CVE-2013-0663

EPSS 0.37%
Veröffentlicht 04.04.2013 11:58:48
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle ics-cert@hq.dhs.gov
Teams Watchlist Login
Unerledigt Login

Cross-site request forgery (CSRF) vulnerability on the Schneider Electric Quantum 140NOE77111, 140NOE77101, and 140NWM10000; M340 BMXNOC0401, BMXNOE0100x, and BMXNOE011xx; and Premium TSXETY4103, TSXETY5103, and TSXWMY100 PLC modules allows remote attackers to hijack the authentication of arbitrary users for requests that execute commands, as demonstrated by modifying HTTP credentials.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Schneider-electric ≫ Modicon Quantum Plc Version140noe77101

Schneider-electric ≫ Modicon Quantum Plc Version140noe77111

Schneider-electric ≫ Modicon Quantum Plc Version140nwm10000

Schneider-electric ≫ Modicon M340 Versionbmxnoc0401

Schneider-electric ≫ Modicon M340 Versionbmxnoe011xx

Schneider-electric ≫ Modicon M340 Versionbmxnoe0100x

Schneider-electric ≫ Modicon Premium Versiontsxety4103

Schneider-electric ≫ Modicon Premium Versiontsxety5103

Schneider-electric ≫ Modicon Premium Versiontsxwmy100

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.37%	0.555

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

http://ics-cert.us-cert.gov/pdf/ICSA-13-077-01A.pdf

US Government Resource

http://www.schneider-electric.com/download/ww/en/details/35081317-Vulnerability-Disclosure-for-Quantum-Premium-and-M340/

Vendor Advisory

http://www.schneider-electric.com/download/ww/en/file/36555639-SEVD-2013-023-01.pdf/?fileName=SEVD-2013-023-01.pdf&reference=SEVD-2013-023-01&docType=Technical-paper

Vendor Advisory

https://www.exploit-db.com/exploits/44678/

https://nvd.nist.gov/vuln/detail/CVE-2013-0663

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2013-0663

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2013-0663

EUVD