Vulnerabilites related to schneider-electric - tsxety5103
cve-2020-7533
Vulnerability from cvelistv5
Published
2020-12-01 14:47
Modified
2024-08-04 09:33
Severity ?
EPSS score ?
Summary
A CWE-255: Credentials Management vulnerability exists in Web Server on Modicon M340, Modicon Quantum and ModiconPremium Legacy offers and their Communication Modules (see security notification for version information) which could cause the execution of commands on the webserver without authentication when sending specially crafted HTTP requests.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.se.com/ww/en/download/document/SEVD-2020-287-01/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see security notification for version information) |
Version: Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see security notification for version information) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:33:19.965Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-287-01/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see security notification for version information)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see security notification for version information)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-255: Credentials Management vulnerability exists in Web Server on Modicon M340, Modicon Quantum and ModiconPremium Legacy offers and their Communication Modules (see security notification for version information) which could cause the execution of commands on the webserver without authentication when sending specially crafted HTTP requests."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-255",
"description": "CWE-255: Credentials Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-01T14:47:02",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-287-01/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2020-7533",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see security notification for version information)",
"version": {
"version_data": [
{
"version_value": "Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see security notification for version information)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-255: Credentials Management vulnerability exists in Web Server on Modicon M340, Modicon Quantum and ModiconPremium Legacy offers and their Communication Modules (see security notification for version information) which could cause the execution of commands on the webserver without authentication when sending specially crafted HTTP requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-255: Credentials Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.se.com/ww/en/download/document/SEVD-2020-287-01/",
"refsource": "MISC",
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-287-01/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2020-7533",
"datePublished": "2020-12-01T14:47:02",
"dateReserved": "2020-01-21T00:00:00",
"dateUpdated": "2024-08-04T09:33:19.965Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-0754
Vulnerability from cvelistv5
Published
2014-10-03 18:00
Modified
2024-08-06 09:27
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in SchneiderWEB on Schneider Electric Modicon PLC Ethernet modules 140CPU65x Exec before 5.5, 140NOC78x Exec before 1.62, 140NOE77x Exec before 6.2, BMXNOC0401 before 2.05, BMXNOE0100 before 2.9, BMXNOE0110x Exec before 6.0, TSXETC101 Exec before 2.04, TSXETY4103x Exec before 5.7, TSXETY5103x Exec before 5.9, TSXP57x ETYPort Exec before 5.7, and TSXP57x Ethernet Copro Exec before 5.5 allows remote attackers to visit arbitrary resources via a crafted HTTP request.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/70193 | vdb-entry, x_refsource_BID | |
| https://ics-cert.us-cert.gov/advisories/ICSA-14-273-01 | x_refsource_MISC | |
| http://download.schneider-electric.com/files?p_Reference=SEVD-2014-260-01&p_EnDocType=Software%20-%20Updates&p_File_Id=608959359&p_File_Name=SEVD-2014-260-01.pdf | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:27:19.540Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "70193",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/70193"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-273-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://download.schneider-electric.com/files?p_Reference=SEVD-2014-260-01\u0026p_EnDocType=Software%20-%20Updates\u0026p_File_Id=608959359\u0026p_File_Name=SEVD-2014-260-01.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in SchneiderWEB on Schneider Electric Modicon PLC Ethernet modules 140CPU65x Exec before 5.5, 140NOC78x Exec before 1.62, 140NOE77x Exec before 6.2, BMXNOC0401 before 2.05, BMXNOE0100 before 2.9, BMXNOE0110x Exec before 6.0, TSXETC101 Exec before 2.04, TSXETY4103x Exec before 5.7, TSXETY5103x Exec before 5.9, TSXP57x ETYPort Exec before 5.7, and TSXP57x Ethernet Copro Exec before 5.5 allows remote attackers to visit arbitrary resources via a crafted HTTP request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-05-14T17:57:00",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "70193",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/70193"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-273-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://download.schneider-electric.com/files?p_Reference=SEVD-2014-260-01\u0026p_EnDocType=Software%20-%20Updates\u0026p_File_Id=608959359\u0026p_File_Name=SEVD-2014-260-01.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-0754",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in SchneiderWEB on Schneider Electric Modicon PLC Ethernet modules 140CPU65x Exec before 5.5, 140NOC78x Exec before 1.62, 140NOE77x Exec before 6.2, BMXNOC0401 before 2.05, BMXNOE0100 before 2.9, BMXNOE0110x Exec before 6.0, TSXETC101 Exec before 2.04, TSXETY4103x Exec before 5.7, TSXETY5103x Exec before 5.9, TSXP57x ETYPort Exec before 5.7, and TSXP57x Ethernet Copro Exec before 5.5 allows remote attackers to visit arbitrary resources via a crafted HTTP request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "70193",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70193"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-273-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-273-01"
},
{
"name": "http://download.schneider-electric.com/files?p_Reference=SEVD-2014-260-01\u0026p_EnDocType=Software%20-%20Updates\u0026p_File_Id=608959359\u0026p_File_Name=SEVD-2014-260-01.pdf",
"refsource": "CONFIRM",
"url": "http://download.schneider-electric.com/files?p_Reference=SEVD-2014-260-01\u0026p_EnDocType=Software%20-%20Updates\u0026p_File_Id=608959359\u0026p_File_Name=SEVD-2014-260-01.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-0754",
"datePublished": "2014-10-03T18:00:00",
"dateReserved": "2014-01-02T00:00:00",
"dateUpdated": "2024-08-06T09:27:19.540Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-7540
Vulnerability from cvelistv5
Published
2020-12-11 00:52
Modified
2024-08-04 09:33
Severity ?
EPSS score ?
Summary
A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause unauthenticated command execution in the controller when sending special HTTP requests.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.se.com/ww/en/download/document/SEVD-2020-343-04/ | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions) |
Version: Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:33:19.892Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-04/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause unauthenticated command execution in the controller when sending special HTTP requests."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306: Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-11T00:52:03",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-04/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2020-7540",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions)",
"version": {
"version_data": [
{
"version_value": "Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause unauthenticated command execution in the controller when sending special HTTP requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-306: Missing Authentication for Critical Function"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.se.com/ww/en/download/document/SEVD-2020-343-04/",
"refsource": "CONFIRM",
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-04/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2020-7540",
"datePublished": "2020-12-11T00:52:03",
"dateReserved": "2020-01-21T00:00:00",
"dateUpdated": "2024-08-04T09:33:19.892Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-7534
Vulnerability from cvelistv5
Published
2022-02-04 22:29
Modified
2024-08-04 09:33
Severity ?
EPSS score ?
Summary
A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists on the web server used, that could cause a leak of sensitive data or unauthorized actions on the web server during the time the user is logged in. Affected Products: Modicon M340 CPUs: BMXP34 (All Versions), Modicon Quantum CPUs with integrated Ethernet (Copro): 140CPU65 (All Versions), Modicon Premium CPUs with integrated Ethernet (Copro): TSXP57 (All Versions), Modicon M340 ethernet modules: (BMXNOC0401, BMXNOE01, BMXNOR0200H) (All Versions), Modicon Quantum and Premium factory cast communication modules: (140NOE77111, 140NOC78*00, TSXETY5103, TSXETY4103) (All Versions)
References
| ▼ | URL | Tags |
|---|---|---|
| https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-011-01 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Modicon M340 CPUs: BMXP34 (All Versions), Modicon Quantum CPUs with integrated Ethernet (Copro): 140CPU65 (All Versions), Modicon Premium CPUs with integrated Ethernet (Copro): TSXP57 (All Versions), Modicon M340 ethernet modules: (BMXNOC0401, BMXNOE01, BMXNOR0200H) (All Versions), Modicon Quantum and Premium factory cast communication modules: (140NOE77111, 140NOC78*00, TSXETY5103, TSXETY4103) |
Version: Modicon M340 CPUs: BMXP34 (All Versions), Modicon Quantum CPUs with integrated Ethernet (Copro): 140CPU65 (All Versions), Modicon Premium CPUs with integrated Ethernet (Copro): TSXP57 (All Versions), Modicon M340 ethernet modules: (BMXNOC0401, BMXNOE01, BMXNOR0200H) (All Versions), Modicon Quantum and Premium factory cast communication modules: (140NOE77111, 140NOC78*00, TSXETY5103, TSXETY4103) (All Versions) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:33:19.804Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-011-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Modicon M340 CPUs: BMXP34 (All Versions), Modicon Quantum CPUs with integrated Ethernet (Copro): 140CPU65 (All Versions), Modicon Premium CPUs with integrated Ethernet (Copro): TSXP57 (All Versions), Modicon M340 ethernet modules: (BMXNOC0401, BMXNOE01, BMXNOR0200H) (All Versions), Modicon Quantum and Premium factory cast communication modules: (140NOE77111, 140NOC78*00, TSXETY5103, TSXETY4103)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Modicon M340 CPUs: BMXP34 (All Versions), Modicon Quantum CPUs with integrated Ethernet (Copro): 140CPU65 (All Versions), Modicon Premium CPUs with integrated Ethernet (Copro): TSXP57 (All Versions), Modicon M340 ethernet modules: (BMXNOC0401, BMXNOE01, BMXNOR0200H) (All Versions), Modicon Quantum and Premium factory cast communication modules: (140NOE77111, 140NOC78*00, TSXETY5103, TSXETY4103) (All Versions)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists on the web server used, that could cause a leak of sensitive data or unauthorized actions on the web server during the time the user is logged in. Affected Products: Modicon M340 CPUs: BMXP34 (All Versions), Modicon Quantum CPUs with integrated Ethernet (Copro): 140CPU65 (All Versions), Modicon Premium CPUs with integrated Ethernet (Copro): TSXP57 (All Versions), Modicon M340 ethernet modules: (BMXNOC0401, BMXNOE01, BMXNOR0200H) (All Versions), Modicon Quantum and Premium factory cast communication modules: (140NOE77111, 140NOC78*00, TSXETY5103, TSXETY4103) (All Versions)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352: Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-04T22:29:36",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-011-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2020-7534",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Modicon M340 CPUs: BMXP34 (All Versions), Modicon Quantum CPUs with integrated Ethernet (Copro): 140CPU65 (All Versions), Modicon Premium CPUs with integrated Ethernet (Copro): TSXP57 (All Versions), Modicon M340 ethernet modules: (BMXNOC0401, BMXNOE01, BMXNOR0200H) (All Versions), Modicon Quantum and Premium factory cast communication modules: (140NOE77111, 140NOC78*00, TSXETY5103, TSXETY4103)",
"version": {
"version_data": [
{
"version_value": "Modicon M340 CPUs: BMXP34 (All Versions), Modicon Quantum CPUs with integrated Ethernet (Copro): 140CPU65 (All Versions), Modicon Premium CPUs with integrated Ethernet (Copro): TSXP57 (All Versions), Modicon M340 ethernet modules: (BMXNOC0401, BMXNOE01, BMXNOR0200H) (All Versions), Modicon Quantum and Premium factory cast communication modules: (140NOE77111, 140NOC78*00, TSXETY5103, TSXETY4103) (All Versions)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists on the web server used, that could cause a leak of sensitive data or unauthorized actions on the web server during the time the user is logged in. Affected Products: Modicon M340 CPUs: BMXP34 (All Versions), Modicon Quantum CPUs with integrated Ethernet (Copro): 140CPU65 (All Versions), Modicon Premium CPUs with integrated Ethernet (Copro): TSXP57 (All Versions), Modicon M340 ethernet modules: (BMXNOC0401, BMXNOE01, BMXNOR0200H) (All Versions), Modicon Quantum and Premium factory cast communication modules: (140NOE77111, 140NOC78*00, TSXETY5103, TSXETY4103) (All Versions)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352: Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-011-01",
"refsource": "MISC",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-011-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2020-7534",
"datePublished": "2022-02-04T22:29:36",
"dateReserved": "2020-01-21T00:00:00",
"dateUpdated": "2024-08-04T09:33:19.804Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-7539
Vulnerability from cvelistv5
Published
2020-12-11 00:51
Modified
2024-08-04 09:33
Severity ?
EPSS score ?
Summary
A CWE-754 Improper Check for Unusual or Exceptional Conditions vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause a denial of service vulnerability when a specially crafted packet is sent to the controller over HTTP.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.se.com/ww/en/download/document/SEVD-2020-343-03/ | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions) |
Version: Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:33:19.565Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-03/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-754 Improper Check for Unusual or Exceptional Conditions vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause a denial of service vulnerability when a specially crafted packet is sent to the controller over HTTP."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754: Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-11T00:51:57",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-03/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2020-7539",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions)",
"version": {
"version_data": [
{
"version_value": "Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-754 Improper Check for Unusual or Exceptional Conditions vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause a denial of service vulnerability when a specially crafted packet is sent to the controller over HTTP."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-754: Improper Check for Unusual or Exceptional Conditions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.se.com/ww/en/download/document/SEVD-2020-343-03/",
"refsource": "CONFIRM",
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-03/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2020-7539",
"datePublished": "2020-12-11T00:51:57",
"dateReserved": "2020-01-21T00:00:00",
"dateUpdated": "2024-08-04T09:33:19.565Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-7541
Vulnerability from cvelistv5
Published
2020-12-11 00:52
Modified
2024-08-04 09:33
Severity ?
