Vulnerabilites related to schneider-electric - modicon_quantum_plc
cve-2012-0929
Vulnerability from cvelistv5
Published
2012-01-28 01:00
Modified
2024-08-06 18:38
Severity ?
EPSS score ?
Summary
Multiple buffer overflows in Schneider Electric Modicon Quantum PLC allow remote attackers to cause a denial of service via malformed requests to the (1) FTP server or (2) HTTP server.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-12-020-03.pdf | x_refsource_MISC | |
| http://www.securityfocus.com/bid/51605 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/47723 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/72588 | vdb-entry, x_refsource_XF | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/72589 | vdb-entry, x_refsource_XF | |
| https://us-cert.cisa.gov/ics/alerts/ICS-ALERT-12-020-03 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:38:15.010Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-12-020-03.pdf"
},
{
"name": "51605",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/51605"
},
{
"name": "47723",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47723"
},
{
"name": "schneider-modicon-http-dos(72588)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72588"
},
{
"name": "schneider-modicon-ftp-dos(72589)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72589"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/alerts/ICS-ALERT-12-020-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-01-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in Schneider Electric Modicon Quantum PLC allow remote attackers to cause a denial of service via malformed requests to the (1) FTP server or (2) HTTP server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-21T14:00:05",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-12-020-03.pdf"
},
{
"name": "51605",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/51605"
},
{
"name": "47723",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47723"
},
{
"name": "schneider-modicon-http-dos(72588)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72588"
},
{
"name": "schneider-modicon-ftp-dos(72589)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72589"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/alerts/ICS-ALERT-12-020-03"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-0929",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in Schneider Electric Modicon Quantum PLC allow remote attackers to cause a denial of service via malformed requests to the (1) FTP server or (2) HTTP server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-12-020-03.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-12-020-03.pdf"
},
{
"name": "51605",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51605"
},
{
"name": "47723",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47723"
},
{
"name": "schneider-modicon-http-dos(72588)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72588"
},
{
"name": "schneider-modicon-ftp-dos(72589)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72589"
},
{
"name": "https://us-cert.cisa.gov/ics/alerts/ICS-ALERT-12-020-03",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/alerts/ICS-ALERT-12-020-03"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-0929",
"datePublished": "2012-01-28T01:00:00",
"dateReserved": "2012-01-27T00:00:00",
"dateUpdated": "2024-08-06T18:38:15.010Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-0931
Vulnerability from cvelistv5
Published
2012-01-28 01:00
Modified
2024-08-06 18:38
Severity ?
EPSS score ?
Summary
Schneider Electric Modicon Quantum PLC does not perform authentication between the Unity software and PLC, which allows remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-12-020-03.pdf | x_refsource_MISC | |
| http://www.securityfocus.com/bid/51605 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/47723 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/72586 | vdb-entry, x_refsource_XF | |
| https://us-cert.cisa.gov/ics/alerts/ICS-ALERT-12-020-03 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:38:15.007Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-12-020-03.pdf"
},
{
"name": "51605",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/51605"
},
{
"name": "47723",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47723"
},
{
"name": "schneider-modicon-unity-dos(72586)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72586"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/alerts/ICS-ALERT-12-020-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-01-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Schneider Electric Modicon Quantum PLC does not perform authentication between the Unity software and PLC, which allows remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-21T14:04:12",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-12-020-03.pdf"
},
{
"name": "51605",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/51605"
},
{
"name": "47723",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47723"
},
{
"name": "schneider-modicon-unity-dos(72586)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72586"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/alerts/ICS-ALERT-12-020-03"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-0931",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Schneider Electric Modicon Quantum PLC does not perform authentication between the Unity software and PLC, which allows remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-12-020-03.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-12-020-03.pdf"
},
{
"name": "51605",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51605"
},
{
"name": "47723",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47723"
},
{
"name": "schneider-modicon-unity-dos(72586)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72586"
},
{
"name": "https://us-cert.cisa.gov/ics/alerts/ICS-ALERT-12-020-03",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/alerts/ICS-ALERT-12-020-03"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-0931",
"datePublished": "2012-01-28T01:00:00",
"dateReserved": "2012-01-27T00:00:00",
"dateUpdated": "2024-08-06T18:38:15.007Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-0664
Vulnerability from cvelistv5
Published
2013-04-04 10:00
Modified
2024-09-16 19:30
Severity ?
