-22785"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-018470"
},
{
"db": "CNVD",
"id": "CNVD-2022-68925"
},
{
"db": "VULMON",
"id": "CVE-2021-22785"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-22785",
"trust": 3.9
},
{
"db": "SCHNEIDER",
"id": "SEVD-2021-257-02",
"trust": 2.3
},
{
"db": "JVNDB",
"id": "JVNDB-2021-018470",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-68925",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1043",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-22785",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-68925"
},
{
"db": "VULMON",
"id": "CVE-2021-22785"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-018470"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1043"
},
{
"db": "NVD",
"id": "CVE-2021-22785"
}
]
},
"id": "VAR-202202-1168",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-68925"
}
],
"trust": 1.5192307692307692
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-68925"
}
]
},
"last_update_date": "2024-08-14T14:37:39.948000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2021-257-02",
"trust": 0.8,
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-257-02"
},
{
"title": "Patch for Multiple Schneider Electric Product Information Disclosure Vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/356586"
},
{
"title": "Schneider Electric Repair measures for information disclosure vulnerabilities of various products",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=182742"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2021-22785 "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-68925"
},
{
"db": "VULMON",
"id": "CVE-2021-22785"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-018470"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1043"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.0
},
{
"problemtype": "information leak (CWE-200) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-018470"
},
{
"db": "NVD",
"id": "CVE-2021-22785"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://download.schneider-electric.com/files?p_doc_ref=sevd-2021-257-02"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22785"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/200.html"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2021-22785"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-68925"
},
{
"db": "VULMON",
"id": "CVE-2021-22785"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-018470"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1043"
},
{
"db": "NVD",
"id": "CVE-2021-22785"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-68925"
},
{
"db": "VULMON",
"id": "CVE-2021-22785"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-018470"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1043"
},
{
"db": "NVD",
"id": "CVE-2021-22785"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-68925"
},
{
"date": "2022-02-11T00:00:00",
"db": "VULMON",
"id": "CVE-2021-22785"
},
{
"date": "2023-06-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-018470"
},
{
"date": "2022-02-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202202-1043"
},
{
"date": "2022-02-11T18:15:08.947000",
"db": "NVD",
"id": "CVE-2021-22785"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-68925"
},
{
"date": "2022-10-25T00:00:00",
"db": "VULMON",
"id": "CVE-2021-22785"
},
{
"date": "2023-06-15T07:46:00",
"db": "JVNDB",
"id": "JVNDB-2021-018470"
},
{
"date": "2022-10-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202202-1043"
},
{
"date": "2024-04-10T12:28:45.957000",
"db": "NVD",
"id": "CVE-2021-22785"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202202-1043"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0Schneider\u00a0Electric\u00a0 Vulnerability regarding information leakage in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-018470"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202202-1043"
}
],
"trust": 0.6
}
}
var-202012-1384
Vulnerability from variot
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause denial of HTTP and FTP services when a series of specially crafted requests is sent to the controller over HTTP. plural Schneider Electric The product contains a vulnerability related to checking for exceptional conditions.Denial of service (DoS) It may be put into a state. Schneider Electric Modicon M340 is a medium-range PLC (Programmable Logic Controller) of French Schneider Electric (Schneider Electric) for industrial processes and infrastructure.
Schneider Electric Modicon M340 has a code issue vulnerability. Attackers can use the vulnerability to make HTTP and FTP services deny when a request for preparation is sent to the controller via HTTP
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202012-1384",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "bmxnoe0110",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "6.6"
},
{
"model": "140cpu65150",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "tsxety4103",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "tsxety5103",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon m340 bmxp3420102",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.30"
},
{
"model": "modicon m340 bmxp3420302",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.30"
},
{
"model": "tsxp575634",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon m340 bmxp342020",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.30"
},
{
"model": "modicon m340 bmxp341000",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.30"
},
{
"model": "bmxnoe0100",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.4"
},
{
"model": "tsxp576634",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon m340 bmxp3420102cl",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.30"
},
{
"model": "140noc78100",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "140noc78000",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon m340 bmxp3420302cl",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.30"
},
{
"model": "bmxnoc0401",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "140noe77111",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "7.3"
},
{
"model": "tsxp574634",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon m340 bmxp342000",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.30"
},
{
"model": "bmxnoc0401",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxnoe0110",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxp3420102",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxp3420302cl",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxp3420102cl",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxp342020",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxp342000",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxp341000",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxp3420302",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxnoe0100",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "electric modicon m340",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-46283"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014322"
},
{
"db": "NVD",
"id": "CVE-2020-7549"
}
]
},
"cve": "CVE-2020-7549",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2020-7549",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2021-46283",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2020-7549",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "Low",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2020-7549",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-7549",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2020-7549",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2021-46283",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202012-939",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-46283"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014322"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-939"
},
{
"db": "NVD",
"id": "CVE-2020-7549"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause denial of HTTP and FTP services when a series of specially crafted requests is sent to the controller over HTTP. plural Schneider Electric The product contains a vulnerability related to checking for exceptional conditions.Denial of service (DoS) It may be put into a state. Schneider Electric Modicon M340 is a medium-range PLC (Programmable Logic Controller) of French Schneider Electric (Schneider Electric) for industrial processes and infrastructure. \n\r\n\r\nSchneider Electric Modicon M340 has a code issue vulnerability. Attackers can use the vulnerability to make HTTP and FTP services deny when a request for preparation is sent to the controller via HTTP",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-7549"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014322"
},
{
"db": "CNVD",
"id": "CNVD-2021-46283"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-7549",
"trust": 3.0
},
{
"db": "SCHNEIDER",
"id": "SEVD-2020-343-06",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014322",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-46283",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202012-939",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-46283"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014322"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-939"
},
{
"db": "NVD",
"id": "CVE-2020-7549"
}
]
},
"id": "VAR-202012-1384",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-46283"
}
],
"trust": 1.5935065
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-46283"
}
]
},
"last_update_date": "2024-11-23T22:16:10.514000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2020-343-06",
"trust": 0.8,
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-06/"
},
{
"title": "Patch for Schneider Electric Modicon M340 code issue vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/276471"
},
{
"title": "Schneider Electric Modicon M340 Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=136601"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-46283"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014322"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-939"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-754",
"trust": 1.0
},
{
"problemtype": "Improper checking in exceptional conditions (CWE-754) [ Other ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014322"
},
{
"db": "NVD",
"id": "CVE-2020-7549"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://www.se.com/ww/en/download/document/sevd-2020-343-06/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7549"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-46283"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014322"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-939"
},
{
"db": "NVD",
"id": "CVE-2020-7549"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-46283"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014322"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-939"
},
{
"db": "NVD",
"id": "CVE-2020-7549"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-46283"
},
{
"date": "2021-08-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-014322"
},
{
"date": "2020-12-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202012-939"
},
{
"date": "2020-12-11T01:15:12.627000",
"db": "NVD",
