ICSA-14-273-01

Vulnerability from csaf_cisa - Published: 2014-07-03 06:00 - Updated: 2025-06-06 18:46
Summary
SchneiderWEB Server Directory Traversal Vulnerability
Notes
Legal Notice: All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
CISA Disclaimer: This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov
Recommended Practices: CISA recommends users take defensive measures to minimize the risk of exploitation.
Recommended Practices: Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.
Recommended Practices: Locate control system networks and remote devices behind firewalls and isolating them from business networks.
Recommended Practices: When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs). Recognize VPNs may have vulnerabilities, should be updated to the most recent version available, and are only as secure as the connected devices.
Recommended Practices: CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices: CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices: CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.
Recommended Practices: Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices: Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
Recommended Practices: CISA also recommends users take the following measures to protect themselves from social engineering attacks: Do not click web links or open attachments in unsolicited email messages. Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams. Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.
CVE-2014-0754
10.0 ()
AV:N/AC:L/Au:N/C:C/I:C/A:C
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Affected products
Product Identifier Version Remediation
Schneider Electric SchneiderWEB web HMI: 140CPU65150
Schneider Electric / SchneiderWEB web HMI
 140CPU65150
Mitigation fix
Mitigation fix
Mitigation
Mitigation
Mitigation
Schneider Electric SchneiderWEB web HMI: 171CCC96020
Schneider Electric / SchneiderWEB web HMI
 171CCC96020
Mitigation fix
Mitigation fix
Mitigation
Mitigation
Mitigation
Schneider Electric SchneiderWEB web HMI: BMXP3420302H
Schneider Electric / SchneiderWEB web HMI
 BMXP3420302H
Mitigation fix
Mitigation fix
Mitigation
Mitigation
Mitigation
Schneider Electric SchneiderWEB web HMI: TSXP572623M
Schneider Electric / SchneiderWEB web HMI
 TSXP572623M
Mitigation fix
Mitigation fix
Mitigation
Mitigation
Mitigation
Schneider Electric SchneiderWEB web HMI: TSXP572634M
Schneider Electric / SchneiderWEB web HMI
 TSXP572634M
Mitigation fix
Mitigation fix
Mitigation
Mitigation
Mitigation
Schneider Electric SchneiderWEB web HMI: 140CPU65160
Schneider Electric / SchneiderWEB web HMI
 140CPU65160
Mitigation fix
Mitigation fix
Mitigation
Mitigation
Mitigation
Schneider Electric SchneiderWEB web HMI: 171CCC96020C
Schneider Electric / SchneiderWEB web HMI
 171CCC96020C
Mitigation fix
Mitigation fix
Mitigation
Mitigation
Mitigation
Schneider Electric SchneiderWEB web HMI: BMXP342030H
Schneider Electric / SchneiderWEB web HMI
 BMXP342030H
Mitigation fix
Mitigation fix
Mitigation
Mitigation
Mitigation
Schneider Electric SchneiderWEB web HMI: TSXP572623MC
Schneider Electric / SchneiderWEB web HMI
 TSXP572623MC
Mitigation fix
Mitigation fix
Mitigation
Mitigation
Mitigation
Schneider Electric SchneiderWEB web HMI: TSXP573634M
Schneider Electric / SchneiderWEB web HMI
 TSXP573634M
Mitigation fix
Mitigation fix
Mitigation
Mitigation
Mitigation
Schneider Electric SchneiderWEB web HMI: 140CPU65260
Schneider Electric / SchneiderWEB web HMI
 140CPU65260
Mitigation fix
Mitigation fix
Mitigation
Mitigation
Mitigation
Schneider Electric SchneiderWEB web HMI: 171CCC96030
Schneider Electric / SchneiderWEB web HMI
 171CCC96030
Mitigation fix
Mitigation fix
Mitigation
Mitigation
Mitigation
Schneider Electric SchneiderWEB web HMI: BMXPRMxxxx
Schneider Electric / SchneiderWEB web HMI
 BMXPRMxxxx
Mitigation fix
Mitigation fix
Mitigation
Mitigation
Mitigation
Schneider Electric SchneiderWEB web HMI: TSXP572823M
Schneider Electric / SchneiderWEB web HMI
 TSXP572823M
Mitigation fix
Mitigation fix
Mitigation
Mitigation
Mitigation
Schneider Electric SchneiderWEB web HMI: 140NOC77100
Schneider Electric / SchneiderWEB web HMI
 140NOC77100
Mitigation fix
Mitigation fix
Mitigation
Mitigation
Mitigation
Schneider Electric SchneiderWEB web HMI: 171CCC96030C
Schneider Electric / SchneiderWEB web HMI
 171CCC96030C
Mitigation fix
Mitigation fix
Mitigation
Mitigation
Mitigation
Schneider Electric SchneiderWEB web HMI: STBNIC2212
Schneider Electric / SchneiderWEB web HMI
 STBNIC2212
Mitigation fix
Mitigation fix
Mitigation
Mitigation
Mitigation
Schneider Electric SchneiderWEB web HMI: TSXP572823MC
Schneider Electric / SchneiderWEB web HMI
 TSXP572823MC
Mitigation fix
Mitigation fix
Mitigation
Mitigation
Mitigation
Schneider Electric SchneiderWEB web HMI: 140NOC78000
Schneider Electric / SchneiderWEB web HMI
 140NOC78000
Mitigation fix
Mitigation fix
Mitigation
Mitigation
Mitigation
Schneider Electric SchneiderWEB web HMI: 171CCC98020
Schneider Electric / SchneiderWEB web HMI
 171CCC98020
Mitigation fix
Mitigation fix
Mitigation
Mitigation
Mitigation
Schneider Electric SchneiderWEB web HMI: STBNIP2212
Schneider Electric / SchneiderWEB web HMI
 STBNIP2212
Mitigation fix
Mitigation fix
Mitigation
Mitigation
Mitigation
Schneider Electric SchneiderWEB web HMI: TSXP573623AM
Schneider Electric / SchneiderWEB web HMI
 TSXP573623AM
Mitigation fix
Mitigation fix
Mitigation
Mitigation
Mitigation
Schneider Electric SchneiderWEB web HMI: 140NOC78100
Schneider Electric / SchneiderWEB web HMI
 140NOC78100
Mitigation fix
Mitigation fix
Mitigation
Mitigation
Mitigation
Schneider Electric SchneiderWEB web HMI: 171CCC98030
Schneider Electric / SchneiderWEB web HMI
 171CCC98030
Mitigation fix
Mitigation fix
Mitigation
Mitigation
Mitigation
Schneider Electric SchneiderWEB web HMI: TSXETC0101
Schneider Electric / SchneiderWEB web HMI
 TSXETC0101
Mitigation fix
Mitigation fix
Mitigation
Mitigation
Mitigation
Schneider Electric SchneiderWEB web HMI: TSXP573623M
Schneider Electric / SchneiderWEB web HMI
 TSXP573623M
Mitigation fix
Mitigation fix
Mitigation
Mitigation
Mitigation
Schneider Electric SchneiderWEB web HMI: 140NOE77100
Schneider Electric / SchneiderWEB web HMI
 140NOE77100
Mitigation fix
Mitigation fix
Mitigation
Mitigation
Mitigation
Schneider Electric SchneiderWEB web HMI: BMXNOC0401
Schneider Electric / SchneiderWEB web HMI
 BMXNOC0401
Mitigation fix
Mitigation fix
Mitigation
Mitigation
Mitigation
Schneider Electric SchneiderWEB web HMI: TSXETC100
Schneider Electric / SchneiderWEB web HMI
 TSXETC100
Mitigation fix
Mitigation fix
