8.5

CVE-2013-0664

EPSS 1.1%
Veröffentlicht 04.04.2013 11:58:49
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle ics-cert@hq.dhs.gov
Teams Watchlist Login
Unerledigt Login

The FactoryCast service on the Schneider Electric Quantum 140NOE77111 and 140NWM10000, M340 BMXNOE0110x, and Premium TSXETY5103 PLC modules allows remote authenticated users to send Modbus messages, and consequently execute arbitrary code, by embedding these messages in SOAP HTTP POST requests.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Schneider-electric ≫ Modicon Quantum Plc Version140noe77111

Schneider-electric ≫ Modicon Quantum Plc Version140nwm10000

Schneider-electric ≫ Modicon M340 Versionbmxnoe0110x

Schneider-electric ≫ Modicon Premium Versiontsxety5103

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.1%	0.76

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.5	6.8	10	AV:N/AC:M/Au:S/C:C/I:C/A:C

http://ics-cert.us-cert.gov/pdf/ICSA-13-077-01A.pdf

US Government Resource

http://www.schneider-electric.com/download/ww/en/details/35081317-Vulnerability-Disclosure-for-Quantum-Premium-and-M340/

Vendor Advisory

http://www.schneider-electric.com/download/ww/en/file/36555639-SEVD-2013-023-01.pdf/?fileName=SEVD-2013-023-01.pdf&reference=SEVD-2013-023-01&docType=Technical-paper

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2013-0664

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2013-0664

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2013-0664

EUVD