"id": "CVE-2020-7549"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-46283"
},
{
"date": "2021-08-13T08:50:00",
"db": "JVNDB",
"id": "JVNDB-2020-014322"
},
{
"date": "2020-12-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202012-939"
},
{
"date": "2024-11-21T05:37:21.663000",
"db": "NVD",
"id": "CVE-2020-7549"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202012-939"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0Schneider\u00a0Electric\u00a0 Product Exceptional Status Check Vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014322"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202012-939"
}
],
"trust": 0.6
}
}
var-201903-0642
Vulnerability from variot
Remote file inclusion allows an attacker to craft a specific URL referencing the Schneider Electric Modicon BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, or BMXP342030H PLC web server, which, when launched, will result in the browser redirecting to a remote file via a Java script loaded with the web page. plural Schneider Electric Modicon The product contains an input validation vulnerability.Information may be obtained and information may be altered. Modicon PLC is a programmable controller product for the dam, energy, food agriculture and other industries. Schneider Electric Modicon M340 PLC is a medium-sized PLC platform for industrial processes and architectures. There are several security holes in the Modicon M340 PLC Station P34 module. Exploitation of these vulnerabilities could allow remote attackers to obtain sensitive information or execute arbitrary code on a web server, bypass authentication mechanisms, and access vulnerable devices
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201903-0642",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "modicon m340 bmxp3420302h",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp342030h",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxnoe0100",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxnoe0110",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxnoc0401",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxnoe0110h",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxnor0200h",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp3420302",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp342030",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp342020h",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp342020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxnoc0401",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxnoe0100",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxnoe0110",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxnoe0110h",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxnor0200h",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxp342020",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxp342020h",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxp342030",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxp3420302",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxp3420302h",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "electric modicon plc",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon m340 plc station p34 module",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "bmxnoc0401",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "bmxp3420302h",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "bmxp342030h",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "bmxnoe0100",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "bmxnoe0110",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "bmxnoe0110h",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "bmxnor0200h",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "bmxp342020",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "bmxp342020h",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "bmxp342030",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "bmxp3420302",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "0aca935a-1e69-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7c567132-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-05940"
},
{
"db": "CNVD",
"id": "CNVD-2015-05740"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008242"
},
{
"db": "NVD",
"id": "CVE-2015-6461"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:schneider_electric:bmxnoc0401_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:bmxnoe0100_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:bmxnoe0110_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:bmxnoe0110h_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:bmxnor0200h_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:bmxp342020_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:bmxp342020h_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:bmxp342030_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:bmxp3420302_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:bmxp3420302h_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-008242"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Aditya K. Sood",
"sources": [
{
"db": "BID",
"id": "76327"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-386"
}
],
"trust": 0.9
},
"cve": "CVE-2015-6461",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2015-6461",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 3.2,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.1,
"id": "CNVD-2015-05940",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-05740",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "0aca935a-1e69-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 3.2,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.1,
"id": "7c567132-2351-11e6-abef-000c29c66e3d",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-84422",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2015-6461",
"impactScore": 2.5,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-6461",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2015-6461",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2015-05940",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNVD",
"id": "CNVD-2015-05740",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201508-386",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "0aca935a-1e69-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "7c567132-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-84422",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "0aca935a-1e69-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7c567132-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-05940"
},
{
"db": "CNVD",
"id": "CNVD-2015-05740"
},
{
"db": "VULHUB",
"id": "VHN-84422"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008242"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-386"
},
{
"db": "NVD",
"id": "CVE-2015-6461"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Remote file inclusion allows an attacker to craft a specific URL referencing the Schneider Electric Modicon BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, or BMXP342030H PLC web server, which, when launched, will result in the browser redirecting to a remote file via a Java script loaded with the web page. plural Schneider Electric Modicon The product contains an input validation vulnerability.Information may be obtained and information may be altered. Modicon PLC is a programmable controller product for the dam, energy, food agriculture and other industries. Schneider Electric Modicon M340 PLC is a medium-sized PLC platform for industrial processes and architectures. There are several security holes in the Modicon M340 PLC Station P34 module. Exploitation of these vulnerabilities could allow remote attackers to obtain sensitive information or execute arbitrary code on a web server, bypass authentication mechanisms, and access vulnerable devices",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-6461"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008242"
},
{
"db": "CNVD",
"id": "CNVD-2015-05940"
},
{
"db": "CNVD",
"id": "CNVD-2015-05740"
},
{
"db": "BID",
"id": "76327"
},
{
"db": "IVD",
"id": "0aca935a-1e69-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7c567132-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-84422"
}
],
"trust": 3.42
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-6461",
"trust": 3.8
},
{
"db": "ICS CERT",
"id": "ICSA-15-246-02",
"trust": 3.1
},
{
"db": "CNNVD",
"id": "CNNVD-201508-386",
"trust": 1.1
},
{
"db": "BID",
"id": "76327",
"trust": 1.0
},
{
"db": "CNVD",
"id": "CNVD-2015-05740",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2015-05940",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008242",
"trust": 0.8
},
{
"db": "SCHNEIDER",
"id": "SEVD-2015-233-01",
"trust": 0.6
},
{
"db": "IVD",
"id": "0ACA935A-1E69-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "7C567132-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-84422",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "0aca935a-1e69-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7c567132-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-05940"
},
{
"db": "CNVD",
"id": "CNVD-2015-05740"
},
{
"db": "VULHUB",
"id": "VHN-84422"
},
{
"db": "BID",
"id": "76327"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008242"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-386"
},
{
"db": "NVD",
"id": "CVE-2015-6461"
}
]
},
"id": "VAR-201903-0642",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "0aca935a-1e69-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7c567132-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-05940"
},
{
"db": "CNVD",
"id": "CNVD-2015-05740"
},
{
"db": "VULHUB",
"id": "VHN-84422"
}
],
"trust": 2.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.6
}
],
"sources": [
{
"db": "IVD",
"id": "0aca935a-1e69-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7c567132-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-05940"
},
{
"db": "CNVD",
"id": "CNVD-2015-05740"
}
]
},
"last_update_date": "2024-11-23T22:30:07.790000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "\u30c8\u30c3\u30d7\u30da\u30fc\u30b8",
"trust": 0.8,
"url": "https://www.se.com/jp/ja/"
},
{
"title": "Schneider Electric Modicon PLC file contains patches for vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/63776"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05940"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008242"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
},
{
"problemtype": "CWE-98",
"trust": 1.0
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-84422"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008242"
},
{
"db": "NVD",
"id": "CVE-2015-6461"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-246-02"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-6461"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6461"
},
{
"trust": 0.6,
"url": "http://download.schneider-electric.com/files?p_file_id=1039693246\u0026amp;p_file_name=sevd-2015-233-01.pdf"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/76327"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05940"
},
{
"db": "CNVD",
"id": "CNVD-2015-05740"
},
{
"db": "VULHUB",
"id": "VHN-84422"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008242"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-386"
},
{
"db": "NVD",
