7.5
CVE-2020-7535
- EPSS 0.43%
- Published 11.12.2020 01:15:12
- Last modified 21.11.2024 05:37:19
- Source cybersecurity@se.com
- Teams watchlist Login
- Open Login
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal' Vulnerability Type) vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause disclosure of information when sending a specially crafted request to the controller over HTTP.Data is provided by the National Vulnerability Database (NVD)
Schneider-electric ≫ Modicon M340 Bmxp341000 Firmware Version < 3.30
Schneider-electric ≫ Modicon M340 Bmxp342000 Firmware Version < 3.30
Schneider-electric ≫ Modicon M340 Bmxp3420102 Firmware Version < 3.30
Schneider-electric ≫ Modicon M340 Bmxp3420102cl Firmware Version < 3.30
Schneider-electric ≫ Modicon M340 Bmxp342020 Firmware Version < 3.30
Schneider-electric ≫ Modicon M340 Bmxp3420302 Firmware Version < 3.30
Schneider-electric ≫ Modicon M340 Bmxp3420302cl Firmware Version < 3.30
Schneider-electric ≫ Bmxnoe0100 Firmware Version < 3.4
Schneider-electric ≫ Bmxnoe0110 Firmware Version < 6.6
Schneider-electric ≫ 140noe77101 Firmware Version < 7.3
Schneider-electric ≫ 140noe77111 Firmware Version < 7.3
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.43% | 0.595 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.