Mitigation
Mitigation
Mitigation
Schneider Electric SchneiderWEB web HMI: TSXP573623MC
Schneider Electric / SchneiderWEB web HMI
 TSXP573623MC
Mitigation fix
Mitigation fix
Mitigation
Mitigation
Mitigation
Schneider Electric SchneiderWEB web HMI: 140NOE77101
Schneider Electric / SchneiderWEB web HMI
 140NOE77101
Mitigation fix
Mitigation fix
Mitigation
Mitigation
Mitigation
Schneider Electric SchneiderWEB web HMI: BMXNOC0402
Schneider Electric / SchneiderWEB web HMI
 BMXNOC0402
Mitigation fix
Mitigation fix
Mitigation
Mitigation
Mitigation
Schneider Electric SchneiderWEB web HMI: TSXETY110WS
Schneider Electric / SchneiderWEB web HMI
 TSXETY110WS
Mitigation fix
Mitigation fix
Mitigation
Mitigation
Mitigation
Schneider Electric SchneiderWEB web HMI: TSXP574634M
Schneider Electric / SchneiderWEB web HMI
 TSXP574634M
Mitigation fix
Mitigation fix
Mitigation
Mitigation
Mitigation
Schneider Electric SchneiderWEB web HMI: 140NOE77101C
Schneider Electric / SchneiderWEB web HMI
 140NOE77101C
Mitigation fix
Mitigation fix
Mitigation
Mitigation
Mitigation
Schneider Electric SchneiderWEB web HMI: BMXNOE0100
Schneider Electric / SchneiderWEB web HMI
 BMXNOE0100
Mitigation fix
Mitigation fix
Mitigation
Mitigation
Mitigation
Schneider Electric SchneiderWEB web HMI: TSXETY110WSC
Schneider Electric / SchneiderWEB web HMI
 TSXETY110WSC
Mitigation fix
Mitigation fix
Mitigation
Mitigation
Mitigation
Schneider Electric SchneiderWEB web HMI: TSXP574823AM
Schneider Electric / SchneiderWEB web HMI
 TSXP574823AM
Mitigation fix
Mitigation fix
Mitigation
Mitigation
Mitigation
Schneider Electric SchneiderWEB web HMI: 140NOE77110
Schneider Electric / SchneiderWEB web HMI
 140NOE77110
Mitigation fix
Mitigation fix
Mitigation
Mitigation
Mitigation
Schneider Electric SchneiderWEB web HMI: BMXNOE0110
Schneider Electric / SchneiderWEB web HMI
 BMXNOE0110
Mitigation fix
Mitigation fix
Mitigation
Mitigation
Mitigation
Schneider Electric SchneiderWEB web HMI: TSXETY4103
Schneider Electric / SchneiderWEB web HMI
 TSXETY4103
Mitigation fix
Mitigation fix
Mitigation
Mitigation
Mitigation
Schneider Electric SchneiderWEB web HMI: TSXP574823M
Schneider Electric / SchneiderWEB web HMI
 TSXP574823M
Mitigation fix
Mitigation fix
Mitigation
Mitigation
Mitigation
Schneider Electric SchneiderWEB web HMI: 140NOE77111
Schneider Electric / SchneiderWEB web HMI
 140NOE77111
Mitigation fix
Mitigation fix
Mitigation
Mitigation
Mitigation
Schneider Electric SchneiderWEB web HMI: BMXNOE0110H
Schneider Electric / SchneiderWEB web HMI
 BMXNOE0110H
Mitigation fix
Mitigation fix
Mitigation
Mitigation
Mitigation
Schneider Electric SchneiderWEB web HMI: TSXETY4103C
Schneider Electric / SchneiderWEB web HMI
 TSXETY4103C
Mitigation fix
Mitigation fix
Mitigation
Mitigation
Mitigation
Schneider Electric SchneiderWEB web HMI: TSXP574823MC
Schneider Electric / SchneiderWEB web HMI
 TSXP574823MC
Mitigation fix
Mitigation fix
Mitigation
Mitigation
Mitigation
Schneider Electric SchneiderWEB web HMI: 140NOE77111C
Schneider Electric / SchneiderWEB web HMI
 140NOE77111C
Mitigation fix
Mitigation fix
Mitigation
Mitigation
Mitigation
Schneider Electric SchneiderWEB web HMI: BMXNOR0200H
Schneider Electric / SchneiderWEB web HMI
 BMXNOR0200H
Mitigation fix
Mitigation fix
Mitigation
Mitigation
Mitigation
Schneider Electric SchneiderWEB web HMI: TSXETY5103
Schneider Electric / SchneiderWEB web HMI
 TSXETY5103
Mitigation fix
Mitigation fix
Mitigation
Mitigation
Mitigation
Schneider Electric SchneiderWEB web HMI: TSXP575634M
Schneider Electric / SchneiderWEB web HMI
 TSXP575634M
Mitigation fix
Mitigation fix
Mitigation
Mitigation
Mitigation
Schneider Electric SchneiderWEB web HMI: 140NWM10000
Schneider Electric / SchneiderWEB web HMI
 140NWM10000
Mitigation fix
Mitigation fix
Mitigation
Mitigation
Mitigation
Schneider Electric SchneiderWEB web HMI: BMXP342020
Schneider Electric / SchneiderWEB web HMI
 BMXP342020
Mitigation fix
Mitigation fix
Mitigation
Mitigation
Mitigation
Schneider Electric SchneiderWEB web HMI: TSXETY5103C
Schneider Electric / SchneiderWEB web HMI
 TSXETY5103C
Mitigation fix
Mitigation fix
Mitigation
Mitigation
Mitigation
Schneider Electric SchneiderWEB web HMI: TSXP576634M
Schneider Electric / SchneiderWEB web HMI
 TSXP576634M
Mitigation fix
Mitigation fix
Mitigation
Mitigation
Mitigation
Schneider Electric SchneiderWEB web HMI: 170ENT11001
Schneider Electric / SchneiderWEB web HMI
 170ENT11001
Mitigation fix
Mitigation fix
Mitigation
Mitigation
Mitigation
Schneider Electric SchneiderWEB web HMI: BMXP342020H
Schneider Electric / SchneiderWEB web HMI
 BMXP342020H
Mitigation fix
Mitigation fix
Mitigation
Mitigation
Mitigation
Schneider Electric SchneiderWEB web HMI: TSXETZ410
Schneider Electric / SchneiderWEB web HMI
 TSXETZ410
Mitigation fix
Mitigation fix
Mitigation
Mitigation
Mitigation
Schneider Electric SchneiderWEB web HMI: TSXWMY100
Schneider Electric / SchneiderWEB web HMI
 TSXWMY100
Mitigation fix
Mitigation fix
Mitigation
Mitigation
Mitigation
Schneider Electric SchneiderWEB web HMI: 170ENT11002
Schneider Electric / SchneiderWEB web HMI
 170ENT11002
Mitigation fix
Mitigation fix
Mitigation
Mitigation
Mitigation
Schneider Electric SchneiderWEB web HMI: BMXP342030
Schneider Electric / SchneiderWEB web HMI
 BMXP342030
Mitigation fix
Mitigation fix
Mitigation
Mitigation
Mitigation
Schneider Electric SchneiderWEB web HMI: TSXETZ510
Schneider Electric / SchneiderWEB web HMI
 TSXETZ510
Mitigation fix
Mitigation fix
Mitigation
Mitigation
Mitigation
Schneider Electric SchneiderWEB web HMI: TSXWMY100C
Schneider Electric / SchneiderWEB web HMI
 TSXWMY100C
Mitigation fix
Mitigation fix
Mitigation
Mitigation
Mitigation
Schneider Electric SchneiderWEB web HMI: 170ENT11002C
Schneider Electric / SchneiderWEB web HMI
 170ENT11002C
Mitigation fix
Mitigation fix
Mitigation
Mitigation
Mitigation
Schneider Electric SchneiderWEB web HMI: BMXP3420302
Schneider Electric / SchneiderWEB web HMI
 BMXP3420302
Mitigation fix
Mitigation fix
Mitigation
Mitigation
Mitigation
Schneider Electric SchneiderWEB web HMI: TSXNTP100
Schneider Electric / SchneiderWEB web HMI
 TSXNTP100
Mitigation fix
Mitigation fix
Mitigation
Mitigation
Mitigation
Schneider Electric SchneiderWEB web HMI: TSXP571634M
Schneider Electric / SchneiderWEB web HMI
 TSXP571634M
Mitigation fix
Mitigation fix
Mitigation
Mitigation
Mitigation
References
To clipboard 

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "general",
        "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
        "title": "CISA Disclaimer"
      },
      {
        "category": "general",
