Vulnerabilites related to Schneider Electric - BMXNOR0200H
var-201512-0029
Vulnerability from variot
Stack-based buffer overflow in the GoAhead Web Server on Schneider Electric Modicon M340 PLC BMXNOx and BMXPx devices allows remote attackers to execute arbitrary code via a long password in HTTP Basic Authentication data. Schneider Electric Modicon M340 PLC BMXNOx and BMXPx are programmable controller products from Schneider Electric, France. GoAhead Web Server is one of the embedded web servers. Schneider Electric Modicon M340 is prone to an unspecified stack-based buffer-overflow vulnerability. Failed exploit attempts may crash the application, denying service to legitimate users
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201512-0029",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "bmxnoe0110",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxnoe0100",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxnor0200h",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxnoc0401",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxnoe0100h",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxnor0200",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxnoe0110h",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp342020h",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp342030",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp342020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp3420302h",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxpra0100",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp3420302",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxnoc0401",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxnoe0100",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxnoe0100h",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxnoe0110",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxnoe0110h",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxnor0200",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxnor0200h",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxp342020",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxp342020h",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxp342030",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxp3420302",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxp3420302h",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxpra0100",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "electric modicon m340",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "bmxp342020h",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxp342030",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxp342020",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxpra0100",
"scope": null,
"trust": 0.3,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp3420302h",
"scope": null,
"trust": 0.3,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp3420302",
"scope": null,
"trust": 0.3,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp342030",
"scope": null,
"trust": 0.3,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp342020h",
"scope": null,
"trust": 0.3,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp342020",
"scope": null,
"trust": 0.3,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxnor0200h",
"scope": null,
"trust": 0.3,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxnor0200",
"scope": null,
"trust": 0.3,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxnoe0110h",
"scope": null,
"trust": 0.3,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxnoe0110",
"scope": null,
"trust": 0.3,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxnoe0100h",
"scope": null,
"trust": 0.3,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxnoe0100",
"scope": null,
"trust": 0.3,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxnoc0401",
"scope": null,
"trust": 0.3,
"vendor": "schneider electric",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxnoc0401",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxnoe0100",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxnoe0100h",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxnoe0110",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxnoe0110h",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxnor0200",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxnor0200h",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxp342020",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxp342020h",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxp342030",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxp3420302",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxp3420302h",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxpra0100",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "6d82e7a8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-08446"
},
{
"db": "BID",
"id": "79622"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006488"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-542"
},
{
"db": "NVD",
"id": "CVE-2015-7937"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:schneider_electric:bmxnoc0401",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:schneider_electric:bmxnoe0100",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:schneider_electric:bmxnoe0100h",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:schneider_electric:bmxnoe0110",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:schneider_electric:bmxnoe0110h",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:schneider_electric:bmxnor0200",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:schneider_electric:bmxnor0200h",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:schneider_electric:bmxp342020",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:schneider_electric:bmxp342020h",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:schneider_electric:bmxp342030",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:schneider_electric:bmxp3420302",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:schneider_electric:bmxp3420302h",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:schneider_electric:bmxpra0100",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-006488"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Nir Giller",
"sources": [
{
"db": "BID",
"id": "79622"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-542"
}
],
"trust": 0.9
},
"cve": "CVE-2015-7937",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2015-7937",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-08446",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "6d82e7a8-2351-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-85898",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-7937",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2015-7937",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2015-08446",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201512-542",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "6d82e7a8-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-85898",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "6d82e7a8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-08446"
},
{
"db": "VULHUB",
"id": "VHN-85898"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006488"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-542"
},
{
"db": "NVD",
"id": "CVE-2015-7937"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stack-based buffer overflow in the GoAhead Web Server on Schneider Electric Modicon M340 PLC BMXNOx and BMXPx devices allows remote attackers to execute arbitrary code via a long password in HTTP Basic Authentication data. Schneider Electric Modicon M340 PLC BMXNOx and BMXPx are programmable controller products from Schneider Electric, France. GoAhead Web Server is one of the embedded web servers. Schneider Electric Modicon M340 is prone to an unspecified stack-based buffer-overflow vulnerability. Failed exploit attempts may crash the application, denying service to legitimate users",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-7937"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006488"
},
{
"db": "CNVD",
"id": "CNVD-2015-08446"
},
{
"db": "BID",
"id": "79622"
},
{
"db": "IVD",
"id": "6d82e7a8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-85898"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-7937",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-15-351-01",
"trust": 3.4
},
{
"db": "BID",
"id": "79622",
"trust": 2.6
},
{
"db": "SCHNEIDER",
"id": "SEVD-2015-344-01",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-201512-542",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2015-08446",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006488",
"trust": 0.8
},
{
"db": "IVD",
"id": "6D82E7A8-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-85898",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "6d82e7a8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-08446"
},
{
"db": "VULHUB",
"id": "VHN-85898"
},
{
"db": "BID",
"id": "79622"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006488"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-542"
},
{
"db": "NVD",
"id": "CVE-2015-7937"
}
]
},
"id": "VAR-201512-0029",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "6d82e7a8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-08446"
},
{
"db": "VULHUB",
"id": "VHN-85898"
}
],
"trust": 1.6454545666666667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "6d82e7a8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-08446"
}
]
},
"last_update_date": "2024-11-23T22:01:39.956000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2015-344-01",
"trust": 0.8,
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2015-344-01"
},
{
"title": "Schneider Electric Modicon M340 PLC BMXNOx and BMXPx Stack Buffer Overflow Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/68892"
},
{
"title": "Schneider Electric Modicon M340 PLC BMXNOx and BMXPx Fixes for stack-based buffer overflow vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=59311"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-08446"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006488"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-542"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-85898"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006488"
},
{
"db": "NVD",
"id": "CVE-2015-7937"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-351-01"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/79622"
},
{
"trust": 1.7,
"url": "http://download.schneider-electric.com/files?p_doc_ref=sevd-2015-344-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7937"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7937"
},
{
"trust": 0.3,
"url": "http://www.schneider-electric.com/en/all-products"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-08446"
},
{
"db": "VULHUB",
"id": "VHN-85898"
},
{
"db": "BID",
"id": "79622"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006488"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-542"
},
{
"db": "NVD",
"id": "CVE-2015-7937"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "6d82e7a8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-08446"
},
{
"db": "VULHUB",
"id": "VHN-85898"
},
{
"db": "BID",
"id": "79622"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006488"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-542"
},
{
"db": "NVD",
"id": "CVE-2015-7937"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-12-24T00:00:00",
"db": "IVD",
"id": "6d82e7a8-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2015-12-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-08446"
},
{
"date": "2015-12-21T00:00:00",
"db": "VULHUB",
"id": "VHN-85898"
},
{
"date": "2015-12-17T00:00:00",
"db": "BID",
"id": "79622"
},
{
"date": "2015-12-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-006488"
},
{
"date": "2015-12-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201512-542"
},
{
"date": "2015-12-21T11:59:12.097000",
"db": "NVD",
"id": "CVE-2015-7937"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-12-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-08446"
},
{
"date": "2016-11-28T00:00:00",
"db": "VULHUB",
"id": "VHN-85898"
},
{
"date": "2015-12-17T00:00:00",
"db": "BID",
"id": "79622"
},
{
"date": "2015-12-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-006488"
},
{
"date": "2015-12-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201512-542"
},
{
"date": "2024-11-21T02:37:41.870000",
"db": "NVD",
"id": "CVE-2015-7937"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201512-542"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric Modicon M340 PLC BMXNOx and BMXPx Device stack-based buffer overflow vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-006488"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "6d82e7a8-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-542"
}
],
"trust": 0.8
}
}
var-201410-1134
Vulnerability from variot
Directory traversal vulnerability in SchneiderWEB on Schneider Electric Modicon PLC Ethernet modules 140CPU65x Exec before 5.5, 140NOC78x Exec before 1.62, 140NOE77x Exec before 6.2, BMXNOC0401 before 2.05, BMXNOE0100 before 2.9, BMXNOE0110x Exec before 6.0, TSXETC101 Exec before 2.04, TSXETY4103x Exec before 5.7, TSXETY5103x Exec before 5.9, TSXP57x ETYPort Exec before 5.7, and TSXP57x Ethernet Copro Exec before 5.5 allows remote attackers to visit arbitrary resources via a crafted HTTP request. Schneider Electric provides products and services in the areas of energy and infrastructure, industry, data centers and networks, buildings and residential. Exploiting this issue can allow an attacker to gain access to arbitrary files. Information harvested may aid in launching further attacks. Schneider Electric Modicon PLC Ethernet is an Ethernet programmable controller produced by French Schneider Electric (Schneider Electric). The following versions are affected: Schneider Electric Modicon PLC Ethernet modules 140CPU65x Version, 140NOC78x Version, 140NOE77x Version, BMXNOC0401 Version, BMXNOC0402 Version, BMXNOE0100 Version, BMXNOE0110x Version, TSXETC101 Version, TSXETC0101 Version, TSXETY4103x Version, TSXETY5103x Version, TSXP57x Version, TSXP57x Version
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201410-1134",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "modicon m340 bmxp342030h",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp575634m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp574823am",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxnoe0110h",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxety4103c",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxntp100",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp574823m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxnoe0110",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxnoc0401",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxety5103c",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp573634m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "171ccc96020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp342020h",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp571634m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "stbnic2212",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp3420302h",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "171ccc98020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxwmy100",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxetc0101",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "stbnip2212",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "171ccc96020c",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp574634m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxetz510",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp342030",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp3420302",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxetz410",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp342020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxety110wsc",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp573623mc",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxety110ws",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxety4103",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxnoe0100",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "171ccc98030",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxety5103",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxwmy100c",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m580 bmxnoc0402",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxetc100",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "171ccc96030c",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp572634m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxnor0200h",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp576634m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp574823mc",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "171ccc96030",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon plc ethernet communication module",
"scope": "lt",
"trust": 0.8,
"vendor": "schneider electric",
"version": "140cpu65x exec 5.5"
},
{
"model": "modicon plc ethernet communication module",
"scope": "lt",
"trust": 0.8,
"vendor": "schneider electric",
"version": "140noc78x exec 1.62"
},
{
"model": "modicon plc ethernet communication module",
"scope": "lt",
"trust": 0.8,
"vendor": "schneider electric",
"version": "140noe77x exec 6.2"
},
{
"model": "modicon plc ethernet communication module",
"scope": "lt",
"trust": 0.8,
"vendor": "schneider electric",
"version": "bmxnoc0401 2.05"
},
{
"model": "modicon plc ethernet communication module",
"scope": "lt",
"trust": 0.8,
"vendor": "schneider electric",
"version": "bmxnoe0100 2.9"
},
{
"model": "modicon plc ethernet communication module",
"scope": "lt",
"trust": 0.8,
"vendor": "schneider electric",
"version": "bmxnoe0110x exec 6.0"
},
{
"model": "modicon plc ethernet communication module",
"scope": "lt",
"trust": 0.8,
"vendor": "schneider electric",
"version": "tsxetc101 exec 2.04"
},
{
"model": "modicon plc ethernet communication module",
"scope": "lt",
"trust": 0.8,
"vendor": "schneider electric",
"version": "tsxety4103x exec 5.7"
},
{
"model": "modicon plc ethernet communication module",
"scope": "lt",
"trust": 0.8,
"vendor": "schneider electric",
"version": "tsxety5103x exec 5.9"
},
{
"model": "modicon plc ethernet communication module",
"scope": "lt",
"trust": 0.8,
"vendor": "schneider electric",
"version": "tsxp57x ethernet copro exec 5.5"
},
{
"model": "modicon plc ethernet communication module",
"scope": "lt",
"trust": 0.8,
"vendor": "schneider electric",
"version": "tsxp57x etyport exec 5.7"
},
{
"model": "electric modicon plc ethernet module",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "modicon plc ethernet module",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "bmxp3420302h"
},
{
"model": "modicon plc ethernet module",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "bmxp342030h"
},
{
"model": "modicon plc ethernet module",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "tsxp573634m"
},
{
"model": "modicon plc ethernet module",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "140cpu65160"
},
{
"model": "modicon plc ethernet module",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "tsxp572623mc"
},
{
"model": "modicon plc ethernet module",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "tsxp572623m"
},
{
"model": "modicon plc ethernet module",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "140cpu65150"
},
{
"model": "modicon plc ethernet module",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "171ccc96020"
},
{
"model": "modicon plc ethernet module",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "140cpu65260"
},
{
"model": "modicon plc ethernet module",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "171ccc96020c"
},
{
"model": "tsxwmy100",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "tsxwmy10",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "tsxp576634",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "tsxp575634",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "tsxp574823m",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "tsxp574823a",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "tsxp574823",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "tsxp574634",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "tsxp573634",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "tsxp573623m",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "tsxp573623a",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "tsxp573623",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "tsxp572823m",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "tsxp572823",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "tsxp572634",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "tsxp572623mc",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "tsxp572623m",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "tsxp571634m",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "tsxntp100",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "tsxetz510",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "tsxetz410",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "tsxety5103c",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "tsxety5103",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "tsxety4103c",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "tsxety4103",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "tsxety110wsc",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "tsxety110ws",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "tsxetc100",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "tsxetc0101",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "bmxprmxxxx",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "bmxp342030h",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "bmxp3420302h",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "bmxp342030",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "bmxp342020h",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "bmxp342020",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "bmxnor0200h",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "bmxnoe0110h",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "bmxnoe0110",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "bmxnoe0100",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "bmxnoc0402",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "bmxnoc0401",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "bmx noe",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "01100"
},
{