EPSS score ?
Summary
The FactoryCast service on the Schneider Electric Quantum 140NOE77111 and 140NWM10000, M340 BMXNOE0110x, and Premium TSXETY5103 PLC modules allows remote authenticated users to send Modbus messages, and consequently execute arbitrary code, by embedding these messages in SOAP HTTP POST requests.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:33:05.668Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.schneider-electric.com/download/ww/en/details/35081317-Vulnerability-Disclosure-for-Quantum-Premium-and-M340/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.schneider-electric.com/download/ww/en/file/36555639-SEVD-2013-023-01.pdf/?fileName=SEVD-2013-023-01.pdf\u0026reference=SEVD-2013-023-01\u0026docType=Technical-paper"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/pdf/ICSA-13-077-01A.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The FactoryCast service on the Schneider Electric Quantum 140NOE77111 and 140NWM10000, M340 BMXNOE0110x, and Premium TSXETY5103 PLC modules allows remote authenticated users to send Modbus messages, and consequently execute arbitrary code, by embedding these messages in SOAP HTTP POST requests."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-04-04T10:00:00Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.schneider-electric.com/download/ww/en/details/35081317-Vulnerability-Disclosure-for-Quantum-Premium-and-M340/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.schneider-electric.com/download/ww/en/file/36555639-SEVD-2013-023-01.pdf/?fileName=SEVD-2013-023-01.pdf\u0026reference=SEVD-2013-023-01\u0026docType=Technical-paper"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ics-cert.us-cert.gov/pdf/ICSA-13-077-01A.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2013-0664",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The FactoryCast service on the Schneider Electric Quantum 140NOE77111 and 140NWM10000, M340 BMXNOE0110x, and Premium TSXETY5103 PLC modules allows remote authenticated users to send Modbus messages, and consequently execute arbitrary code, by embedding these messages in SOAP HTTP POST requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.schneider-electric.com/download/ww/en/details/35081317-Vulnerability-Disclosure-for-Quantum-Premium-and-M340/",
"refsource": "CONFIRM",
"url": "http://www.schneider-electric.com/download/ww/en/details/35081317-Vulnerability-Disclosure-for-Quantum-Premium-and-M340/"
},
{
"name": "http://www.schneider-electric.com/download/ww/en/file/36555639-SEVD-2013-023-01.pdf/?fileName=SEVD-2013-023-01.pdf\u0026reference=SEVD-2013-023-01\u0026docType=Technical-paper",
"refsource": "CONFIRM",
"url": "http://www.schneider-electric.com/download/ww/en/file/36555639-SEVD-2013-023-01.pdf/?fileName=SEVD-2013-023-01.pdf\u0026reference=SEVD-2013-023-01\u0026docType=Technical-paper"
},
{
"name": "http://ics-cert.us-cert.gov/pdf/ICSA-13-077-01A.pdf",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/pdf/ICSA-13-077-01A.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2013-0664",
"datePublished": "2013-04-04T10:00:00Z",
"dateReserved": "2012-12-19T00:00:00Z",
"dateUpdated": "2024-09-16T19:30:03.282Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-0930
Vulnerability from cvelistv5
Published
2012-01-28 01:00
Modified
2024-08-06 18:38
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Schneider Electric Modicon Quantum PLC allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-12-020-03.pdf | x_refsource_MISC | |
| http://www.securityfocus.com/bid/51605 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/47723 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/72590 | vdb-entry, x_refsource_XF | |
| https://us-cert.cisa.gov/ics/alerts/ICS-ALERT-12-020-03 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:38:15.056Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-12-020-03.pdf"
},
{
"name": "51605",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/51605"
},
{
"name": "47723",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47723"
},
{
"name": "schneider-modicon-unspec-xss(72590)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72590"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/alerts/ICS-ALERT-12-020-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-01-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Schneider Electric Modicon Quantum PLC allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-21T14:06:08",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-12-020-03.pdf"
},
{
"name": "51605",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/51605"
},
{
"name": "47723",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47723"
},
{
"name": "schneider-modicon-unspec-xss(72590)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72590"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/alerts/ICS-ALERT-12-020-03"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-0930",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Schneider Electric Modicon Quantum PLC allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-12-020-03.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-12-020-03.pdf"
},
{
"name": "51605",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51605"
},
{
"name": "47723",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47723"
},
{
"name": "schneider-modicon-unspec-xss(72590)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72590"
},
{
"name": "https://us-cert.cisa.gov/ics/alerts/ICS-ALERT-12-020-03",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/alerts/ICS-ALERT-12-020-03"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-0930",
"datePublished": "2012-01-28T01:00:00",
"dateReserved": "2012-01-27T00:00:00",
"dateUpdated": "2024-08-06T18:38:15.056Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-0663
Vulnerability from cvelistv5
Published
2013-04-04 10:00
Modified
2024-08-06 14:33
Severity ?