EPSS score ?
Summary
A CWE-425: Direct Request ('Forced Browsing') vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause disclosure of sensitive data when sending a specially crafted request to the controller over HTTP.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.se.com/ww/en/download/document/SEVD-2020-343-03/ | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions) |
Version: Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:33:19.936Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-03/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-425: Direct Request (\u0027Forced Browsing\u0027) vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause disclosure of sensitive data when sending a specially crafted request to the controller over HTTP."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-425",
"description": "CWE-425: Direct Request (\u0027Forced Browsing\u0027) vulnerability",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-11T00:52:09",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-03/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2020-7541",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions)",
"version": {
"version_data": [
{
"version_value": "Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-425: Direct Request (\u0027Forced Browsing\u0027) vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause disclosure of sensitive data when sending a specially crafted request to the controller over HTTP."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-425: Direct Request (\u0027Forced Browsing\u0027) vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.se.com/ww/en/download/document/SEVD-2020-343-03/",
"refsource": "CONFIRM",
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-03/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2020-7541",
"datePublished": "2020-12-11T00:52:09",
"dateReserved": "2020-01-21T00:00:00",
"dateUpdated": "2024-08-04T09:33:19.936Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-22787
Vulnerability from cvelistv5
Published
2022-02-11 17:40
Modified
2024-08-03 18:51
Severity ?
EPSS score ?
Summary
A CWE-20: Improper Input Validation vulnerability exists that could cause denial of service of the device when an attacker sends a specially crafted HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (All Versions), Modicon Premium Processors with integrated Ethernet (Copro): TSXP574634, TSXP575634, TSXP576634 (All Versions), Modicon Quantum Processors with Integrated Ethernet (Copro): 140CPU65xxxxx (All Versions), Modicon Quantum Communication Modules: 140NOE771x1, 140NOC78x00, 140NOC77101 (All Versions), Modicon Premium Communication Modules: TSXETY4103, TSXETY5103 (All Versions)
References
| ▼ | URL | Tags |
|---|---|---|
| https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-257-02 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (All Versions), Modicon Premium Processors with integrated Ethernet (Copro): TSXP574634, TSXP575634, TSXP576634 (All Versions), Modicon Quantum Processors with Integrated Ethernet (Copro): 140CPU65xxxxx (All Versions), Modicon Quantum Communication Modules: 140NOE771x1, 140NOC78x00, 140NOC77101 (All Versions), Modicon Premium Communication Modules: TSXETY4103, TSXETY5103 (All Versions) |
Version: Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (All Versions), Modicon Premium Processors with integrated Ethernet (Copro): TSXP574634, TSXP575634, TSXP576634 (All Versions), Modicon Quantum Processors with Integrated Ethernet (Copro): 140CPU65xxxxx (All Versions), Modicon Quantum Communication Modules: 140NOE771x1, 140NOC78x00, 140NOC77101 (All Versions), Modicon Premium Communication Modules: TSXETY4103, TSXETY5103 (All Versions) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:51:07.470Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-257-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (All Versions), Modicon Premium Processors with integrated Ethernet (Copro): TSXP574634, TSXP575634, TSXP576634 (All Versions), Modicon Quantum Processors with Integrated Ethernet (Copro): 140CPU65xxxxx (All Versions), Modicon Quantum Communication Modules: 140NOE771x1, 140NOC78x00, 140NOC77101 (All Versions), Modicon Premium Communication Modules: TSXETY4103, TSXETY5103 (All Versions)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (All Versions), Modicon Premium Processors with integrated Ethernet (Copro): TSXP574634, TSXP575634, TSXP576634 (All Versions), Modicon Quantum Processors with Integrated Ethernet (Copro): 140CPU65xxxxx (All Versions), Modicon Quantum Communication Modules: 140NOE771x1, 140NOC78x00, 140NOC77101 (All Versions), Modicon Premium Communication Modules: TSXETY4103, TSXETY5103 (All Versions)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-20: Improper Input Validation vulnerability exists that could cause denial of service of the device when an attacker sends a specially crafted HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (All Versions), Modicon Premium Processors with integrated Ethernet (Copro): TSXP574634, TSXP575634, TSXP576634 (All Versions), Modicon Quantum Processors with Integrated Ethernet (Copro): 140CPU65xxxxx (All Versions), Modicon Quantum Communication Modules: 140NOE771x1, 140NOC78x00, 140NOC77101 (All Versions), Modicon Premium Communication Modules: TSXETY4103, TSXETY5103 (All Versions)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-11T17:40:32",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-257-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2021-22787",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (All Versions), Modicon Premium Processors with integrated Ethernet (Copro): TSXP574634, TSXP575634, TSXP576634 (All Versions), Modicon Quantum Processors with Integrated Ethernet (Copro): 140CPU65xxxxx (All Versions), Modicon Quantum Communication Modules: 140NOE771x1, 140NOC78x00, 140NOC77101 (All Versions), Modicon Premium Communication Modules: TSXETY4103, TSXETY5103 (All Versions)",
"version": {
"version_data": [
{
"version_value": "Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (All Versions), Modicon Premium Processors with integrated Ethernet (Copro): TSXP574634, TSXP575634, TSXP576634 (All Versions), Modicon Quantum Processors with Integrated Ethernet (Copro): 140CPU65xxxxx (All Versions), Modicon Quantum Communication Modules: 140NOE771x1, 140NOC78x00, 140NOC77101 (All Versions), Modicon Premium Communication Modules: TSXETY4103, TSXETY5103 (All Versions)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-20: Improper Input Validation vulnerability exists that could cause denial of service of the device when an attacker sends a specially crafted HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (All Versions), Modicon Premium Processors with integrated Ethernet (Copro): TSXP574634, TSXP575634, TSXP576634 (All Versions), Modicon Quantum Processors with Integrated Ethernet (Copro): 140CPU65xxxxx (All Versions), Modicon Quantum Communication Modules: 140NOE771x1, 140NOC78x00, 140NOC77101 (All Versions), Modicon Premium Communication Modules: TSXETY4103, TSXETY5103 (All Versions)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20: Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-257-02",
"refsource": "MISC",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-257-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2021-22787",
"datePublished": "2022-02-11T17:40:32",
"dateReserved": "2021-01-06T00:00:00",
"dateUpdated": "2024-08-03T18:51:07.470Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-7549
Vulnerability from cvelistv5
Published
2020-12-11 00:52
Modified
2024-08-04 09:33
Severity ?
EPSS score ?
Summary
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause denial of HTTP and FTP services when a series of specially crafted requests is sent to the controller over HTTP.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.se.com/ww/en/download/document/SEVD-2020-343-06/ | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions) |
Version: Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:33:19.948Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-06/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause denial of HTTP and FTP services when a series of specially crafted requests is sent to the controller over HTTP."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754: Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-11T00:52:26",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-06/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2020-7549",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions)",
"version": {
"version_data": [
{
"version_value": "Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause denial of HTTP and FTP services when a series of specially crafted requests is sent to the controller over HTTP."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-754: Improper Check for Unusual or Exceptional Conditions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.se.com/ww/en/download/document/SEVD-2020-343-06/",
"refsource": "CONFIRM",
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-06/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2020-7549",
"datePublished": "2020-12-11T00:52:26",
"dateReserved": "2020-01-21T00:00:00",
"dateUpdated": "2024-08-04T09:33:19.948Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-22785
Vulnerability from cvelistv5
Published
2022-02-11 17:40
Modified
2024-08-03 18:51
Severity ?
EPSS score ?
Summary
A CWE-200: Information Exposure vulnerability exists that could cause sensitive information of files located in the web root directory to leak when an attacker sends a HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (All Versions), Modicon Premium Processors with integrated Ethernet (Copro): TSXP574634, TSXP575634, TSXP576634 (All Versions), Modicon Quantum Processors with Integrated Ethernet (Copro): 140CPU65xxxxx (All Versions), Modicon Quantum Communication Modules: 140NOE771x1, 140NOC78x00, 140NOC77101 (All Versions), Modicon Premium Communication Modules: TSXETY4103, TSXETY5103 (All Versions)
References
| ▼ | URL | Tags |
|---|---|---|
| https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-257-02 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (All Versions), Modicon Premium Processors with integrated Ethernet (Copro): TSXP574634, TSXP575634, TSXP576634 (All Versions), Modicon Quantum Processors with Integrated Ethernet (Copro): 140CPU65xxxxx (All Versions), Modicon Quantum Communication Modules: 140NOE771x1, 140NOC78x00, 140NOC77101 (All Versions), Modicon Premium Communication Modules: TSXETY4103, TSXETY5103 (All Versions) |
Version: Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (All Versions), Modicon Premium Processors with integrated Ethernet (Copro): TSXP574634, TSXP575634, TSXP576634 (All Versions), Modicon Quantum Processors with Integrated Ethernet (Copro): 140CPU65xxxxx (All Versions), Modicon Quantum Communication Modules: 140NOE771x1, 140NOC78x00, 140NOC77101 (All Versions), Modicon Premium Communication Modules: TSXETY4103, TSXETY5103 (All Versions) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:51:07.422Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-257-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (All Versions), Modicon Premium Processors with integrated Ethernet (Copro): TSXP574634, TSXP575634, TSXP576634 (All Versions), Modicon Quantum Processors with Integrated Ethernet (Copro): 140CPU65xxxxx (All Versions), Modicon Quantum Communication Modules: 140NOE771x1, 140NOC78x00, 140NOC77101 (All Versions), Modicon Premium Communication Modules: TSXETY4103, TSXETY5103 (All Versions)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (All Versions), Modicon Premium Processors with integrated Ethernet (Copro): TSXP574634, TSXP575634, TSXP576634 (All Versions), Modicon Quantum Processors with Integrated Ethernet (Copro): 140CPU65xxxxx (All Versions), Modicon Quantum Communication Modules: 140NOE771x1, 140NOC78x00, 140NOC77101 (All Versions), Modicon Premium Communication Modules: TSXETY4103, TSXETY5103 (All Versions)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-200: Information Exposure vulnerability exists that could cause sensitive information of files located in the web root directory to leak when an attacker sends a HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (All Versions), Modicon Premium Processors with integrated Ethernet (Copro): TSXP574634, TSXP575634, TSXP576634 (All Versions), Modicon Quantum Processors with Integrated Ethernet (Copro): 140CPU65xxxxx (All Versions), Modicon Quantum Communication Modules: 140NOE771x1, 140NOC78x00, 140NOC77101 (All Versions), Modicon Premium Communication Modules: TSXETY4103, TSXETY5103 (All Versions)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-11T17:40:31",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-257-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2021-22785",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (All Versions), Modicon Premium Processors with integrated Ethernet (Copro): TSXP574634, TSXP575634, TSXP576634 (All Versions), Modicon Quantum Processors with Integrated Ethernet (Copro): 140CPU65xxxxx (All Versions), Modicon Quantum Communication Modules: 140NOE771x1, 140NOC78x00, 140NOC77101 (All Versions), Modicon Premium Communication Modules: TSXETY4103, TSXETY5103 (All Versions)",
"version": {
"version_data": [
{
"version_value": "Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (All Versions), Modicon Premium Processors with integrated Ethernet (Copro): TSXP574634, TSXP575634, TSXP576634 (All Versions), Modicon Quantum Processors with Integrated Ethernet (Copro): 140CPU65xxxxx (All Versions), Modicon Quantum Communication Modules: 140NOE771x1, 140NOC78x00, 140NOC77101 (All Versions), Modicon Premium Communication Modules: TSXETY4103, TSXETY5103 (All Versions)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-200: Information Exposure vulnerability exists that could cause sensitive information of files located in the web root directory to leak when an attacker sends a HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (All Versions), Modicon Premium Processors with integrated Ethernet (Copro): TSXP574634, TSXP575634, TSXP576634 (All Versions), Modicon Quantum Processors with Integrated Ethernet (Copro): 140CPU65xxxxx (All Versions), Modicon Quantum Communication Modules: 140NOE771x1, 140NOC78x00, 140NOC77101 (All Versions), Modicon Premium Communication Modules: TSXETY4103, TSXETY5103 (All Versions)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-257-02",
"refsource": "MISC",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-257-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2021-22785",
"datePublished": "2022-02-11T17:40:31",
"dateReserved": "2021-01-06T00:00:00",
"dateUpdated": "2024-08-03T18:51:07.422Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-22788
Vulnerability from cvelistv5
Published
2022-02-11 17:40
Modified
2024-08-03 18:51
Severity ?
EPSS score ?