"model": "171ccc98030",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "171ccc98020",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "171ccc96030c",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "171ccc96030",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "171ccc96020c",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "171ccc96020",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "170ent11002",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "170ent11001",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "140nwm10000",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "140noe77111c",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "140noe77111",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "140noe77110",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "140noe77101c",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "140noe77101",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "140noe77100",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "140noc78100",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "140noc78000",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "140noc77100",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "140cpu65260",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "140cpu65160",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "140cpu65150",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "bmxnor0200h",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "140cpu65150",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "140cpu65160",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "140cpu65260",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "140noc77100",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "140noc78000",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "140noe77100",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "140noe77101",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "140noe77101c",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "140noe77110",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "140noe77111",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "140noe77111c",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "140nwm10000",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "170ent11001",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "170ent11002",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "170ent11002c",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "171ccc96020",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "171ccc96020c",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "171ccc96030",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "171ccc96030c",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "171ccc98020",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "171ccc98030",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "bmxnoc0401",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "bmxnoc0402",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "bmxnoe0100",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "bmxnoe0110",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "bmxnoe0110h",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "bmxp342020",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "bmxp342020h",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "bmxp342030",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "bmxp342030h",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "bmxp3420302",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "bmxp3420302h",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "bmxprmxxxx",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "stbnic2212",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "stbnip2212",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "tsxetc100",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "tsxetc0101",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "tsxety110ws",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "tsxety110wsc",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "tsxety4103",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "tsxety4103c",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "tsxety5103",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "tsxety5103c",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "tsxetz410",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "tsxetz510",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "tsxntp100",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "tsxp571634m",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "tsxp572623m",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "tsxp572623mc",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "tsxp572823m",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "tsxp572823mc",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "tsxp573623am",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "tsxp573623m",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "tsxp573623mc",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "tsxp573634m",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "tsxp574634m",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "tsxp574823am",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "tsxp574823m",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "tsxp574823mc",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "tsxp575634m",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "tsxp576634m",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "tsxwmy100",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
},
{
"model": "tsxwmy100c",
"scope": null,
"trust": 0.2,
"vendor": "modicon plc ethernet module",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "cce5fe38-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06695"
},
{
"db": "BID",
"id": "70193"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004531"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-075"
},
{
"db": "NVD",
"id": "CVE-2014-0754"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:schneider_electric:modicon_plc_ethernet_module",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-004531"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Billy Rios",
"sources": [
{
"db": "BID",
"id": "70193"
}
],
"trust": 0.3
},
"cve": "CVE-2014-0754",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2014-0754",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-06695",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "cce5fe38-2351-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-68247",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-0754",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2014-0754",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2014-06695",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201410-075",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "cce5fe38-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-68247",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "cce5fe38-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06695"
},
{
"db": "VULHUB",
"id": "VHN-68247"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004531"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-075"
},
{
"db": "NVD",
"id": "CVE-2014-0754"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Directory traversal vulnerability in SchneiderWEB on Schneider Electric Modicon PLC Ethernet modules 140CPU65x Exec before 5.5, 140NOC78x Exec before 1.62, 140NOE77x Exec before 6.2, BMXNOC0401 before 2.05, BMXNOE0100 before 2.9, BMXNOE0110x Exec before 6.0, TSXETC101 Exec before 2.04, TSXETY4103x Exec before 5.7, TSXETY5103x Exec before 5.9, TSXP57x ETYPort Exec before 5.7, and TSXP57x Ethernet Copro Exec before 5.5 allows remote attackers to visit arbitrary resources via a crafted HTTP request. Schneider Electric provides products and services in the areas of energy and infrastructure, industry, data centers and networks, buildings and residential. \nExploiting this issue can allow an attacker to gain access to arbitrary files. Information harvested may aid in launching further attacks. Schneider Electric Modicon PLC Ethernet is an Ethernet programmable controller produced by French Schneider Electric (Schneider Electric). The following versions are affected: Schneider Electric Modicon PLC Ethernet modules 140CPU65x Version, 140NOC78x Version, 140NOE77x Version, BMXNOC0401 Version, BMXNOC0402 Version, BMXNOE0100 Version, BMXNOE0110x Version, TSXETC101 Version, TSXETC0101 Version, TSXETY4103x Version, TSXETY5103x Version, TSXP57x Version, TSXP57x Version",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-0754"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004531"
},
{
"db": "CNVD",
"id": "CNVD-2014-06695"
},
{
"db": "BID",
"id": "70193"
},
{
"db": "IVD",
"id": "cce5fe38-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-68247"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-0754",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-14-273-01",
"trust": 3.4
},
{
"db": "BID",
"id": "70193",
"trust": 2.6
},
{
"db": "SCHNEIDER",
"id": "SEVD-2014-260-01",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-201410-075",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2014-06695",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004531",
"trust": 0.8
},
{
"db": "IVD",
"id": "CCE5FE38-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-68247",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "cce5fe38-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06695"
},
{
"db": "VULHUB",
"id": "VHN-68247"
},
{
"db": "BID",
"id": "70193"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004531"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-075"
},
{
"db": "NVD",
"id": "CVE-2014-0754"
}
]
},
"id": "VAR-201410-1134",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "cce5fe38-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06695"
},
{
"db": "VULHUB",
"id": "VHN-68247"
}
],
"trust": 1.691666675
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "cce5fe38-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06695"
}
]
},
"last_update_date": "2024-11-23T22:13:39.284000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Modicon PLC Ethernet Communication Modules",
"trust": 0.8,
"url": "http://download.schneider-electric.com/files?p_Reference=SEVD-2014-260-01\u0026p_EnDocType=Software%20-%20Updates\u0026p_File_Id=608959359\u0026p_File_Name=SEVD-2014-260-01.pdf"
},
{
"title": "Patches for multiple Schneider Electric product catalog traversal vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/50841"
},
{
"title": "BMXNOE0100+Exec",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54170"
},
{
"title": "BMXNOE0110+Web+and+Exec",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54171"
},
{
"title": "140NOE77101+Exec+For+Unity+Users",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54184"
},
{
"title": "140NOE77101+Exec+For+Non+Unity+Users",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54183"
},
{
"title": "140NOE77111+Exec+For+Unity+and+Non+Unity+Users",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54185"
},
{
"title": "140CPU65260+Quantum+Copro+Exec",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54180"
},
{
"title": "140CPU65160+Quantum+Copro+Exec",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54179"
},
{
"title": "140CPU65150+Quantum+CoPro+Exec",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54178"
},
{
"title": "140NOC78000+Exec",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54181"
},
{
"title": "TSXP575634M+Premium+Copro+Exec",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54176"
},
{
"title": "TSXP574634M+Premium+Copro+Exec",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54175"
},
{
"title": "TSXP576634M+Premium+Copro+Exec",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54177"
},
{
"title": "TSXETC101+Exec",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54172"
},
{
"title": "140NOC78100+Exec",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54182"
},
{
"title": "TSXP573634M+ETY+Port+Exec",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54188"
},
{
"title": "TSXP572634M+ETY+Port+Exec",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54187"
},
{
"title": "TSXETY5103+Exec",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54174"
},
{
"title": "TSXP571634M+ETY+Port+Exec",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54186"
},
{
"title": "TSXETY4103+Exec",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54173"
},
{
"title": "BMXNOC0401+Exec",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54169"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-06695"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004531"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-075"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-68247"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004531"
},
{
"db": "NVD",
"id": "CVE-2014-0754"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-14-273-01"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/70193"
},
{
"trust": 1.6,
"url": "http://download.schneider-electric.com/files?p_reference=sevd-2014-260-01\u0026p_endoctype=software%20-%20updates\u0026p_file_id=608959359\u0026p_file_name=sevd-2014-260-01.pdf"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0754"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0754"
},
{
"trust": 0.3,
"url": "http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true"
},
{
"trust": 0.3,
"url": "http://download.schneider-electric.com/files?p_doc_ref=sevd-2014-260-01"
},
{
"trust": 0.1,
"url": "http://download.schneider-electric.com/files?p_reference=sevd-2014-260-01\u0026amp;p_endoctype=software%20-%20updates\u0026amp;p_file_id=608959359\u0026amp;p_file_name=sevd-2014-260-01.pdf"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-06695"
},
{
"db": "VULHUB",
"id": "VHN-68247"
},
{
"db": "BID",
"id": "70193"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004531"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-075"
},
{
"db": "NVD",
"id": "CVE-2014-0754"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "cce5fe38-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-06695"
},
{
"db": "VULHUB",
"id": "VHN-68247"
},
{
"db": "BID",
"id": "70193"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004531"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-075"
},
{
"db": "NVD",
"id": "CVE-2014-0754"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-10-14T00:00:00",
"db": "IVD",
"id": "cce5fe38-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2014-10-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-06695"
},
{
"date": "2014-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-68247"
},
{
"date": "2014-09-30T00:00:00",
"db": "BID",
"id": "70193"
},
{
"date": "2014-10-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004531"
},
{
"date": "2014-10-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201410-075"
},
{
"date": "2014-10-03T18:55:06.017000",
"db": "NVD",
"id": "CVE-2014-0754"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-10-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-06695"
},
{
"date": "2016-04-04T00:00:00",
"db": "VULHUB",
"id": "VHN-68247"
},
{
"date": "2014-09-30T00:00:00",
"db": "BID",
"id": "70193"
},
{
"date": "2014-10-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004531"
},
{
"date": "2022-02-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201410-075"
},
{
"date": "2024-11-21T02:02:44.980000",
"db": "NVD",
"id": "CVE-2014-0754"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201410-075"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric Modicon PLC Ethernet Module SchneiderWEB Vulnerable to directory traversal",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-004531"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Path traversal",
"sources": [
{
"db": "IVD",
"id": "cce5fe38-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-075"
}
],
"trust": 0.8
}
}
var-201804-1268
Vulnerability from variot
Hard coded accounts exist in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules. plural Schneider Electric The product contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Schneider Electric Modicon Premium\Modicon Quantum\Modicon M340\Modicon BMXNOR0200 is a programmable controller product from Schneider Electric, France. A number of Schneider Electric products have a hard-coded certificate vulnerability that stems from the fact that the FTP server contains a hard-coded account that allows an attacker to exploit the vulnerability to perform unauthorized access. Multiple Schneider Electric Modicon products are prone to a remote security vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks. The vulnerability stems from the presence of hard-coded accounts in the program
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201804-1268",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "tsxp57554m",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxh5724m",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp573634mc",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57354mc",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp574634mc",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxh5744mc",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp575634mc",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57454mc",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57554mc",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp576634mc",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57154m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57254mc",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp342000",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57204mc",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57254m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp575634m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu31110",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu65160",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57104mc",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp341000h",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu65860c",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57454m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp571634mc",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp573634m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57104m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57304m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57304mc",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu65260",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu65150c",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57354m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu65160s",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu65160c",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxh5744m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57154mc",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp342020h",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp571634m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp3420302h",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu65260c",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu65860",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp3420302cl",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxnor0200",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxnor0200h",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu43412uc",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu43412u",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp574634m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp3420302",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxh5724mc",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp341000",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp342020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp572634mc",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu65150",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp3420102cl",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57204m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp572634m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp3420102",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu31110c",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp576634m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxnor0200",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 pac",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon premium plc",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon quantum plc",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "electric modicon premium",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon quantum",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon m340",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon rtu",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "x80"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "140cpu65160c",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "tsxh5724m",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "tsxh5744mc",
"version": null
},
{
"model": "modicon quantum",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "modicon premium",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "modicon m340",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "modicon bmxnor0200",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxnor0200",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "140cpu65150c",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "140cpu31110c",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "140cpu43412uc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "140cpu65260c",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "140cpu65860c",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxp341000",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxp342000",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxp3420102",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxnor0200h",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxp3420102cl",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxp342020",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxp3420302",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxp3420302cl",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxp3420302h",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxp342020h",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxp341000h",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxh5744m",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp57104m",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "140cpu65150",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp57154m",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp571634m",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp57204m",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp57254m",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp572634m",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp57304m",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp57354m",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp573634m",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp57454m",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp574634m",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "140cpu31110",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp575634m",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp576634m",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxh5724mc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp57104mc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp57154mc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp571634mc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp57204mc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp57254mc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp572634mc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "140cpu43412u",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp57304mc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp57354mc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp573634mc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp57454mc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp574634mc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp57554mc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp575634mc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp576634mc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "140cpu65160",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp57554m",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "140cpu65260",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "140cpu65860",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "140cpu65160s",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "e2e9e141-39ab-11e9-89d4-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06520"
},
{
"db": "BID",
"id": "103542"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004278"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-999"
},
{
"db": "NVD",