"id": "CVE-2015-6461"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "0aca935a-1e69-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7c567132-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-05940"
},
{
"db": "CNVD",
"id": "CNVD-2015-05740"
},
{
"db": "VULHUB",
"id": "VHN-84422"
},
{
"db": "BID",
"id": "76327"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008242"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-386"
},
{
"db": "NVD",
"id": "CVE-2015-6461"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-09-01T00:00:00",
"db": "IVD",
"id": "0aca935a-1e69-11e6-abef-000c29c66e3d"
},
{
"date": "2015-09-11T00:00:00",
"db": "IVD",
"id": "7c567132-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2015-09-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05940"
},
{
"date": "2015-09-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05740"
},
{
"date": "2019-03-21T00:00:00",
"db": "VULHUB",
"id": "VHN-84422"
},
{
"date": "2015-08-12T00:00:00",
"db": "BID",
"id": "76327"
},
{
"date": "2019-05-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-008242"
},
{
"date": "2015-08-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-386"
},
{
"date": "2019-03-21T19:29:00.267000",
"db": "NVD",
"id": "CVE-2015-6461"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-09-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05940"
},
{
"date": "2015-09-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05740"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-84422"
},
{
"date": "2015-11-03T19:30:00",
"db": "BID",
"id": "76327"
},
{
"date": "2019-05-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-008242"
},
{
"date": "2019-10-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-386"
},
{
"date": "2024-11-21T02:35:00.673000",
"db": "NVD",
"id": "CVE-2015-6461"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-386"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric Modicon PLC File contains vulnerabilities",
"sources": [
{
"db": "IVD",
"id": "7c567132-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-05940"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input validation error",
"sources": [
{
"db": "IVD",
"id": "0aca935a-1e69-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7c567132-2351-11e6-abef-000c29c66e3d"
},
{
"db": "BID",
"id": "76327"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-386"
}
],
"trust": 1.3
}
}
var-201903-0624
Vulnerability from variot
Reflected Cross-Site Scripting (nonpersistent) allows an attacker to craft a specific URL, which contains Java script that will be executed on the Schneider Electric Modicon BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, or BMXP342030H PLC client browser. plural Schneider Electric Modicon The product contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Modicon PLC is a programmable controller product for the dam, energy, food agriculture and other industries. Multiple Schneider Electric Modicon M340 PLC products are prone to an unspecified cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. Schneider Electric Modicon PLC BMXNOC0401 etc. are programmable controllers of French Schneider Electric (Schneider Electric). The following products are affected: Schneider Electric Modicon PLC BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, BMXP3420303030
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201903-0624",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "modicon m340 bmxp3420302h",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp342030h",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxnoe0100",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxnoe0110",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxnoc0401",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxnoe0110h",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxnor0200h",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp3420302",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp342030",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp342020h",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp342020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxnoc0401",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxnoe0100",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxnoe0110",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxnoe0110h",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxnor0200h",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxp342020",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxp342020h",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxp342030",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxp3420302",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxp3420302h",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "electric modicon plc",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "modicon m340 bmxp342030h",
"scope": null,
"trust": 0.3,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp3420302h",
"scope": null,
"trust": 0.3,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp3420302",
"scope": null,
"trust": 0.3,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp342030",
"scope": null,
"trust": 0.3,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp342020h",
"scope": null,
"trust": 0.3,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp342020",
"scope": null,
"trust": 0.3,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxnor0200h",
"scope": null,
"trust": 0.3,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxnoe0110h",
"scope": null,
"trust": 0.3,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxnoe0110",
"scope": null,
"trust": 0.3,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxnoe0100",
"scope": null,
"trust": 0.3,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxnoc0401",
"scope": null,
"trust": 0.3,
"vendor": "schneider electric",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxnoc0401",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxp3420302h",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxp342030h",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxnoe0100",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxnoe0110",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxnoe0110h",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxnor0200h",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxp342020",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxp342020h",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxp342030",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxp3420302",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "7c549830-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-05939"
},
{
"db": "BID",
"id": "76613"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008241"
},
{
"db": "NVD",
"id": "CVE-2015-6462"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:schneider_electric:bmxnoc0401_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:bmxnoe0100_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:bmxnoe0110_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:bmxnoe0110h_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:bmxnor0200h_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:bmxp342020_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:bmxp342020h_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:bmxp342030_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:bmxp3420302_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:bmxp3420302h_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-008241"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Aditya K. Sood and Juan Francisco Bolivar",
"sources": [
{
"db": "BID",
"id": "76613"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-443"
}
],
"trust": 0.9
},
"cve": "CVE-2015-6462",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "CVE-2015-6462",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 3.2,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.1,
"id": "CNVD-2015-05939",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 3.2,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.1,
"id": "7c549830-2351-11e6-abef-000c29c66e3d",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "VHN-84423",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.3,
"id": "CVE-2015-6462",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-6462",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2015-6462",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2015-05939",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201509-443",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "7c549830-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-84423",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "7c549830-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-05939"
},
{
"db": "VULHUB",
"id": "VHN-84423"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008241"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-443"
},
{
"db": "NVD",
"id": "CVE-2015-6462"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Reflected Cross-Site Scripting (nonpersistent) allows an attacker to craft a specific URL, which contains Java script that will be executed on the Schneider Electric Modicon BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, or BMXP342030H PLC client browser. plural Schneider Electric Modicon The product contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Modicon PLC is a programmable controller product for the dam, energy, food agriculture and other industries. Multiple Schneider Electric Modicon M340 PLC products are prone to an unspecified cross-site scripting vulnerability because it fails to sanitize user-supplied input. \nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. Schneider Electric Modicon PLC BMXNOC0401 etc. are programmable controllers of French Schneider Electric (Schneider Electric). The following products are affected: Schneider Electric Modicon PLC BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, BMXP3420303030",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-6462"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008241"
},
{
"db": "CNVD",
"id": "CNVD-2015-05939"
},
{
"db": "BID",
"id": "76613"
},
{
"db": "IVD",
"id": "7c549830-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-84423"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-6462",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-15-246-02",
"trust": 3.4
},
{
"db": "CNNVD",
"id": "CNNVD-201509-443",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2015-05939",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008241",
"trust": 0.8
},
{
"db": "SCHNEIDER",
"id": "SEVD-2015-233-01",
"trust": 0.6
},
{
"db": "BID",
"id": "76613",
"trust": 0.4
},
{
"db": "IVD",
"id": "7C549830-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-84423",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "7c549830-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-05939"
},
{
"db": "VULHUB",
"id": "VHN-84423"
},
{
"db": "BID",
"id": "76613"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008241"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-443"
},
{
"db": "NVD",
"id": "CVE-2015-6462"
}
]
},
"id": "VAR-201903-0624",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "7c549830-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-05939"
},
