6.8
CVE-2013-0663
- EPSS 0.37%
- Published 04.04.2013 11:58:48
- Last modified 11.04.2025 00:51:21
- Source ics-cert@hq.dhs.gov
- Teams watchlist Login
- Open Login
Cross-site request forgery (CSRF) vulnerability on the Schneider Electric Quantum 140NOE77111, 140NOE77101, and 140NWM10000; M340 BMXNOC0401, BMXNOE0100x, and BMXNOE011xx; and Premium TSXETY4103, TSXETY5103, and TSXWMY100 PLC modules allows remote attackers to hijack the authentication of arbitrary users for requests that execute commands, as demonstrated by modifying HTTP credentials.
Data is provided by the National Vulnerability Database (NVD)
Schneider-electric ≫ Modicon Quantum Plc Version140noe77101
Schneider-electric ≫ Modicon Quantum Plc Version140noe77111
Schneider-electric ≫ Modicon Quantum Plc Version140nwm10000
Schneider-electric ≫ Modicon M340 Versionbmxnoc0401
Schneider-electric ≫ Modicon M340 Versionbmxnoe011xx
Schneider-electric ≫ Modicon M340 Versionbmxnoe0100x
Schneider-electric ≫ Modicon Premium Versiontsxety4103
Schneider-electric ≫ Modicon Premium Versiontsxety5103
Schneider-electric ≫ Modicon Premium Versiontsxwmy100
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.37% | 0.555 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
CWE-352 Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.