"id": "CVE-2018-7241"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:schneider_electric:bmxnor0200",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:schneider_electric:modicon_m340",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:schneider_electric:modicon_premium",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:schneider_electric:modicon_quantum_plc",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-004278"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Nikita Maximov (Positive Technologies)",
"sources": [
{
"db": "BID",
"id": "103542"
}
],
"trust": 0.3
},
"cve": "CVE-2018-7241",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2018-7241",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 4.9,
"id": "CNVD-2018-06520",
"impactScore": 7.8,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 4.9,
"id": "e2e9e141-39ab-11e9-89d4-000c29342cb1",
"impactScore": 7.8,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-137273",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2018-7241",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-7241",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2018-7241",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2018-06520",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201803-999",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "e2e9e141-39ab-11e9-89d4-000c29342cb1",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-137273",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2018-7241",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2e9e141-39ab-11e9-89d4-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06520"
},
{
"db": "VULHUB",
"id": "VHN-137273"
},
{
"db": "VULMON",
"id": "CVE-2018-7241"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004278"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-999"
},
{
"db": "NVD",
"id": "CVE-2018-7241"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hard coded accounts exist in Schneider Electric\u0027s Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules. plural Schneider Electric The product contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Schneider Electric Modicon Premium\\\\Modicon Quantum\\\\Modicon M340\\\\Modicon BMXNOR0200 is a programmable controller product from Schneider Electric, France. A number of Schneider Electric products have a hard-coded certificate vulnerability that stems from the fact that the FTP server contains a hard-coded account that allows an attacker to exploit the vulnerability to perform unauthorized access. Multiple Schneider Electric Modicon products are prone to a remote security vulnerability. \nAn attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks. The vulnerability stems from the presence of hard-coded accounts in the program",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7241"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004278"
},
{
"db": "CNVD",
"id": "CNVD-2018-06520"
},
{
"db": "BID",
"id": "103542"
},
{
"db": "IVD",
"id": "e2e9e141-39ab-11e9-89d4-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-137273"
},
{
"db": "VULMON",
"id": "CVE-2018-7241"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-7241",
"trust": 3.7
},
{
"db": "ICS CERT",
"id": "ICSA-18-086-01",
"trust": 3.5
},
{
"db": "SCHNEIDER",
"id": "SEVD-2018-081-01",
"trust": 2.1
},
{
"db": "BID",
"id": "103542",
"trust": 1.5
},
{
"db": "CNNVD",
"id": "CNNVD-201803-999",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2018-06520",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004278",
"trust": 0.8
},
{
"db": "NSFOCUS",
"id": "39226",
"trust": 0.6
},
{
"db": "IVD",
"id": "E2E9E141-39AB-11E9-89D4-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-137273",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-7241",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2e9e141-39ab-11e9-89d4-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06520"
},
{
"db": "VULHUB",
"id": "VHN-137273"
},
{
"db": "VULMON",
"id": "CVE-2018-7241"
},
{
"db": "BID",
"id": "103542"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004278"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-999"
},
{
"db": "NVD",
"id": "CVE-2018-7241"
}
]
},
"id": "VAR-201804-1268",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2e9e141-39ab-11e9-89d4-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06520"
},
{
"db": "VULHUB",
"id": "VHN-137273"
}
],
"trust": 1.7565656666666667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e2e9e141-39ab-11e9-89d4-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06520"
}
]
},
"last_update_date": "2024-11-23T22:45:23.704000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security Notification - Embedded FTP Servers for Modicon",
"trust": 0.8,
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-01/"
},
{
"title": "Multiple Schneider Electric Product Buffer Error Vulnerability Fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79469"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-004278"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-999"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-137273"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004278"
},
{
"db": "NVD",
"id": "CVE-2018-7241"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.6,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-086-01"
},
{
"trust": 2.1,
"url": "https://www.schneider-electric.com/en/download/document/sevd-2018-081-01/"
},
{
"trust": 1.3,
"url": "http://www.securityfocus.com/bid/103542"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7241"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7241"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/39226"
},
{
"trust": 0.3,
"url": "http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/798.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-06520"
},
{
"db": "VULHUB",
"id": "VHN-137273"
},
{
"db": "VULMON",
"id": "CVE-2018-7241"
},
{
"db": "BID",
"id": "103542"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004278"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-999"
},
{
"db": "NVD",
"id": "CVE-2018-7241"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2e9e141-39ab-11e9-89d4-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06520"
},
{
"db": "VULHUB",
"id": "VHN-137273"
},
{
"db": "VULMON",
"id": "CVE-2018-7241"
},
{
"db": "BID",
"id": "103542"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004278"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-999"
},
{
"db": "NVD",
"id": "CVE-2018-7241"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-28T00:00:00",
"db": "IVD",
"id": "e2e9e141-39ab-11e9-89d4-000c29342cb1"
},
{
"date": "2018-03-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-06520"
},
{
"date": "2018-04-18T00:00:00",
"db": "VULHUB",
"id": "VHN-137273"
},
{
"date": "2018-04-18T00:00:00",
"db": "VULMON",
"id": "CVE-2018-7241"
},
{
"date": "2018-03-22T00:00:00",
"db": "BID",
"id": "103542"
},
{
"date": "2018-06-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-004278"
},
{
"date": "2018-03-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-999"
},
{
"date": "2018-04-18T20:29:00.327000",
"db": "NVD",
"id": "CVE-2018-7241"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-06520"
},
{
"date": "2018-12-05T00:00:00",
"db": "VULHUB",
"id": "VHN-137273"
},
{
"date": "2018-12-05T00:00:00",
"db": "VULMON",
"id": "CVE-2018-7241"
},
{
"date": "2018-03-22T00:00:00",
"db": "BID",
"id": "103542"
},
{
"date": "2018-07-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-004278"
},
{
"date": "2018-05-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-999"
},
{
"date": "2024-11-21T04:11:51.557000",
"db": "NVD",
"id": "CVE-2018-7241"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-999"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Schneider Electric Vulnerabilities related to the use of hard-coded credentials in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-004278"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-999"
}
],
"trust": 0.6
}
}
var-201804-1335
Vulnerability from variot
A buffer overflow vulnerability exists in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200. The buffer overflow vulnerability is caused by the length of the source string specified (instead of the buffer size) as the number of bytes to be copied. plural Schneider Electric The product contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Schneider Electric Modicon M340 and others are programmable logic controller products from Schneider Electric, France. A remote attacker could exploit the vulnerability by sending a specially crafted request to cause a denial of service (crash)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201804-1335",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "140cpu65860",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57554m",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxh5724m",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp574634mc",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu65160s",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxh5744mc",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp575634mc",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57454mc",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57554mc",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp576634mc",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57154m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57254mc",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp342000",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57204mc",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57254m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp575634m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu31110",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu65160",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57104mc",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp341000h",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu65860c",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57454m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp573634mc",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp571634mc",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp573634m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57104m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57304m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57304mc",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu65260",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu65150c",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57354m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu65160c",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxh5744m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57154mc",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp342020h",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp571634m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp3420302h",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu65260c",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp3420302cl",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxnor0200",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxnor0200h",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu43412uc",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu43412u",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp574634m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp3420302",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxh5724mc",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp341000",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp342020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp572634mc",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu65150",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp3420102cl",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57204m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp572634m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp3420102",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu31110c",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57354mc",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp576634m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu31110",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxnor0200",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxp341000",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxh5724m",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57104m",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "electric modicon premium",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon m340",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon quantum plc",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric bmxnor0200",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon premium",
"scope": "eq",
"trust": 0.2,
"vendor": "schneider",
"version": "*"
},
{
"model": "electric modicon m340 no",
"scope": "eq",
"trust": 0.2,
"vendor": "schneider",
"version": "*"
},
{
"model": "electric modicon quantum plc",
"scope": "eq",
"trust": 0.2,
"vendor": "schneider",
"version": "*"
},
{
"model": "electric bmxnor0200",
"scope": "eq",
"trust": 0.2,
"vendor": "schneider",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "e2f26cc1-39ab-11e9-af70-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-11260"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004489"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-825"
},
{
"db": "NVD",
"id": "CVE-2018-7759"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:schneider_electric:140cpu31110_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:bmxnor0200_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:bmxp341000_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:tsxh5724m_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:tsxp57104m_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-004489"
}
]
},
"cve": "CVE-2018-7759",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2018-7759",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-11260",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "e2f26cc1-39ab-11e9-af70-000c29342cb1",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-137791",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2018-7759",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-7759",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-7759",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2018-11260",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201804-825",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "e2f26cc1-39ab-11e9-af70-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-137791",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2f26cc1-39ab-11e9-af70-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-11260"
},
{
"db": "VULHUB",
"id": "VHN-137791"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004489"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-825"
},
{
"db": "NVD",
"id": "CVE-2018-7759"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A buffer overflow vulnerability exists in Schneider Electric\u0027s Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200. The buffer overflow vulnerability is caused by the length of the source string specified (instead of the buffer size) as the number of bytes to be copied. plural Schneider Electric The product contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Schneider Electric Modicon M340 and others are programmable logic controller products from Schneider Electric, France. A remote attacker could exploit the vulnerability by sending a specially crafted request to cause a denial of service (crash)",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7759"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004489"
},
{
"db": "CNVD",
"id": "CNVD-2018-11260"
},
{
"db": "IVD",
"id": "e2f26cc1-39ab-11e9-af70-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-137791"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-7759",
"trust": 3.3
},
{
"db": "SCHNEIDER",
"id": "SEVD-2018-081-02",
"trust": 2.3
},
{
"db": "CNNVD",
"id": "CNNVD-201804-825",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2018-11260",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004489",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2F26CC1-39AB-11E9-AF70-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-137791",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2f26cc1-39ab-11e9-af70-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-11260"
},
{
"db": "VULHUB",
"id": "VHN-137791"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004489"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-825"
},
{
"db": "NVD",
"id": "CVE-2018-7759"
}
]
},
"id": "VAR-201804-1335",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2f26cc1-39ab-11e9-af70-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-11260"
},
{
"db": "VULHUB",
"id": "VHN-137791"
}
],
"trust": 1.79242425
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e2f26cc1-39ab-11e9-af70-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-11260"
}
]
},
"last_update_date": "2024-11-23T21:39:00.294000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2018-081-02",
"trust": 0.8,
"url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2018-081-02+Modicon.pdf\u0026p_Doc_Ref=SEVD-2018-081-02"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-004489"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-137791"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004489"
},
{
"db": "NVD",
"id": "CVE-2018-7759"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://www.schneider-electric.com/en/download/document/sevd-2018-081-02/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7759"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7759"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11260"
},
{
"db": "VULHUB",
"id": "VHN-137791"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004489"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-825"
},
{
"db": "NVD",
"id": "CVE-2018-7759"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2f26cc1-39ab-11e9-af70-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-11260"
},
{
"db": "VULHUB",
"id": "VHN-137791"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004489"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-825"
},
{
"db": "NVD",
"id": "CVE-2018-7759"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-06-12T00:00:00",
"db": "IVD",
"id": "e2f26cc1-39ab-11e9-af70-000c29342cb1"
},
{
"date": "2018-06-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-11260"
},
{
"date": "2018-04-18T00:00:00",
"db": "VULHUB",
"id": "VHN-137791"
},
{
"date": "2018-06-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-004489"
},
{
"date": "2018-04-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201804-825"
},
{
"date": "2018-04-18T20:29:00.683000",
"db": "NVD",
"id": "CVE-2018-7759"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-06-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-11260"
},
{
"date": "2018-05-24T00:00:00",
"db": "VULHUB",
"id": "VHN-137791"
},
{
"date": "2018-06-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-004489"
},
{
"date": "2018-05-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201804-825"
},
{
"date": "2024-11-21T04:12:40.943000",
"db": "NVD",
"id": "CVE-2018-7759"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201804-825"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Schneider Electric Product buffer error vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-004489"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "e2f26cc1-39ab-11e9-af70-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-825"
}
],
"trust": 0.8
}
}
var-201804-1336
Vulnerability from variot
An authorization bypass vulnerability exists in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200. Requests to CGI functions allow malicious users to bypass authorization. plural Schneider Electric The product contains authentication vulnerabilities.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Schneider Electric Modicon M340 and others are programmable logic controller products from Schneider Electric, France. Security vulnerabilities exist in several Schneider Electric products. A remote attacker could exploit the vulnerability to execute arbitrary code by sending a specially crafted request