{
"db": "VULHUB",
"id": "VHN-84423"
}
],
"trust": 1.73333335
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "7c549830-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-05939"
}
]
},
"last_update_date": "2024-11-23T22:30:07.838000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "\u30c8\u30c3\u30d7\u30da\u30fc\u30b8",
"trust": 0.8,
"url": "https://www.se.com/jp/ja/"
},
{
"title": "Patch for Schneider Electric Modicon PLC Cross-Site Scripting Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/63775"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05939"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008241"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-84423"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008241"
},
{
"db": "NVD",
"id": "CVE-2015-6462"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-246-02"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-6462"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6462"
},
{
"trust": 0.6,
"url": "http://download.schneider-electric.com/files?p_file_id=1039693246\u0026amp;p_file_name=sevd-2015-233-01.pdf"
},
{
"trust": 0.3,
"url": "http://www.schneider-electric.com/en/product-range/1468-modicon-m340/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05939"
},
{
"db": "VULHUB",
"id": "VHN-84423"
},
{
"db": "BID",
"id": "76613"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008241"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-443"
},
{
"db": "NVD",
"id": "CVE-2015-6462"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "7c549830-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-05939"
},
{
"db": "VULHUB",
"id": "VHN-84423"
},
{
"db": "BID",
"id": "76613"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008241"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-443"
},
{
"db": "NVD",
"id": "CVE-2015-6462"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-09-11T00:00:00",
"db": "IVD",
"id": "7c549830-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2015-09-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05939"
},
{
"date": "2019-03-21T00:00:00",
"db": "VULHUB",
"id": "VHN-84423"
},
{
"date": "2015-09-03T00:00:00",
"db": "BID",
"id": "76613"
},
{
"date": "2019-05-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-008241"
},
{
"date": "2015-09-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201509-443"
},
{
"date": "2019-03-21T19:29:00.317000",
"db": "NVD",
"id": "CVE-2015-6462"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-09-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05939"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-84423"
},
{
"date": "2015-09-03T00:00:00",
"db": "BID",
"id": "76613"
},
{
"date": "2019-05-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-008241"
},
{
"date": "2019-10-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201509-443"
},
{
"date": "2024-11-21T02:35:00.833000",
"db": "NVD",
"id": "CVE-2015-6462"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201509-443"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric Modicon PLC Cross-Site Scripting Vulnerability",
"sources": [
{
"db": "IVD",
"id": "7c549830-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-05939"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201509-443"
}
],
"trust": 0.6
}
}
var-201706-0453
Vulnerability from variot
A Resource Exhaustion issue was discovered in Schneider Electric Modicon M340 PLC BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP341000, BMXP342000, BMXP3420102, BMXP3420102CL, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, and BMXP342030H. A remote attacker could send a specially crafted set of packets to the PLC causing it to freeze, requiring the operator to physically press the reset button on the PLC in order to recover. SchneiderElectricModiconM340PLC is a programmable controller product from Schneider Electric, France. A denial of service vulnerability exists in SchneiderElectricModiconM340PLC. A remote attacker could exploit this vulnerability to make the device unresponsive, resulting in a denial of service. The following versions are affected: Modicon M340 PLC BMXNOC0401 ; BMXNOE0100 ; BMXNOE0110 ; BMXNOE0110H ; BMXNOR0200H ; BMXP341000 ; BMXP342000 ; BMXP3420102 ; BMXP3420102CL ; BMXP342020 ; BMXP342020H ; BMXP342030 ; BMXP3420302 ; BMXP3420302H ; BMXP342030H
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201706-0453",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "bmxnoe0100",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.8"
},
{
"model": "modicon m340 bmxp3420102",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.8"
},
{
"model": "bmxnoe0110",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.8"
},
{
"model": "modicon m340 bmxp342020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.8"
},
{
"model": "bmxnoe0110h",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.8"
},
{
"model": "bmxnor0200h",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.8"
},
{
"model": "bmxnoc0401",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.8"
},
{
"model": "modicon m340 bmxp342030",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.8"
},
{
"model": "modicon m340 bmxp342030h",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.8"
},
{
"model": "modicon m340 bmxp3420302",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.8"
},
{
"model": "modicon m340 bmxp342020h",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.8"
},
{
"model": "modicon m340 bmxp342000",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.8"
},
{
"model": "modicon m340 bmxp341000",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.8"
},
{
"model": "modicon m340 bmxp3420302h",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.8"
},
{
"model": "modicon m340 bmxp3420102cl",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.8"
},
{
"model": "modicon m340 plc",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "electric modicon m340 plc",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "bmxp342020",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "2.8"
},
{
"model": "bmxp3420102cl",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "2.8"
},
{
"model": "bmxp342000",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "2.8"
},
{
"model": "bmxp3420302",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "2.8"
},
{
"model": "bmxp3420302h",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "2.8"
},
{
"model": "m340 plc",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "2.8"
},
{
"model": "bmxp342020h",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "2.8"
},
{
"model": "bmxp342030",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "2.8"
},
{
"model": "bmxp342030h",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "2.8"
},
{
"model": "bmxp3420102",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "2.8"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxnoc0401",
"version": "2.8"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxp342020",
"version": "2.8"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxp342020h",
"version": "2.8"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxp342030",
"version": "2.8"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxp3420302",
"version": "2.8"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxp3420302h",
"version": "2.8"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxp342030h",
"version": "2.8"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxnoe0100",
"version": "2.8"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxnoe0110",
"version": "2.8"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxnoe0110h",
"version": "2.8"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxnor0200h",
"version": "2.8"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxp341000",
"version": "2.8"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxp342000",
"version": "2.8"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxp3420102",
"version": "2.8"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxp3420102cl",
"version": "2.8"
}
],
"sources": [
{
"db": "IVD",
"id": "42f18207-58b3-4f72-aee4-b1b10da6e76d"
},
{
"db": "CNVD",
"id": "CNVD-2017-03144"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005159"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-595"
},
{
"db": "NVD",
"id": "CVE-2017-6017"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:schneider_electric:m340_plc_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-005159"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Luis Francisco Martin Liras.",
"sources": [
{
"db": "BID",
"id": "96414"
}
],
"trust": 0.3
},
"cve": "CVE-2017-6017",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2017-6017",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-03144",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "42f18207-58b3-4f72-aee4-b1b10da6e76d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-114220",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2017-6017",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-6017",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-6017",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-03144",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201702-595",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "42f18207-58b3-4f72-aee4-b1b10da6e76d",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-114220",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "42f18207-58b3-4f72-aee4-b1b10da6e76d"
},
{
"db": "CNVD",
"id": "CNVD-2017-03144"
},
{
"db": "VULHUB",
"id": "VHN-114220"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005159"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-595"
},
{
"db": "NVD",
"id": "CVE-2017-6017"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A Resource Exhaustion issue was discovered in Schneider Electric Modicon M340 PLC BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP341000, BMXP342000, BMXP3420102, BMXP3420102CL, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, and BMXP342030H. A remote attacker could send a specially crafted set of packets to the PLC causing it to freeze, requiring the operator to physically press the reset button on the PLC in order to recover. SchneiderElectricModiconM340PLC is a programmable controller product from Schneider Electric, France. A denial of service vulnerability exists in SchneiderElectricModiconM340PLC. A remote attacker could exploit this vulnerability to make the device unresponsive, resulting in a denial of service. The following versions are affected: Modicon M340 PLC BMXNOC0401 ; BMXNOE0100 ; BMXNOE0110 ; BMXNOE0110H ; BMXNOR0200H ; BMXP341000 ; BMXP342000 ; BMXP3420102 ; BMXP3420102CL ; BMXP342020 ; BMXP342020H ; BMXP342030 ; BMXP3420302 ; BMXP3420302H ; BMXP342030H ",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-6017"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005159"
},
{
"db": "CNVD",
"id": "CNVD-2017-03144"
},
{
"db": "BID",
"id": "96414"
},
{
"db": "IVD",
"id": "42f18207-58b3-4f72-aee4-b1b10da6e76d"
},
{
"db": "VULHUB",
"id": "VHN-114220"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-6017",
"trust": 3.6
},
{
"db": "BID",
"id": "96414",
"trust": 2.6
},
{
"db": "ICS CERT",
"id": "ICSA-17-054-03",
"trust": 2.5
},
{
"db": "SCHNEIDER",
"id": "SEVD-2017-048-02",
"trust": 1.1
},
{
"db": "CNNVD",