EPSS score ?
Summary
Cross-site request forgery (CSRF) vulnerability on the Schneider Electric Quantum 140NOE77111, 140NOE77101, and 140NWM10000; M340 BMXNOC0401, BMXNOE0100x, and BMXNOE011xx; and Premium TSXETY4103, TSXETY5103, and TSXWMY100 PLC modules allows remote attackers to hijack the authentication of arbitrary users for requests that execute commands, as demonstrated by modifying HTTP credentials.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.exploit-db.com/exploits/44678/ | exploit, x_refsource_EXPLOIT-DB | |
| http://www.schneider-electric.com/download/ww/en/details/35081317-Vulnerability-Disclosure-for-Quantum-Premium-and-M340/ | x_refsource_CONFIRM | |
| http://www.schneider-electric.com/download/ww/en/file/36555639-SEVD-2013-023-01.pdf/?fileName=SEVD-2013-023-01.pdf&reference=SEVD-2013-023-01&docType=Technical-paper | x_refsource_CONFIRM | |
| http://ics-cert.us-cert.gov/pdf/ICSA-13-077-01A.pdf | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:33:05.456Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "44678",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/44678/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.schneider-electric.com/download/ww/en/details/35081317-Vulnerability-Disclosure-for-Quantum-Premium-and-M340/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.schneider-electric.com/download/ww/en/file/36555639-SEVD-2013-023-01.pdf/?fileName=SEVD-2013-023-01.pdf\u0026reference=SEVD-2013-023-01\u0026docType=Technical-paper"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/pdf/ICSA-13-077-01A.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-01-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability on the Schneider Electric Quantum 140NOE77111, 140NOE77101, and 140NWM10000; M340 BMXNOC0401, BMXNOE0100x, and BMXNOE011xx; and Premium TSXETY4103, TSXETY5103, and TSXWMY100 PLC modules allows remote attackers to hijack the authentication of arbitrary users for requests that execute commands, as demonstrated by modifying HTTP credentials."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-23T09:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "44678",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/44678/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.schneider-electric.com/download/ww/en/details/35081317-Vulnerability-Disclosure-for-Quantum-Premium-and-M340/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.schneider-electric.com/download/ww/en/file/36555639-SEVD-2013-023-01.pdf/?fileName=SEVD-2013-023-01.pdf\u0026reference=SEVD-2013-023-01\u0026docType=Technical-paper"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ics-cert.us-cert.gov/pdf/ICSA-13-077-01A.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2013-0663",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability on the Schneider Electric Quantum 140NOE77111, 140NOE77101, and 140NWM10000; M340 BMXNOC0401, BMXNOE0100x, and BMXNOE011xx; and Premium TSXETY4103, TSXETY5103, and TSXWMY100 PLC modules allows remote attackers to hijack the authentication of arbitrary users for requests that execute commands, as demonstrated by modifying HTTP credentials."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "44678",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44678/"
},
{
"name": "http://www.schneider-electric.com/download/ww/en/details/35081317-Vulnerability-Disclosure-for-Quantum-Premium-and-M340/",
"refsource": "CONFIRM",
"url": "http://www.schneider-electric.com/download/ww/en/details/35081317-Vulnerability-Disclosure-for-Quantum-Premium-and-M340/"
},
{
"name": "http://www.schneider-electric.com/download/ww/en/file/36555639-SEVD-2013-023-01.pdf/?fileName=SEVD-2013-023-01.pdf\u0026reference=SEVD-2013-023-01\u0026docType=Technical-paper",
"refsource": "CONFIRM",
"url": "http://www.schneider-electric.com/download/ww/en/file/36555639-SEVD-2013-023-01.pdf/?fileName=SEVD-2013-023-01.pdf\u0026reference=SEVD-2013-023-01\u0026docType=Technical-paper"