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201804-1336",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "bmxnor0200",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57554m",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxh5724m",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu65260",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxh5744mc",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu65150",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu31110",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu65160",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu43412u",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxnor0200h",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57154m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57254mc",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp342000",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57204mc",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57254m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57454mc",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp575634m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57554mc",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57104mc",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp575634mc",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp574634mc",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp341000h",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu65860c",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57454m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp573634mc",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp571634mc",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp573634m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57104m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57304m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57304mc",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu65150c",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57354m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu65160s",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu65160c",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxh5744m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57154mc",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp576634mc",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp342020h",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp571634m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp3420302h",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu65260c",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu65860",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp3420302cl",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu43412uc",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp574634m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp3420302",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxh5724mc",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp341000",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp342020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp572634mc",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp3420102cl",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57204m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp572634m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp3420102",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu31110c",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57354mc",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp576634m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu31110",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxnor0200",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxp341000",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxh5724m",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57104m",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "electric modicon premium",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon m340",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon quantum plc",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric bmxnor0200",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "140cpu65160c",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "tsxh5724m",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "tsxh5744mc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxnor0200",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "140cpu65150c",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "140cpu31110c",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "140cpu43412uc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "140cpu65260c",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "140cpu65860c",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxp341000",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxp342000",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxp3420102",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxnor0200h",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxp3420102cl",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxp342020",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxp3420302",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxp3420302cl",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxp3420302h",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxp342020h",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxp341000h",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxh5744m",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp57104m",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "140cpu65150",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp57154m",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp571634m",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp57204m",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp57254m",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp572634m",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp57304m",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp57354m",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp573634m",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp57454m",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp574634m",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "140cpu31110",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp575634m",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp576634m",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxh5724mc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp57104mc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp57154mc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp571634mc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp57204mc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp57254mc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp572634mc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "140cpu43412u",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp57304mc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp57354mc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp573634mc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp57454mc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp574634mc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp57554mc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp575634mc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp576634mc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "140cpu65160",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp57554m",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "140cpu65260",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "140cpu65860",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "140cpu65160s",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "e2f245ae-39ab-11e9-8d5a-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-11259"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004490"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-824"
},
{
"db": "NVD",
"id": "CVE-2018-7760"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:schneider_electric:140cpu31110_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:bmxnor0200_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:bmxp341000_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:tsxh5724m_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:tsxp57104m_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-004490"
}
]
},
"cve": "CVE-2018-7760",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2018-7760",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-11259",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "e2f245ae-39ab-11e9-8d5a-000c29342cb1",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-137792",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2018-7760",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-7760",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2018-7760",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2018-11259",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201804-824",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "e2f245ae-39ab-11e9-8d5a-000c29342cb1",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-137792",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2f245ae-39ab-11e9-8d5a-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-11259"
},
{
"db": "VULHUB",
"id": "VHN-137792"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004490"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-824"
},
{
"db": "NVD",
"id": "CVE-2018-7760"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An authorization bypass vulnerability exists in Schneider Electric\u0027s Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200. Requests to CGI functions allow malicious users to bypass authorization. plural Schneider Electric The product contains authentication vulnerabilities.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Schneider Electric Modicon M340 and others are programmable logic controller products from Schneider Electric, France. Security vulnerabilities exist in several Schneider Electric products. A remote attacker could exploit the vulnerability to execute arbitrary code by sending a specially crafted request",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7760"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004490"
},
{
"db": "CNVD",
"id": "CNVD-2018-11259"
},
{
"db": "IVD",
"id": "e2f245ae-39ab-11e9-8d5a-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-137792"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-7760",
"trust": 3.3
},
{
"db": "SCHNEIDER",
"id": "SEVD-2018-081-02",
"trust": 2.3
},
{
"db": "CNVD",
"id": "CNVD-2018-11259",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201804-824",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004490",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2F245AE-39AB-11E9-8D5A-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-137792",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2f245ae-39ab-11e9-8d5a-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-11259"
},
{
"db": "VULHUB",
"id": "VHN-137792"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004490"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-824"
},
{
"db": "NVD",
"id": "CVE-2018-7760"
}
]
},
"id": "VAR-201804-1336",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2f245ae-39ab-11e9-8d5a-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-11259"
},
{
"db": "VULHUB",
"id": "VHN-137792"
}
],
"trust": 1.79242425
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e2f245ae-39ab-11e9-8d5a-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-11259"
}
]
},
"last_update_date": "2024-11-23T21:39:00.330000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2018-081-02",
"trust": 0.8,
"url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2018-081-02+Modicon.pdf\u0026p_Doc_Ref=SEVD-2018-081-02"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-004490"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-137792"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004490"
},
{
"db": "NVD",
"id": "CVE-2018-7760"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://www.schneider-electric.com/en/download/document/sevd-2018-081-02/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7760"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7760"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11259"
},
{
"db": "VULHUB",
"id": "VHN-137792"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004490"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-824"
},
{
"db": "NVD",
"id": "CVE-2018-7760"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2f245ae-39ab-11e9-8d5a-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-11259"
},
{
"db": "VULHUB",
"id": "VHN-137792"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004490"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-824"
},
{
"db": "NVD",
"id": "CVE-2018-7760"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-06-12T00:00:00",
"db": "IVD",
"id": "e2f245ae-39ab-11e9-8d5a-000c29342cb1"
},
{
"date": "2018-06-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-11259"
},
{
"date": "2018-04-18T00:00:00",
"db": "VULHUB",
"id": "VHN-137792"
},
{
"date": "2018-06-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-004490"
},
{
"date": "2018-04-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201804-824"
},
{
"date": "2018-04-18T20:29:00.747000",
"db": "NVD",
"id": "CVE-2018-7760"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-06-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-11259"
},
{
"date": "2018-05-24T00:00:00",
"db": "VULHUB",
"id": "VHN-137792"
},
{
"date": "2018-06-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-004490"
},
{
"date": "2018-05-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201804-824"
},
{
"date": "2024-11-21T04:12:41.097000",
"db": "NVD",
"id": "CVE-2018-7760"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201804-824"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Schneider Electric Authentication vulnerabilities in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-004490"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201804-824"
}
],
"trust": 0.6
}
}
var-201804-1338
Vulnerability from variot
A vulnerability exists in the web services to process SOAP requests in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200 which could allow result in a buffer overflow. plural Schneider Electric The product contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Schneider Electric Modicon M340 and others are programmable logic controller products from Schneider Electric, France. An attacker could exploit the vulnerability to cause a denial of service (crash)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201804-1338",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "bmxnor0200",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57554m",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxh5724m",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp574634mc",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxh5744mc",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp575634mc",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57454mc",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57554mc",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxnor0200h",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp576634mc",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57154m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57254mc",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp342000",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57204mc",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57254m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp575634m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu31110",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu65160",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57104mc",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp341000h",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu65860c",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57454m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp573634mc",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp571634mc",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp573634m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57104m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57304m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57304mc",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu65260",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu65150c",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57354m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu65160s",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu65160c",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxh5744m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57154mc",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp342020h",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp571634m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp3420302h",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu65260c",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu65860",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp3420302cl",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu43412uc",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu43412u",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp574634m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp3420302",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxh5724mc",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp341000",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp342020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp572634mc",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu65150",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp3420102cl",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57204m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp572634m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp3420102",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu31110c",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57354mc",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp576634m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu31110",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxnor0200",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxp341000",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxh5724m",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57104m",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "electric modicon premium",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon m340",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon quantum plc",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric bmxnor0200",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon premium",
"scope": "eq",
"trust": 0.2,
"vendor": "schneider",
"version": "*"
},
{
"model": "electric modicon m340 no",
"scope": "eq",
"trust": 0.2,
"vendor": "schneider",
"version": "*"
},
{
"model": "electric modicon quantum plc",
"scope": "eq",
"trust": 0.2,
"vendor": "schneider",
"version": "*"
},
{
"model": "electric bmxnor0200",
"scope": "eq",
"trust": 0.2,
"vendor": "schneider",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "e2f293cf-39ab-11e9-a773-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-11262"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004492"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-822"
},
{
"db": "NVD",
"id": "CVE-2018-7762"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:schneider_electric:140cpu31110_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:bmxnor0200_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:bmxp341000_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:tsxh5724m_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:tsxp57104m_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-004492"
}
]
},
"cve": "CVE-2018-7762",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2018-7762",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-11262",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "e2f293cf-39ab-11e9-a773-000c29342cb1",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-137794",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2018-7762",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-7762",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-7762",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2018-11262",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201804-822",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "e2f293cf-39ab-11e9-a773-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-137794",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2f293cf-39ab-11e9-a773-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-11262"
},
{
"db": "VULHUB",
"id": "VHN-137794"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004492"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-822"
},
{
"db": "NVD",
"id": "CVE-2018-7762"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability exists in the web services to process SOAP requests in Schneider Electric\u0027s Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200 which could allow result in a buffer overflow. plural Schneider Electric The product contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Schneider Electric Modicon M340 and others are programmable logic controller products from Schneider Electric, France. An attacker could exploit the vulnerability to cause a denial of service (crash)",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7762"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004492"
},
{
"db": "CNVD",
"id": "CNVD-2018-11262"
},
{
"db": "IVD",
"id": "e2f293cf-39ab-11e9-a773-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-137794"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-7762",
"trust": 3.3
},
{
"db": "SCHNEIDER",
"id": "SEVD-2018-081-02",
"trust": 2.3
},
{
"db": "CNVD",
"id": "CNVD-2018-11262",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201804-822",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004492",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2F293CF-39AB-11E9-A773-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-137794",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2f293cf-39ab-11e9-a773-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-11262"
},
{
"db": "VULHUB",
"id": "VHN-137794"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004492"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-822"
},
{
"db": "NVD",
"id": "CVE-2018-7762"
}
]
},
"id": "VAR-201804-1338",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2f293cf-39ab-11e9-a773-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-11262"
},
{
"db": "VULHUB",
"id": "VHN-137794"
}
],
"trust": 1.79242425
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e2f293cf-39ab-11e9-a773-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-11262"
}
]
},
"last_update_date": "2024-11-23T21:39:00.405000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2018-081-02",
"trust": 0.8,
"url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2018-081-02+Modicon.pdf\u0026p_Doc_Ref=SEVD-2018-081-02"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-004492"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-137794"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004492"
},
{
"db": "NVD",
"id": "CVE-2018-7762"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://www.schneider-electric.com/en/download/document/sevd-2018-081-02/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7762"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7762"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11262"
},
{
"db": "VULHUB",
"id": "VHN-137794"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004492"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-822"
},
{
"db": "NVD",
"id": "CVE-2018-7762"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2f293cf-39ab-11e9-a773-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-11262"
},
{
"db": "VULHUB",
"id": "VHN-137794"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004492"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-822"
},
{
"db": "NVD",
"id": "CVE-2018-7762"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-06-12T00:00:00",
"db": "IVD",
"id": "e2f293cf-39ab-11e9-a773-000c29342cb1"
},
{
"date": "2018-06-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-11262"
},
{
"date": "2018-04-18T00:00:00",
"db": "VULHUB",
"id": "VHN-137794"
},
{
"date": "2018-06-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-004492"
},
{
"date": "2018-04-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201804-822"
},
{
"date": "2018-04-18T20:29:00.857000",
"db": "NVD",
"id": "CVE-2018-7762"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-06-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-11262"
},
{
"date": "2018-05-24T00:00:00",
"db": "VULHUB",
"id": "VHN-137794"
},
{
"date": "2018-06-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-004492"
},
{
"date": "2018-05-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201804-822"
},
{
"date": "2024-11-21T04:12:41.390000",
"db": "NVD",
"id": "CVE-2018-7762"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201804-822"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Schneider Electric Product buffer error vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-004492"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "e2f293cf-39ab-11e9-a773-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-822"
}
],
"trust": 0.8
}
}
var-201903-0642
Vulnerability from variot
Remote file inclusion allows an attacker to craft a specific URL referencing the Schneider Electric Modicon BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, or BMXP342030H PLC web server, which, when launched, will result in the browser redirecting to a remote file via a Java script loaded with the web page. plural Schneider Electric Modicon The product contains an input validation vulnerability.Information may be obtained and information may be altered. Modicon PLC is a programmable controller product for the dam, energy, food agriculture and other industries. Schneider Electric Modicon M340 PLC is a medium-sized PLC platform for industrial processes and architectures. There are several security holes in the Modicon M340 PLC Station P34 module. Exploitation of these vulnerabilities could allow remote attackers to obtain sensitive information or execute arbitrary code on a web server, bypass authentication mechanisms, and access vulnerable devices