        "text": "CISA recommends users take defensive measures to minimize the risk of exploitation.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Locate control system networks and remote devices behind firewalls and isolating them from business networks.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs). Recognize VPNs may have vulnerabilities, should be updated to the most recent version available, and are only as secure as the connected devices.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA also recommends users take the following measures to protect themselves from social engineering attacks: Do not click web links or open attachments in unsolicited email messages. Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams. Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.",
        "title": "Recommended Practices"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "central@cisa.dhs.gov",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-14-273-01 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2014/icsa-14-273-01.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-14-273-01 - Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-273-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/topics/industrial-control-systems"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/sites/default/files/publications/emailscams0905.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ncas/tips/ST04-014"
      }
    ],
    "title": "SchneiderWEB Server Directory Traversal Vulnerability",
    "tracking": {
      "current_release_date": "2025-06-06T18:46:48.565481Z",
      "generator": {
        "date": "2025-06-06T18:46:48.565448Z",
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-14-273-01",
      "initial_release_date": "2014-07-03T06:00:00.000000Z",
      "revision_history": [
        {
          "date": "2014-07-03T06:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "Initial Publication"
        },
        {
          "date": "2025-06-06T18:46:48.565481Z",
          "legacy_version": "CSAF Conversion",
          "number": "2",
          "summary": "Advisory converted into a CSAF"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "140CPU65150",
                "product": {
                  "name": "Schneider Electric SchneiderWEB web HMI: 140CPU65150",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "SchneiderWEB web HMI"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "171CCC96020",
                "product": {
                  "name": "Schneider Electric SchneiderWEB web HMI: 171CCC96020",
                  "product_id": "CSAFPID-0002"
                }
              }
            ],
            "category": "product_name",
            "name": "SchneiderWEB web HMI"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "BMXP3420302H",
                "product": {
                  "name": "Schneider Electric SchneiderWEB web HMI: BMXP3420302H",
                  "product_id": "CSAFPID-0003"
                }
              }
            ],
            "category": "product_name",
            "name": "SchneiderWEB web HMI"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "TSXP572623M",
                "product": {
                  "name": "Schneider Electric SchneiderWEB web HMI: TSXP572623M",
                  "product_id": "CSAFPID-0004"
                }
              }
            ],
            "category": "product_name",
            "name": "SchneiderWEB web HMI"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "TSXP572634M",
                "product": {
                  "name": "Schneider Electric SchneiderWEB web HMI: TSXP572634M",
                  "product_id": "CSAFPID-0005"
                }
              }
            ],
            "category": "product_name",
            "name": "SchneiderWEB web HMI"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "140CPU65160",
                "product": {
                  "name": "Schneider Electric SchneiderWEB web HMI: 140CPU65160",
                  "product_id": "CSAFPID-0006"
                }
              }
            ],
            "category": "product_name",
            "name": "SchneiderWEB web HMI"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "171CCC96020C",
                "product": {
                  "name": "Schneider Electric SchneiderWEB web HMI: 171CCC96020C",
                  "product_id": "CSAFPID-0007"
                }
              }
            ],
            "category": "product_name",
            "name": "SchneiderWEB web HMI"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "BMXP342030H",
                "product": {
                  "name": "Schneider Electric SchneiderWEB web HMI: BMXP342030H",
                  "product_id": "CSAFPID-0008"
                }
              }
            ],
            "category": "product_name",
            "name": "SchneiderWEB web HMI"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "TSXP572623MC",
                "product": {
                  "name": "Schneider Electric SchneiderWEB web HMI: TSXP572623MC",
                  "product_id": "CSAFPID-0009"
                }
              }
            ],
            "category": "product_name",
            "name": "SchneiderWEB web HMI"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "TSXP573634M",
                "product": {
                  "name": "Schneider Electric SchneiderWEB web HMI: TSXP573634M",
                  "product_id": "CSAFPID-0010"
                }
              }
            ],
            "category": "product_name",
            "name": "SchneiderWEB web HMI"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "140CPU65260",
                "product": {
                  "name": "Schneider Electric SchneiderWEB web HMI: 140CPU65260",
                  "product_id": "CSAFPID-0011"
                }
              }
            ],
            "category": "product_name",
            "name": "SchneiderWEB web HMI"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "171CCC96030",
                "product": {
                  "name": "Schneider Electric SchneiderWEB web HMI: 171CCC96030",
                  "product_id": "CSAFPID-0012"
                }
              }
            ],
            "category": "product_name",
            "name": "SchneiderWEB web HMI"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "BMXPRMxxxx",
                "product": {
                  "name": "Schneider Electric SchneiderWEB web HMI: BMXPRMxxxx",
                  "product_id": "CSAFPID-0013"
                }
              }
            ],