Summary
A CWE-787: Out-of-bounds Write vulnerability exists that could cause denial of service when an attacker sends a specially crafted HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (All Versions), Modicon Premium Processors with integrated Ethernet (Copro): TSXP574634, TSXP575634, TSXP576634 (All Versions), Modicon Quantum Processors with Integrated Ethernet (Copro): 140CPU65xxxxx (All Versions), Modicon Quantum Communication Modules: 140NOE771x1, 140NOC78x00, 140NOC77101 (All Versions), Modicon Premium Communication Modules: TSXETY4103, TSXETY5103 (All Versions)
References
| ▼ | URL | Tags |
|---|---|---|
| https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-257-02 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (All Versions), Modicon Premium Processors with integrated Ethernet (Copro): TSXP574634, TSXP575634, TSXP576634 (All Versions), Modicon Quantum Processors with Integrated Ethernet (Copro): 140CPU65xxxxx (All Versions), Modicon Quantum Communication Modules: 140NOE771x1, 140NOC78x00, 140NOC77101 (All Versions), Modicon Premium Communication Modules: TSXETY4103, TSXETY5103 (All Versions) |
Version: Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (All Versions), Modicon Premium Processors with integrated Ethernet (Copro): TSXP574634, TSXP575634, TSXP576634 (All Versions), Modicon Quantum Processors with Integrated Ethernet (Copro): 140CPU65xxxxx (All Versions), Modicon Quantum Communication Modules: 140NOE771x1, 140NOC78x00, 140NOC77101 (All Versions), Modicon Premium Communication Modules: TSXETY4103, TSXETY5103 (All Versions) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:51:07.437Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-257-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (All Versions), Modicon Premium Processors with integrated Ethernet (Copro): TSXP574634, TSXP575634, TSXP576634 (All Versions), Modicon Quantum Processors with Integrated Ethernet (Copro): 140CPU65xxxxx (All Versions), Modicon Quantum Communication Modules: 140NOE771x1, 140NOC78x00, 140NOC77101 (All Versions), Modicon Premium Communication Modules: TSXETY4103, TSXETY5103 (All Versions)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (All Versions), Modicon Premium Processors with integrated Ethernet (Copro): TSXP574634, TSXP575634, TSXP576634 (All Versions), Modicon Quantum Processors with Integrated Ethernet (Copro): 140CPU65xxxxx (All Versions), Modicon Quantum Communication Modules: 140NOE771x1, 140NOC78x00, 140NOC77101 (All Versions), Modicon Premium Communication Modules: TSXETY4103, TSXETY5103 (All Versions)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-787: Out-of-bounds Write vulnerability exists that could cause denial of service when an attacker sends a specially crafted HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (All Versions), Modicon Premium Processors with integrated Ethernet (Copro): TSXP574634, TSXP575634, TSXP576634 (All Versions), Modicon Quantum Processors with Integrated Ethernet (Copro): 140CPU65xxxxx (All Versions), Modicon Quantum Communication Modules: 140NOE771x1, 140NOC78x00, 140NOC77101 (All Versions), Modicon Premium Communication Modules: TSXETY4103, TSXETY5103 (All Versions)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-11T17:40:33",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-257-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2021-22788",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (All Versions), Modicon Premium Processors with integrated Ethernet (Copro): TSXP574634, TSXP575634, TSXP576634 (All Versions), Modicon Quantum Processors with Integrated Ethernet (Copro): 140CPU65xxxxx (All Versions), Modicon Quantum Communication Modules: 140NOE771x1, 140NOC78x00, 140NOC77101 (All Versions), Modicon Premium Communication Modules: TSXETY4103, TSXETY5103 (All Versions)",
"version": {
"version_data": [
{
"version_value": "Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (All Versions), Modicon Premium Processors with integrated Ethernet (Copro): TSXP574634, TSXP575634, TSXP576634 (All Versions), Modicon Quantum Processors with Integrated Ethernet (Copro): 140CPU65xxxxx (All Versions), Modicon Quantum Communication Modules: 140NOE771x1, 140NOC78x00, 140NOC77101 (All Versions), Modicon Premium Communication Modules: TSXETY4103, TSXETY5103 (All Versions)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-787: Out-of-bounds Write vulnerability exists that could cause denial of service when an attacker sends a specially crafted HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (All Versions), Modicon Premium Processors with integrated Ethernet (Copro): TSXP574634, TSXP575634, TSXP576634 (All Versions), Modicon Quantum Processors with Integrated Ethernet (Copro): 140CPU65xxxxx (All Versions), Modicon Quantum Communication Modules: 140NOE771x1, 140NOC78x00, 140NOC77101 (All Versions), Modicon Premium Communication Modules: TSXETY4103, TSXETY5103 (All Versions)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787: Out-of-bounds Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-257-02",
"refsource": "MISC",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-257-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2021-22788",
"datePublished": "2022-02-11T17:40:33",
"dateReserved": "2021-01-06T00:00:00",
"dateUpdated": "2024-08-03T18:51:07.437Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-7535
Vulnerability from cvelistv5
Published
2020-12-11 00:51
Modified
2024-08-04 09:33
Severity ?
EPSS score ?
Summary
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal' Vulnerability Type) vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause disclosure of information when sending a specially crafted request to the controller over HTTP.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.se.com/ww/en/download/document/SEVD-2020-343-05/ | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions) |
Version: Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:33:19.664Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-05/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027 Vulnerability Type) vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause disclosure of information when sending a specially crafted request to the controller over HTTP."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027 Vulnerability Type)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-11T00:51:37",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-05/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2020-7535",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions)",
"version": {
"version_data": [
{
"version_value": "Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027 Vulnerability Type) vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause disclosure of information when sending a specially crafted request to the controller over HTTP."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027 Vulnerability Type)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.se.com/ww/en/download/document/SEVD-2020-343-05/",
"refsource": "CONFIRM",
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-05/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2020-7535",
"datePublished": "2020-12-11T00:51:37",
"dateReserved": "2020-01-21T00:00:00",
"dateUpdated": "2024-08-04T09:33:19.664Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2022-02-11 18:15
Modified
2024-11-21 05:50
Severity ?
Summary
A CWE-200: Information Exposure vulnerability exists that could cause sensitive information of files located in the web root directory to leak when an attacker sends a HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (All Versions), Modicon Premium Processors with integrated Ethernet (Copro): TSXP574634, TSXP575634, TSXP576634 (All Versions), Modicon Quantum Processors with Integrated Ethernet (Copro): 140CPU65xxxxx (All Versions), Modicon Quantum Communication Modules: 140NOE771x1, 140NOC78x00, 140NOC77101 (All Versions), Modicon Premium Communication Modules: TSXETY4103, TSXETY5103 (All Versions)
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cybersecurity@se.com | https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-257-02 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-257-02 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342020_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "866BFE7D-D688-40B1-B6E9-B140529001C3",
"versionEndExcluding": "3.40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020:-:*:*:*:*:*:*:*",
"matchCriteriaId": "99F2F851-C18F-4CB8-B47C-516F2AC7955D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:bmxnoe0100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6E00817A-E140-418F-93AB-A9B516F090A7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:bmxnoe0100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "80FC6FF2-D662-4A57-AAA6-BC04351DC779",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:bmxnoe0110_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F2F33A35-37ED-41AD-94A2-34FEA8E7259B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:bmxnoe0110:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98F3B055-8919-4E09-9827-288F0A03DAFF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:bmxnoc0401_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FEF0DA3B-F89B-487D-AAE6-AEA88E28055A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:bmxnoc0401:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DF08654A-FFCB-47D3-AC82-DF7284548962",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:bmxnor0200h_rtu_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D9318D16-AA6D-4DE4-B812-D995B291E802",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:bmxnor0200h_rtu:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8D792EDB-A93E-495B-AF0A-486C9AC6BACA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:tsxp574634_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C32BDE35-7AC6-44C3-8135-BAA128B44559",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:tsxp574634:-:*:*:*:*:*:*:*",
"matchCriteriaId": "76B1122A-56A2-44BB-8648-C6E96D1966D9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:tsxp575634_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8CAEBC02-9BA6-4D36-AC3D-E1CE531F918E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:tsxp575634:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A0678A50-FE23-49BD-A6CF-A7094EFDAFA1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:tsxp576634_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "23918D88-851B-480E-972E-EB48CAFA7AF4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:tsxp576634:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38F83CCC-4A66-4D47-A563-777A16028F3B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:140cpu65150_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8048EA69-8FC8-4415-BA20-D2813F8BD83D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:140cpu65150:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EC3E5496-C3D0-4DF4-A9AF-F227F889840E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:140noe771x1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1468EBB2-8AD8-4886-B4A9-13D1F34EFD8B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:140noe771x1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6EFD78F-DB37-4407-A91C-9D01FA9CAF2F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:140noc78x00_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F6E80811-AE57-4B01-B3D5-4B346A9F3D8F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:140noc78x00:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F4A72EA-E15A-4C31-B0F3-6B9EB48A09B2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:140noc77101_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "10B16121-8DC3-4EA1-AC7B-D611A1C3C9A4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:140noc77101:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B688E46-6D5B-4197-BBA2-23F361E656E0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:tsxety4103_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "066E3E6C-8A0E-4360-A4ED-32A84B7647FC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:tsxety4103:-:*:*:*:*:*:*:*",
"matchCriteriaId": "18B13865-038C-4073-955A-36E6F5037C2C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:tsxety5103_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C7B418F6-DCED-40B9-8B35-DC50FD8EF6FD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:tsxety5103:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6A901BF2-9316-4067-9AFC-8A7CB3549F68",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A CWE-200: Information Exposure vulnerability exists that could cause sensitive information of files located in the web root directory to leak when an attacker sends a HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (All Versions), Modicon Premium Processors with integrated Ethernet (Copro): TSXP574634, TSXP575634, TSXP576634 (All Versions), Modicon Quantum Processors with Integrated Ethernet (Copro): 140CPU65xxxxx (All Versions), Modicon Quantum Communication Modules: 140NOE771x1, 140NOC78x00, 140NOC77101 (All Versions), Modicon Premium Communication Modules: TSXETY4103, TSXETY5103 (All Versions)"
},
{
"lang": "es",
"value": "Una CWE-200: Se presenta una vulnerabilidad de Exposici\u00f3n de Informaci\u00f3n que podr\u00eda causar un filtrado de informaci\u00f3n confidencial de archivos ubicados en el directorio root de la web cuando un atacante env\u00eda una petici\u00f3n HTTP al servidor web del dispositivo. Producto afectado: CPUs Modicon M340: BMXP34 (Versiones anteriores a V3.40), M\u00f3dulos de Comunicaci\u00f3n Ethernet Modicon M340 X80: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (Todas las versiones), Procesadores Modicon Premium con Ethernet integrada (Copro): TSXP574634, TSXP575634, TSXP576634 (Todas las versiones), Procesadores Modicon Quantum con Ethernet integrado (Copro): 140CPU65xxxxx (Todas las versiones), M\u00f3dulos de comunicaci\u00f3n Modicon Quantum: 140NOE771x1, 140NOC78x00, 140NOC77101 (Todas las versiones), M\u00f3dulos de comunicaci\u00f3n Modicon Premium: TSXETY4103, TSXETY5103 (todas las versiones)"
}
],
"id": "CVE-2021-22785",
"lastModified": "2024-11-21T05:50:39.760",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-02-11T18:15:08.947",
"references": [
{
"source": "cybersecurity@se.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-257-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-257-02"
}
],
"sourceIdentifier": "cybersecurity@se.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "cybersecurity@se.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-12-11 01:15
Modified
2024-11-21 05:37
Severity ?