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201903-0642",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "modicon m340 bmxp3420302h",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp342030h",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxnoe0100",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxnoe0110",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxnoc0401",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxnoe0110h",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxnor0200h",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp3420302",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp342030",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp342020h",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp342020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxnoc0401",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxnoe0100",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxnoe0110",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxnoe0110h",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxnor0200h",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxp342020",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxp342020h",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxp342030",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxp3420302",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxp3420302h",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "electric modicon plc",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon m340 plc station p34 module",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "bmxnoc0401",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "bmxp3420302h",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "bmxp342030h",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "bmxnoe0100",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "bmxnoe0110",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "bmxnoe0110h",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "bmxnor0200h",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "bmxp342020",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "bmxp342020h",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "bmxp342030",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "bmxp3420302",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "0aca935a-1e69-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7c567132-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-05940"
},
{
"db": "CNVD",
"id": "CNVD-2015-05740"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008242"
},
{
"db": "NVD",
"id": "CVE-2015-6461"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:schneider_electric:bmxnoc0401_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:bmxnoe0100_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:bmxnoe0110_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:bmxnoe0110h_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:bmxnor0200h_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:bmxp342020_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:bmxp342020h_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:bmxp342030_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:bmxp3420302_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:bmxp3420302h_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-008242"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Aditya K. Sood",
"sources": [
{
"db": "BID",
"id": "76327"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-386"
}
],
"trust": 0.9
},
"cve": "CVE-2015-6461",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2015-6461",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 3.2,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.1,
"id": "CNVD-2015-05940",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-05740",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "0aca935a-1e69-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 3.2,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.1,
"id": "7c567132-2351-11e6-abef-000c29c66e3d",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-84422",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2015-6461",
"impactScore": 2.5,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-6461",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2015-6461",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2015-05940",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNVD",
"id": "CNVD-2015-05740",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201508-386",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "0aca935a-1e69-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "7c567132-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-84422",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "0aca935a-1e69-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7c567132-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-05940"
},
{
"db": "CNVD",
"id": "CNVD-2015-05740"
},
{
"db": "VULHUB",
"id": "VHN-84422"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008242"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-386"
},
{
"db": "NVD",
"id": "CVE-2015-6461"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Remote file inclusion allows an attacker to craft a specific URL referencing the Schneider Electric Modicon BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, or BMXP342030H PLC web server, which, when launched, will result in the browser redirecting to a remote file via a Java script loaded with the web page. plural Schneider Electric Modicon The product contains an input validation vulnerability.Information may be obtained and information may be altered. Modicon PLC is a programmable controller product for the dam, energy, food agriculture and other industries. Schneider Electric Modicon M340 PLC is a medium-sized PLC platform for industrial processes and architectures. There are several security holes in the Modicon M340 PLC Station P34 module. Exploitation of these vulnerabilities could allow remote attackers to obtain sensitive information or execute arbitrary code on a web server, bypass authentication mechanisms, and access vulnerable devices",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-6461"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008242"
},
{
"db": "CNVD",
"id": "CNVD-2015-05940"
},
{
"db": "CNVD",
"id": "CNVD-2015-05740"
},
{
"db": "BID",
"id": "76327"
},
{
"db": "IVD",
"id": "0aca935a-1e69-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7c567132-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-84422"
}
],
"trust": 3.42
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-6461",
"trust": 3.8
},
{
"db": "ICS CERT",
"id": "ICSA-15-246-02",
"trust": 3.1
},
{
"db": "CNNVD",
"id": "CNNVD-201508-386",
"trust": 1.1
},
{
"db": "BID",
"id": "76327",
"trust": 1.0
},
{
"db": "CNVD",
"id": "CNVD-2015-05740",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2015-05940",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008242",
"trust": 0.8
},
{
"db": "SCHNEIDER",
"id": "SEVD-2015-233-01",
"trust": 0.6
},
{
"db": "IVD",
"id": "0ACA935A-1E69-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "7C567132-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-84422",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "0aca935a-1e69-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7c567132-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-05940"
},
{
"db": "CNVD",
"id": "CNVD-2015-05740"
},
{
"db": "VULHUB",
"id": "VHN-84422"
},
{
"db": "BID",
"id": "76327"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008242"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-386"
},
{
"db": "NVD",
"id": "CVE-2015-6461"
}
]
},
"id": "VAR-201903-0642",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "0aca935a-1e69-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7c567132-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-05940"
},
{
"db": "CNVD",
"id": "CNVD-2015-05740"
},
{
"db": "VULHUB",
"id": "VHN-84422"
}
],
"trust": 2.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.6
}
],
"sources": [
{
"db": "IVD",
"id": "0aca935a-1e69-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7c567132-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-05940"
},
{
"db": "CNVD",
"id": "CNVD-2015-05740"
}
]
},
"last_update_date": "2024-11-23T22:30:07.790000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "\u30c8\u30c3\u30d7\u30da\u30fc\u30b8",
"trust": 0.8,
"url": "https://www.se.com/jp/ja/"
},
{
"title": "Schneider Electric Modicon PLC file contains patches for vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/63776"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05940"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008242"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
},
{
"problemtype": "CWE-98",
"trust": 1.0
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-84422"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008242"
},
{
"db": "NVD",
"id": "CVE-2015-6461"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-246-02"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-6461"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6461"
},
{
"trust": 0.6,
"url": "http://download.schneider-electric.com/files?p_file_id=1039693246\u0026amp;p_file_name=sevd-2015-233-01.pdf"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/76327"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05940"
},
{
"db": "CNVD",
"id": "CNVD-2015-05740"
},
{
"db": "VULHUB",
"id": "VHN-84422"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008242"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-386"
},
{
"db": "NVD",
"id": "CVE-2015-6461"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "0aca935a-1e69-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7c567132-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-05940"
},
{
"db": "CNVD",
"id": "CNVD-2015-05740"
},
{
"db": "VULHUB",
"id": "VHN-84422"
},
{
"db": "BID",
"id": "76327"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008242"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-386"
},
{
"db": "NVD",
"id": "CVE-2015-6461"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-09-01T00:00:00",
"db": "IVD",
"id": "0aca935a-1e69-11e6-abef-000c29c66e3d"
},
{
"date": "2015-09-11T00:00:00",
"db": "IVD",
"id": "7c567132-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2015-09-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05940"
},
{
"date": "2015-09-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05740"
},
{
"date": "2019-03-21T00:00:00",
"db": "VULHUB",
"id": "VHN-84422"
},
{
"date": "2015-08-12T00:00:00",
"db": "BID",
"id": "76327"
},
{
"date": "2019-05-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-008242"
},
{
"date": "2015-08-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-386"
},
{
"date": "2019-03-21T19:29:00.267000",
"db": "NVD",
"id": "CVE-2015-6461"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-09-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05940"
},
{
"date": "2015-09-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05740"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-84422"
},
{
"date": "2015-11-03T19:30:00",
"db": "BID",
"id": "76327"
},
{
"date": "2019-05-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-008242"
},
{
"date": "2019-10-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-386"
},
{
"date": "2024-11-21T02:35:00.673000",
"db": "NVD",
"id": "CVE-2015-6461"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-386"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric Modicon PLC File contains vulnerabilities",
"sources": [
{
"db": "IVD",
"id": "7c567132-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-05940"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input validation error",
"sources": [
{
"db": "IVD",
"id": "0aca935a-1e69-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7c567132-2351-11e6-abef-000c29c66e3d"
},
{
"db": "BID",
"id": "76327"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-386"
}
],
"trust": 1.3
}
}
var-201903-0624
Vulnerability from variot
Reflected Cross-Site Scripting (nonpersistent) allows an attacker to craft a specific URL, which contains Java script that will be executed on the Schneider Electric Modicon BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, or BMXP342030H PLC client browser. plural Schneider Electric Modicon The product contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Modicon PLC is a programmable controller product for the dam, energy, food agriculture and other industries. Multiple Schneider Electric Modicon M340 PLC products are prone to an unspecified cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. Schneider Electric Modicon PLC BMXNOC0401 etc. are programmable controllers of French Schneider Electric (Schneider Electric). The following products are affected: Schneider Electric Modicon PLC BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, BMXP3420303030
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201903-0624",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "modicon m340 bmxp3420302h",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp342030h",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxnoe0100",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxnoe0110",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxnoc0401",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxnoe0110h",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxnor0200h",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp3420302",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp342030",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp342020h",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp342020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxnoc0401",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxnoe0100",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxnoe0110",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxnoe0110h",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxnor0200h",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxp342020",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxp342020h",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxp342030",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxp3420302",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxp3420302h",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "electric modicon plc",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "modicon m340 bmxp342030h",
"scope": null,
"trust": 0.3,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp3420302h",
"scope": null,
"trust": 0.3,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp3420302",
"scope": null,
"trust": 0.3,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp342030",
"scope": null,
"trust": 0.3,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp342020h",
"scope": null,
"trust": 0.3,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp342020",
"scope": null,
"trust": 0.3,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxnor0200h",
"scope": null,
"trust": 0.3,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxnoe0110h",
"scope": null,
"trust": 0.3,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxnoe0110",
"scope": null,
"trust": 0.3,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxnoe0100",
"scope": null,
"trust": 0.3,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxnoc0401",
"scope": null,
"trust": 0.3,
"vendor": "schneider electric",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxnoc0401",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxp3420302h",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxp342030h",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxnoe0100",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxnoe0110",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxnoe0110h",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxnor0200h",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxp342020",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxp342020h",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxp342030",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxp3420302",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "7c549830-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-05939"
},
{
"db": "BID",
"id": "76613"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008241"
},
{
"db": "NVD",
"id": "CVE-2015-6462"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:schneider_electric:bmxnoc0401_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:bmxnoe0100_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:bmxnoe0110_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:bmxnoe0110h_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:bmxnor0200h_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:bmxp342020_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:bmxp342020h_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:bmxp342030_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:bmxp3420302_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:bmxp3420302h_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-008241"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Aditya K. Sood and Juan Francisco Bolivar",
"sources": [
{
"db": "BID",
"id": "76613"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-443"
}
],
"trust": 0.9
},
"cve": "CVE-2015-6462",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "CVE-2015-6462",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 3.2,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.1,
"id": "CNVD-2015-05939",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 3.2,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.1,
"id": "7c549830-2351-11e6-abef-000c29c66e3d",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "VHN-84423",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.3,
"id": "CVE-2015-6462",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-6462",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2015-6462",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2015-05939",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201509-443",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "7c549830-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-84423",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "7c549830-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-05939"
},
{
"db": "VULHUB",
"id": "VHN-84423"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008241"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-443"
},
{
"db": "NVD",
"id": "CVE-2015-6462"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Reflected Cross-Site Scripting (nonpersistent) allows an attacker to craft a specific URL, which contains Java script that will be executed on the Schneider Electric Modicon BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, or BMXP342030H PLC client browser. plural Schneider Electric Modicon The product contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Modicon PLC is a programmable controller product for the dam, energy, food agriculture and other industries. Multiple Schneider Electric Modicon M340 PLC products are prone to an unspecified cross-site scripting vulnerability because it fails to sanitize user-supplied input. \nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. Schneider Electric Modicon PLC BMXNOC0401 etc. are programmable controllers of French Schneider Electric (Schneider Electric). The following products are affected: Schneider Electric Modicon PLC BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, BMXP3420303030",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-6462"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008241"
},
{
"db": "CNVD",
"id": "CNVD-2015-05939"
},
{
"db": "BID",
"id": "76613"
},
{
"db": "IVD",
"id": "7c549830-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-84423"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-6462",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-15-246-02",
"trust": 3.4
},
{
"db": "CNNVD",
"id": "CNNVD-201509-443",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2015-05939",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008241",
"trust": 0.8
},
{
"db": "SCHNEIDER",
"id": "SEVD-2015-233-01",
"trust": 0.6
},
{
"db": "BID",
"id": "76613",
"trust": 0.4
},
{
"db": "IVD",
"id": "7C549830-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-84423",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "7c549830-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-05939"
},
{
"db": "VULHUB",
"id": "VHN-84423"
},
{
"db": "BID",
"id": "76613"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008241"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-443"
},
{
"db": "NVD",
"id": "CVE-2015-6462"
}
]
},
"id": "VAR-201903-0624",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "7c549830-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-05939"
},
{
"db": "VULHUB",
"id": "VHN-84423"
}
],
"trust": 1.73333335
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "7c549830-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-05939"
}
]
},
"last_update_date": "2024-11-23T22:30:07.838000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "\u30c8\u30c3\u30d7\u30da\u30fc\u30b8",
"trust": 0.8,
"url": "https://www.se.com/jp/ja/"
},
{
"title": "Patch for Schneider Electric Modicon PLC Cross-Site Scripting Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/63775"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05939"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008241"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-84423"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008241"
},
{
"db": "NVD",
"id": "CVE-2015-6462"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-246-02"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-6462"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6462"
},
{
"trust": 0.6,
"url": "http://download.schneider-electric.com/files?p_file_id=1039693246\u0026amp;p_file_name=sevd-2015-233-01.pdf"
},
{
"trust": 0.3,
"url": "http://www.schneider-electric.com/en/product-range/1468-modicon-m340/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05939"
},
{
"db": "VULHUB",
"id": "VHN-84423"
},
{
"db": "BID",
"id": "76613"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008241"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-443"
},
{
"db": "NVD",
"id": "CVE-2015-6462"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "7c549830-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-05939"
},
{
"db": "VULHUB",
"id": "VHN-84423"
},
{
"db": "BID",
"id": "76613"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008241"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-443"
},
{
"db": "NVD",
"id": "CVE-2015-6462"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-09-11T00:00:00",
"db": "IVD",
"id": "7c549830-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2015-09-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05939"
},
{
"date": "2019-03-21T00:00:00",
"db": "VULHUB",
"id": "VHN-84423"
},
{
"date": "2015-09-03T00:00:00",
"db": "BID",
"id": "76613"
},
{
"date": "2019-05-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-008241"
},
{
"date": "2015-09-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201509-443"
},
{
"date": "2019-03-21T19:29:00.317000",
"db": "NVD",
"id": "CVE-2015-6462"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-09-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05939"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-84423"
},
{
"date": "2015-09-03T00:00:00",
"db": "BID",
"id": "76613"
},
{
"date": "2019-05-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-008241"
},
{
"date": "2019-10-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201509-443"
},
{
"date": "2024-11-21T02:35:00.833000",
"db": "NVD",
"id": "CVE-2015-6462"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201509-443"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric Modicon PLC Cross-Site Scripting Vulnerability",
"sources": [
{
"db": "IVD",
"id": "7c549830-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-05939"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201509-443"
}
],
"trust": 0.6
}
}
var-201909-0047
Vulnerability from variot
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in BMXNOR0200H Ethernet / Serial RTU module (all firmware versions), which could cause disconnection of active connections when an unusually high number of IEC 60870- 5-104 packets are received by the module on port 2404/TCP. Schneider Electric BMXNOR0200H Ethernet/Serial RTU module is an Ethernet serial RTU (remote terminal device) module of Schneider Electric (France Schneider Electric) company.
