10
CVE-2014-0754
- EPSS 3.03%
- Veröffentlicht 03.10.2014 18:55:06
- Zuletzt bearbeitet 26.08.2025 00:15:30
- Quelle ics-cert@hq.dhs.gov
- Teams Watchlist Login
- Unerledigt Login
Directory traversal vulnerability in SchneiderWEB on Schneider Electric Modicon PLC Ethernet modules 140CPU65x Exec before 5.5, 140NOC78x Exec before 1.62, 140NOE77x Exec before 6.2, BMXNOC0401 before 2.05, BMXNOE0100 before 2.9, BMXNOE0110x Exec before 6.0, TSXETC101 Exec before 2.04, TSXETY4103x Exec before 5.7, TSXETY5103x Exec before 5.9, TSXP57x ETYPort Exec before 5.7, and TSXP57x Ethernet Copro Exec before 5.5 allows remote attackers to visit arbitrary resources via a crafted HTTP request.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Schneider-electric ≫ Stbnic2212 Firmware Version-
Schneider-electric ≫ Stbnip2212 Firmware Version-
Schneider-electric ≫ Tsxetc0101 Firmware Version-
Schneider-electric ≫ Tsxetc100 Firmware Version-
Schneider-electric ≫ Tsxp573623mc Firmware Version-
Schneider-electric ≫ Tsxety110ws Firmware Version-
Schneider-electric ≫ Tsxp574634m Firmware Version-
Schneider-electric ≫ Tsxety110wsc Firmware Version-
Schneider-electric ≫ Tsxp574823am Firmware Version-
Schneider-electric ≫ Tsxety4103 Firmware Version-
Schneider-electric ≫ Tsxp574823m Firmware Version-
Schneider-electric ≫ Tsxety4103c Firmware Version-
Schneider-electric ≫ Tsxp574823mc Firmware Version-
Schneider-electric ≫ Tsxety5103 Firmware Version-
Schneider-electric ≫ Tsxp575634m Firmware Version-
Schneider-electric ≫ Tsxety5103c Firmware Version-
Schneider-electric ≫ Tsxp576634m Firmware Version-
Schneider-electric ≫ Tsxetz410 Firmware Version-
Schneider-electric ≫ Tsxwmy100 Firmware Version-
Schneider-electric ≫ Tsxetz510 Firmware Version-
Schneider-electric ≫ Tsxwmy100c Firmware Version-
Schneider-electric ≫ Tsxntp100 Firmware Version-
Schneider-electric ≫ 171ccc96020 Firmware Version-
Schneider-electric ≫ 171ccc96020c Firmware Version-
Schneider-electric ≫ 171ccc96030 Firmware Version-
Schneider-electric ≫ 171ccc96030c Firmware Version-
Schneider-electric ≫ 171ccc98020 Firmware Version-
Schneider-electric ≫ 171ccc98030 Firmware Version-
Schneider-electric ≫ Tsxetc100 Firmware Version-
Schneider-electric ≫ Tsxp573623mc Firmware Version-
Schneider-electric ≫ Tsxety110ws Firmware Version-
Schneider-electric ≫ Tsxp574634m Firmware Version-
Schneider-electric ≫ Tsxety110wsc Firmware Version-
Schneider-electric ≫ Tsxp574823am Firmware Version-
Schneider-electric ≫ Tsxety4103 Firmware Version-
Schneider-electric ≫ Tsxp574823m Firmware Version-
Schneider-electric ≫ Tsxety4103c Firmware Version-
Schneider-electric ≫ Tsxp574823mc Firmware Version-
Schneider-electric ≫ Tsxety5103 Firmware Version-
Schneider-electric ≫ Tsxp575634m Firmware Version-
Schneider-electric ≫ Tsxety5103c Firmware Version-
Schneider-electric ≫ Tsxp576634m Firmware Version-
Schneider-electric ≫ Tsxetz410 Firmware Version-
Schneider-electric ≫ Tsxwmy100 Firmware Version-
Schneider-electric ≫ Tsxetz510 Firmware Version-
Schneider-electric ≫ Tsxwmy100c Firmware Version-
Schneider-electric ≫ Tsxntp100 Firmware Version-
Schneider-electric ≫ Tsxp571634m Firmware Version-
Schneider-electric ≫ Tsxp572634m Firmware Version-
Schneider-electric ≫ Tsxp573634m Firmware Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 3.03% | 0.861 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 10 | 10 | 10 |
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
| ics-cert@hq.dhs.gov | 10 | 10 | 10 |
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.