},
{
"name": "http://ics-cert.us-cert.gov/pdf/ICSA-13-077-01A.pdf",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/pdf/ICSA-13-077-01A.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2013-0663",
"datePublished": "2013-04-04T10:00:00",
"dateReserved": "2012-12-19T00:00:00",
"dateUpdated": "2024-08-06T14:33:05.456Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2012-01-28 01:55
Modified
2024-11-21 01:35
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Schneider Electric Modicon Quantum PLC allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| schneider-electric | modicon_quantum_plc | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_quantum_plc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8E2B3D6F-F83D-4778-9C5F-6BB6131FA78D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Schneider Electric Modicon Quantum PLC allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Una vulnerabilidad de ejecuci\u00f3n de comandos en sitios cruzados (XSS) en PLCs Modicon Quantum de Schneider Electric permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2012-0930",
"lastModified": "2024-11-21T01:35:59.517",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2012-01-28T01:55:01.547",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/47723"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/51605"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-12-020-03.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72590"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/alerts/ICS-ALERT-12-020-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/47723"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/51605"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-12-020-03.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72590"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/alerts/ICS-ALERT-12-020-03"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-04-04 11:58
Modified
2024-11-21 01:47
Severity ?
Summary
The FactoryCast service on the Schneider Electric Quantum 140NOE77111 and 140NWM10000, M340 BMXNOE0110x, and Premium TSXETY5103 PLC modules allows remote authenticated users to send Modbus messages, and consequently execute arbitrary code, by embedding these messages in SOAP HTTP POST requests.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| schneider-electric | modicon_quantum_plc | 140noe77111 | |
| schneider-electric | modicon_quantum_plc | 140nwm10000 | |
| schneider-electric | modicon_m340 | bmxnoe0110x | |
| schneider-electric | modicon_premium | tsxety5103 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_quantum_plc:140noe77111:*:*:*:*:*:*:*",
"matchCriteriaId": "56FB594F-638A-4E8B-9072-475E64CDE999",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_quantum_plc:140nwm10000:*:*:*:*:*:*:*",
"matchCriteriaId": "AD53FEBF-FF81-4563-B80C-CE67ABDA233B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340:bmxnoe0110x:*:*:*:*:*:*:*",
"matchCriteriaId": "5E2D7BD5-2273-41E1-A446-4F7729003381",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_premium:tsxety5103:*:*:*:*:*:*:*",
"matchCriteriaId": "D7579763-6663-41F7-A162-5FEBA9A9CE70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The FactoryCast service on the Schneider Electric Quantum 140NOE77111 and 140NWM10000, M340 BMXNOE0110x, and Premium TSXETY5103 PLC modules allows remote authenticated users to send Modbus messages, and consequently execute arbitrary code, by embedding these messages in SOAP HTTP POST requests."
},
{
"lang": "es",
"value": "El servicio FactoryCast en los m\u00f3dulos Electric Quantum 140NOE77111 y 140NWM10000, M340 BMXNOE0110x, y Premium TSXETY5103 PLC , permite a usuarios autenticados remotamente el env\u00edo de mensajes Modbus, y por consiguiente la ejecuci\u00f3n de c\u00f3digo arbitrario embebiendo estos mensajes en peticiones SOAP HTTP POST."