Summary
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal' Vulnerability Type) vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause disclosure of information when sending a specially crafted request to the controller over HTTP.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp341000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C440362A-7E0E-497C-B275-409E9B57D8A2",
"versionEndExcluding": "3.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp341000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "178D2338-E48E-493C-992F-337AACE794DE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B6ACCC66-4075-4EE9-A6BA-01EF7529C568",
"versionEndExcluding": "3.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6D150239-27E2-4CBE-A931-5107C15E362F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420102_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FD031F4E-9F3C-4035-AFB8-B7442F1B2475",
"versionEndExcluding": "3.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420102:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98212CF5-BCF4-4A55-B62A-484569687B4E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420102cl_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1C1D1498-1069-4080-8EB4-3BA6C0DC2CEA",
"versionEndExcluding": "3.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420102cl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D30336F0-EDCF-486C-B52E-D0C53BCDFC65",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342020_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E5481772-5E18-4985-A5E5-F7223B52A90B",
"versionEndExcluding": "3.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020:-:*:*:*:*:*:*:*",
"matchCriteriaId": "99F2F851-C18F-4CB8-B47C-516F2AC7955D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1A83CF92-F35F-416F-B571-CA5600BF671F",
"versionEndExcluding": "3.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302:-:*:*:*:*:*:*:*",
"matchCriteriaId": "354968F7-C41B-4C21-8E47-81DC07DF0EA5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302cl_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E506AD9-C302-4D41-B971-46DE19AF83FB",
"versionEndExcluding": "3.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302cl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "32091F91-9397-4506-8801-C68B9E8B60F0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:bmxnoe0100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4C045040-20CA-488D-A36D-A433754A33E8",
"versionEndExcluding": "3.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:bmxnoe0100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "80FC6FF2-D662-4A57-AAA6-BC04351DC779",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:bmxnoe0110_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1A33A381-6772-4137-A677-5F73EA398FF6",
"versionEndExcluding": "6.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:bmxnoe0110:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98F3B055-8919-4E09-9827-288F0A03DAFF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:140noe77101_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "181826EC-4E4E-4EE2-A729-6823843E6CA8",
"versionEndExcluding": "7.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:140noe77101:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DBA60BB0-1725-45E7-9191-0D300EB05082",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:140noe77111_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3FC49273-1C5D-4E0E-B484-0269CDA4E655",
"versionEndExcluding": "7.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:140noe77111:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7CBDCA32-398A-4AC3-A477-DEF9ACD4D3F4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:140cpu65150_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8048EA69-8FC8-4415-BA20-D2813F8BD83D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:140cpu65150:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EC3E5496-C3D0-4DF4-A9AF-F227F889840E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:140cpu65160_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5CD78FFA-3F5F-43DA-979D-42B0673C36D0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:140cpu65160:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B2C2AF70-F0BB-4D17-901C-1FCBECDC44FB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:140noc78000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1A62DEBF-6343-48BB-835C-64AE9D8F956A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:140noc78000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "876CE5BA-B45D-4FFD-8176-E26181DAC355",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:140noc78100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D11C9B98-3119-41CF-8320-447E7E00977E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:140noc78100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1067FDEA-33BC-4AA9-AC5B-099BA757065B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:140noc77101_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "10B16121-8DC3-4EA1-AC7B-D611A1C3C9A4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:140noc77101:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B688E46-6D5B-4197-BBA2-23F361E656E0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:tsxp574634_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C32BDE35-7AC6-44C3-8135-BAA128B44559",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:tsxp574634:-:*:*:*:*:*:*:*",
"matchCriteriaId": "76B1122A-56A2-44BB-8648-C6E96D1966D9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:tsxp575634_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8CAEBC02-9BA6-4D36-AC3D-E1CE531F918E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:tsxp575634:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A0678A50-FE23-49BD-A6CF-A7094EFDAFA1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:tsxp576634_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "23918D88-851B-480E-972E-EB48CAFA7AF4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:tsxp576634:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38F83CCC-4A66-4D47-A563-777A16028F3B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:tsxety4103_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "066E3E6C-8A0E-4360-A4ED-32A84B7647FC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:tsxety4103:-:*:*:*:*:*:*:*",
"matchCriteriaId": "18B13865-038C-4073-955A-36E6F5037C2C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:tsxety5103_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C7B418F6-DCED-40B9-8B35-DC50FD8EF6FD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:tsxety5103:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6A901BF2-9316-4067-9AFC-8A7CB3549F68",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027 Vulnerability Type) vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause disclosure of information when sending a specially crafted request to the controller over HTTP."
},
{
"lang": "es",
"value": "Una CWE-22: Se presenta una vulnerabilidad de Limitaci\u00f3n Inapropiada de un Nombre de Ruta a un Directorio Restringido (Tipo de Vulnerabilidad \"Path Traversal\") en el Servidor Web en Modicon M340, Legacy Offers Modicon Quantum y Modicon Premium y M\u00f3dulos de Comunicaci\u00f3n asociados (consulte la notificaci\u00f3n de seguridad para las versiones afectadas ), que podr\u00eda causar la divulgaci\u00f3n de informaci\u00f3n cuando se env\u00eda una petici\u00f3n especialmente dise\u00f1ada hacia el controlador a trav\u00e9s de HTTP"
}
],
"id": "CVE-2020-7535",
"lastModified": "2024-11-21T05:37:19.907",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-11T01:15:12.127",
"references": [
{
"source": "cybersecurity@se.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-05/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-05/"
}
],
"sourceIdentifier": "cybersecurity@se.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "cybersecurity@se.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-12-11 01:15
Modified
2024-11-21 05:37
Severity ?
Summary
A CWE-754 Improper Check for Unusual or Exceptional Conditions vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause a denial of service vulnerability when a specially crafted packet is sent to the controller over HTTP.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp341000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C440362A-7E0E-497C-B275-409E9B57D8A2",
"versionEndExcluding": "3.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp341000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "178D2338-E48E-493C-992F-337AACE794DE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B6ACCC66-4075-4EE9-A6BA-01EF7529C568",
"versionEndExcluding": "3.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6D150239-27E2-4CBE-A931-5107C15E362F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420102_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FD031F4E-9F3C-4035-AFB8-B7442F1B2475",
"versionEndExcluding": "3.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420102:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98212CF5-BCF4-4A55-B62A-484569687B4E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420102cl_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1C1D1498-1069-4080-8EB4-3BA6C0DC2CEA",
"versionEndExcluding": "3.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420102cl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D30336F0-EDCF-486C-B52E-D0C53BCDFC65",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342020_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E5481772-5E18-4985-A5E5-F7223B52A90B",
"versionEndExcluding": "3.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020:-:*:*:*:*:*:*:*",
"matchCriteriaId": "99F2F851-C18F-4CB8-B47C-516F2AC7955D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1A83CF92-F35F-416F-B571-CA5600BF671F",
"versionEndExcluding": "3.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302:-:*:*:*:*:*:*:*",
"matchCriteriaId": "354968F7-C41B-4C21-8E47-81DC07DF0EA5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302cl_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E506AD9-C302-4D41-B971-46DE19AF83FB",
"versionEndExcluding": "3.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302cl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "32091F91-9397-4506-8801-C68B9E8B60F0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:bmxnoe0100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1BCDF059-40BF-4A32-9932-A7A744E6F295",
"versionEndExcluding": "3.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:bmxnoe0100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "80FC6FF2-D662-4A57-AAA6-BC04351DC779",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:bmxnoe0110_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E001828-1A7D-4C8B-95FC-046652D3EF07",
"versionEndExcluding": "6.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:bmxnoe0110:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98F3B055-8919-4E09-9827-288F0A03DAFF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:bmxnoc0401_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "887976CC-8244-4D86-9941-BA82BC1AB6C2",
"versionEndExcluding": "2.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:bmxnoc0401:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DF08654A-FFCB-47D3-AC82-DF7284548962",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:tsxp574634_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "19D112F4-50CB-4EFE-B0EA-43A732A22283",
"versionEndExcluding": "6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:tsxp574634:-:*:*:*:*:*:*:*",
"matchCriteriaId": "76B1122A-56A2-44BB-8648-C6E96D1966D9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:tsxp575634_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4EDD6B6C-FF2A-4960-AFD6-9DF4B4F7FD5E",
"versionEndExcluding": "6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:tsxp575634:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A0678A50-FE23-49BD-A6CF-A7094EFDAFA1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:tsxp576634_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3CB6318A-9AEF-4C9D-9678-05208026AC8A",
"versionEndExcluding": "6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:tsxp576634:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38F83CCC-4A66-4D47-A563-777A16028F3B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:tsxety4103_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "92C280EA-9C52-47A9-AA1E-B0AA9C1F67F2",
"versionEndExcluding": "6.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:tsxety4103:-:*:*:*:*:*:*:*",
"matchCriteriaId": "18B13865-038C-4073-955A-36E6F5037C2C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:tsxety5103_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C093ECB-B977-4346-9E0E-DC30DD762055",
"versionEndExcluding": "6.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:tsxety5103:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6A901BF2-9316-4067-9AFC-8A7CB3549F68",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:140cpu65150_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F419FC54-72D9-488F-9B0F-C12CEA213089",
"versionEndExcluding": "6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:140cpu65150:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EC3E5496-C3D0-4DF4-A9AF-F227F889840E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:140noe77111_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4570480E-3787-4263-AB51-8AD0B62969CB",
"versionEndExcluding": "7.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:140noe77111:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7CBDCA32-398A-4AC3-A477-DEF9ACD4D3F4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:140noc78100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCD74F63-7BA1-498F-977F-FCA90B5968AA",
"versionEndExcluding": "1.74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:140noc78100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1067FDEA-33BC-4AA9-AC5B-099BA757065B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:140noc78000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FD80E512-2D78-4375-8DBB-D12E5F0AF484",
"versionEndExcluding": "1.74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:140noc78000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "876CE5BA-B45D-4FFD-8176-E26181DAC355",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:140noc77101_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EAA8F733-513D-458A-A1ED-849A3DE8F5FD",
"versionEndExcluding": "1.08",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:140noc77101:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B688E46-6D5B-4197-BBA2-23F361E656E0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A CWE-754 Improper Check for Unusual or Exceptional Conditions vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause a denial of service vulnerability when a specially crafted packet is sent to the controller over HTTP."
},
{
"lang": "es",
"value": "Una CWE-754: Se presenta una vulnerabilidad de Comprobaci\u00f3n Inapropiada de Condiciones Inusuales o Excepcionales en el Servidor Web en Modicon M340, Legacy Offers Modicon Quantum y Modicon Premium y M\u00f3dulos de Comunicaci\u00f3n asociados (consulte la notificaci\u00f3n de seguridad para las versiones afectadas), que podr\u00eda causar una vulnerabilidad de denegaci\u00f3n de servicio cuando un paquete especialmente dise\u00f1ado es enviado hacia el controlador a trav\u00e9s de HTTP"
}
],
"id": "CVE-2020-7539",
"lastModified": "2024-11-21T05:37:20.433",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-11T01:15:12.313",
"references": [
{
"source": "cybersecurity@se.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-03/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-03/"
}
],
"sourceIdentifier": "cybersecurity@se.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-754"
}
],
"source": "cybersecurity@se.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-12-01 15:15
Modified
2024-11-21 05:37
Severity ?
Summary
A CWE-255: Credentials Management vulnerability exists in Web Server on Modicon M340, Modicon Quantum and ModiconPremium Legacy offers and their Communication Modules (see security notification for version information) which could cause the execution of commands on the webserver without authentication when sending specially crafted HTTP requests.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "86401BD9-9D3F-4626-A299-6AFD5A7C6A95",
"versionEndExcluding": "3.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302:-:*:*:*:*:*:*:*",
"matchCriteriaId": "354968F7-C41B-4C21-8E47-81DC07DF0EA5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AC91F3A5-7032-45DD-8897-0A63FDD25550",
"versionEndExcluding": "3.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6D150239-27E2-4CBE-A931-5107C15E362F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp341000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FA9F5C74-1CF8-47E8-B3AB-2F87FCD25D28",
"versionEndExcluding": "3.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp341000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "178D2338-E48E-493C-992F-337AACE794DE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420102_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "486E0121-1C3B-4EDC-9D76-292648A96764",
"versionEndExcluding": "3.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420102:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98212CF5-BCF4-4A55-B62A-484569687B4E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "86401BD9-9D3F-4626-A299-6AFD5A7C6A95",
"versionEndExcluding": "3.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302:-:*:*:*:*:*:*:*",
"matchCriteriaId": "354968F7-C41B-4C21-8E47-81DC07DF0EA5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:bmxnoe0100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1BCDF059-40BF-4A32-9932-A7A744E6F295",
"versionEndExcluding": "3.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:bmxnoe0100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "80FC6FF2-D662-4A57-AAA6-BC04351DC779",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:bmxnoe0110_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E001828-1A7D-4C8B-95FC-046652D3EF07",
"versionEndExcluding": "6.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:bmxnoe0110:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98F3B055-8919-4E09-9827-288F0A03DAFF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:bmxnoc0401_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "887976CC-8244-4D86-9941-BA82BC1AB6C2",
"versionEndExcluding": "2.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:bmxnoc0401:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DF08654A-FFCB-47D3-AC82-DF7284548962",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:tsxp574634_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "19D112F4-50CB-4EFE-B0EA-43A732A22283",
"versionEndExcluding": "6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:tsxp574634:-:*:*:*:*:*:*:*",
"matchCriteriaId": "76B1122A-56A2-44BB-8648-C6E96D1966D9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:tsxp575634_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4EDD6B6C-FF2A-4960-AFD6-9DF4B4F7FD5E",
"versionEndExcluding": "6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:tsxp575634:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A0678A50-FE23-49BD-A6CF-A7094EFDAFA1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:tsxp576634_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3CB6318A-9AEF-4C9D-9678-05208026AC8A",
"versionEndExcluding": "6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:tsxp576634:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38F83CCC-4A66-4D47-A563-777A16028F3B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:tsxety4103_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "92C280EA-9C52-47A9-AA1E-B0AA9C1F67F2",
"versionEndExcluding": "6.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:tsxety4103:-:*:*:*:*:*:*:*",
"matchCriteriaId": "18B13865-038C-4073-955A-36E6F5037C2C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:tsxety5103_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C093ECB-B977-4346-9E0E-DC30DD762055",
"versionEndExcluding": "6.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:tsxety5103:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6A901BF2-9316-4067-9AFC-8A7CB3549F68",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:140noe77111_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4570480E-3787-4263-AB51-8AD0B62969CB",
"versionEndExcluding": "7.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:140noe77111:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7CBDCA32-398A-4AC3-A477-DEF9ACD4D3F4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:140noc78000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FD80E512-2D78-4375-8DBB-D12E5F0AF484",
"versionEndExcluding": "1.74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:140noc78000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "876CE5BA-B45D-4FFD-8176-E26181DAC355",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:140noc77101_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EAA8F733-513D-458A-A1ED-849A3DE8F5FD",
"versionEndExcluding": "1.08",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:140noc77101:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B688E46-6D5B-4197-BBA2-23F361E656E0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:140cpu65260_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "329D4136-B86E-451A-8FF3-7722265889E1",
"versionEndExcluding": "6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:140cpu65260:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D7304B0-EE18-454B-B3F0-5EF387285D90",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A CWE-255: Credentials Management vulnerability exists in Web Server on Modicon M340, Modicon Quantum and ModiconPremium Legacy offers and their Communication Modules (see security notification for version information) which could cause the execution of commands on the webserver without authentication when sending specially crafted HTTP requests."