Schneider Electric BMXNOR0200H Ethernet/Serial RTU module has access control error vulnerability. The vulnerability stems from network systems or products that do not properly restrict access to resources from unauthorized roles. There is currently no detailed vulnerability details provided
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201909-0047",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "bmxnor0200h",
"scope": null,
"trust": 1.4,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxnor0200h",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "electric schneider electric bmxnor0200h ethernet/serial rtu module",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "bmxnor0200h",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-25044"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009523"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-823"
},
{
"db": "NVD",
"id": "CVE-2019-6831"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:schneider_electric:bmxnor0200h_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009523"
}
]
},
"cve": "CVE-2019-6831",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-6831",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CNVD-2020-25044",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-158266",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-6831",
"impactScore": 4.0,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.6,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-6831",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-6831",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-6831",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-25044",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201909-823",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-158266",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2019-6831",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-25044"
},
{
"db": "VULHUB",
"id": "VHN-158266"
},
{
"db": "VULMON",
"id": "CVE-2019-6831"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009523"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-823"
},
{
"db": "NVD",
"id": "CVE-2019-6831"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in BMXNOR0200H Ethernet / Serial RTU module (all firmware versions), which could cause disconnection of active connections when an unusually high number of IEC 60870- 5-104 packets are received by the module on port 2404/TCP. Schneider Electric BMXNOR0200H Ethernet/Serial RTU module is an Ethernet serial RTU (remote terminal device) module of Schneider Electric (France Schneider Electric) company. \n\r\n\r\nSchneider Electric BMXNOR0200H Ethernet/Serial RTU module has access control error vulnerability. The vulnerability stems from network systems or products that do not properly restrict access to resources from unauthorized roles. There is currently no detailed vulnerability details provided",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6831"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009523"
},
{
"db": "CNVD",
"id": "CNVD-2020-25044"
},
{
"db": "VULHUB",
"id": "VHN-158266"
},
{
"db": "VULMON",
"id": "CVE-2019-6831"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-6831",
"trust": 3.2
},
{
"db": "SCHNEIDER",
"id": "SEVD-2019-225-03",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009523",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201909-823",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2020-25044",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-20-044-01",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0526",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-158266",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-6831",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-25044"
},
{
"db": "VULHUB",
"id": "VHN-158266"
},
{
"db": "VULMON",
"id": "CVE-2019-6831"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009523"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-823"
},
{
"db": "NVD",
"id": "CVE-2019-6831"
}
]
},
"id": "VAR-201909-0047",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-25044"
},
{
"db": "VULHUB",
"id": "VHN-158266"
}
],
"trust": 1.45
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-25044"
}
]
},
"last_update_date": "2024-11-23T22:06:01.598000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2019-225-03",
"trust": 0.8,
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-225-03/"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2019-6831 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-6831"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009523"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-754",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158266"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009523"
},
{
"db": "NVD",
"id": "CVE-2019-6831"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.schneider-electric.com/en/download/document/sevd-2019-225-03/"
},
{
"trust": 1.8,
"url": "https://security.cse.iitk.ac.in/responsible-disclosure"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6831"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6831"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-044-01"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0526/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/754.html"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2019-6831"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-25044"
},
{
"db": "VULHUB",
"id": "VHN-158266"
},
{
"db": "VULMON",
"id": "CVE-2019-6831"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009523"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-823"
},
{
"db": "NVD",
"id": "CVE-2019-6831"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-25044"
},
{
"db": "VULHUB",
"id": "VHN-158266"
},
{
"db": "VULMON",
"id": "CVE-2019-6831"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009523"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-823"
},
{
"db": "NVD",
"id": "CVE-2019-6831"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-25044"
},
{
"date": "2019-09-17T00:00:00",
"db": "VULHUB",
"id": "VHN-158266"
},
{
"date": "2019-09-17T00:00:00",
"db": "VULMON",
"id": "CVE-2019-6831"
},
{
"date": "2019-09-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-009523"
},
{
"date": "2019-09-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201909-823"
},
{
"date": "2019-09-17T20:15:12.343000",
"db": "NVD",
"id": "CVE-2019-6831"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-25044"
},
{
"date": "2019-10-02T00:00:00",
"db": "VULHUB",
"id": "VHN-158266"
},
{
"date": "2022-09-03T00:00:00",
"db": "VULMON",
"id": "CVE-2019-6831"
},
{
"date": "2019-09-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-009523"
},
{
"date": "2020-02-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201909-823"
},
{
"date": "2024-11-21T04:47:14.383000",
"db": "NVD",
"id": "CVE-2019-6831"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201909-823"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "BMXNOR0200H Ethernet / Serial RTU Vulnerability in module checking for exceptional conditions",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009523"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201909-823"
}
],
"trust": 0.6
}
}
var-201706-0453
Vulnerability from variot
A Resource Exhaustion issue was discovered in Schneider Electric Modicon M340 PLC BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP341000, BMXP342000, BMXP3420102, BMXP3420102CL, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, and BMXP342030H. A remote attacker could send a specially crafted set of packets to the PLC causing it to freeze, requiring the operator to physically press the reset button on the PLC in order to recover. SchneiderElectricModiconM340PLC is a programmable controller product from Schneider Electric, France. A denial of service vulnerability exists in SchneiderElectricModiconM340PLC. A remote attacker could exploit this vulnerability to make the device unresponsive, resulting in a denial of service. The following versions are affected: Modicon M340 PLC BMXNOC0401 ; BMXNOE0100 ; BMXNOE0110 ; BMXNOE0110H ; BMXNOR0200H ; BMXP341000 ; BMXP342000 ; BMXP3420102 ; BMXP3420102CL ; BMXP342020 ; BMXP342020H ; BMXP342030 ; BMXP3420302 ; BMXP3420302H ; BMXP342030H
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201706-0453",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "bmxnoe0100",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.8"
},
{
"model": "modicon m340 bmxp3420102",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.8"
},
{
"model": "bmxnoe0110",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.8"
},
{
"model": "modicon m340 bmxp342020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.8"
},
{
"model": "bmxnoe0110h",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.8"
},
{
"model": "bmxnor0200h",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.8"
},
{
"model": "bmxnoc0401",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.8"
},
{
"model": "modicon m340 bmxp342030",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.8"
},
{
"model": "modicon m340 bmxp342030h",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.8"
},
{
"model": "modicon m340 bmxp3420302",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.8"
},
{
"model": "modicon m340 bmxp342020h",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.8"
},
{
"model": "modicon m340 bmxp342000",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.8"
},
{
"model": "modicon m340 bmxp341000",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.8"
},
{
"model": "modicon m340 bmxp3420302h",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.8"
},
{
"model": "modicon m340 bmxp3420102cl",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "2.8"
},
{
"model": "modicon m340 plc",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "electric modicon m340 plc",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "bmxp342020",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "2.8"
},
{
"model": "bmxp3420102cl",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "2.8"
},
{
"model": "bmxp342000",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "2.8"
},
{
"model": "bmxp3420302",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "2.8"
},
{
"model": "bmxp3420302h",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "2.8"
},
{
"model": "m340 plc",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "2.8"
},
{
"model": "bmxp342020h",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "2.8"
},
{
"model": "bmxp342030",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "2.8"
},
{
"model": "bmxp342030h",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "2.8"
},
{
"model": "bmxp3420102",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "2.8"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxnoc0401",
"version": "2.8"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxp342020",
"version": "2.8"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxp342020h",
"version": "2.8"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxp342030",
"version": "2.8"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxp3420302",
"version": "2.8"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxp3420302h",
"version": "2.8"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxp342030h",
"version": "2.8"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxnoe0100",
"version": "2.8"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxnoe0110",
"version": "2.8"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxnoe0110h",
"version": "2.8"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxnor0200h",
"version": "2.8"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxp341000",
"version": "2.8"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxp342000",
"version": "2.8"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxp3420102",
"version": "2.8"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxp3420102cl",
"version": "2.8"
}
],
"sources": [
{
"db": "IVD",
"id": "42f18207-58b3-4f72-aee4-b1b10da6e76d"
},
{
"db": "CNVD",
"id": "CNVD-2017-03144"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005159"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-595"
},
{
"db": "NVD",
"id": "CVE-2017-6017"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:schneider_electric:m340_plc_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-005159"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Luis Francisco Martin Liras.",
"sources": [
{
"db": "BID",
"id": "96414"
}
],
"trust": 0.3
},
"cve": "CVE-2017-6017",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2017-6017",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-03144",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "42f18207-58b3-4f72-aee4-b1b10da6e76d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-114220",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2017-6017",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-6017",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-6017",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-03144",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201702-595",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "42f18207-58b3-4f72-aee4-b1b10da6e76d",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-114220",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "42f18207-58b3-4f72-aee4-b1b10da6e76d"
},
{
"db": "CNVD",
"id": "CNVD-2017-03144"
},
{
"db": "VULHUB",
"id": "VHN-114220"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005159"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-595"
},
{
"db": "NVD",
"id": "CVE-2017-6017"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A Resource Exhaustion issue was discovered in Schneider Electric Modicon M340 PLC BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP341000, BMXP342000, BMXP3420102, BMXP3420102CL, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, and BMXP342030H. A remote attacker could send a specially crafted set of packets to the PLC causing it to freeze, requiring the operator to physically press the reset button on the PLC in order to recover. SchneiderElectricModiconM340PLC is a programmable controller product from Schneider Electric, France. A denial of service vulnerability exists in SchneiderElectricModiconM340PLC. A remote attacker could exploit this vulnerability to make the device unresponsive, resulting in a denial of service. The following versions are affected: Modicon M340 PLC BMXNOC0401 ; BMXNOE0100 ; BMXNOE0110 ; BMXNOE0110H ; BMXNOR0200H ; BMXP341000 ; BMXP342000 ; BMXP3420102 ; BMXP3420102CL ; BMXP342020 ; BMXP342020H ; BMXP342030 ; BMXP3420302 ; BMXP3420302H ; BMXP342030H ",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-6017"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005159"
},
{
"db": "CNVD",
"id": "CNVD-2017-03144"
},
{
"db": "BID",
"id": "96414"
},
{
"db": "IVD",
"id": "42f18207-58b3-4f72-aee4-b1b10da6e76d"
},
{
"db": "VULHUB",
"id": "VHN-114220"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-6017",
"trust": 3.6
},
{
"db": "BID",
"id": "96414",
"trust": 2.6
},
{
"db": "ICS CERT",
"id": "ICSA-17-054-03",
"trust": 2.5
},
{
"db": "SCHNEIDER",
"id": "SEVD-2017-048-02",
"trust": 1.1
},
{
"db": "CNNVD",
"id": "CNNVD-201702-595",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2017-03144",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005159",
"trust": 0.8
},
{
"db": "IVD",
"id": "42F18207-58B3-4F72-AEE4-B1B10DA6E76D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-114220",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "42f18207-58b3-4f72-aee4-b1b10da6e76d"
},
{
"db": "CNVD",
"id": "CNVD-2017-03144"
},
{
"db": "VULHUB",
"id": "VHN-114220"
},
{
"db": "BID",
"id": "96414"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005159"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-595"
},
{
"db": "NVD",
"id": "CVE-2017-6017"
}
]
},
"id": "VAR-201706-0453",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "42f18207-58b3-4f72-aee4-b1b10da6e76d"
},
{
"db": "CNVD",
"id": "CNVD-2017-03144"
},
{
"db": "VULHUB",
"id": "VHN-114220"
}
],
"trust": 1.9
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "42f18207-58b3-4f72-aee4-b1b10da6e76d"
},
{
"db": "CNVD",
"id": "CNVD-2017-03144"
}
]
},
"last_update_date": "2024-11-23T22:56:12.246000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Modicon M340",
"trust": 0.8,
"url": "http://www.schneider-electric.com/en/product-range/1468-modicon-m340"
},
{
"title": "SchneiderElectricModiconM340PLC denial of service vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/90690"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-03144"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005159"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-400",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-114220"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005159"
},
{
"db": "NVD",
"id": "CVE-2017-6017"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-054-03"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/96414"
},
{
"trust": 1.1,
"url": "https://www.schneider-electric.com/en/download/document/sevd-2017-048-02/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6017"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-6017"
},
{
"trust": 0.3,
"url": "http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-03144"
},
{
"db": "VULHUB",
"id": "VHN-114220"
},
{
"db": "BID",
"id": "96414"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005159"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-595"
},
{
"db": "NVD",
"id": "CVE-2017-6017"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "42f18207-58b3-4f72-aee4-b1b10da6e76d"
},
{
"db": "CNVD",
"id": "CNVD-2017-03144"
},
{
"db": "VULHUB",
"id": "VHN-114220"
},
{
"db": "BID",
"id": "96414"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005159"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-595"
},
{
"db": "NVD",
"id": "CVE-2017-6017"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-03-23T00:00:00",
"db": "IVD",
"id": "42f18207-58b3-4f72-aee4-b1b10da6e76d"
},
{
"date": "2017-03-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-03144"
},
{
"date": "2017-06-30T00:00:00",
"db": "VULHUB",
"id": "VHN-114220"
},
{
"date": "2017-02-23T00:00:00",
"db": "BID",
"id": "96414"
},
{
"date": "2017-07-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-005159"
},
{
"date": "2017-02-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-595"
},
{
"date": "2017-06-30T03:29:00.233000",
"db": "NVD",
"id": "CVE-2017-6017"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-03-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-03144"
},
{
"date": "2018-12-24T00:00:00",
"db": "VULHUB",
"id": "VHN-114220"
},
{
"date": "2017-03-07T03:09:00",
"db": "BID",
"id": "96414"
},
{
"date": "2017-07-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-005159"
},
{
"date": "2017-07-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-595"
},
{
"date": "2024-11-21T03:28:54.620000",
"db": "NVD",
"id": "CVE-2017-6017"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-595"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric Modicon M340 PLC Denial of service vulnerability",
"sources": [
{
"db": "IVD",
"id": "42f18207-58b3-4f72-aee4-b1b10da6e76d"
},
{
"db": "CNVD",
"id": "CNVD-2017-03144"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-595"
}
],
"trust": 0.6
}
}
var-201804-1337
Vulnerability from variot
A vulnerability exists in the HTTP request parser in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200 which could allow arbitrary code execution. plural Schneider Electric The product contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Schneider Electric Modicon M340 and others are programmable logic controller products from Schneider Electric, France. The HTTP request parser is one of the HTTP request parsers. A remote attacker can exploit this vulnerability to execute arbitrary code