}
],
"id": "CVE-2013-0664",
"lastModified": "2024-11-21T01:47:58.130",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-04-04T11:58:49.823",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"US Government Resource"
],
"url": "http://ics-cert.us-cert.gov/pdf/ICSA-13-077-01A.pdf"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Vendor Advisory"
],
"url": "http://www.schneider-electric.com/download/ww/en/details/35081317-Vulnerability-Disclosure-for-Quantum-Premium-and-M340/"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Vendor Advisory"
],
"url": "http://www.schneider-electric.com/download/ww/en/file/36555639-SEVD-2013-023-01.pdf/?fileName=SEVD-2013-023-01.pdf\u0026reference=SEVD-2013-023-01\u0026docType=Technical-paper"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://ics-cert.us-cert.gov/pdf/ICSA-13-077-01A.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.schneider-electric.com/download/ww/en/details/35081317-Vulnerability-Disclosure-for-Quantum-Premium-and-M340/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.schneider-electric.com/download/ww/en/file/36555639-SEVD-2013-023-01.pdf/?fileName=SEVD-2013-023-01.pdf\u0026reference=SEVD-2013-023-01\u0026docType=Technical-paper"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-04-04 11:58
Modified
2024-11-21 01:47
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability on the Schneider Electric Quantum 140NOE77111, 140NOE77101, and 140NWM10000; M340 BMXNOC0401, BMXNOE0100x, and BMXNOE011xx; and Premium TSXETY4103, TSXETY5103, and TSXWMY100 PLC modules allows remote attackers to hijack the authentication of arbitrary users for requests that execute commands, as demonstrated by modifying HTTP credentials.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| schneider-electric | modicon_quantum_plc | 140noe77101 | |
| schneider-electric | modicon_quantum_plc | 140noe77111 | |
| schneider-electric | modicon_quantum_plc | 140nwm10000 | |
| schneider-electric | modicon_m340 | bmxnoc0401 | |
| schneider-electric | modicon_m340 | bmxnoe011xx | |
| schneider-electric | modicon_m340 | bmxnoe0100x | |
| schneider-electric | modicon_premium | tsxety4103 | |
| schneider-electric | modicon_premium | tsxety5103 | |
| schneider-electric | modicon_premium | tsxwmy100 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_quantum_plc:140noe77101:*:*:*:*:*:*:*",
"matchCriteriaId": "18705050-B954-4AB9-A8D0-BDCB09A9839A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_quantum_plc:140noe77111:*:*:*:*:*:*:*",
"matchCriteriaId": "56FB594F-638A-4E8B-9072-475E64CDE999",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_quantum_plc:140nwm10000:*:*:*:*:*:*:*",
"matchCriteriaId": "AD53FEBF-FF81-4563-B80C-CE67ABDA233B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340:bmxnoc0401:*:*:*:*:*:*:*",
"matchCriteriaId": "00C02342-50B0-4883-9430-9CAB7968081B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340:bmxnoe011xx:*:*:*:*:*:*:*",
"matchCriteriaId": "21E85599-1298-4B8C-8255-42D165F905F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340:bmxnoe0100x:*:*:*:*:*:*:*",
"matchCriteriaId": "1F41B43D-038F-4775-A1BB-486918806E7E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_premium:tsxety4103:*:*:*:*:*:*:*",
"matchCriteriaId": "FEEA7CF9-59A9-4B40-9E20-F179D40815C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_premium:tsxety5103:*:*:*:*:*:*:*",
"matchCriteriaId": "D7579763-6663-41F7-A162-5FEBA9A9CE70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_premium:tsxwmy100:*:*:*:*:*:*:*",
"matchCriteriaId": "42C34DAA-D856-4E59-A98F-2DF47E600612",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability on the Schneider Electric Quantum 140NOE77111, 140NOE77101, and 140NWM10000; M340 BMXNOC0401, BMXNOE0100x, and BMXNOE011xx; and Premium TSXETY4103, TSXETY5103, and TSXWMY100 PLC modules allows remote attackers to hijack the authentication of arbitrary users for requests that execute commands, as demonstrated by modifying HTTP credentials."