            "category": "product_name",
            "name": "SchneiderWEB web HMI"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "TSXP572823M",
                "product": {
                  "name": "Schneider Electric SchneiderWEB web HMI: TSXP572823M",
                  "product_id": "CSAFPID-0014"
                }
              }
            ],
            "category": "product_name",
            "name": "SchneiderWEB web HMI"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "140NOC77100",
                "product": {
                  "name": "Schneider Electric SchneiderWEB web HMI: 140NOC77100",
                  "product_id": "CSAFPID-0015"
                }
              }
            ],
            "category": "product_name",
            "name": "SchneiderWEB web HMI"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "171CCC96030C",
                "product": {
                  "name": "Schneider Electric SchneiderWEB web HMI: 171CCC96030C",
                  "product_id": "CSAFPID-0016"
                }
              }
            ],
            "category": "product_name",
            "name": "SchneiderWEB web HMI"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "STBNIC2212",
                "product": {
                  "name": "Schneider Electric SchneiderWEB web HMI: STBNIC2212",
                  "product_id": "CSAFPID-0017"
                }
              }
            ],
            "category": "product_name",
            "name": "SchneiderWEB web HMI"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "TSXP572823MC",
                "product": {
                  "name": "Schneider Electric SchneiderWEB web HMI: TSXP572823MC",
                  "product_id": "CSAFPID-0018"
                }
              }
            ],
            "category": "product_name",
            "name": "SchneiderWEB web HMI"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "140NOC78000",
                "product": {
                  "name": "Schneider Electric SchneiderWEB web HMI: 140NOC78000",
                  "product_id": "CSAFPID-0019"
                }
              }
            ],
            "category": "product_name",
            "name": "SchneiderWEB web HMI"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "171CCC98020",
                "product": {
                  "name": "Schneider Electric SchneiderWEB web HMI: 171CCC98020",
                  "product_id": "CSAFPID-0020"
                }
              }
            ],
            "category": "product_name",
            "name": "SchneiderWEB web HMI"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "STBNIP2212",
                "product": {
                  "name": "Schneider Electric SchneiderWEB web HMI: STBNIP2212",
                  "product_id": "CSAFPID-0021"
                }
              }
            ],
            "category": "product_name",
            "name": "SchneiderWEB web HMI"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "TSXP573623AM",
                "product": {
                  "name": "Schneider Electric SchneiderWEB web HMI: TSXP573623AM",
                  "product_id": "CSAFPID-0022"
                }
              }
            ],
            "category": "product_name",
            "name": "SchneiderWEB web HMI"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "140NOC78100",
                "product": {
                  "name": "Schneider Electric SchneiderWEB web HMI: 140NOC78100",
                  "product_id": "CSAFPID-0023"
                }
              }
            ],
            "category": "product_name",
            "name": "SchneiderWEB web HMI"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "171CCC98030",
                "product": {
                  "name": "Schneider Electric SchneiderWEB web HMI: 171CCC98030",
                  "product_id": "CSAFPID-0024"
                }
              }
            ],
            "category": "product_name",
            "name": "SchneiderWEB web HMI"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "TSXETC0101",
                "product": {
                  "name": "Schneider Electric SchneiderWEB web HMI: TSXETC0101",
                  "product_id": "CSAFPID-0025"
                }
              }
            ],
            "category": "product_name",
            "name": "SchneiderWEB web HMI"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "TSXP573623M",
                "product": {
                  "name": "Schneider Electric SchneiderWEB web HMI: TSXP573623M",
                  "product_id": "CSAFPID-0026"
                }
              }
            ],
            "category": "product_name",
            "name": "SchneiderWEB web HMI"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "140NOE77100",
                "product": {
                  "name": "Schneider Electric SchneiderWEB web HMI: 140NOE77100",
                  "product_id": "CSAFPID-0027"
                }
              }
            ],
            "category": "product_name",
            "name": "SchneiderWEB web HMI"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "BMXNOC0401",
                "product": {
                  "name": "Schneider Electric SchneiderWEB web HMI: BMXNOC0401",
                  "product_id": "CSAFPID-0028"
                }
              }
            ],
            "category": "product_name",
            "name": "SchneiderWEB web HMI"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "TSXETC100",
                "product": {
                  "name": "Schneider Electric SchneiderWEB web HMI: TSXETC100",
                  "product_id": "CSAFPID-0029"
                }
              }
            ],
            "category": "product_name",
            "name": "SchneiderWEB web HMI"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "TSXP573623MC",
                "product": {
                  "name": "Schneider Electric SchneiderWEB web HMI: TSXP573623MC",
                  "product_id": "CSAFPID-0030"
                }
              }
            ],
            "category": "product_name",
            "name": "SchneiderWEB web HMI"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "140NOE77101",
                "product": {
                  "name": "Schneider Electric SchneiderWEB web HMI: 140NOE77101",
                  "product_id": "CSAFPID-0031"
                }
              }
            ],
            "category": "product_name",
            "name": "SchneiderWEB web HMI"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "BMXNOC0402",
                "product": {