},
{
"lang": "es",
"value": "Una CWE-255: Se presenta una vulnerabilidad Administraci\u00f3n de Credenciales en el Servidor Web en Modicon M340, Modicon Quantum y ofertas ModiconPremium Legacy y sus M\u00f3dulos de Comunicaci\u00f3n (v\u00e9ase la notificaci\u00f3n de seguridad para la informaci\u00f3n de la versi\u00f3n) que podr\u00eda causar una ejecuci\u00f3n de comandos en el servidor web sin autenticaci\u00f3n cuando se env\u00eda peticiones HTTP dise\u00f1adas"
}
],
"id": "CVE-2020-7533",
"lastModified": "2024-11-21T05:37:19.627",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-01T15:15:12.190",
"references": [
{
"source": "cybersecurity@se.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-287-01/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-287-01/"
}
],
"sourceIdentifier": "cybersecurity@se.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-255"
}
],
"source": "cybersecurity@se.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-12-11 01:15
Modified
2024-11-21 05:37
Severity ?
Summary
A CWE-425: Direct Request ('Forced Browsing') vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause disclosure of sensitive data when sending a specially crafted request to the controller over HTTP.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp341000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C440362A-7E0E-497C-B275-409E9B57D8A2",
"versionEndExcluding": "3.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp341000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "178D2338-E48E-493C-992F-337AACE794DE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B6ACCC66-4075-4EE9-A6BA-01EF7529C568",
"versionEndExcluding": "3.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6D150239-27E2-4CBE-A931-5107C15E362F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420102_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FD031F4E-9F3C-4035-AFB8-B7442F1B2475",
"versionEndExcluding": "3.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420102:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98212CF5-BCF4-4A55-B62A-484569687B4E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420102cl_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1C1D1498-1069-4080-8EB4-3BA6C0DC2CEA",
"versionEndExcluding": "3.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420102cl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D30336F0-EDCF-486C-B52E-D0C53BCDFC65",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342020_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E5481772-5E18-4985-A5E5-F7223B52A90B",
"versionEndExcluding": "3.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020:-:*:*:*:*:*:*:*",
"matchCriteriaId": "99F2F851-C18F-4CB8-B47C-516F2AC7955D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1A83CF92-F35F-416F-B571-CA5600BF671F",
"versionEndExcluding": "3.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302:-:*:*:*:*:*:*:*",
"matchCriteriaId": "354968F7-C41B-4C21-8E47-81DC07DF0EA5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302cl_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E506AD9-C302-4D41-B971-46DE19AF83FB",
"versionEndExcluding": "3.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302cl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "32091F91-9397-4506-8801-C68B9E8B60F0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:bmxnoe0100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1BCDF059-40BF-4A32-9932-A7A744E6F295",
"versionEndExcluding": "3.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:bmxnoe0100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "80FC6FF2-D662-4A57-AAA6-BC04351DC779",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:bmxnoe0110_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E001828-1A7D-4C8B-95FC-046652D3EF07",
"versionEndExcluding": "6.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:bmxnoe0110:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98F3B055-8919-4E09-9827-288F0A03DAFF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:bmxnoc0401_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "887976CC-8244-4D86-9941-BA82BC1AB6C2",
"versionEndExcluding": "2.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:bmxnoc0401:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DF08654A-FFCB-47D3-AC82-DF7284548962",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:tsxp574634_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "19D112F4-50CB-4EFE-B0EA-43A732A22283",
"versionEndExcluding": "6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:tsxp574634:-:*:*:*:*:*:*:*",
"matchCriteriaId": "76B1122A-56A2-44BB-8648-C6E96D1966D9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:tsxp575634_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4EDD6B6C-FF2A-4960-AFD6-9DF4B4F7FD5E",
"versionEndExcluding": "6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:tsxp575634:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A0678A50-FE23-49BD-A6CF-A7094EFDAFA1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:tsxp576634_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3CB6318A-9AEF-4C9D-9678-05208026AC8A",
"versionEndExcluding": "6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:tsxp576634:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38F83CCC-4A66-4D47-A563-777A16028F3B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:tsxety4103_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "92C280EA-9C52-47A9-AA1E-B0AA9C1F67F2",
"versionEndExcluding": "6.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:tsxety4103:-:*:*:*:*:*:*:*",
"matchCriteriaId": "18B13865-038C-4073-955A-36E6F5037C2C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:tsxety5103_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C093ECB-B977-4346-9E0E-DC30DD762055",
"versionEndExcluding": "6.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:tsxety5103:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6A901BF2-9316-4067-9AFC-8A7CB3549F68",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:140cpu65150_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F419FC54-72D9-488F-9B0F-C12CEA213089",
"versionEndExcluding": "6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:140cpu65150:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EC3E5496-C3D0-4DF4-A9AF-F227F889840E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:140noe77111_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4570480E-3787-4263-AB51-8AD0B62969CB",
"versionEndExcluding": "7.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:140noe77111:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7CBDCA32-398A-4AC3-A477-DEF9ACD4D3F4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:140noc78100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCD74F63-7BA1-498F-977F-FCA90B5968AA",
"versionEndExcluding": "1.74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:140noc78100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1067FDEA-33BC-4AA9-AC5B-099BA757065B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:140noc78000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FD80E512-2D78-4375-8DBB-D12E5F0AF484",
"versionEndExcluding": "1.74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:140noc78000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "876CE5BA-B45D-4FFD-8176-E26181DAC355",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:140noc77101_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EAA8F733-513D-458A-A1ED-849A3DE8F5FD",
"versionEndExcluding": "1.08",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:140noc77101:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B688E46-6D5B-4197-BBA2-23F361E656E0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A CWE-425: Direct Request (\u0027Forced Browsing\u0027) vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause disclosure of sensitive data when sending a specially crafted request to the controller over HTTP."
},
{
"lang": "es",
"value": "Una CWE-425: Se presenta una vulnerabilidad Petici\u00f3n Directa (\"Forced Browsing\") en el Servidor Web en Modicon M340, Legacy Offers Modicon Quantum y Modicon Premium y M\u00f3dulos de Comunicaci\u00f3n asociados (consulte la notificaci\u00f3n de seguridad para las versiones afectadas), que podr\u00eda causar una divulgaci\u00f3n de datos confidenciales cuando se env\u00eda una petici\u00f3n especialmente dise\u00f1ada hacia el controlador a trav\u00e9s de HTTP"
}
],
"id": "CVE-2020-7541",
"lastModified": "2024-11-21T05:37:20.717",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-11T01:15:12.457",
"references": [
{
"source": "cybersecurity@se.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-03/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-03/"
}
],
"sourceIdentifier": "cybersecurity@se.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-425"
}
],
"source": "cybersecurity@se.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-02-11 18:15
Modified
2024-11-21 05:50
Severity ?
Summary
A CWE-787: Out-of-bounds Write vulnerability exists that could cause denial of service when an attacker sends a specially crafted HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (All Versions), Modicon Premium Processors with integrated Ethernet (Copro): TSXP574634, TSXP575634, TSXP576634 (All Versions), Modicon Quantum Processors with Integrated Ethernet (Copro): 140CPU65xxxxx (All Versions), Modicon Quantum Communication Modules: 140NOE771x1, 140NOC78x00, 140NOC77101 (All Versions), Modicon Premium Communication Modules: TSXETY4103, TSXETY5103 (All Versions)
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cybersecurity@se.com | https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-257-02 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-257-02 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342020_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "866BFE7D-D688-40B1-B6E9-B140529001C3",
"versionEndExcluding": "3.40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020:-:*:*:*:*:*:*:*",
"matchCriteriaId": "99F2F851-C18F-4CB8-B47C-516F2AC7955D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:bmxnoe0100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6E00817A-E140-418F-93AB-A9B516F090A7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:bmxnoe0100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "80FC6FF2-D662-4A57-AAA6-BC04351DC779",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:bmxnoe0110_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F2F33A35-37ED-41AD-94A2-34FEA8E7259B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:bmxnoe0110:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98F3B055-8919-4E09-9827-288F0A03DAFF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:bmxnoc0401_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FEF0DA3B-F89B-487D-AAE6-AEA88E28055A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:bmxnoc0401:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DF08654A-FFCB-47D3-AC82-DF7284548962",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:bmxnor0200h_rtu_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D9318D16-AA6D-4DE4-B812-D995B291E802",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:bmxnor0200h_rtu:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8D792EDB-A93E-495B-AF0A-486C9AC6BACA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:tsxp574634_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C32BDE35-7AC6-44C3-8135-BAA128B44559",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:tsxp574634:-:*:*:*:*:*:*:*",
"matchCriteriaId": "76B1122A-56A2-44BB-8648-C6E96D1966D9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:tsxp575634_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8CAEBC02-9BA6-4D36-AC3D-E1CE531F918E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:tsxp575634:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A0678A50-FE23-49BD-A6CF-A7094EFDAFA1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:tsxp576634_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "23918D88-851B-480E-972E-EB48CAFA7AF4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:tsxp576634:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38F83CCC-4A66-4D47-A563-777A16028F3B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:140cpu65150_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8048EA69-8FC8-4415-BA20-D2813F8BD83D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:140cpu65150:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EC3E5496-C3D0-4DF4-A9AF-F227F889840E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:140noe771x1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1468EBB2-8AD8-4886-B4A9-13D1F34EFD8B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:140noe771x1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6EFD78F-DB37-4407-A91C-9D01FA9CAF2F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:140noc78x00_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F6E80811-AE57-4B01-B3D5-4B346A9F3D8F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:140noc78x00:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F4A72EA-E15A-4C31-B0F3-6B9EB48A09B2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:140noc77101_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "10B16121-8DC3-4EA1-AC7B-D611A1C3C9A4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:140noc77101:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B688E46-6D5B-4197-BBA2-23F361E656E0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:tsxety4103_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "066E3E6C-8A0E-4360-A4ED-32A84B7647FC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:tsxety4103:-:*:*:*:*:*:*:*",
"matchCriteriaId": "18B13865-038C-4073-955A-36E6F5037C2C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:tsxety5103_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C7B418F6-DCED-40B9-8B35-DC50FD8EF6FD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:tsxety5103:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6A901BF2-9316-4067-9AFC-8A7CB3549F68",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A CWE-787: Out-of-bounds Write vulnerability exists that could cause denial of service when an attacker sends a specially crafted HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (All Versions), Modicon Premium Processors with integrated Ethernet (Copro): TSXP574634, TSXP575634, TSXP576634 (All Versions), Modicon Quantum Processors with Integrated Ethernet (Copro): 140CPU65xxxxx (All Versions), Modicon Quantum Communication Modules: 140NOE771x1, 140NOC78x00, 140NOC77101 (All Versions), Modicon Premium Communication Modules: TSXETY4103, TSXETY5103 (All Versions)"
},
{
"lang": "es",
"value": "Una CWE-787: Se presenta una vulnerabilidad de Escritura Fuera de L\u00edmites que podr\u00eda causar una denegaci\u00f3n de servicio cuando un atacante env\u00eda una petici\u00f3n HTTP especialmente dise\u00f1ada al servidor web del dispositivo. Producto afectado: CPUs Modicon M340: BMXP34 (Versiones anteriores a V3.40), M\u00f3dulos de Comunicaci\u00f3n Ethernet Modicon M340 X80: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (Todas las versiones), Procesadores Modicon Premium con Ethernet integrada (Copro): TSXP574634, TSXP575634, TSXP576634 (Todas las versiones), Procesadores Modicon Quantum con Ethernet integrado (Copro): 140CPU65xxxxx (Todas las versiones), M\u00f3dulos de comunicaci\u00f3n Modicon Quantum: 140NOE771x1, 140NOC78x00, 140NOC77101 (Todas las versiones), M\u00f3dulos de comunicaci\u00f3n Modicon Premium: TSXETY4103, TSXETY5103 (todas las versiones)"
}
],
"id": "CVE-2021-22788",
"lastModified": "2024-11-21T05:50:40.227",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-02-11T18:15:09.057",
"references": [
{
"source": "cybersecurity@se.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-257-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-257-02"
}
],
"sourceIdentifier": "cybersecurity@se.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "cybersecurity@se.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-12-11 01:15
Modified
2024-11-21 05:37
Severity ?