"id": "CNNVD-201702-595",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2017-03144",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005159",
"trust": 0.8
},
{
"db": "IVD",
"id": "42F18207-58B3-4F72-AEE4-B1B10DA6E76D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-114220",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "42f18207-58b3-4f72-aee4-b1b10da6e76d"
},
{
"db": "CNVD",
"id": "CNVD-2017-03144"
},
{
"db": "VULHUB",
"id": "VHN-114220"
},
{
"db": "BID",
"id": "96414"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005159"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-595"
},
{
"db": "NVD",
"id": "CVE-2017-6017"
}
]
},
"id": "VAR-201706-0453",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "42f18207-58b3-4f72-aee4-b1b10da6e76d"
},
{
"db": "CNVD",
"id": "CNVD-2017-03144"
},
{
"db": "VULHUB",
"id": "VHN-114220"
}
],
"trust": 1.9
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "42f18207-58b3-4f72-aee4-b1b10da6e76d"
},
{
"db": "CNVD",
"id": "CNVD-2017-03144"
}
]
},
"last_update_date": "2024-11-23T22:56:12.246000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Modicon M340",
"trust": 0.8,
"url": "http://www.schneider-electric.com/en/product-range/1468-modicon-m340"
},
{
"title": "SchneiderElectricModiconM340PLC denial of service vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/90690"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-03144"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005159"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-400",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-114220"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005159"
},
{
"db": "NVD",
"id": "CVE-2017-6017"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-054-03"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/96414"
},
{
"trust": 1.1,
"url": "https://www.schneider-electric.com/en/download/document/sevd-2017-048-02/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6017"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-6017"
},
{
"trust": 0.3,
"url": "http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-03144"
},
{
"db": "VULHUB",
"id": "VHN-114220"
},
{
"db": "BID",
"id": "96414"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005159"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-595"
},
{
"db": "NVD",
"id": "CVE-2017-6017"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "42f18207-58b3-4f72-aee4-b1b10da6e76d"
},
{
"db": "CNVD",
"id": "CNVD-2017-03144"
},
{
"db": "VULHUB",
"id": "VHN-114220"
},
{
"db": "BID",
"id": "96414"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005159"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-595"
},
{
"db": "NVD",
"id": "CVE-2017-6017"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-03-23T00:00:00",
"db": "IVD",
"id": "42f18207-58b3-4f72-aee4-b1b10da6e76d"
},
{
"date": "2017-03-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-03144"
},
{
"date": "2017-06-30T00:00:00",
"db": "VULHUB",
"id": "VHN-114220"
},
{
"date": "2017-02-23T00:00:00",
"db": "BID",
"id": "96414"
},
{
"date": "2017-07-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-005159"
},
{
"date": "2017-02-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-595"
},
{
"date": "2017-06-30T03:29:00.233000",
"db": "NVD",
"id": "CVE-2017-6017"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-03-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-03144"
},
{
"date": "2018-12-24T00:00:00",
"db": "VULHUB",
"id": "VHN-114220"
},
{
"date": "2017-03-07T03:09:00",
"db": "BID",
"id": "96414"
},
{
"date": "2017-07-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-005159"
},
{
"date": "2017-07-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-595"
},
{
"date": "2024-11-21T03:28:54.620000",
"db": "NVD",
"id": "CVE-2017-6017"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-595"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric Modicon M340 PLC Denial of service vulnerability",
"sources": [
{
"db": "IVD",
"id": "42f18207-58b3-4f72-aee4-b1b10da6e76d"
},
{
"db": "CNVD",
"id": "CNVD-2017-03144"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-595"
}
],
"trust": 0.6
}
}
var-202202-1169
Vulnerability from variot
A CWE-20: Improper Input Validation vulnerability exists that could cause denial of service of the device when an attacker sends a specially crafted HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (All Versions), Modicon Premium Processors with integrated Ethernet (Copro): TSXP574634, TSXP575634, TSXP576634 (All Versions), Modicon Quantum Processors with Integrated Ethernet (Copro): 140CPU65xxxxx (All Versions), Modicon Quantum Communication Modules: 140NOE771x1, 140NOC78x00, 140NOC77101 (All Versions), Modicon Premium Communication Modules: TSXETY4103, TSXETY5103 (All Versions). plural Schneider Electric The product contains an input validation vulnerability.Service operation interruption (DoS) It may be in a state. Both Schneider Electric Modicon Quantum and Schneider Electric Modicon M340 are products of the French company Schneider Electric (Schneider Electric). The Schneider Electric Modicon Quantum is a large programmable logic controller (PLC) for process applications, high availability and safety solutions. The Schneider Electric Modicon M340 is a mid-range PLC (Programmable Logic Controller) for industrial processes and infrastructure
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202202-1169",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "140noc78x00",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon m340 bmxp342020",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.40"
},
{
"model": "bmxnoe0100",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "bmxnoc0401",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "140noc77101",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "140cpu65150",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "tsxp576634",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "bmxnoe0110",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "bmxnor0200h rtu",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "140noe771x1",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "tsxety4103",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "tsxety5103",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "tsxp574634",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "tsxp575634",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "bmxnor0200h rtu",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxnoe0100",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxnoe0110",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp574634",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp575634",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxnoc0401",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp576634",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon quantum 140cpu65150",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxp342020",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "140noe771x1",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "electric modicon m340 cpus bmxp34",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "(\u003c=3.40)"
},
{
"model": "electric modicon m340 ethernet communication modules bmxnoe0100",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "x80"
},
{
"model": "electric modicon m340 ethernet communication modules bmxnoe0110",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "x80"
},
{
"model": "electric modicon m340 ethernet communication modules bmxnoc0401",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "x80"
},
{
"model": "electric modicon m340 ethernet communication modules bmxnor0200h rtu",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "x80"
},
{
"model": "electric modicon premium processors with integrated ethernet tsxp574634",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon premium processors with integrated ethernet tsxp575634",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon premium processors with integrated ethernet tsxp576634",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon premium processors with integrated ethernet 140cpu65xxxxx",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon quantum communication modules 140noe771x1",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon quantum communication modules 140noc78x00",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon quantum communication modules 140noc77101",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon quantum communication modules tsxety4103",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon quantum communication modules tsxety5103",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-68927"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-018469"
},
{
"db": "NVD",
"id": "CVE-2021-22787"
}
]
},
"cve": "CVE-2021-22787",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2021-22787",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2022-68927",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2021-22787",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2021-22787",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-22787",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-22787",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2022-68927",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202202-1044",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-68927"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-018469"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1044"
},
{
"db": "NVD",
"id": "CVE-2021-22787"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A CWE-20: Improper Input Validation vulnerability exists that could cause denial of service of the device when an attacker sends a specially crafted HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (All Versions), Modicon Premium Processors with integrated Ethernet (Copro): TSXP574634, TSXP575634, TSXP576634 (All Versions), Modicon Quantum Processors with Integrated Ethernet (Copro): 140CPU65xxxxx (All Versions), Modicon Quantum Communication Modules: 140NOE771x1, 140NOC78x00, 140NOC77101 (All Versions), Modicon Premium Communication Modules: TSXETY4103, TSXETY5103 (All Versions). plural Schneider Electric The product contains an input validation vulnerability.Service operation interruption (DoS) It may be in a state. Both Schneider Electric Modicon Quantum and Schneider Electric Modicon M340 are products of the French company Schneider Electric (Schneider Electric). The Schneider Electric Modicon Quantum is a large programmable logic controller (PLC) for process applications, high availability and safety solutions. The Schneider Electric Modicon M340 is a mid-range PLC (Programmable Logic Controller) for industrial processes and infrastructure",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-22787"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-018469"
},
{
"db": "CNVD",
"id": "CNVD-2022-68927"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-22787",
"trust": 3.8
},
{
"db": "SCHNEIDER",
"id": "SEVD-2021-257-02",
"trust": 2.2
},
{
"db": "JVNDB",
"id": "JVNDB-2021-018469",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-68927",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1044",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-68927"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-018469"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1044"