                  "name": "Schneider Electric SchneiderWEB web HMI: BMXNOC0402",
                  "product_id": "CSAFPID-0032"
                }
              }
            ],
            "category": "product_name",
            "name": "SchneiderWEB web HMI"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "TSXETY110WS",
                "product": {
                  "name": "Schneider Electric SchneiderWEB web HMI: TSXETY110WS",
                  "product_id": "CSAFPID-0033"
                }
              }
            ],
            "category": "product_name",
            "name": "SchneiderWEB web HMI"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "TSXP574634M",
                "product": {
                  "name": "Schneider Electric SchneiderWEB web HMI: TSXP574634M",
                  "product_id": "CSAFPID-0034"
                }
              }
            ],
            "category": "product_name",
            "name": "SchneiderWEB web HMI"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "140NOE77101C",
                "product": {
                  "name": "Schneider Electric SchneiderWEB web HMI: 140NOE77101C",
                  "product_id": "CSAFPID-0035"
                }
              }
            ],
            "category": "product_name",
            "name": "SchneiderWEB web HMI"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "BMXNOE0100",
                "product": {
                  "name": "Schneider Electric SchneiderWEB web HMI: BMXNOE0100",
                  "product_id": "CSAFPID-0036"
                }
              }
            ],
            "category": "product_name",
            "name": "SchneiderWEB web HMI"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "TSXETY110WSC",
                "product": {
                  "name": "Schneider Electric SchneiderWEB web HMI: TSXETY110WSC",
                  "product_id": "CSAFPID-0037"
                }
              }
            ],
            "category": "product_name",
            "name": "SchneiderWEB web HMI"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "TSXP574823AM",
                "product": {
                  "name": "Schneider Electric SchneiderWEB web HMI: TSXP574823AM",
                  "product_id": "CSAFPID-0038"
                }
              }
            ],
            "category": "product_name",
            "name": "SchneiderWEB web HMI"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "140NOE77110",
                "product": {
                  "name": "Schneider Electric SchneiderWEB web HMI: 140NOE77110",
                  "product_id": "CSAFPID-0039"
                }
              }
            ],
            "category": "product_name",
            "name": "SchneiderWEB web HMI"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "BMXNOE0110",
                "product": {
                  "name": "Schneider Electric SchneiderWEB web HMI: BMXNOE0110",
                  "product_id": "CSAFPID-0040"
                }
              }
            ],
            "category": "product_name",
            "name": "SchneiderWEB web HMI"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "TSXETY4103",
                "product": {
                  "name": "Schneider Electric SchneiderWEB web HMI: TSXETY4103",
                  "product_id": "CSAFPID-0041"
                }
              }
            ],
            "category": "product_name",
            "name": "SchneiderWEB web HMI"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "TSXP574823M",
                "product": {
                  "name": "Schneider Electric SchneiderWEB web HMI: TSXP574823M",
                  "product_id": "CSAFPID-0042"
                }
              }
            ],
            "category": "product_name",
            "name": "SchneiderWEB web HMI"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "140NOE77111",
                "product": {
                  "name": "Schneider Electric SchneiderWEB web HMI: 140NOE77111",
                  "product_id": "CSAFPID-0043"
                }
              }
            ],
            "category": "product_name",
            "name": "SchneiderWEB web HMI"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "BMXNOE0110H",
                "product": {
                  "name": "Schneider Electric SchneiderWEB web HMI: BMXNOE0110H",
                  "product_id": "CSAFPID-0044"
                }
              }
            ],
            "category": "product_name",
            "name": "SchneiderWEB web HMI"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "TSXETY4103C",
                "product": {
                  "name": "Schneider Electric SchneiderWEB web HMI: TSXETY4103C",
                  "product_id": "CSAFPID-0045"
                }
              }
            ],
            "category": "product_name",
            "name": "SchneiderWEB web HMI"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "TSXP574823MC",
                "product": {
                  "name": "Schneider Electric SchneiderWEB web HMI: TSXP574823MC",
                  "product_id": "CSAFPID-0046"
                }
              }
            ],
            "category": "product_name",
            "name": "SchneiderWEB web HMI"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "140NOE77111C",
                "product": {
                  "name": "Schneider Electric SchneiderWEB web HMI: 140NOE77111C",
                  "product_id": "CSAFPID-0047"
                }
              }
            ],
            "category": "product_name",
            "name": "SchneiderWEB web HMI"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "BMXNOR0200H",
                "product": {
                  "name": "Schneider Electric SchneiderWEB web HMI: BMXNOR0200H",
                  "product_id": "CSAFPID-0048"
                }
              }
            ],
            "category": "product_name",
            "name": "SchneiderWEB web HMI"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "TSXETY5103",
                "product": {
                  "name": "Schneider Electric SchneiderWEB web HMI: TSXETY5103",
                  "product_id": "CSAFPID-0049"
                }
              }
            ],
            "category": "product_name",
            "name": "SchneiderWEB web HMI"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "TSXP575634M",
                "product": {
                  "name": "Schneider Electric SchneiderWEB web HMI: TSXP575634M",
                  "product_id": "CSAFPID-0050"
                }
              }
            ],
