9.8
CVE-2020-7533
- EPSS 0.24%
- Published 01.12.2020 15:15:12
- Last modified 10.06.2025 08:15:21
- Source cybersecurity@se.com
- Teams watchlist Login
- Open Login
CWE-287: Improper Authentication vulnerability exists which could cause the execution of commands on the webserver without authentication when sending specially crafted HTTP requests.
Data is provided by the National Vulnerability Database (NVD)
Schneider-electric ≫ Modicon M340 Bmxp3420302 Firmware Version < 3.20
Schneider-electric ≫ Modicon M340 Bmxp342000 Firmware Version < 3.20
Schneider-electric ≫ Modicon M340 Bmxp341000 Firmware Version < 3.20
Schneider-electric ≫ Modicon M340 Bmxp3420102 Firmware Version < 3.20
Schneider-electric ≫ Modicon M340 Bmxp3420302 Firmware Version < 3.20
Schneider-electric ≫ Bmxnoe0100 Firmware Version < 3.3
Schneider-electric ≫ Bmxnoe0110 Firmware Version < 6.5
Schneider-electric ≫ Bmxnoc0401 Firmware Version < 2.10
Schneider-electric ≫ Tsxp574634 Firmware Version < 6.1
Schneider-electric ≫ Tsxp575634 Firmware Version < 6.1
Schneider-electric ≫ Tsxp576634 Firmware Version < 6.1
Schneider-electric ≫ Tsxety4103 Firmware Version < 6.2
Schneider-electric ≫ Tsxety5103 Firmware Version < 6.4
Schneider-electric ≫ 140noe77111 Firmware Version < 7.1
Schneider-electric ≫ 140noc78000 Firmware Version < 1.74
Schneider-electric ≫ 140noc77101 Firmware Version < 1.08
Schneider-electric ≫ 140cpu65260 Firmware Version < 6.1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.24% | 0.462 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.