},
{
"db": "NVD",
"id": "CVE-2021-22787"
}
]
},
"id": "VAR-202202-1169",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-68927"
}
],
"trust": 1.5192307692307692
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-68927"
}
]
},
"last_update_date": "2024-08-14T14:37:39.979000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2021-257-02",
"trust": 0.8,
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-257-02"
},
{
"title": "Patch for Input validation errors in multiple Schneider Electric products",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/356576"
},
{
"title": "Schneider Electric Modicon M340 Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=183390"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-68927"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-018469"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1044"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.0
},
{
"problemtype": "Inappropriate input confirmation (CWE-20) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-018469"
},
{
"db": "NVD",
"id": "CVE-2021-22787"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "https://download.schneider-electric.com/files?p_doc_ref=sevd-2021-257-02"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22787"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-68927"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-018469"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1044"
},
{
"db": "NVD",
"id": "CVE-2021-22787"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-68927"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-018469"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1044"
},
{
"db": "NVD",
"id": "CVE-2021-22787"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-68927"
},
{
"date": "2023-06-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-018469"
},
{
"date": "2022-02-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202202-1044"
},
{
"date": "2022-02-11T18:15:09",
"db": "NVD",
"id": "CVE-2021-22787"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-68927"
},
{
"date": "2023-06-15T07:41:00",
"db": "JVNDB",
"id": "JVNDB-2021-018469"
},
{
"date": "2022-02-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202202-1044"
},
{
"date": "2024-04-10T12:28:45.957000",
"db": "NVD",
"id": "CVE-2021-22787"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202202-1044"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0Schneider\u00a0Electric\u00a0 Product input verification vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-018469"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202202-1044"
}
],
"trust": 0.6
}
}
var-202202-1170
Vulnerability from variot
A CWE-787: Out-of-bounds Write vulnerability exists that could cause denial of service when an attacker sends a specially crafted HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (All Versions), Modicon Premium Processors with integrated Ethernet (Copro): TSXP574634, TSXP575634, TSXP576634 (All Versions), Modicon Quantum Processors with Integrated Ethernet (Copro): 140CPU65xxxxx (All Versions), Modicon Quantum Communication Modules: 140NOE771x1, 140NOC78x00, 140NOC77101 (All Versions), Modicon Premium Communication Modules: TSXETY4103, TSXETY5103 (All Versions). plural Schneider Electric The product contains a vulnerability related to out-of-bounds writes.Service operation interruption (DoS) It may be in a state. Both Schneider Electric Modicon Quantum and Schneider Electric Modicon M340 are products of the French company Schneider Electric (Schneider Electric). The Schneider Electric Modicon Quantum is a large programmable logic controller (PLC) for process applications, high availability and safety solutions. The Schneider Electric Modicon M340 is a mid-range PLC (Programmable Logic Controller) for industrial processes and infrastructure
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202202-1170",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "140noc78x00",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon m340 bmxp342020",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.40"
},
{
"model": "bmxnoe0100",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "bmxnoc0401",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "140noc77101",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "140cpu65150",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "tsxp576634",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "bmxnoe0110",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "bmxnor0200h rtu",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "140noe771x1",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "tsxety4103",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "tsxety5103",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "tsxp574634",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "tsxp575634",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "bmxnor0200h rtu",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxnoe0100",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxnoe0110",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp574634",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp575634",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxnoc0401",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp576634",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon quantum 140cpu65150",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxp342020",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "140noe771x1",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "electric modicon m340 cpus bmxp34",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "(\u003c=3.40)"
},
{
"model": "electric modicon m340 ethernet communication modules bmxnoe0100",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "x80"
},
{
"model": "electric modicon m340 ethernet communication modules bmxnoe0110",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "x80"
},
{
"model": "electric modicon m340 ethernet communication modules bmxnoc0401",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "x80"
},
{
"model": "electric modicon m340 ethernet communication modules bmxnor0200h rtu",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "x80"
},
{
"model": "electric modicon premium processors with integrated ethernet tsxp574634",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon premium processors with integrated ethernet tsxp575634",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon premium processors with integrated ethernet tsxp576634",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon premium processors with integrated ethernet 140cpu65xxxxx",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon quantum communication modules 140noe771x1",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon quantum communication modules 140noc78x00",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon quantum communication modules 140noc77101",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon quantum communication modules tsxety4103",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon quantum communication modules tsxety5103",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-68926"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-018467"
},
{
"db": "NVD",
"id": "CVE-2021-22788"
}
]
},
"cve": "CVE-2021-22788",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2021-22788",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2022-68926",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2021-22788",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2021-22788",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-22788",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-22788",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2022-68926",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202202-1045",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-68926"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-018467"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1045"
},
{
"db": "NVD",
"id": "CVE-2021-22788"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A CWE-787: Out-of-bounds Write vulnerability exists that could cause denial of service when an attacker sends a specially crafted HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (All Versions), Modicon Premium Processors with integrated Ethernet (Copro): TSXP574634, TSXP575634, TSXP576634 (All Versions), Modicon Quantum Processors with Integrated Ethernet (Copro): 140CPU65xxxxx (All Versions), Modicon Quantum Communication Modules: 140NOE771x1, 140NOC78x00, 140NOC77101 (All Versions), Modicon Premium Communication Modules: TSXETY4103, TSXETY5103 (All Versions). plural Schneider Electric The product contains a vulnerability related to out-of-bounds writes.Service operation interruption (DoS) It may be in a state. Both Schneider Electric Modicon Quantum and Schneider Electric Modicon M340 are products of the French company Schneider Electric (Schneider Electric). The Schneider Electric Modicon Quantum is a large programmable logic controller (PLC) for process applications, high availability and safety solutions. The Schneider Electric Modicon M340 is a mid-range PLC (Programmable Logic Controller) for industrial processes and infrastructure",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-22788"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-018467"
},
{
"db": "CNVD",
"id": "CNVD-2022-68926"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-22788",
"trust": 3.8
},
{
"db": "SCHNEIDER",
"id": "SEVD-2021-257-02",
"trust": 2.2
},
{
"db": "JVNDB",
"id": "JVNDB-2021-018467",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-68926",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1045",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-68926"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-018467"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1045"
},
{
"db": "NVD",
"id": "CVE-2021-22788"
}
]
},
"id": "VAR-202202-1170",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-68926"
}
],
"trust": 1.5192307692307692
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-68926"
}
]
},
"last_update_date": "2024-08-14T14:37:40.008000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2021-257-02",
"trust": 0.8,
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-257-02"
},
{
"title": "Patch for Out-of-bounds write vulnerabilities in multiple Schneider Electric products",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/356581"
},
{
"title": "Schneider Electric Repair measures for buffer errors and vulnerabilities in many products",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=183391"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-68926"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-018467"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1045"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-018467"
},
{
"db": "NVD",
"id": "CVE-2021-22788"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "https://download.schneider-electric.com/files?p_doc_ref=sevd-2021-257-02"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22788"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-68926"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-018467"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1045"
},
{
"db": "NVD",
"id": "CVE-2021-22788"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-68926"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-018467"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1045"
},
{
"db": "NVD",
"id": "CVE-2021-22788"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-68926"
},
{
"date": "2023-06-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-018467"
},
{
"date": "2022-02-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202202-1045"
},
{
"date": "2022-02-11T18:15:09.057000",
"db": "NVD",
"id": "CVE-2021-22788"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-68926"
},
{
"date": "2023-06-15T07:35:00",
"db": "JVNDB",
"id": "JVNDB-2021-018467"
},
{
"date": "2022-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202202-1045"
},
{
"date": "2024-04-10T12:28:45.957000",
"db": "NVD",
"id": "CVE-2021-22788"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202202-1045"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0Schneider\u00a0Electric\u00a0 Out-of-bounds write vulnerabilities in the product",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-018467"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202202-1045"
}
],
"trust": 0.6
}
}
var-202406-0502
Vulnerability from variot
CWE-552: Files or Directories Accessible to External Parties vulnerability exists which may prevent user to update the device firmware and prevent proper behavior of the webserver when specific files or directories are removed from the filesystem. Schneider Electric of Modicon M340 firmware, BMXNOE0100 firmware, BMXNOE0110 Firmware contains vulnerabilities related to externally accessible files or directories.Information is tampered with and service operation is interrupted (DoS) It may be in a state. Schneider Electric Modicon M340 is a medium-range PLC (programmable logic controller) for industrial processes and infrastructure from Schneider Electric, a French company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202406-0502",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "bmxnoe0110",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "bmxnoe0100",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon m340",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon m340",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxnoe0100",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxnoe0110",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "electric modicon m340",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-29560"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-006466"
},
{
"db": "NVD",
"id": "CVE-2024-5056"
}
]
},
"cve": "CVE-2024-5056",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2024-29560",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2024-5056",
"impactScore": 2.5,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "Low",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2024-5056",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2024-5056",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "cybersecurity@se.com",
"id": "CVE-2024-5056",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2024-5056",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2024-29560",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-29560"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-006466"
},
{
"db": "NVD",
"id": "CVE-2024-5056"
},
{
"db": "NVD",
"id": "CVE-2024-5056"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CWE-552: Files or Directories Accessible to External Parties vulnerability exists which may\nprevent user to update the device firmware and prevent proper behavior of the webserver when\nspecific files or directories are removed from the filesystem. Schneider Electric of Modicon M340 firmware, BMXNOE0100 firmware, BMXNOE0110 Firmware contains vulnerabilities related to externally accessible files or directories.Information is tampered with and service operation is interrupted (DoS) It may be in a state. Schneider Electric Modicon M340 is a medium-range PLC (programmable logic controller) for industrial processes and infrastructure from Schneider Electric, a French company",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-5056"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-006466"
},
{
"db": "CNVD",
"id": "CNVD-2024-29560"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-5056",
"trust": 3.2
},
{
"db": "SCHNEIDER",
"id": "SEVD-2024-163-01",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2024-006466",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2024-29560",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-29560"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-006466"
},
{
"db": "NVD",
"id": "CVE-2024-5056"
}
]
},
"id": "VAR-202406-0502",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-29560"
}
],
"trust": 1.5935065
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-29560"
}
]
},
"last_update_date": "2024-08-27T23:03:27.425000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Schneider Electric Modicon M340 Denial of Service Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/563691"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-29560"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-552",
"trust": 1.0
},
{
"problemtype": "Externally accessible file or directory (CWE-552) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-006466"
},
{
"db": "NVD",
"id": "CVE-2024-5056"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://download.schneider-electric.com/files?p_doc_ref=sevd-2024-163-01\u0026p_endoctype=security+and+safety+notice\u0026p_file_name=sevd-2024-163-01.pdf"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-5056"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-29560"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-006466"
},
{
"db": "NVD",
"id": "CVE-2024-5056"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2024-29560"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-006466"
},
{
"db": "NVD",
"id": "CVE-2024-5056"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-06-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-29560"
},
{
"date": "2024-08-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-006466"
},
{
"date": "2024-06-12T12:15:10.233000",
"db": "NVD",
"id": "CVE-2024-5056"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-06-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-29560"
},
{
"date": "2024-08-26T04:43:00",
"db": "JVNDB",
"id": "JVNDB-2024-006466"
},
{
"date": "2024-08-23T16:04:14.643000",
"db": "NVD",
"id": "CVE-2024-5056"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0Schneider\u00a0Electric\u00a0 Vulnerabilities related to externally accessible files or directories in the product",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-006466"
}
],
"trust": 0.8
}
}
var-202012-1387
Vulnerability from variot
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal' Vulnerability Type) vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause disclosure of information when sending a specially crafted request to the controller over HTTP. plural Schneider Electric The product contains a path traversal vulnerability.Information may be obtained
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202012-1387",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "140noc77101",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "bmxnoe0110",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "6.6"
},
{
"model": "140cpu65150",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "tsxety4103",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "tsxety5103",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "140noe77101",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "7.3"
},
{
"model": "modicon m340 bmxp3420102",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.30"
},
{
"model": "modicon m340 bmxp3420302",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.30"
},
{
"model": "tsxp575634",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon m340 bmxp342020",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.30"
},
{
"model": "modicon m340 bmxp341000",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.30"
},
{
"model": "bmxnoe0100",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.4"
},
{
"model": "tsxp576634",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon m340 bmxp3420102cl",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.30"
},
{
"model": "140noc78100",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "140noc78000",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon m340 bmxp3420302cl",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.30"
},
{
"model": "140cpu65160",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "140noe77111",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "7.3"
},
{
"model": "tsxp574634",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "modicon m340 bmxp342000",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.30"
},
{
"model": "140noe 77101",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxnoe0110",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxp3420102",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxp3420302cl",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxp3420102cl",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxp342020",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxp342000",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxp341000",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxp3420302",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxnoe0100",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014327"
},
{
"db": "NVD",
"id": "CVE-2020-7535"
}
]
},
"cve": "CVE-2020-7535",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2020-7535",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-7535",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-7535",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-7535",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2020-7535",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202012-934",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014327"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-934"
},
{
"db": "NVD",
"id": "CVE-2020-7535"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027 Vulnerability Type) vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause disclosure of information when sending a specially crafted request to the controller over HTTP. plural Schneider Electric The product contains a path traversal vulnerability.Information may be obtained",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-7535"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014327"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-7535",
"trust": 2.4
},
{
"db": "SCHNEIDER",
"id": "SEVD-2020-343-05",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014327",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202012-934",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014327"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-934"
},
{
"db": "NVD",
"id": "CVE-2020-7535"
}
]
},
"id": "VAR-202012-1387",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.8333333