            "category": "product_name",
            "name": "SchneiderWEB web HMI"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "140NWM10000",
                "product": {
                  "name": "Schneider Electric SchneiderWEB web HMI: 140NWM10000",
                  "product_id": "CSAFPID-0051"
                }
              }
            ],
            "category": "product_name",
            "name": "SchneiderWEB web HMI"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "BMXP342020",
                "product": {
                  "name": "Schneider Electric SchneiderWEB web HMI: BMXP342020",
                  "product_id": "CSAFPID-0052"
                }
              }
            ],
            "category": "product_name",
            "name": "SchneiderWEB web HMI"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "TSXETY5103C",
                "product": {
                  "name": "Schneider Electric SchneiderWEB web HMI: TSXETY5103C",
                  "product_id": "CSAFPID-0053"
                }
              }
            ],
            "category": "product_name",
            "name": "SchneiderWEB web HMI"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "TSXP576634M",
                "product": {
                  "name": "Schneider Electric SchneiderWEB web HMI: TSXP576634M",
                  "product_id": "CSAFPID-0054"
                }
              }
            ],
            "category": "product_name",
            "name": "SchneiderWEB web HMI"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "170ENT11001",
                "product": {
                  "name": "Schneider Electric SchneiderWEB web HMI: 170ENT11001",
                  "product_id": "CSAFPID-0055"
                }
              }
            ],
            "category": "product_name",
            "name": "SchneiderWEB web HMI"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "BMXP342020H",
                "product": {
                  "name": "Schneider Electric SchneiderWEB web HMI: BMXP342020H",
                  "product_id": "CSAFPID-0056"
                }
              }
            ],
            "category": "product_name",
            "name": "SchneiderWEB web HMI"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "TSXETZ410",
                "product": {
                  "name": "Schneider Electric SchneiderWEB web HMI: TSXETZ410",
                  "product_id": "CSAFPID-0057"
                }
              }
            ],
            "category": "product_name",
            "name": "SchneiderWEB web HMI"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "TSXWMY100",
                "product": {
                  "name": "Schneider Electric SchneiderWEB web HMI: TSXWMY100",
                  "product_id": "CSAFPID-0058"
                }
              }
            ],
            "category": "product_name",
            "name": "SchneiderWEB web HMI"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "170ENT11002",
                "product": {
                  "name": "Schneider Electric SchneiderWEB web HMI: 170ENT11002",
                  "product_id": "CSAFPID-0059"
                }
              }
            ],
            "category": "product_name",
            "name": "SchneiderWEB web HMI"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "BMXP342030",
                "product": {
                  "name": "Schneider Electric SchneiderWEB web HMI: BMXP342030",
                  "product_id": "CSAFPID-0060"
                }
              }
            ],
            "category": "product_name",
            "name": "SchneiderWEB web HMI"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "TSXETZ510",
                "product": {
                  "name": "Schneider Electric SchneiderWEB web HMI: TSXETZ510",
                  "product_id": "CSAFPID-0061"
                }
              }
            ],
            "category": "product_name",
            "name": "SchneiderWEB web HMI"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "TSXWMY100C",
                "product": {
                  "name": "Schneider Electric SchneiderWEB web HMI: TSXWMY100C",
                  "product_id": "CSAFPID-0062"
                }
              }
            ],
            "category": "product_name",
            "name": "SchneiderWEB web HMI"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "170ENT11002C",
                "product": {
                  "name": "Schneider Electric SchneiderWEB web HMI: 170ENT11002C",
                  "product_id": "CSAFPID-0063"
                }
              }
            ],
            "category": "product_name",
            "name": "SchneiderWEB web HMI"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "BMXP3420302",
                "product": {
                  "name": "Schneider Electric SchneiderWEB web HMI: BMXP3420302",
                  "product_id": "CSAFPID-0064"
                }
              }
            ],
            "category": "product_name",
            "name": "SchneiderWEB web HMI"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "TSXNTP100",
                "product": {
                  "name": "Schneider Electric SchneiderWEB web HMI: TSXNTP100",
                  "product_id": "CSAFPID-0065"
                }
              }
            ],
            "category": "product_name",
            "name": "SchneiderWEB web HMI"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "TSXP571634M",
                "product": {
                  "name": "Schneider Electric SchneiderWEB web HMI: TSXP571634M",
                  "product_id": "CSAFPID-0066"
                }
              }
            ],
            "category": "product_name",
            "name": "SchneiderWEB web HMI"
          }
        ],
        "category": "vendor",
        "name": "Schneider Electric"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2014-0754",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Directory traversal vulnerability in SchneiderWEB on Schneider Electric Modicon PLC Ethernet modules 140CPU65x Exec before 5.5, 140NOC78x Exec before 1.62, 140NOE77x Exec before 6.2, BMXNOC0401 before 2.05, BMXNOE0100 before 2.9, BMXNOE0110x Exec before 6.0, TSXETC101 Exec before 2.04, TSXETY4103x Exec before 5.7, TSXETY5103x Exec before 5.9, TSXP57x ETYPort Exec before 5.7, and TSXP57x Ethernet Copro Exec before 5.5 allows remote attackers to visit arbitrary resources via a crafted HTTP request.",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0005",
          "CSAFPID-0006",
          "CSAFPID-0007",