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201804-1337",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "140cpu65860",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu31110c",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu65160s",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu65260",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu65160",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu43412uc",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu65150c",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu65860c",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu65160c",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57154m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57254mc",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp342000",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57204mc",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57254m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57454mc",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp575634m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57554m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu31110",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57554mc",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57104mc",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp575634mc",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp574634mc",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp341000h",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57454m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp573634mc",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp571634mc",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp573634m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57104m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxh5744mc",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57304m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57304mc",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57354m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxh5744m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57154mc",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp576634mc",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp342020h",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp571634m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp3420302h",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu65260c",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp3420302cl",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxnor0200",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxnor0200h",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu43412u",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp574634m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp3420302",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxh5724mc",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp341000",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp342020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp572634mc",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu65150",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp3420102cl",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57204m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp572634m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp3420102",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57354mc",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp576634m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxh5724m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu31110",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxnor0200",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxp341000",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxh5724m",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57104m",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "electric modicon premium",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon m340",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon quantum plc",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric bmxnor0200",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "bmxp341000",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "140cpu65160c",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "tsxh5724m",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "tsxh5744mc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxnor0200",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "140cpu65150c",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "140cpu31110c",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "140cpu43412uc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "140cpu65260c",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "140cpu65860c",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxp341000",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxp342000",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxp3420102",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxnor0200h",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxp3420102cl",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxp342020",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxp3420302",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxp3420302cl",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxp3420302h",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxp342020h",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxp341000h",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxh5744m",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp57104m",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "140cpu65150",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp57154m",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp571634m",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp57204m",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp57254m",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp572634m",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp57304m",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp57354m",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp573634m",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp57454m",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp574634m",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "140cpu31110",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp575634m",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp576634m",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxh5724mc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp57104mc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp57154mc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp571634mc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp57204mc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp57254mc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp572634mc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "140cpu43412u",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp57304mc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp57354mc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp573634mc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp57454mc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp574634mc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp57554mc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp575634mc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp576634mc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "140cpu65160",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp57554m",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "140cpu65260",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "140cpu65860",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "140cpu65160s",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "e2f26cc0-39ab-11e9-b2f8-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-11261"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004491"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-823"
},
{
"db": "NVD",
"id": "CVE-2018-7761"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:schneider_electric:140cpu31110_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:bmxnor0200_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:bmxp341000_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:tsxh5724m_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:tsxp57104m_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-004491"
}
]
},
"cve": "CVE-2018-7761",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2018-7761",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-11261",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "e2f26cc0-39ab-11e9-b2f8-000c29342cb1",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-137793",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2018-7761",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-7761",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2018-7761",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2018-11261",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201804-823",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "e2f26cc0-39ab-11e9-b2f8-000c29342cb1",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-137793",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2f26cc0-39ab-11e9-b2f8-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-11261"
},
{
"db": "VULHUB",
"id": "VHN-137793"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004491"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-823"
},
{
"db": "NVD",
"id": "CVE-2018-7761"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability exists in the HTTP request parser in Schneider Electric\u0027s Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200 which could allow arbitrary code execution. plural Schneider Electric The product contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Schneider Electric Modicon M340 and others are programmable logic controller products from Schneider Electric, France. The HTTP request parser is one of the HTTP request parsers. A remote attacker can exploit this vulnerability to execute arbitrary code",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7761"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004491"
},
{
"db": "CNVD",
"id": "CNVD-2018-11261"
},
{
"db": "IVD",
"id": "e2f26cc0-39ab-11e9-b2f8-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-137793"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-7761",
"trust": 3.3
},
{
"db": "SCHNEIDER",
"id": "SEVD-2018-081-02",
"trust": 2.3
},
{
"db": "CNNVD",
"id": "CNNVD-201804-823",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2018-11261",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004491",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2F26CC0-39AB-11E9-B2F8-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-137793",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2f26cc0-39ab-11e9-b2f8-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-11261"
},
{
"db": "VULHUB",
"id": "VHN-137793"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004491"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-823"
},
{
"db": "NVD",
"id": "CVE-2018-7761"
}
]
},
"id": "VAR-201804-1337",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2f26cc0-39ab-11e9-b2f8-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-11261"
},
{
"db": "VULHUB",
"id": "VHN-137793"
}
],
"trust": 1.79242425
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e2f26cc0-39ab-11e9-b2f8-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-11261"
}
]
},
"last_update_date": "2024-11-23T21:39:00.367000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2018-081-02",
"trust": 0.8,
"url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2018-081-02+Modicon.pdf\u0026p_Doc_Ref=SEVD-2018-081-02"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-004491"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-137793"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004491"
},
{
"db": "NVD",
"id": "CVE-2018-7761"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://www.schneider-electric.com/en/download/document/sevd-2018-081-02/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7761"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7761"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11261"
},
{
"db": "VULHUB",
"id": "VHN-137793"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004491"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-823"
},
{
"db": "NVD",
"id": "CVE-2018-7761"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2f26cc0-39ab-11e9-b2f8-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-11261"
},
{
"db": "VULHUB",
"id": "VHN-137793"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004491"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-823"
},
{
"db": "NVD",
"id": "CVE-2018-7761"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-06-12T00:00:00",
"db": "IVD",
"id": "e2f26cc0-39ab-11e9-b2f8-000c29342cb1"
},
{
"date": "2018-06-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-11261"
},
{
"date": "2018-04-18T00:00:00",
"db": "VULHUB",
"id": "VHN-137793"
},
{
"date": "2018-06-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-004491"
},
{
"date": "2018-04-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201804-823"
},
{
"date": "2018-04-18T20:29:00.793000",
"db": "NVD",
"id": "CVE-2018-7761"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-06-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-11261"
},
{
"date": "2018-05-24T00:00:00",
"db": "VULHUB",
"id": "VHN-137793"
},
{
"date": "2018-06-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-004491"
},
{
"date": "2018-05-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201804-823"
},
{
"date": "2024-11-21T04:12:41.250000",
"db": "NVD",
"id": "CVE-2018-7761"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201804-823"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Schneider Electric Vulnerability related to input validation in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-004491"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input validation",
"sources": [
{
"db": "IVD",
"id": "e2f26cc0-39ab-11e9-b2f8-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-823"
}
],
"trust": 0.8
}
}
var-201909-0042
Vulnerability from variot
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in BMXNOR0200H Ethernet / Serial RTU module (all firmware versions) and Modicon M340 controller (all firmware versions), which could cause denial of service when truncated SNMP packets on port 161/UDP are received by the device. BMXNOR0200H Ethernet / Serial RTU module and Modicon M340 controller Contains an exceptional condition check vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Schneider Electric Modicon M340 and BMXNOR0200H Ethernet/Serial RTU module are products of Schneider Electric (France). Schneider Electric Modicon M340 is a mid-range PLC (programmable logic controller) for industrial processes and infrastructure. BMXNOR0200H Ethernet/Serial RTU module is an Ethernet serial RTU (remote terminal device) module.
Schneider Electric BMXNOR0200H Ethernet/Serial RTU module and Modicon M340 controller have code issue vulnerabilities. The vulnerability stems from the problem of improper design or implementation in the code development process of network systems or products. There is currently no detailed vulnerability details provided
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201909-0042",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "bmxnor0200h",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "bmxnor0200h",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "electric schneider electric bmxnor0200h ethernet/serial rtu module",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-25045"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009446"
},
{
"db": "NVD",
"id": "CVE-2019-6813"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:schneider_electric:bmxnor0200h_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:modicon_m340_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009446"
}
]
},
"cve": "CVE-2019-6813",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-6813",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-25045",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-158248",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-6813",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-6813",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-6813",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-6813",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-25045",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201909-819",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-158248",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-25045"
},
{
"db": "VULHUB",
"id": "VHN-158248"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009446"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-819"
},
{
"db": "NVD",
"id": "CVE-2019-6813"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in BMXNOR0200H Ethernet / Serial RTU module (all firmware versions) and Modicon M340 controller (all firmware versions), which could cause denial of service when truncated SNMP packets on port 161/UDP are received by the device. BMXNOR0200H Ethernet / Serial RTU module and Modicon M340 controller Contains an exceptional condition check vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Schneider Electric Modicon M340 and BMXNOR0200H Ethernet/Serial RTU module are products of Schneider Electric (France). Schneider Electric Modicon M340 is a mid-range PLC (programmable logic controller) for industrial processes and infrastructure. BMXNOR0200H Ethernet/Serial RTU module is an Ethernet serial RTU (remote terminal device) module. \n\r\n\r\nSchneider Electric BMXNOR0200H Ethernet/Serial RTU module and Modicon M340 controller have code issue vulnerabilities. The vulnerability stems from the problem of improper design or implementation in the code development process of network systems or products. There is currently no detailed vulnerability details provided",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6813"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009446"
},
{
"db": "CNVD",
"id": "CNVD-2020-25045"
},
{
"db": "VULHUB",
"id": "VHN-158248"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-6813",
"trust": 3.1
},
{
"db": "SCHNEIDER",
"id": "SEVD-2019-225-03",
"trust": 2.3
},
{
"db": "SCHNEIDER",
"id": "SEVD-2019-225-02",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009446",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-25045",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-20-044-01",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0526",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201909-819",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-158248",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-25045"
},
{
"db": "VULHUB",
"id": "VHN-158248"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009446"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-819"
},
{
"db": "NVD",
"id": "CVE-2019-6813"
}
]
},
"id": "VAR-201909-0042",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-25045"
},
{
"db": "VULHUB",
"id": "VHN-158248"
}
],
"trust": 1.45
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-25045"
}
]
},
"last_update_date": "2024-11-23T22:06:01.633000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2019-225-02",
"trust": 0.8,
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-225-02/"
},
{
"title": "SEVD-2019-225-03",
"trust": 0.8,
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-225-03/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009446"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-754",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158248"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009446"
},
{
"db": "NVD",
"id": "CVE-2019-6813"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://www.schneider-electric.com/en/download/document/sevd-2019-225-03/"
},
{
"trust": 1.7,
"url": "https://www.schneider-electric.com/en/download/document/sevd-2019-225-02/"
},
{
"trust": 1.7,
"url": "https://security.cse.iitk.ac.in/responsible-disclosure"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6813"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6813"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-044-01"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0526/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-25045"
},
{
"db": "VULHUB",
"id": "VHN-158248"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009446"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-819"
},
{
"db": "NVD",
"id": "CVE-2019-6813"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-25045"
},
{
"db": "VULHUB",
"id": "VHN-158248"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009446"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-819"
},
{
"db": "NVD",
"id": "CVE-2019-6813"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-09-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-25045"
},
{
"date": "2019-09-17T00:00:00",
"db": "VULHUB",
"id": "VHN-158248"
},
{
"date": "2019-09-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-009446"
},
{
"date": "2019-09-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201909-819"
},
{
"date": "2019-09-17T20:15:12",
"db": "NVD",
"id": "CVE-2019-6813"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-25045"
},
{
"date": "2019-10-02T00:00:00",
"db": "VULHUB",
"id": "VHN-158248"
},
{
"date": "2019-09-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-009446"
},
{
"date": "2022-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201909-819"
},
{
"date": "2024-11-21T04:47:12.570000",
"db": "NVD",
"id": "CVE-2019-6813"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201909-819"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "BMXNOR0200H Ethernet / Serial RTU module and Modicon M340 controller Vulnerabilities related to exceptional state checking",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009446"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201909-819"
}
],
"trust": 0.6
}
}
var-201804-1269
Vulnerability from variot
Vulnerable hash algorithms exists in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules. The algorithm used to encrypt the password is vulnerable to hash collision attacks. plural Schneider Electric The product contains a vulnerability related to cryptographic strength.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Schneider Electric Modicon Premium\Modicon Quantum\Modicon M340\Modicon BMXNOR0200 is a programmable controller product from Schneider Electric, France. A number of Schneider Electric products have a weak encryption algorithm vulnerability that stems from the fact that the FTP server does not limit the length of the command parameters, which can cause buffer overflows. Multiple Schneider Electric Modicon products are prone to a remote security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201804-1269",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "tsxp57554m",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxh5724m",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp573634mc",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57354mc",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp574634mc",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxh5744mc",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp575634mc",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57454mc",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57554mc",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp576634mc",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57154m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57254mc",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp342000",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57204mc",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57254m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp575634m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu31110",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu65160",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57104mc",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp341000h",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu65860c",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57454m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp571634mc",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp573634m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57104m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57304m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57304mc",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu65260",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu65150c",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57354m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu65160s",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu65160c",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxh5744m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57154mc",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp342020h",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp571634m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp3420302h",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu65260c",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu65860",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp3420302cl",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxnor0200",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxnor0200h",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu43412uc",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu43412u",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp574634m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp3420302",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxh5724mc",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp341000",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp342020",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp572634mc",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu65150",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp3420102cl",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp57204m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp572634m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 bmxp3420102",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "140cpu31110c",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "tsxp576634m",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": null