},
{
"lang": "es",
"value": "Vulnerabilidad CSRF en los m\u00f3dulos Schneider Electric Quantum 140NOE77111, 140NOE77101, y 140NWM10000; M340 BMXNOC0401, BMXNOE0100x, y BMXNOE011xx; y Premium TSXETY4103, TSXETY5103, y TSXWMY100 PLC, permite a atacantes remotos secuestrar la autenticaci\u00f3n de los usuarios para peticiones que ejecutan comandos, como se ha demostrado mediante la modificaci\u00f3n de de peticiones HTTP."
}
],
"id": "CVE-2013-0663",
"lastModified": "2024-11-21T01:47:58.017",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-04-04T11:58:48.687",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"US Government Resource"
],
"url": "http://ics-cert.us-cert.gov/pdf/ICSA-13-077-01A.pdf"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Vendor Advisory"
],
"url": "http://www.schneider-electric.com/download/ww/en/details/35081317-Vulnerability-Disclosure-for-Quantum-Premium-and-M340/"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Vendor Advisory"
],
"url": "http://www.schneider-electric.com/download/ww/en/file/36555639-SEVD-2013-023-01.pdf/?fileName=SEVD-2013-023-01.pdf\u0026reference=SEVD-2013-023-01\u0026docType=Technical-paper"
},
{
"source": "ics-cert@hq.dhs.gov",
"url": "https://www.exploit-db.com/exploits/44678/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://ics-cert.us-cert.gov/pdf/ICSA-13-077-01A.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.schneider-electric.com/download/ww/en/details/35081317-Vulnerability-Disclosure-for-Quantum-Premium-and-M340/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.schneider-electric.com/download/ww/en/file/36555639-SEVD-2013-023-01.pdf/?fileName=SEVD-2013-023-01.pdf\u0026reference=SEVD-2013-023-01\u0026docType=Technical-paper"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/44678/"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-01-28 01:55
Modified
2024-11-21 01:35
Severity ?
Summary
Multiple buffer overflows in Schneider Electric Modicon Quantum PLC allow remote attackers to cause a denial of service via malformed requests to the (1) FTP server or (2) HTTP server.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| schneider-electric | modicon_quantum_plc | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_quantum_plc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8E2B3D6F-F83D-4778-9C5F-6BB6131FA78D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in Schneider Electric Modicon Quantum PLC allow remote attackers to cause a denial of service via malformed requests to the (1) FTP server or (2) HTTP server."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos de b\u00fafer en los PLCs \u0027Modicon Quantum\u0027 de Schneider Electric\r\npermiten a atacantes remotos provocar una denegaci\u00f3n de servicio a trav\u00e9s de solicitudes mal formadas al (1) servidor FTP o (2) al servidor HTTP."
}
],
"id": "CVE-2012-0929",
"lastModified": "2024-11-21T01:35:59.387",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2012-01-28T01:55:01.487",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/47723"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/51605"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-12-020-03.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72588"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72589"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/alerts/ICS-ALERT-12-020-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/47723"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/51605"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-12-020-03.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72588"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72589"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/alerts/ICS-ALERT-12-020-03"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-01-28 01:55
Modified
2024-11-21 01:35
Severity ?
Summary
Schneider Electric Modicon Quantum PLC does not perform authentication between the Unity software and PLC, which allows remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| schneider-electric | modicon_quantum_plc | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_quantum_plc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8E2B3D6F-F83D-4778-9C5F-6BB6131FA78D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Schneider Electric Modicon Quantum PLC does not perform authentication between the Unity software and PLC, which allows remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors."
},
{
"lang": "es",
"value": "Schneider Electric Modicon Quantum PLC no autentica la conexi\u00f3n entre el software de la unidad y el PLC, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio o ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2012-0931",
"lastModified": "2024-11-21T01:35:59.653",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2012-01-28T01:55:01.593",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/47723"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/51605"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-12-020-03.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72586"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/alerts/ICS-ALERT-12-020-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/47723"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/51605"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-12-020-03.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72586"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/alerts/ICS-ALERT-12-020-03"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}