          "CSAFPID-0008",
          "CSAFPID-0009",
          "CSAFPID-0010",
          "CSAFPID-0011",
          "CSAFPID-0012",
          "CSAFPID-0013",
          "CSAFPID-0014",
          "CSAFPID-0015",
          "CSAFPID-0016",
          "CSAFPID-0017",
          "CSAFPID-0018",
          "CSAFPID-0019",
          "CSAFPID-0020",
          "CSAFPID-0021",
          "CSAFPID-0022",
          "CSAFPID-0023",
          "CSAFPID-0024",
          "CSAFPID-0025",
          "CSAFPID-0026",
          "CSAFPID-0027",
          "CSAFPID-0028",
          "CSAFPID-0029",
          "CSAFPID-0030",
          "CSAFPID-0031",
          "CSAFPID-0032",
          "CSAFPID-0033",
          "CSAFPID-0034",
          "CSAFPID-0035",
          "CSAFPID-0036",
          "CSAFPID-0037",
          "CSAFPID-0038",
          "CSAFPID-0039",
          "CSAFPID-0040",
          "CSAFPID-0041",
          "CSAFPID-0042",
          "CSAFPID-0043",
          "CSAFPID-0044",
          "CSAFPID-0045",
          "CSAFPID-0046",
          "CSAFPID-0047",
          "CSAFPID-0048",
          "CSAFPID-0049",
          "CSAFPID-0050",
          "CSAFPID-0051",
          "CSAFPID-0052",
          "CSAFPID-0053",
          "CSAFPID-0054",
          "CSAFPID-0055",
          "CSAFPID-0056",
          "CSAFPID-0057",
          "CSAFPID-0058",
          "CSAFPID-0059",
          "CSAFPID-0060",
          "CSAFPID-0061",
          "CSAFPID-0062",
          "CSAFPID-0063",
          "CSAFPID-0064",
          "CSAFPID-0065",
          "CSAFPID-0066"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Please see Schneider Electric\u2019s vulnerability disclosure SEVD-2014-260-01 Schneider Electric Vulnerability Disclosure \u2013 Modicon Ethernet Comm Modules - SEVD-2014-260-01 - (http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2014-260-01). for more detailed information on which product part numbers are affected, as well as the complete list of which devices have released firmware updates available.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-0010",
            "CSAFPID-0011",
            "CSAFPID-0012",
            "CSAFPID-0013",
            "CSAFPID-0014",
            "CSAFPID-0015",
            "CSAFPID-0016",
            "CSAFPID-0017",
            "CSAFPID-0018",
            "CSAFPID-0019",
            "CSAFPID-0020",
            "CSAFPID-0021",
            "CSAFPID-0022",
            "CSAFPID-0023",
            "CSAFPID-0024",
            "CSAFPID-0025",
            "CSAFPID-0026",
            "CSAFPID-0027",
            "CSAFPID-0028",
            "CSAFPID-0029",
            "CSAFPID-0030",
            "CSAFPID-0031",
            "CSAFPID-0032",
            "CSAFPID-0033",
            "CSAFPID-0034",
            "CSAFPID-0035",
            "CSAFPID-0036",
            "CSAFPID-0037",
            "CSAFPID-0038",
            "CSAFPID-0039",
            "CSAFPID-0040",
            "CSAFPID-0041",
            "CSAFPID-0042",
            "CSAFPID-0043",
            "CSAFPID-0044",
            "CSAFPID-0045",
            "CSAFPID-0046",
            "CSAFPID-0047",
            "CSAFPID-0048",
            "CSAFPID-0049",
            "CSAFPID-0050",
            "CSAFPID-0051",
            "CSAFPID-0052",
            "CSAFPID-0053",
            "CSAFPID-0054",
            "CSAFPID-0055",
            "CSAFPID-0056",
            "CSAFPID-0057",
            "CSAFPID-0058",
            "CSAFPID-0059",
            "CSAFPID-0060",
            "CSAFPID-0061",
            "CSAFPID-0062",
            "CSAFPID-0063",
            "CSAFPID-0064",
            "CSAFPID-0065",
            "CSAFPID-0066"
          ],
          "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2014-260-01"
        },
        {
          "category": "mitigation",
          "details": "This vulnerability disclosure can be downloaded at the following URL: (http://www.schneider-electric.com/ww/en/download/)",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-0010",
            "CSAFPID-0011",
            "CSAFPID-0012",
            "CSAFPID-0013",
            "CSAFPID-0014",
            "CSAFPID-0015",
            "CSAFPID-0016",
            "CSAFPID-0017",
            "CSAFPID-0018",
            "CSAFPID-0019",
            "CSAFPID-0020",
            "CSAFPID-0021",
            "CSAFPID-0022",
            "CSAFPID-0023",
            "CSAFPID-0024",
            "CSAFPID-0025",
            "CSAFPID-0026",
            "CSAFPID-0027",
            "CSAFPID-0028",
            "CSAFPID-0029",
            "CSAFPID-0030",
            "CSAFPID-0031",
            "CSAFPID-0032",
            "CSAFPID-0033",
            "CSAFPID-0034",
            "CSAFPID-0035",
            "CSAFPID-0036",
            "CSAFPID-0037",
            "CSAFPID-0038",
            "CSAFPID-0039",
            "CSAFPID-0040",
            "CSAFPID-0041",
            "CSAFPID-0042",
            "CSAFPID-0043",
            "CSAFPID-0044",
            "CSAFPID-0045",
            "CSAFPID-0046",
            "CSAFPID-0047",
            "CSAFPID-0048",
            "CSAFPID-0049",
            "CSAFPID-0050",
            "CSAFPID-0051",
            "CSAFPID-0052",
            "CSAFPID-0053",
            "CSAFPID-0054",
            "CSAFPID-0055",
            "CSAFPID-0056",
            "CSAFPID-0057",
            "CSAFPID-0058",
            "CSAFPID-0059",
            "CSAFPID-0060",
            "CSAFPID-0061",
            "CSAFPID-0062",
            "CSAFPID-0063",
            "CSAFPID-0064",
            "CSAFPID-0065",
            "CSAFPID-0066"
          ],
          "url": "http://www.schneider-electric.com/ww/en/download/"
        },
        {
          "category": "mitigation",
          "details": "Search downloads for SEVD-14-260-01, then keyword SEVD-14-260-01 to download the vulnerability disclosure. This URL site can also be used to download firmware updates identified in the vulnerability disclosure.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-0010",
            "CSAFPID-0011",
            "CSAFPID-0012",
            "CSAFPID-0013",
            "CSAFPID-0014",
            "CSAFPID-0015",
            "CSAFPID-0016",
            "CSAFPID-0017",
            "CSAFPID-0018",
            "CSAFPID-0019",
            "CSAFPID-0020",
            "CSAFPID-0021",
            "CSAFPID-0022",
            "CSAFPID-0023",
            "CSAFPID-0024",
            "CSAFPID-0025",
            "CSAFPID-0026",
            "CSAFPID-0027",
            "CSAFPID-0028",
            "CSAFPID-0029",
            "CSAFPID-0030",
            "CSAFPID-0031",
            "CSAFPID-0032",
            "CSAFPID-0033",
