CVE-2020-7534

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 05-02-2022 12:15

Last modified: - 10-02-2022 07:45

Total changes: - 2

Description

A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists on the web server used, that could cause a leak of sensitive data or unauthorized actions on the web server during the time the user is logged in. Affected Products: Modicon M340 CPUs: BMXP34 (All Versions), Modicon Quantum CPUs with integrated Ethernet (Copro): 140CPU65 (All Versions), Modicon Premium CPUs with integrated Ethernet (Copro): TSXP57 (All Versions), Modicon M340 ethernet modules: (BMXNOC0401, BMXNOE01, BMXNOR0200H) (All Versions), Modicon Quantum and Premium factory cast communication modules: (140NOE77111, 140NOC78*00, TSXETY5103, TSXETY4103) (All Versions)

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Low

Attack complexity

Network

Attack vector

High

Availability

High

Confidentiality

High

Integrity

None

Privileges required

Unchanged

Scope

Required

User interaction

8.8

Base score

2.8

5.9

Exploitability score

Impact score

Verification logic

AND

vendor=schneider-electric AND product=bmxp342020_firmware

vendor=schneider-electric AND product=bmxp342020 AND version=-

AND

vendor=schneider-electric AND product=140cpu65_firmware

vendor=schneider-electric AND product=140cpu65 AND version=-

AND

vendor=schneider-electric AND product=tsxp57_firmware

vendor=schneider-electric AND product=tsxp57 AND version=-

AND

vendor=schneider-electric AND product=bmxnoc0401_firmware

vendor=schneider-electric AND product=bmxnoc0401 AND version=-

AND

vendor=schneider-electric AND product=bmxnoe01_firmware

vendor=schneider-electric AND product=bmxnoe01 AND version=-

AND

vendor=schneider-electric AND product=bmxnor0200h_firmware

vendor=schneider-electric AND product=bmxnor0200h AND version=-

AND

vendor=schneider-electric AND product=140noe77111_firmware

vendor=schneider-electric AND product=140noe77111 AND version=-

AND

vendor=schneider-electric AND product=140noc78000_firmware

vendor=schneider-electric AND product=140noc78000 AND version=-

AND

vendor=schneider-electric AND product=tsxety5103_firmware

vendor=schneider-electric AND product=tsxety5103 AND version=-

AND

vendor=schneider-electric AND product=tsxety4103_firmware

vendor=schneider-electric AND product=tsxety4103 AND version=-

Reference

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-011-01

Keywords

CVE-2020-7534

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2020-7534

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures