8.5

CVE-2013-0664

EPSS 1.1%
Published 04.04.2013 11:58:49
Last modified 11.04.2025 00:51:21
Source ics-cert@hq.dhs.gov
Teams watchlist Login
Open Login

The FactoryCast service on the Schneider Electric Quantum 140NOE77111 and 140NWM10000, M340 BMXNOE0110x, and Premium TSXETY5103 PLC modules allows remote authenticated users to send Modbus messages, and consequently execute arbitrary code, by embedding these messages in SOAP HTTP POST requests.

Affected products Warnungen 0 Metrics 2 CWE 0 References 6

Data is provided by the National Vulnerability Database (NVD)

Schneider-electric ≫ Modicon Quantum Plc Version140noe77111

Schneider-electric ≫ Modicon Quantum Plc Version140nwm10000

Schneider-electric ≫ Modicon M340 Versionbmxnoe0110x

Schneider-electric ≫ Modicon Premium Versiontsxety5103

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.1%	0.76

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.5	6.8	10	AV:N/AC:M/Au:S/C:C/I:C/A:C

http://ics-cert.us-cert.gov/pdf/ICSA-13-077-01A.pdf

US Government Resource

http://www.schneider-electric.com/download/ww/en/details/35081317-Vulnerability-Disclosure-for-Quantum-Premium-and-M340/

Vendor Advisory

http://www.schneider-electric.com/download/ww/en/file/36555639-SEVD-2013-023-01.pdf/?fileName=SEVD-2013-023-01.pdf&reference=SEVD-2013-023-01&docType=Technical-paper

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2013-0664

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2013-0664

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2013-0664

EUVD