            "CSAFPID-0034",
            "CSAFPID-0035",
            "CSAFPID-0036",
            "CSAFPID-0037",
            "CSAFPID-0038",
            "CSAFPID-0039",
            "CSAFPID-0040",
            "CSAFPID-0041",
            "CSAFPID-0042",
            "CSAFPID-0043",
            "CSAFPID-0044",
            "CSAFPID-0045",
            "CSAFPID-0046",
            "CSAFPID-0047",
            "CSAFPID-0048",
            "CSAFPID-0049",
            "CSAFPID-0050",
            "CSAFPID-0051",
            "CSAFPID-0052",
            "CSAFPID-0053",
            "CSAFPID-0054",
            "CSAFPID-0055",
            "CSAFPID-0056",
            "CSAFPID-0057",
            "CSAFPID-0058",
            "CSAFPID-0059",
            "CSAFPID-0060",
            "CSAFPID-0061",
            "CSAFPID-0062",
            "CSAFPID-0063",
            "CSAFPID-0064",
            "CSAFPID-0065",
            "CSAFPID-0066"
          ]
        },
        {
          "category": "mitigation",
          "details": "Schneider Electric also recommends the following measures to mitigate the vulnerability for the remaining affected devices: Use a deep packet inspection firewall to prevent HTTP requests to the product that contains traversals in the URL. Disable Port 80 (HTTP) on modules where it is possible. Block Port 80 in firewalls to these devices, except for trusted devices.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-0010",
            "CSAFPID-0011",
            "CSAFPID-0012",
            "CSAFPID-0013",
            "CSAFPID-0014",
            "CSAFPID-0015",
            "CSAFPID-0016",
            "CSAFPID-0017",
            "CSAFPID-0018",
            "CSAFPID-0019",
            "CSAFPID-0020",
            "CSAFPID-0021",
            "CSAFPID-0022",
            "CSAFPID-0023",
            "CSAFPID-0024",
            "CSAFPID-0025",
            "CSAFPID-0026",
            "CSAFPID-0027",
            "CSAFPID-0028",
            "CSAFPID-0029",
            "CSAFPID-0030",
            "CSAFPID-0031",
            "CSAFPID-0032",
            "CSAFPID-0033",
            "CSAFPID-0034",
            "CSAFPID-0035",
            "CSAFPID-0036",
            "CSAFPID-0037",
            "CSAFPID-0038",
            "CSAFPID-0039",
            "CSAFPID-0040",
            "CSAFPID-0041",
            "CSAFPID-0042",
            "CSAFPID-0043",
            "CSAFPID-0044",
            "CSAFPID-0045",
            "CSAFPID-0046",
            "CSAFPID-0047",
            "CSAFPID-0048",
            "CSAFPID-0049",
            "CSAFPID-0050",
            "CSAFPID-0051",
            "CSAFPID-0052",
            "CSAFPID-0053",
            "CSAFPID-0054",
            "CSAFPID-0055",
            "CSAFPID-0056",
            "CSAFPID-0057",
            "CSAFPID-0058",
            "CSAFPID-0059",
            "CSAFPID-0060",
            "CSAFPID-0061",
            "CSAFPID-0062",
            "CSAFPID-0063",
            "CSAFPID-0064",
            "CSAFPID-0065",
            "CSAFPID-0066"
          ]
        },
        {
          "category": "mitigation",
          "details": "Please contact Schneider Electric Customer Care Center for more information.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-0010",
            "CSAFPID-0011",
            "CSAFPID-0012",
            "CSAFPID-0013",
            "CSAFPID-0014",
            "CSAFPID-0015",
            "CSAFPID-0016",
            "CSAFPID-0017",
            "CSAFPID-0018",
            "CSAFPID-0019",
            "CSAFPID-0020",
            "CSAFPID-0021",
            "CSAFPID-0022",
            "CSAFPID-0023",
            "CSAFPID-0024",
            "CSAFPID-0025",
            "CSAFPID-0026",
            "CSAFPID-0027",
            "CSAFPID-0028",
            "CSAFPID-0029",
            "CSAFPID-0030",
            "CSAFPID-0031",
            "CSAFPID-0032",
            "CSAFPID-0033",
            "CSAFPID-0034",
            "CSAFPID-0035",
            "CSAFPID-0036",
            "CSAFPID-0037",
            "CSAFPID-0038",
            "CSAFPID-0039",
            "CSAFPID-0040",
            "CSAFPID-0041",
            "CSAFPID-0042",
            "CSAFPID-0043",
            "CSAFPID-0044",
            "CSAFPID-0045",
            "CSAFPID-0046",
            "CSAFPID-0047",
            "CSAFPID-0048",
            "CSAFPID-0049",
            "CSAFPID-0050",
            "CSAFPID-0051",
            "CSAFPID-0052",
            "CSAFPID-0053",
            "CSAFPID-0054",
            "CSAFPID-0055",
            "CSAFPID-0056",
            "CSAFPID-0057",
            "CSAFPID-0058",
            "CSAFPID-0059",
            "CSAFPID-0060",
            "CSAFPID-0061",
            "CSAFPID-0062",
            "CSAFPID-0063",
            "CSAFPID-0064",
            "CSAFPID-0065",
            "CSAFPID-0066"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "baseScore": 10.0,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-0010",
            "CSAFPID-0011",
            "CSAFPID-0012",
            "CSAFPID-0013",
            "CSAFPID-0014",
            "CSAFPID-0015",
            "CSAFPID-0016",
            "CSAFPID-0017",
            "CSAFPID-0018",
            "CSAFPID-0019",
            "CSAFPID-0020",
            "CSAFPID-0021",
            "CSAFPID-0022",
            "CSAFPID-0023",
            "CSAFPID-0024",
            "CSAFPID-0025",
            "CSAFPID-0026",
            "CSAFPID-0027",
            "CSAFPID-0028",
            "CSAFPID-0029",
            "CSAFPID-0030",
            "CSAFPID-0031",
            "CSAFPID-0032",
            "CSAFPID-0033",
            "CSAFPID-0034",
            "CSAFPID-0035",
            "CSAFPID-0036",
            "CSAFPID-0037",
            "CSAFPID-0038",
            "CSAFPID-0039",
            "CSAFPID-0040",
            "CSAFPID-0041",
            "CSAFPID-0042",
            "CSAFPID-0043",
            "CSAFPID-0044",
            "CSAFPID-0045",
            "CSAFPID-0046",
            "CSAFPID-0047",
            "CSAFPID-0048",
            "CSAFPID-0049",
            "CSAFPID-0050",
            "CSAFPID-0051",
            "CSAFPID-0052",
            "CSAFPID-0053",
            "CSAFPID-0054",
            "CSAFPID-0055",
            "CSAFPID-0056",
            "CSAFPID-0057",
            "CSAFPID-0058",
            "CSAFPID-0059",
            "CSAFPID-0060",
            "CSAFPID-0061",
            "CSAFPID-0062",
            "CSAFPID-0063",
            "CSAFPID-0064",
            "CSAFPID-0065",
            "CSAFPID-0066"
          ]
        }
      ]
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.