Summary
A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause unauthenticated command execution in the controller when sending special HTTP requests.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp341000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C440362A-7E0E-497C-B275-409E9B57D8A2",
"versionEndExcluding": "3.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp341000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "178D2338-E48E-493C-992F-337AACE794DE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B6ACCC66-4075-4EE9-A6BA-01EF7529C568",
"versionEndExcluding": "3.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6D150239-27E2-4CBE-A931-5107C15E362F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420102_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FD031F4E-9F3C-4035-AFB8-B7442F1B2475",
"versionEndExcluding": "3.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420102:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98212CF5-BCF4-4A55-B62A-484569687B4E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420102cl_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1C1D1498-1069-4080-8EB4-3BA6C0DC2CEA",
"versionEndExcluding": "3.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420102cl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D30336F0-EDCF-486C-B52E-D0C53BCDFC65",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342020_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E5481772-5E18-4985-A5E5-F7223B52A90B",
"versionEndExcluding": "3.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020:-:*:*:*:*:*:*:*",
"matchCriteriaId": "99F2F851-C18F-4CB8-B47C-516F2AC7955D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1A83CF92-F35F-416F-B571-CA5600BF671F",
"versionEndExcluding": "3.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302:-:*:*:*:*:*:*:*",
"matchCriteriaId": "354968F7-C41B-4C21-8E47-81DC07DF0EA5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302cl_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E506AD9-C302-4D41-B971-46DE19AF83FB",
"versionEndExcluding": "3.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302cl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "32091F91-9397-4506-8801-C68B9E8B60F0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:bmxnoe0100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1BCDF059-40BF-4A32-9932-A7A744E6F295",
"versionEndExcluding": "3.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:bmxnoe0100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "80FC6FF2-D662-4A57-AAA6-BC04351DC779",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:bmxnoe0110_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E001828-1A7D-4C8B-95FC-046652D3EF07",
"versionEndExcluding": "6.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:bmxnoe0110:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98F3B055-8919-4E09-9827-288F0A03DAFF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:140noe77101_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F72DC31C-3FF4-416C-BCD7-5F78EE066907",
"versionEndExcluding": "7.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:140noe77101:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DBA60BB0-1725-45E7-9191-0D300EB05082",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:140noe77111_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4570480E-3787-4263-AB51-8AD0B62969CB",
"versionEndExcluding": "7.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:140noe77111:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7CBDCA32-398A-4AC3-A477-DEF9ACD4D3F4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:140cpu65150_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F419FC54-72D9-488F-9B0F-C12CEA213089",
"versionEndExcluding": "6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:140cpu65150:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EC3E5496-C3D0-4DF4-A9AF-F227F889840E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:140cpu65160_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CF7A5C7B-9DBA-47CB-B7D4-70184AEBC684",
"versionEndExcluding": "6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:140cpu65160:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B2C2AF70-F0BB-4D17-901C-1FCBECDC44FB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:140noc78000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FD80E512-2D78-4375-8DBB-D12E5F0AF484",
"versionEndExcluding": "1.74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:140noc78000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "876CE5BA-B45D-4FFD-8176-E26181DAC355",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:140noc78100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCD74F63-7BA1-498F-977F-FCA90B5968AA",
"versionEndExcluding": "1.74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:140noc78100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1067FDEA-33BC-4AA9-AC5B-099BA757065B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:140noc77101_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EAA8F733-513D-458A-A1ED-849A3DE8F5FD",
"versionEndExcluding": "1.08",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:140noc77101:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B688E46-6D5B-4197-BBA2-23F361E656E0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:tsxp574634_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "19D112F4-50CB-4EFE-B0EA-43A732A22283",
"versionEndExcluding": "6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:tsxp574634:-:*:*:*:*:*:*:*",
"matchCriteriaId": "76B1122A-56A2-44BB-8648-C6E96D1966D9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:tsxp575634_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4EDD6B6C-FF2A-4960-AFD6-9DF4B4F7FD5E",
"versionEndExcluding": "6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:tsxp575634:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A0678A50-FE23-49BD-A6CF-A7094EFDAFA1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:tsxp576634_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3CB6318A-9AEF-4C9D-9678-05208026AC8A",
"versionEndExcluding": "6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:tsxp576634:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38F83CCC-4A66-4D47-A563-777A16028F3B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:tsxety4103_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "92C280EA-9C52-47A9-AA1E-B0AA9C1F67F2",
"versionEndExcluding": "6.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:tsxety4103:-:*:*:*:*:*:*:*",
"matchCriteriaId": "18B13865-038C-4073-955A-36E6F5037C2C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:tsxety5103_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C093ECB-B977-4346-9E0E-DC30DD762055",
"versionEndExcluding": "6.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:tsxety5103:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6A901BF2-9316-4067-9AFC-8A7CB3549F68",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:bmxnoc0401_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "887976CC-8244-4D86-9941-BA82BC1AB6C2",
"versionEndExcluding": "2.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:bmxnoc0401:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DF08654A-FFCB-47D3-AC82-DF7284548962",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:bmxnor200h_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "916E21A9-E841-496D-84DB-A6427A300FD2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:bmxnor200h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "61020CA2-94D2-461F-B103-5A4985AE438E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause unauthenticated command execution in the controller when sending special HTTP requests."
},
{
"lang": "es",
"value": "Una CWE-306: Se presenta una vulnerabilidad de Falta Autenticaci\u00f3n para la Funci\u00f3n Cr\u00edtica en el Servidor Web en Modicon M340, Legacy Offers Modicon Quantum y Modicon Premium y Modicon Premium y M\u00f3dulos de Comunicaci\u00f3n asociados (consulte la notificaci\u00f3n de seguridad para las versiones afectadas), que podr\u00eda causar una ejecuci\u00f3n de comandos no autenticados en el controlador cuando se env\u00edan peticiones HTTP especiales"
}
],
"id": "CVE-2020-7540",
"lastModified": "2024-11-21T05:37:20.573",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-11T01:15:12.377",
"references": [
{
"source": "cybersecurity@se.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-04/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-04/"
}
],
"sourceIdentifier": "cybersecurity@se.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "cybersecurity@se.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-10-03 18:55
Modified
2024-11-21 02:02
Severity ?
Summary
Directory traversal vulnerability in SchneiderWEB on Schneider Electric Modicon PLC Ethernet modules 140CPU65x Exec before 5.5, 140NOC78x Exec before 1.62, 140NOE77x Exec before 6.2, BMXNOC0401 before 2.05, BMXNOE0100 before 2.9, BMXNOE0110x Exec before 6.0, TSXETC101 Exec before 2.04, TSXETY4103x Exec before 5.7, TSXETY5103x Exec before 5.9, TSXP57x ETYPort Exec before 5.7, and TSXP57x Ethernet Copro Exec before 5.5 allows remote attackers to visit arbitrary resources via a crafted HTTP request.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://download.schneider-electric.com/files?p_Reference=SEVD-2014-260-01&p_EnDocType=Software%20-%20Updates&p_File_Id=608959359&p_File_Name=SEVD-2014-260-01.pdf | Patch, Vendor Advisory | |
| ics-cert@hq.dhs.gov | http://www.securityfocus.com/bid/70193 | Third Party Advisory, VDB Entry | |
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-14-273-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://download.schneider-electric.com/files?p_Reference=SEVD-2014-260-01&p_EnDocType=Software%20-%20Updates&p_File_Id=608959359&p_File_Name=SEVD-2014-260-01.pdf | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/70193 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-14-273-01 | Third Party Advisory, US Government Resource |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:stbnic2212_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8CAE6F21-BEF7-45F5-A1E1-F52081802FA4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:stbnic2212:-:*:*:*:*:*:*:*",
"matchCriteriaId": "28F0530E-5EBD-4869-A905-08078F8EEA3D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:stbnip2212_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8BB7B706-757E-42CB-97A2-5927B131C61D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:stbnip2212:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D5BEE833-EA1E-4225-977C-089FD4BA8CF8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:tsxetc0101_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B0258629-6C04-47D0-8C59-7BE73815603C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:tsxetc0101:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB523276-7B3E-4A3A-9070-F27D6967A7AA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:tsxetc100_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A29F8D41-171E-41BE-B294-0F2317125445",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:tsxetc100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AC740EFF-A38E-4CFA-BF98-16C6C5CE4615",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:tsxp573623mc_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5FE52740-710B-4584-A600-5B45E9A90076",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:tsxp573623mc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "63796B37-8350-49DC-8F14-9E212830C86C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:tsxety110ws_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92DCF9C9-8F9A-414C-AAB9-69F5459F0719",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:tsxety110ws:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DA58DCD9-D224-4B25-82CC-2D4716762490",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:tsxp574634m_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2D634770-DB1F-43EF-AD2C-9351BD92D3BC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:tsxp574634m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE60505D-0211-4E8C-B32C-988E25698B1E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:tsxety110wsc_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "73C3399E-2B28-4CF8-9356-C871ABD689C5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:tsxety110wsc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F2D63BE6-86E4-4FF7-99DF-C76BB7FFFB7B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:tsxp574823am_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6C772ACA-2B12-41C5-A805-58F5A1B1EE0C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:tsxp574823am:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4AAB0C0E-F4AF-4C20-A301-82A03994C86A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:tsxety4103_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A27D7568-6D5A-4AA5-8D4E-800B15BE1B6C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:tsxety4103:-:*:*:*:*:*:*:*",
"matchCriteriaId": "18B13865-038C-4073-955A-36E6F5037C2C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:tsxp574823m_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "952314A3-D111-4AC5-B74B-FC849AE21E9B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:tsxp574823m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E9D0A998-2761-4C05-8204-F1D09C343B82",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:tsxety4103c_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E8CC496A-B2DD-4082-AB1E-7BB9D2BAAC52",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:tsxety4103c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "91FC8450-FAF2-4EDD-B7B6-AED6FFE948A6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:tsxp574823mc_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8BA42DDC-868B-4500-AB87-0BAB78AC3961",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:tsxp574823mc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5F78AFA7-60DD-41CA-AB5B-4DA77473CECF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:tsxety5103_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C1CFF2F6-DA65-4072-A56B-163C98890D3D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:tsxety5103:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6A901BF2-9316-4067-9AFC-8A7CB3549F68",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:tsxp575634m_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4E490099-5E81-464C-9790-7A1DCF112A5F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:tsxp575634m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "57BF89C2-27F8-4FF5-9E4F-4F0CB6C2F0E9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:tsxety5103c_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B48FC153-8134-4B96-BD97-90C9C4C7753B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:tsxety5103c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "28483125-5A43-445E-B10B-495DA19AD762",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:tsxp576634m_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C6E5F731-F702-4F83-AE10-E3C3009625D6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:tsxp576634m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "71146321-B31B-4C5B-A600-2E414D84916E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:tsxetz410_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "240A96ED-D4EE-4ACE-A17C-55668AD24AFF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:tsxetz410:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E11C7B04-CF7E-47DC-9947-36FCD208B318",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:tsxwmy100_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BDBCF5C2-A6F9-4241-938E-8A730A8EF11A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:tsxwmy100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "37743EAD-3445-4DC1-82C7-DCA96A530A51",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:tsxetz510_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "28D59F34-0098-4550-A4DC-5F98A2B67BB6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:tsxetz510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC4DF7D9-B51E-4B13-9104-DF16C8639979",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:tsxwmy100c_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "14CE2CFA-4D4C-4796-8742-C056135ED6E5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:tsxwmy100c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "35E7DBFC-AE46-4608-87E3-08B2AE813BD0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:tsxntp100_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "194F5A53-8062-465C-AABA-1BF7483EA716",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:tsxntp100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66AD7713-73F8-4271-8406-252DC80509DC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmxnoc0402_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4FC6A7F3-D93C-44F2-B949-4AE070D89FC3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmxnoc0402:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3C3A3232-1FCA-48E8-BAD8-E90D98F6D140",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxnoe0100_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BF09AE3B-C3D4-4519-9F79-0516C738EDB2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxnoe0100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E7CAD05-06C7-4B77-9466-1581ACAD4416",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxnoe0110_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CCF6254-7166-430C-B969-96EB54C81330",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxnoe0110:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE2953A1-873B-4784-8353-6CD92FD2A558",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxnoe0110h_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9DF9AB98-F2A7-4A74-9850-9B2C6F8CD17D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxnoe0110h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F2DDD4B-074E-4D36-8813-9B982D5C08BD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxnor0200h_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B2D556F4-B7B8-4F75-973A-3192F880DA09",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxnor0200h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C597244C-325F-4F6F-84B4-193CD299B3EF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342020_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F6B88FC3-8FD3-4A2F-A2F0-BE6E29CB7D4F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020:-:*:*:*:*:*:*:*",