},
"last_update_date": "2024-11-23T22:58:05.427000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2020-343-05",
"trust": 0.8,
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-05/"
},
{
"title": "Schneider Electric Modicon M340 Repair measures for path traversal vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=136598"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014327"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-934"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.0
},
{
"problemtype": "Path traversal (CWE-22) [ Other ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014327"
},
{
"db": "NVD",
"id": "CVE-2020-7535"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://www.se.com/ww/en/download/document/sevd-2020-343-05/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7535"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014327"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-934"
},
{
"db": "NVD",
"id": "CVE-2020-7535"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014327"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-934"
},
{
"db": "NVD",
"id": "CVE-2020-7535"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-08-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-014327"
},
{
"date": "2020-12-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202012-934"
},
{
"date": "2020-12-11T01:15:12.127000",
"db": "NVD",
"id": "CVE-2020-7535"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-08-13T08:51:00",
"db": "JVNDB",
"id": "JVNDB-2020-014327"
},
{
"date": "2020-12-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202012-934"
},
{
"date": "2024-11-21T05:37:19.907000",
"db": "NVD",
"id": "CVE-2020-7535"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202012-934"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0Schneider\u00a0Electric\u00a0 Path traversal vulnerabilities in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014327"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202012-934"
}
],
"trust": 0.6
}
}
var-202012-1391
Vulnerability from variot
A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause unauthenticated command execution in the controller when sending special HTTP requests. plural Schneider Electric The product is vulnerable to a lack of authentication for critical features.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202012-1391",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "140noe77111",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "7.1"
},
{
"model": "140cpu65150",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "6.1"
},
{
"model": "modicon m340 bmxp3420102",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.30"
},
{
"model": "140noc77101",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "1.08"
},
{
"model": "bmxnoe0110",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "6.5"
},
{
"model": "modicon m340 bmxp3420302",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.30"
},
{
"model": "modicon m340 bmxp342020",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.30"
},
{
"model": "modicon m340 bmxp341000",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.30"
},
{
"model": "tsxp575634",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "6.1"
},
{
"model": "140noe77101",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "7.1"
},
{
"model": "modicon m340 bmxp342000",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.30"
},
{
"model": "140noc78000",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "1.74"
},
{
"model": "modicon m340 bmxp3420102cl",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.30"
},
{
"model": "bmxnoe0100",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.3"
},
{
"model": "tsxety5103",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "6.4"
},
{
"model": "140noc78100",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "1.74"
},
{
"model": "modicon m340 bmxp3420302cl",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "3.30"
},
{
"model": "tsxety4103",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "6.2"
},
{
"model": "tsxp576634",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "6.1"
},
{
"model": "bmxnoc0401",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.10"
},
{
"model": "bmxnor200h",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "tsxp574634",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "6.1"
},
{
"model": "140cpu65160",
"scope": "lt",
"trust": 1.0,
"vendor": "schneider electric",
"version": "6.1"
},
{
"model": "140noe 77101",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxnoe0110",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxp3420102",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxp3420302cl",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxp3420102cl",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxp342020",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxp342000",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxp341000",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxp3420302",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxnoe0100",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014331"
},
{
"db": "NVD",
"id": "CVE-2020-7540"
}
]
},
"cve": "CVE-2020-7540",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2020-7540",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-7540",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-7540",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-7540",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2020-7540",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202012-938",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2020-7540",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-7540"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014331"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-938"
},
{
"db": "NVD",
"id": "CVE-2020-7540"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause unauthenticated command execution in the controller when sending special HTTP requests. plural Schneider Electric The product is vulnerable to a lack of authentication for critical features.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-7540"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014331"
},
{
"db": "VULMON",
"id": "CVE-2020-7540"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-7540",
"trust": 2.5
},
{
"db": "SCHNEIDER",
"id": "SEVD-2020-343-04",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014331",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202012-938",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-7540",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-7540"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014331"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-938"
},
{
"db": "NVD",
"id": "CVE-2020-7540"
}
]
},
"id": "VAR-202012-1391",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.8333333
},
"last_update_date": "2024-11-23T21:58:51.328000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2020-343-04",
"trust": 0.8,
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-04/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014331"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-306",
"trust": 1.0
},
{
"problemtype": "Lack of authentication for important features (CWE-306) [ Other ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014331"
},
{
"db": "NVD",
"id": "CVE-2020-7540"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.se.com/ww/en/download/document/sevd-2020-343-04/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7540"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/306.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-7540"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014331"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-938"
},
{
"db": "NVD",
"id": "CVE-2020-7540"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2020-7540"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014331"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-938"
},
{
"db": "NVD",
"id": "CVE-2020-7540"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-12-11T00:00:00",
"db": "VULMON",
"id": "CVE-2020-7540"
},
{
"date": "2021-08-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-014331"
},
{
"date": "2020-12-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202012-938"
},
{
"date": "2020-12-11T01:15:12.377000",
"db": "NVD",
"id": "CVE-2020-7540"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-12-14T00:00:00",
"db": "VULMON",
"id": "CVE-2020-7540"
},
{
"date": "2021-08-13T08:51:00",
"db": "JVNDB",
"id": "JVNDB-2020-014331"
},
{
"date": "2020-12-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202012-938"
},
{
"date": "2024-11-21T05:37:20.573000",
"db": "NVD",
"id": "CVE-2020-7540"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202012-938"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0Schneider\u00a0Electric\u00a0 Vulnerability in lack of authentication for critical features in the product",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014331"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202012-938"
}
],
"trust": 0.6
}
}
cve-2024-12142
Vulnerability from cvelistv5
Published
2025-01-17 10:19
Modified
2025-02-12 16:51
Severity ?
8.8 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
EPSS score ?
Summary
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could
cause information disclosure of restricted web page, modification of web page and denial of
service when specific web pages are modified and restricted functions are invoked.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Schneider Electric | Modicon M340 processors (part numbers BMXP34*) |
Version: All versions |
||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12142",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-17T13:18:13.025284Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T16:51:46.673Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Modicon M340 processors (part numbers BMXP34*)",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "BMXNOE0100",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "BMXNOE0110",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "All Versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "BMXNOR0200H",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "Versions prior to SV1.70IR26"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could\ncause information disclosure of restricted web page, modification of web page and denial of\nservice when specific web pages are modified and restricted functions are invoked.\n\n\u003cbr\u003e"
}
],
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could\ncause information disclosure of restricted web page, modification of web page and denial of\nservice when specific web pages are modified and restricted functions are invoked."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-17T10:19:11.768Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-014-05\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2025-014-05.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2024-12142",
"datePublished": "2025-01-17T10:19:11.768Z",
"dateReserved": "2024-12-04T11:14:37.294Z",
"dateUpdated": "2025-02-12T16:51:46.673Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}