CVE-2020-7540

EPSS 0.31%
Published 11.12.2020 01:15:12
Last modified 21.11.2024 05:37:20
Source cybersecurity@se.com
Teams watchlist Login
Open Login

A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause unauthenticated command execution in the controller when sending special HTTP requests.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Schneider-electric ≫ Modicon M340 Bmxp341000 Firmware Version < 3.30

Schneider-electric ≫ Modicon M340 Bmxp341000 Version-

Schneider-electric ≫ Modicon M340 Bmxp342000 Firmware Version < 3.30

Schneider-electric ≫ Modicon M340 Bmxp342000 Version-

Schneider-electric ≫ Modicon M340 Bmxp3420102 Firmware Version < 3.30

Schneider-electric ≫ Modicon M340 Bmxp3420102 Version-

Schneider-electric ≫ Modicon M340 Bmxp3420102cl Firmware Version < 3.30

Schneider-electric ≫ Modicon M340 Bmxp3420102cl Version-

Schneider-electric ≫ Modicon M340 Bmxp342020 Firmware Version < 3.30

Schneider-electric ≫ Modicon M340 Bmxp342020 Version-

Schneider-electric ≫ Modicon M340 Bmxp3420302 Firmware Version < 3.30

Schneider-electric ≫ Modicon M340 Bmxp3420302 Version-

Schneider-electric ≫ Modicon M340 Bmxp3420302cl Firmware Version < 3.30

Schneider-electric ≫ Modicon M340 Bmxp3420302cl Version-

Schneider-electric ≫ Bmxnoe0100 Firmware Version < 3.3

Schneider-electric ≫ Bmxnoe0100 Version-

Schneider-electric ≫ Bmxnoe0110 Firmware Version < 6.5

Schneider-electric ≫ Bmxnoe0110 Version-

Schneider-electric ≫ 140noe77101 Firmware Version < 7.1

Schneider-electric ≫ 140noe77101 Version-

Schneider-electric ≫ 140noe77111 Firmware Version < 7.1

Schneider-electric ≫ 140noe77111 Version-

Schneider-electric ≫ 140cpu65150 Firmware Version < 6.1

Schneider-electric ≫ 140cpu65150 Version-

Schneider-electric ≫ 140cpu65160 Firmware Version < 6.1

Schneider-electric ≫ 140cpu65160 Version-

Schneider-electric ≫ 140noc78000 Firmware Version < 1.74

Schneider-electric ≫ 140noc78000 Version-

Schneider-electric ≫ 140noc78100 Firmware Version < 1.74

Schneider-electric ≫ 140noc78100 Version-

Schneider-electric ≫ 140noc77101 Firmware Version < 1.08

Schneider-electric ≫ 140noc77101 Version-

Schneider-electric ≫ Tsxp574634 Firmware Version < 6.1

Schneider-electric ≫ Tsxp574634 Version-

Schneider-electric ≫ Tsxp575634 Firmware Version < 6.1

Schneider-electric ≫ Tsxp575634 Version-

Schneider-electric ≫ Tsxp576634 Firmware Version < 6.1

Schneider-electric ≫ Tsxp576634 Version-

Schneider-electric ≫ Tsxety4103 Firmware Version < 6.2

Schneider-electric ≫ Tsxety4103 Version-

Schneider-electric ≫ Tsxety5103 Firmware Version < 6.4

Schneider-electric ≫ Tsxety5103 Version-

Schneider-electric ≫ Bmxnoc0401 Firmware Version < 2.10

Schneider-electric ≫ Bmxnoc0401 Version-

Schneider-electric ≫ Bmxnor200h Firmware

Schneider-electric ≫ Bmxnor200h Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.31%	0.512

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

https://www.se.com/ww/en/download/document/SEVD-2020-343-04/

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-7540

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-7540

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-7540

EUVD