},
{
"model": "bmxnor0200",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m340 pac",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon premium plc",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon quantum plc",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "electric modicon premium",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon quantum",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon m340",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "electric modicon rtu",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "x80"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "140cpu65160c",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "tsxh5724m",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "tsxh5744mc",
"version": null
},
{
"model": "modicon quantum",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "modicon premium",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "modicon m340",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "modicon bmxnor0200",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxnor0200",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "140cpu65150c",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "140cpu31110c",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "140cpu43412uc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "140cpu65260c",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "140cpu65860c",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxp341000",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxp342000",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxp3420102",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxnor0200h",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxp3420102cl",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxp342020",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxp3420302",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxp3420302cl",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxp3420302h",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxp342020h",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bmxp341000h",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxh5744m",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp57104m",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "140cpu65150",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp57154m",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp571634m",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp57204m",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp57254m",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp572634m",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp57304m",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp57354m",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp573634m",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp57454m",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp574634m",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "140cpu31110",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp575634m",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp576634m",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxh5724mc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp57104mc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp57154mc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp571634mc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp57204mc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp57254mc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp572634mc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "140cpu43412u",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp57304mc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp57354mc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp573634mc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp57454mc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp574634mc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp57554mc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp575634mc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp576634mc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "140cpu65160",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tsxp57554m",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "140cpu65260",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "140cpu65860",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "140cpu65160s",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "e2ea2f5e-39ab-11e9-890e-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06519"
},
{
"db": "BID",
"id": "103543"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004279"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-1000"
},
{
"db": "NVD",
"id": "CVE-2018-7242"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:schneider_electric:bmxnor0200",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:schneider_electric:modicon_m340",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:schneider_electric:modicon_premium",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:schneider_electric:modicon_quantum_plc",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-004279"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Nikita Maximov (Positive Technologies)",
"sources": [
{
"db": "BID",
"id": "103543"
}
],
"trust": 0.3
},
"cve": "CVE-2018-7242",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2018-7242",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 4.9,
"id": "CNVD-2018-06519",
"impactScore": 7.8,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 4.9,
"id": "e2ea2f5e-39ab-11e9-890e-000c29342cb1",
"impactScore": 7.8,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-137274",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2018-7242",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-7242",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2018-7242",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2018-06519",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201803-1000",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "e2ea2f5e-39ab-11e9-890e-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-137274",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2ea2f5e-39ab-11e9-890e-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06519"
},
{
"db": "VULHUB",
"id": "VHN-137274"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004279"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-1000"
},
{
"db": "NVD",
"id": "CVE-2018-7242"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vulnerable hash algorithms exists in Schneider Electric\u0027s Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules. The algorithm used to encrypt the password is vulnerable to hash collision attacks. plural Schneider Electric The product contains a vulnerability related to cryptographic strength.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Schneider Electric Modicon Premium\\\\Modicon Quantum\\\\Modicon M340\\\\Modicon BMXNOR0200 is a programmable controller product from Schneider Electric, France. A number of Schneider Electric products have a weak encryption algorithm vulnerability that stems from the fact that the FTP server does not limit the length of the command parameters, which can cause buffer overflows. Multiple Schneider Electric Modicon products are prone to a remote security-bypass vulnerability. \nAn attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7242"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004279"
},
{
"db": "CNVD",
"id": "CNVD-2018-06519"
},
{
"db": "BID",
"id": "103543"
},
{
"db": "IVD",
"id": "e2ea2f5e-39ab-11e9-890e-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-137274"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-7242",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-18-086-01",
"trust": 3.4
},
{
"db": "SCHNEIDER",
"id": "SEVD-2018-081-01",
"trust": 2.0
},
{
"db": "BID",
"id": "103543",
"trust": 1.4
},
{
"db": "CNNVD",
"id": "CNNVD-201803-1000",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2018-06519",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004279",
"trust": 0.8
},
{
"db": "NSFOCUS",
"id": "39225",
"trust": 0.6
},
{
"db": "IVD",
"id": "E2EA2F5E-39AB-11E9-890E-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-137274",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2ea2f5e-39ab-11e9-890e-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06519"
},
{
"db": "VULHUB",
"id": "VHN-137274"
},
{
"db": "BID",
"id": "103543"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004279"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-1000"
},
{
"db": "NVD",
"id": "CVE-2018-7242"
}
]
},
"id": "VAR-201804-1269",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2ea2f5e-39ab-11e9-890e-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06519"
},
{
"db": "VULHUB",
"id": "VHN-137274"
}
],
"trust": 1.7565656666666667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e2ea2f5e-39ab-11e9-890e-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06519"
}
]
},
"last_update_date": "2024-11-23T22:45:23.622000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security Notification - Embedded FTP Servers for Modicon",
"trust": 0.8,
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-081-01/"
},
{
"title": "Multiple Schneider Electric Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79470"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-004279"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-1000"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-326",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-137274"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004279"
},
{
"db": "NVD",
"id": "CVE-2018-7242"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-086-01"
},
{
"trust": 2.0,
"url": "https://www.schneider-electric.com/en/download/document/sevd-2018-081-01/"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/103543"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7242"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7242"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/39225"
},
{
"trust": 0.3,
"url": "http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-06519"
},
{
"db": "VULHUB",
"id": "VHN-137274"
},
{
"db": "BID",
"id": "103543"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004279"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-1000"
},
{
"db": "NVD",
"id": "CVE-2018-7242"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2ea2f5e-39ab-11e9-890e-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06519"
},
{
"db": "VULHUB",
"id": "VHN-137274"
},
{
"db": "BID",
"id": "103543"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004279"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-1000"
},
{
"db": "NVD",
"id": "CVE-2018-7242"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-28T00:00:00",
"db": "IVD",
"id": "e2ea2f5e-39ab-11e9-890e-000c29342cb1"
},
{
"date": "2018-03-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-06519"
},
{
"date": "2018-04-18T00:00:00",
"db": "VULHUB",
"id": "VHN-137274"
},
{
"date": "2018-03-22T00:00:00",
"db": "BID",
"id": "103543"
},
{
"date": "2018-06-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-004279"
},
{
"date": "2018-03-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-1000"
},
{
"date": "2018-04-18T20:29:00.373000",
"db": "NVD",
"id": "CVE-2018-7242"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-06519"
},
{
"date": "2018-12-05T00:00:00",
"db": "VULHUB",
"id": "VHN-137274"
},
{
"date": "2018-03-22T00:00:00",
"db": "BID",
"id": "103543"
},
{
"date": "2018-07-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-004279"
},
{
"date": "2018-05-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-1000"
},
{
"date": "2024-11-21T04:11:51.740000",
"db": "NVD",
"id": "CVE-2018-7242"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-1000"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Schneider Electric Vulnerability related to cryptographic strength in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-004279"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-1000"
}
],
"trust": 0.6
}
}
var-201909-0040
Vulnerability from variot
CWE-284: Improper Access Control vulnerability exists in BMXNOR0200H Ethernet / Serial RTU module (all firmware versions), which could cause the execution of commands by unauthorized users when using IEC 60870-5-104 protocol. BMXNOR0200H Ethernet / Serial RTU The module contains an unauthorized authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Schneider Electric BMXNOR0200H Ethernet/Serial RTU module is an Ethernet serial RTU (remote terminal device) module of Schneider Electric (France Schneider Electric) company.
Schneider Electric BMXNOR0200H Ethernet/Serial RTU module has access control error vulnerability. The vulnerability stems from network systems or products that do not properly restrict access to resources from unauthorized roles. There is currently no detailed vulnerability details provided
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201909-0040",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "bmxnor0200h",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "*"
},
{
"model": "bmxnor0200h",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "electric schneider electric bmxnor0200h ethernet/serial rtu module",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-25046"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009444"
},
{
"db": "NVD",
"id": "CVE-2019-6810"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:schneider_electric:bmxnor0200h_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009444"
}
]
},
"cve": "CVE-2019-6810",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2019-6810",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CNVD-2020-25046",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-158245",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2019-6810",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-6810",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-6810",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-6810",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-25046",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201909-816",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-158245",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2019-6810",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-25046"
},
{
"db": "VULHUB",
"id": "VHN-158245"
},
{
"db": "VULMON",
"id": "CVE-2019-6810"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009444"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-816"
},
{
"db": "NVD",
"id": "CVE-2019-6810"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CWE-284: Improper Access Control vulnerability exists in BMXNOR0200H Ethernet / Serial RTU module (all firmware versions), which could cause the execution of commands by unauthorized users when using IEC 60870-5-104 protocol. BMXNOR0200H Ethernet / Serial RTU The module contains an unauthorized authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Schneider Electric BMXNOR0200H Ethernet/Serial RTU module is an Ethernet serial RTU (remote terminal device) module of Schneider Electric (France Schneider Electric) company. \n\r\n\r\nSchneider Electric BMXNOR0200H Ethernet/Serial RTU module has access control error vulnerability. The vulnerability stems from network systems or products that do not properly restrict access to resources from unauthorized roles. There is currently no detailed vulnerability details provided",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6810"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009444"
},
{
"db": "CNVD",
"id": "CNVD-2020-25046"
},
{
"db": "VULHUB",
"id": "VHN-158245"
},
{
"db": "VULMON",
"id": "CVE-2019-6810"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-6810",
"trust": 3.2
},
{
"db": "SCHNEIDER",
"id": "SEVD-2019-225-03",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009444",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201909-816",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2020-25046",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0526",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-20-044-01",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-158245",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-6810",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-25046"
},
{
"db": "VULHUB",
"id": "VHN-158245"
},
{
"db": "VULMON",
"id": "CVE-2019-6810"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009444"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-816"
},
{
"db": "NVD",
"id": "CVE-2019-6810"
}
]
},
"id": "VAR-201909-0040",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-25046"
},
{
"db": "VULHUB",
"id": "VHN-158245"
}
],
"trust": 1.45
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-25046"
}
]
},
"last_update_date": "2024-11-23T22:06:01.665000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2019-225-03",
"trust": 0.8,
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-225-03/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009444"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-284",
"trust": 1.0
},
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-863",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158245"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009444"
},
{
"db": "NVD",
"id": "CVE-2019-6810"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.schneider-electric.com/en/download/document/sevd-2019-225-03/"
},
{
"trust": 1.8,
"url": "https://security.cse.iitk.ac.in/responsible-disclosure"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6810"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6810"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-044-01"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0526/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-25046"
},
{
"db": "VULHUB",
"id": "VHN-158245"
},
{
"db": "VULMON",
"id": "CVE-2019-6810"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009444"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-816"
},
{
"db": "NVD",
"id": "CVE-2019-6810"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-25046"
},
{
"db": "VULHUB",
"id": "VHN-158245"
},
{
"db": "VULMON",
"id": "CVE-2019-6810"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009444"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-816"
},
{
"db": "NVD",
"id": "CVE-2019-6810"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-25046"
},
{
"date": "2019-09-17T00:00:00",
"db": "VULHUB",
"id": "VHN-158245"
},
{
"date": "2019-09-17T00:00:00",
"db": "VULMON",
"id": "CVE-2019-6810"
},
{
"date": "2019-09-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-009444"
},
{
"date": "2019-09-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201909-816"
},
{
"date": "2019-09-17T20:15:11.860000",
"db": "NVD",
"id": "CVE-2019-6810"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-25046"
},
{
"date": "2023-02-13T00:00:00",
"db": "VULHUB",
"id": "VHN-158245"
},
{
"date": "2023-02-13T00:00:00",
"db": "VULMON",
"id": "CVE-2019-6810"
},
{
"date": "2019-09-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-009444"
},
{
"date": "2023-02-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201909-816"
},
{
"date": "2024-11-21T04:47:12.243000",
"db": "NVD",
"id": "CVE-2019-6810"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201909-816"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "BMXNOR0200H Ethernet / Serial RTU Incorrect authentication vulnerability in module",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009444"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201909-816"
}
],
"trust": 0.6
}
}
cve-2024-12142
Vulnerability from cvelistv5
Published
2025-01-17 10:19
Modified
2025-02-12 16:51
Severity ?
8.8 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
EPSS score ?
Summary
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could
cause information disclosure of restricted web page, modification of web page and denial of
service when specific web pages are modified and restricted functions are invoked.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Schneider Electric | Modicon M340 processors (part numbers BMXP34*) |
Version: All versions |
||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12142",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-17T13:18:13.025284Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T16:51:46.673Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Modicon M340 processors (part numbers BMXP34*)",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "BMXNOE0100",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "BMXNOE0110",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "All Versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "BMXNOR0200H",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "Versions prior to SV1.70IR26"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could\ncause information disclosure of restricted web page, modification of web page and denial of\nservice when specific web pages are modified and restricted functions are invoked.\n\n\u003cbr\u003e"
}
],
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could\ncause information disclosure of restricted web page, modification of web page and denial of\nservice when specific web pages are modified and restricted functions are invoked."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-17T10:19:11.768Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-014-05\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2025-014-05.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2024-12142",
"datePublished": "2025-01-17T10:19:11.768Z",
"dateReserved": "2024-12-04T11:14:37.294Z",
"dateUpdated": "2025-02-12T16:51:46.673Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}