"matchCriteriaId": "99F2F851-C18F-4CB8-B47C-516F2AC7955D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342020h_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "86AA8980-5D94-4B49-858C-E24290AE8D36",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "56BAED8B-EEFA-45D7-A5A3-9B62067CE24C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342030_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "90674B8F-C4BD-46AF-A86D-A01531074FB6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342030:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E472ABB0-5556-4B96-9CEF-2180E24FA7FD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1F8EA70F-DD0C-4835-AA65-2B826807756B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302:-:*:*:*:*:*:*:*",
"matchCriteriaId": "354968F7-C41B-4C21-8E47-81DC07DF0EA5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302h_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C3E85D90-A4B8-46B9-B654-84CD68FCF658",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "075A16D1-F4DF-4DCB-8DF9-152E282CE01F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342030h_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BBDA1A8F-6AAF-4D09-9DB4-FACAB918963C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342030h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EF9608E7-C9B5-4945-9609-690231DB1B5A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxnoc0401_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "65A1F43B-743A-4A07-B19B-F491F49D33FC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxnoc0401:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43E39399-BE26-49DA-9522-3CB57DEACD63",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:171ccc96020_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E8443AF5-8506-4FC1-9E12-2A6318ED2F71",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:171ccc96020:-:*:*:*:*:*:*:*",
"matchCriteriaId": "50072285-A60B-4B9E-9DFB-947F1127AFE3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:171ccc96020c_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8DD28B94-DCC4-4B83-A8FC-81972B53604A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:171ccc96020c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2667F240-1C4C-4CFC-8FEC-439DE95E767A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:171ccc96030_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "310FF842-7A29-4F52-B12C-BDFBD962277B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:171ccc96030:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DCD6A99A-9363-40BA-891B-D70B62163231",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:171ccc96030c_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BFDDA9E0-EBF0-4E5E-816A-98FDAEE4EFF1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:171ccc96030c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0F3B51A-7B7C-401A-B0F3-D38EFB084B27",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:171ccc98020_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FF455A4F-7F2C-4AD3-A1F4-AE7AEC978460",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:171ccc98020:-:*:*:*:*:*:*:*",
"matchCriteriaId": "762C9502-8164-435F-8EC8-BDD9600B3BF7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:171ccc98030_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7663D7C-68BD-42E8-B69D-26F3B56AD333",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:171ccc98030:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C8032C8C-575C-488B-8B14-347DF11BA2CE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxnoc0401_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "65A1F43B-743A-4A07-B19B-F491F49D33FC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxnoc0401:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43E39399-BE26-49DA-9522-3CB57DEACD63",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmxnoc0402_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4FC6A7F3-D93C-44F2-B949-4AE070D89FC3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmxnoc0402:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3C3A3232-1FCA-48E8-BAD8-E90D98F6D140",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxnoe0110_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CCF6254-7166-430C-B969-96EB54C81330",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxnoe0110:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE2953A1-873B-4784-8353-6CD92FD2A558",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxnoe0110h_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9DF9AB98-F2A7-4A74-9850-9B2C6F8CD17D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxnoe0110h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F2DDD4B-074E-4D36-8813-9B982D5C08BD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxnor0200h_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B2D556F4-B7B8-4F75-973A-3192F880DA09",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxnor0200h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C597244C-325F-4F6F-84B4-193CD299B3EF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342020_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F6B88FC3-8FD3-4A2F-A2F0-BE6E29CB7D4F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020:-:*:*:*:*:*:*:*",
"matchCriteriaId": "99F2F851-C18F-4CB8-B47C-516F2AC7955D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342020h_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "86AA8980-5D94-4B49-858C-E24290AE8D36",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "56BAED8B-EEFA-45D7-A5A3-9B62067CE24C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1F8EA70F-DD0C-4835-AA65-2B826807756B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302:-:*:*:*:*:*:*:*",
"matchCriteriaId": "354968F7-C41B-4C21-8E47-81DC07DF0EA5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342030_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "90674B8F-C4BD-46AF-A86D-A01531074FB6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342030:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E472ABB0-5556-4B96-9CEF-2180E24FA7FD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302h_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C3E85D90-A4B8-46B9-B654-84CD68FCF658",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "075A16D1-F4DF-4DCB-8DF9-152E282CE01F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342030h_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BBDA1A8F-6AAF-4D09-9DB4-FACAB918963C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342030h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EF9608E7-C9B5-4945-9609-690231DB1B5A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:tsxetc100_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A29F8D41-171E-41BE-B294-0F2317125445",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:tsxetc100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AC740EFF-A38E-4CFA-BF98-16C6C5CE4615",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:tsxp573623mc_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5FE52740-710B-4584-A600-5B45E9A90076",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:tsxp573623mc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "63796B37-8350-49DC-8F14-9E212830C86C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:tsxety110ws_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92DCF9C9-8F9A-414C-AAB9-69F5459F0719",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:tsxety110ws:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DA58DCD9-D224-4B25-82CC-2D4716762490",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:tsxp574634m_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2D634770-DB1F-43EF-AD2C-9351BD92D3BC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:tsxp574634m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE60505D-0211-4E8C-B32C-988E25698B1E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:tsxety110wsc_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "73C3399E-2B28-4CF8-9356-C871ABD689C5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:tsxety110wsc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F2D63BE6-86E4-4FF7-99DF-C76BB7FFFB7B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:tsxp574823am_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6C772ACA-2B12-41C5-A805-58F5A1B1EE0C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:tsxp574823am:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4AAB0C0E-F4AF-4C20-A301-82A03994C86A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:tsxety4103_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A27D7568-6D5A-4AA5-8D4E-800B15BE1B6C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:tsxety4103:-:*:*:*:*:*:*:*",
"matchCriteriaId": "18B13865-038C-4073-955A-36E6F5037C2C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:tsxp574823m_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "952314A3-D111-4AC5-B74B-FC849AE21E9B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:tsxp574823m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E9D0A998-2761-4C05-8204-F1D09C343B82",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:tsxety4103c_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E8CC496A-B2DD-4082-AB1E-7BB9D2BAAC52",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:tsxety4103c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "91FC8450-FAF2-4EDD-B7B6-AED6FFE948A6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:tsxp574823mc_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8BA42DDC-868B-4500-AB87-0BAB78AC3961",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:tsxp574823mc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5F78AFA7-60DD-41CA-AB5B-4DA77473CECF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:tsxety5103_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C1CFF2F6-DA65-4072-A56B-163C98890D3D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:tsxety5103:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6A901BF2-9316-4067-9AFC-8A7CB3549F68",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:tsxp575634m_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4E490099-5E81-464C-9790-7A1DCF112A5F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:tsxp575634m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "57BF89C2-27F8-4FF5-9E4F-4F0CB6C2F0E9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:tsxety5103c_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B48FC153-8134-4B96-BD97-90C9C4C7753B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:tsxety5103c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "28483125-5A43-445E-B10B-495DA19AD762",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:tsxp576634m_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C6E5F731-F702-4F83-AE10-E3C3009625D6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:tsxp576634m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "71146321-B31B-4C5B-A600-2E414D84916E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:tsxetz410_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "240A96ED-D4EE-4ACE-A17C-55668AD24AFF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:tsxetz410:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E11C7B04-CF7E-47DC-9947-36FCD208B318",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:tsxwmy100_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BDBCF5C2-A6F9-4241-938E-8A730A8EF11A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:tsxwmy100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "37743EAD-3445-4DC1-82C7-DCA96A530A51",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:tsxetz510_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "28D59F34-0098-4550-A4DC-5F98A2B67BB6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:tsxetz510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC4DF7D9-B51E-4B13-9104-DF16C8639979",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:tsxwmy100c_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "14CE2CFA-4D4C-4796-8742-C056135ED6E5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:tsxwmy100c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "35E7DBFC-AE46-4608-87E3-08B2AE813BD0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:tsxntp100_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "194F5A53-8062-465C-AABA-1BF7483EA716",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:tsxntp100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66AD7713-73F8-4271-8406-252DC80509DC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:tsxp571634m_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8BAC53A2-F2DA-41C5-9699-EC421B3143E1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:tsxp571634m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "31A5DCC8-9E3D-4919-9DE3-73FC8733E73D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:tsxp572634m_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E9B7568D-8C01-4268-BAB6-A4849BFD3FA4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:tsxp572634m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA2094F4-976F-44FA-A7E5-93E20A80DA00",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:tsxp573634m_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6FC7B128-2CCC-46BA-B3EC-BF4AD8A788C3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:tsxp573634m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "80500883-2825-46DD-8ED9-4F324A4494CC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in SchneiderWEB on Schneider Electric Modicon PLC Ethernet modules 140CPU65x Exec before 5.5, 140NOC78x Exec before 1.62, 140NOE77x Exec before 6.2, BMXNOC0401 before 2.05, BMXNOE0100 before 2.9, BMXNOE0110x Exec before 6.0, TSXETC101 Exec before 2.04, TSXETY4103x Exec before 5.7, TSXETY5103x Exec before 5.9, TSXP57x ETYPort Exec before 5.7, and TSXP57x Ethernet Copro Exec before 5.5 allows remote attackers to visit arbitrary resources via a crafted HTTP request."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en SchneiderWEB en los m\u00f3dulos Schneider Electric Modicon PLC Ethernet 140CPU65x Exec anterior a 5.5, 140NOC78x Exec anterior a 1.62, 140NOE77x Exec anterior a 6.2, BMXNOC0401 anterior a 2.05, BMXNOE0100 anterior a 2.9, BMXNOE0110x Exec anterior a 6.0, TSXETC101 Exec anterior a 2.04, TSXETY4103x Exec anterior a 5.7, TSXETY5103x Exec anterior a 5.9, TSXP57x ETYPort Exec anterior a 5.7, y TSXP57x Ethernet Copro Exec anterior a 5.5 permite a atacantes remotos visitar recursos arbitrarios a trav\u00e9s de una solicitud HTTP manipulada."
}
],
"id": "CVE-2014-0754",
"lastModified": "2024-11-21T02:02:44.980",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-10-03T18:55:06.017",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://download.schneider-electric.com/files?p_Reference=SEVD-2014-260-01\u0026p_EnDocType=Software%20-%20Updates\u0026p_File_Id=608959359\u0026p_File_Name=SEVD-2014-260-01.pdf"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/70193"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-273-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://download.schneider-electric.com/files?p_Reference=SEVD-2014-260-01\u0026p_EnDocType=Software%20-%20Updates\u0026p_File_Id=608959359\u0026p_File_Name=SEVD-2014-260-01.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/70193"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-273-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-02-04 23:15
Modified
2024-11-21 05:37
Severity ?
