Versio.io

CVE-2020-7533

Common vulnerabilities & exposures (CVE)

CVE databaseCVE database blogpostRelease & EoL database
 
Published at: - 01-12-2020 04:15
Last modified: - 25-04-2022 07:45
Total changes: - 2

Description

A CWE-255: Credentials Management vulnerability exists in Web Server on Modicon M340, Modicon Quantum and ModiconPremium Legacy offers and their Communication Modules (see security notification for version information) which could cause the execution of commands on the webserver without authentication when sending specially crafted HTTP requests.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Low
Attack complexity
Network
Attack vector
High
Availability
High
Confidentiality
High
Integrity
None
Privileges required
Unchanged
Scope
None
User interaction
9.8
Base score
3.9
5.9
Exploitability score
Impact score
 

Verification logic

OR
AND
OR
vendor=schneider-electric AND product=bmxp3420302_firmware AND versionEndExcluding=3.20
OR
vendor=schneider-electric AND product=bmxp3420302 AND version=-
AND
OR
vendor=schneider-electric AND product=bmxp342000_firmware AND versionEndExcluding=3.20
OR
vendor=schneider-electric AND product=bmxp342000 AND version=-
AND
OR
vendor=schneider-electric AND product=bmxp341000_firmware AND versionEndExcluding=3.20
OR
vendor=schneider-electric AND product=bmxp341000 AND version=-
AND
OR
vendor=schneider-electric AND product=bmxp3420102_firmware AND versionEndExcluding=3.20
OR
vendor=schneider-electric AND product=bmxp3420102 AND version=-
AND
OR
vendor=schneider-electric AND product=bmxp3420302_firmware AND versionEndExcluding=3.20
OR
vendor=schneider-electric AND product=bmxp3420302 AND version=-
AND
OR
vendor=schneider-electric AND product=bmxnoe0100_firmware AND versionEndExcluding=3.3
OR
vendor=schneider-electric AND product=bmxnoe0100 AND version=-
AND
OR
vendor=schneider-electric AND product=bmxnoe0110_firmware AND versionEndExcluding=6.5
OR
vendor=schneider-electric AND product=bmxnoe0110 AND version=-
AND
OR
vendor=schneider-electric AND product=bmxnoc0401_firmware AND versionEndExcluding=2.10
OR
vendor=schneider-electric AND product=bmxnoc0401 AND version=-
AND
OR
vendor=schneider-electric AND product=tsxp574634_firmware AND versionEndExcluding=6.1
OR
vendor=schneider-electric AND product=tsxp574634 AND version=-
AND
OR
vendor=schneider-electric AND product=tsxp575634_firmware AND versionEndExcluding=6.1
OR
vendor=schneider-electric AND product=tsxp575634 AND version=-
AND
OR
vendor=schneider-electric AND product=tsxp576634_firmware AND versionEndExcluding=6.1
OR
vendor=schneider-electric AND product=tsxp576634 AND version=-
AND
OR
vendor=schneider-electric AND product=tsxety4103_firmware AND versionEndExcluding=6.2
OR
vendor=schneider-electric AND product=tsxety4103 AND version=-
AND
OR
vendor=schneider-electric AND product=tsxety5103_firmware AND versionEndExcluding=6.4
OR
vendor=schneider-electric AND product=tsxety5103 AND version=-
AND
OR
vendor=schneider-electric AND product=140noe77111_firmware AND versionEndExcluding=7.1
OR
vendor=schneider-electric AND product=140noe77111 AND version=-
AND
OR
vendor=schneider-electric AND product=140noc78000_firmware AND versionEndExcluding=1.74
OR
vendor=schneider-electric AND product=140noc78000 AND version=-
AND
OR
vendor=schneider-electric AND product=140noc77101_firmware AND versionEndExcluding=1.08
OR
vendor=schneider-electric AND product=140noc77101 AND version=-
AND
OR
vendor=schneider-electric AND product=140cpu65260_firmware AND versionEndExcluding=6.1
OR
vendor=schneider-electric AND product=140cpu65260 AND version=-
 

Reference

 


Keywords

NVD

 

CVE-2020-7533

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures

 

We use cookies to ensure that we give you the best experience on our website. Read privacy policies for more information.