Summary
A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists on the web server used, that could cause a leak of sensitive data or unauthorized actions on the web server during the time the user is logged in. Affected Products: Modicon M340 CPUs: BMXP34 (All Versions), Modicon Quantum CPUs with integrated Ethernet (Copro): 140CPU65 (All Versions), Modicon Premium CPUs with integrated Ethernet (Copro): TSXP57 (All Versions), Modicon M340 ethernet modules: (BMXNOC0401, BMXNOE01, BMXNOR0200H) (All Versions), Modicon Quantum and Premium factory cast communication modules: (140NOE77111, 140NOC78*00, TSXETY5103, TSXETY4103) (All Versions)
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cybersecurity@se.com | https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-011-01 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-011-01 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342020_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C747D719-51A2-44F5-B940-89D84437DA95",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020:-:*:*:*:*:*:*:*",
"matchCriteriaId": "99F2F851-C18F-4CB8-B47C-516F2AC7955D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:140cpu65_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "12B6D628-61AA-4999-B71F-FF93182A035B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:140cpu65:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F6E9922C-D583-4820-9BAC-8D8CC31F482B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:tsxp57_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B20CF298-0E3F-4142-B7CF-791FA5E5545C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:tsxp57:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D2161791-5948-4C6E-B0FC-8DC7686CD87A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:bmxnoc0401_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FEF0DA3B-F89B-487D-AAE6-AEA88E28055A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:bmxnoc0401:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DF08654A-FFCB-47D3-AC82-DF7284548962",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:bmxnoe01_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E77A9929-C08B-4C29-ADA9-A53E6A2750D5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:bmxnoe01:-:*:*:*:*:*:*:*",
"matchCriteriaId": "50ED0C5D-0F0F-42D9-9E44-133A89ED940C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:bmxnor0200h_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AECF5778-C5F5-4789-BD3D-793B35DDDBDF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:bmxnor0200h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "60D9A366-3394-4275-B884-AE6E7227156E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:140noe77111_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "36A93454-1251-4EC9-8FFB-E7152E346C5B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:140noe77111:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7CBDCA32-398A-4AC3-A477-DEF9ACD4D3F4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:140noc78000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1A62DEBF-6343-48BB-835C-64AE9D8F956A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:140noc78000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "876CE5BA-B45D-4FFD-8176-E26181DAC355",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:tsxety5103_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C7B418F6-DCED-40B9-8B35-DC50FD8EF6FD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:tsxety5103:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6A901BF2-9316-4067-9AFC-8A7CB3549F68",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:tsxety4103_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "066E3E6C-8A0E-4360-A4ED-32A84B7647FC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:tsxety4103:-:*:*:*:*:*:*:*",
"matchCriteriaId": "18B13865-038C-4073-955A-36E6F5037C2C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists on the web server used, that could cause a leak of sensitive data or unauthorized actions on the web server during the time the user is logged in. Affected Products: Modicon M340 CPUs: BMXP34 (All Versions), Modicon Quantum CPUs with integrated Ethernet (Copro): 140CPU65 (All Versions), Modicon Premium CPUs with integrated Ethernet (Copro): TSXP57 (All Versions), Modicon M340 ethernet modules: (BMXNOC0401, BMXNOE01, BMXNOR0200H) (All Versions), Modicon Quantum and Premium factory cast communication modules: (140NOE77111, 140NOC78*00, TSXETY5103, TSXETY4103) (All Versions)"
},
{
"lang": "es",
"value": "Una CWE-352: Una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) se presenta en el servidor web usado, que podr\u00eda causar un filtrado de datos confidenciales o acciones no autorizadas en el servidor web durante el tiempo en que el usuario est\u00e1 conectado. Productos afectados: CPUs Modicon M340: BMXP34 (Todas las versiones), CPUs Modicon Quantum con Ethernet integrada (Copro): 140CPU65 (Todas las versiones), CPUs Modicon Premium con Ethernet integrada (Copro): TSXP57 (Todas las versiones), M\u00f3dulos ethernet Modicon M340: (BMXNOC0401, BMXNOE01, BMXNOR0200H) (Todas las versiones), M\u00f3dulos de comunicaci\u00f3n de f\u00e1brica Modicon Quantum y Premium: (140NOE77111, 140NOC78*00, TSXETY5103, TSXETY4103) (Todas las versiones)"
}
],
"id": "CVE-2020-7534",
"lastModified": "2024-11-21T05:37:19.763",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-02-04T23:15:10.390",
"references": [
{
"source": "cybersecurity@se.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-011-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-011-01"
}
],
"sourceIdentifier": "cybersecurity@se.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "cybersecurity@se.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-02-11 18:15
Modified
2024-11-21 05:50
Severity ?
Summary
A CWE-20: Improper Input Validation vulnerability exists that could cause denial of service of the device when an attacker sends a specially crafted HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (All Versions), Modicon Premium Processors with integrated Ethernet (Copro): TSXP574634, TSXP575634, TSXP576634 (All Versions), Modicon Quantum Processors with Integrated Ethernet (Copro): 140CPU65xxxxx (All Versions), Modicon Quantum Communication Modules: 140NOE771x1, 140NOC78x00, 140NOC77101 (All Versions), Modicon Premium Communication Modules: TSXETY4103, TSXETY5103 (All Versions)
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cybersecurity@se.com | https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-257-02 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-257-02 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342020_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "866BFE7D-D688-40B1-B6E9-B140529001C3",
"versionEndExcluding": "3.40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020:-:*:*:*:*:*:*:*",
"matchCriteriaId": "99F2F851-C18F-4CB8-B47C-516F2AC7955D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:bmxnoe0100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6E00817A-E140-418F-93AB-A9B516F090A7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:bmxnoe0100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "80FC6FF2-D662-4A57-AAA6-BC04351DC779",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:bmxnoe0110_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F2F33A35-37ED-41AD-94A2-34FEA8E7259B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:bmxnoe0110:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98F3B055-8919-4E09-9827-288F0A03DAFF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:bmxnoc0401_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FEF0DA3B-F89B-487D-AAE6-AEA88E28055A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:bmxnoc0401:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DF08654A-FFCB-47D3-AC82-DF7284548962",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:bmxnor0200h_rtu_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D9318D16-AA6D-4DE4-B812-D995B291E802",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:bmxnor0200h_rtu:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8D792EDB-A93E-495B-AF0A-486C9AC6BACA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:tsxp574634_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C32BDE35-7AC6-44C3-8135-BAA128B44559",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:tsxp574634:-:*:*:*:*:*:*:*",
"matchCriteriaId": "76B1122A-56A2-44BB-8648-C6E96D1966D9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:tsxp575634_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8CAEBC02-9BA6-4D36-AC3D-E1CE531F918E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:tsxp575634:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A0678A50-FE23-49BD-A6CF-A7094EFDAFA1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:tsxp576634_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "23918D88-851B-480E-972E-EB48CAFA7AF4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:tsxp576634:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38F83CCC-4A66-4D47-A563-777A16028F3B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:140cpu65150_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8048EA69-8FC8-4415-BA20-D2813F8BD83D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:140cpu65150:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EC3E5496-C3D0-4DF4-A9AF-F227F889840E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:140noe771x1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1468EBB2-8AD8-4886-B4A9-13D1F34EFD8B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:140noe771x1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6EFD78F-DB37-4407-A91C-9D01FA9CAF2F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:140noc78x00_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F6E80811-AE57-4B01-B3D5-4B346A9F3D8F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:140noc78x00:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F4A72EA-E15A-4C31-B0F3-6B9EB48A09B2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:140noc77101_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "10B16121-8DC3-4EA1-AC7B-D611A1C3C9A4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:140noc77101:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B688E46-6D5B-4197-BBA2-23F361E656E0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:tsxety4103_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "066E3E6C-8A0E-4360-A4ED-32A84B7647FC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:tsxety4103:-:*:*:*:*:*:*:*",
"matchCriteriaId": "18B13865-038C-4073-955A-36E6F5037C2C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:tsxety5103_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C7B418F6-DCED-40B9-8B35-DC50FD8EF6FD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:tsxety5103:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6A901BF2-9316-4067-9AFC-8A7CB3549F68",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A CWE-20: Improper Input Validation vulnerability exists that could cause denial of service of the device when an attacker sends a specially crafted HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (All Versions), Modicon Premium Processors with integrated Ethernet (Copro): TSXP574634, TSXP575634, TSXP576634 (All Versions), Modicon Quantum Processors with Integrated Ethernet (Copro): 140CPU65xxxxx (All Versions), Modicon Quantum Communication Modules: 140NOE771x1, 140NOC78x00, 140NOC77101 (All Versions), Modicon Premium Communication Modules: TSXETY4103, TSXETY5103 (All Versions)"
},
{
"lang": "es",
"value": "Una CWE-20: Se presenta una vulnerabilidad de Comprobaci\u00f3n de Entrada Inapropiada que podr\u00eda causar una denegaci\u00f3n de servicio del dispositivo cuando un atacante env\u00eda una petici\u00f3n HTTP especialmente dise\u00f1ada al servidor web del dispositivo. Producto afectado: CPUs Modicon M340: BMXP34 (Versiones anteriores a V3.40), M\u00f3dulos de Comunicaci\u00f3n Ethernet Modicon M340 X80: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (Todas las versiones), Procesadores Modicon Premium con Ethernet integrada (Copro): TSXP574634, TSXP575634, TSXP576634 (Todas las versiones), Procesadores Modicon Quantum con Ethernet integrado (Copro): 140CPU65xxxxx (Todas las versiones), M\u00f3dulos de comunicaci\u00f3n Modicon Quantum: 140NOE771x1, 140NOC78x00, 140NOC77101 (Todas las versiones), M\u00f3dulos de comunicaci\u00f3n Modicon Premium: TSXETY4103, TSXETY5103 (todas las versiones)"
}
],
"id": "CVE-2021-22787",
"lastModified": "2024-11-21T05:50:40.090",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-02-11T18:15:09.000",
"references": [
{
"source": "cybersecurity@se.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-257-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-257-02"
}
],
"sourceIdentifier": "cybersecurity@se.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "cybersecurity@se.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-12-11 01:15
Modified
2024-11-21 05:37
Severity ?
Summary
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause denial of HTTP and FTP services when a series of specially crafted requests is sent to the controller over HTTP.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp341000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C440362A-7E0E-497C-B275-409E9B57D8A2",
"versionEndExcluding": "3.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp341000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "178D2338-E48E-493C-992F-337AACE794DE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B6ACCC66-4075-4EE9-A6BA-01EF7529C568",
"versionEndExcluding": "3.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6D150239-27E2-4CBE-A931-5107C15E362F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420102_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FD031F4E-9F3C-4035-AFB8-B7442F1B2475",
"versionEndExcluding": "3.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420102:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98212CF5-BCF4-4A55-B62A-484569687B4E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420102cl_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1C1D1498-1069-4080-8EB4-3BA6C0DC2CEA",
"versionEndExcluding": "3.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420102cl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D30336F0-EDCF-486C-B52E-D0C53BCDFC65",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342020_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E5481772-5E18-4985-A5E5-F7223B52A90B",
"versionEndExcluding": "3.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020:-:*:*:*:*:*:*:*",
"matchCriteriaId": "99F2F851-C18F-4CB8-B47C-516F2AC7955D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1A83CF92-F35F-416F-B571-CA5600BF671F",
"versionEndExcluding": "3.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302:-:*:*:*:*:*:*:*",
"matchCriteriaId": "354968F7-C41B-4C21-8E47-81DC07DF0EA5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302cl_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E506AD9-C302-4D41-B971-46DE19AF83FB",
"versionEndExcluding": "3.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302cl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "32091F91-9397-4506-8801-C68B9E8B60F0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:bmxnoe0100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4C045040-20CA-488D-A36D-A433754A33E8",
"versionEndExcluding": "3.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:bmxnoe0100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "80FC6FF2-D662-4A57-AAA6-BC04351DC779",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:bmxnoe0110_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1A33A381-6772-4137-A677-5F73EA398FF6",
"versionEndExcluding": "6.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:bmxnoe0110:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98F3B055-8919-4E09-9827-288F0A03DAFF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:bmxnoc0401_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FEF0DA3B-F89B-487D-AAE6-AEA88E28055A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:bmxnoc0401:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DF08654A-FFCB-47D3-AC82-DF7284548962",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:140noe77111_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3FC49273-1C5D-4E0E-B484-0269CDA4E655",
"versionEndExcluding": "7.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:140noe77111:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7CBDCA32-398A-4AC3-A477-DEF9ACD4D3F4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:140noc78100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D11C9B98-3119-41CF-8320-447E7E00977E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:140noc78100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1067FDEA-33BC-4AA9-AC5B-099BA757065B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:140noc78000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1A62DEBF-6343-48BB-835C-64AE9D8F956A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:140noc78000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "876CE5BA-B45D-4FFD-8176-E26181DAC355",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:140cpu65150_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8048EA69-8FC8-4415-BA20-D2813F8BD83D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:140cpu65150:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EC3E5496-C3D0-4DF4-A9AF-F227F889840E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:tsxety4103_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "066E3E6C-8A0E-4360-A4ED-32A84B7647FC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:tsxety4103:-:*:*:*:*:*:*:*",
"matchCriteriaId": "18B13865-038C-4073-955A-36E6F5037C2C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:tsxety5103_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C7B418F6-DCED-40B9-8B35-DC50FD8EF6FD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:tsxety5103:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6A901BF2-9316-4067-9AFC-8A7CB3549F68",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:tsxp574634_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C32BDE35-7AC6-44C3-8135-BAA128B44559",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:tsxp574634:-:*:*:*:*:*:*:*",
"matchCriteriaId": "76B1122A-56A2-44BB-8648-C6E96D1966D9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:tsxp575634_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8CAEBC02-9BA6-4D36-AC3D-E1CE531F918E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:tsxp575634:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A0678A50-FE23-49BD-A6CF-A7094EFDAFA1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:tsxp576634_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "23918D88-851B-480E-972E-EB48CAFA7AF4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:tsxp576634:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38F83CCC-4A66-4D47-A563-777A16028F3B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause denial of HTTP and FTP services when a series of specially crafted requests is sent to the controller over HTTP."
},
{
"lang": "es",
"value": "Una CWE-754: Se presenta una vulnerabilidad de Comprobaci\u00f3n Inapropiada de Condiciones Inusuales o Excepcionales en el Servidor Web en Modicon M340, Legacy Offers Modicon Quantum y Modicon Premium y M\u00f3dulos de Comunicaci\u00f3n asociados (consulte la notificaci\u00f3n de seguridad para las versiones afectadas), que podr\u00eda causar una denegaci\u00f3n de servicios HTTP y FTP cuando una serie de peticiones especialmente dise\u00f1adas a trav\u00e9s de HTTP son enviadas hacia el controlador"
}
],
"id": "CVE-2020-7549",
"lastModified": "2024-11-21T05:37:21.663",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-11T01:15:12.627",
"references": [
{
"source": "cybersecurity@se.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-06/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-06/"
}
],
"sourceIdentifier": "cybersecurity@se.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-754"
}
],
"source": "cybersecurity@se.com",
"type": "Primary"
}
]
}