5.3

CVE-2020-7541

EPSS 0.31%
Veröffentlicht 11.12.2020 01:15:12
Zuletzt bearbeitet 21.11.2024 05:37:20
Quelle cybersecurity@se.com
Teams Watchlist Login
Unerledigt Login

A CWE-425: Direct Request ('Forced Browsing') vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause disclosure of sensitive data when sending a specially crafted request to the controller over HTTP.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Schneider-electric ≫ Modicon M340 Bmxp341000 Firmware Version < 3.30

Schneider-electric ≫ Modicon M340 Bmxp341000 Version-

Schneider-electric ≫ Modicon M340 Bmxp342000 Firmware Version < 3.30

Schneider-electric ≫ Modicon M340 Bmxp342000 Version-

Schneider-electric ≫ Modicon M340 Bmxp3420102 Firmware Version < 3.30

Schneider-electric ≫ Modicon M340 Bmxp3420102 Version-

Schneider-electric ≫ Modicon M340 Bmxp3420102cl Firmware Version < 3.30

Schneider-electric ≫ Modicon M340 Bmxp3420102cl Version-

Schneider-electric ≫ Modicon M340 Bmxp342020 Firmware Version < 3.30

Schneider-electric ≫ Modicon M340 Bmxp342020 Version-

Schneider-electric ≫ Modicon M340 Bmxp3420302 Firmware Version < 3.30

Schneider-electric ≫ Modicon M340 Bmxp3420302 Version-

Schneider-electric ≫ Modicon M340 Bmxp3420302cl Firmware Version < 3.30

Schneider-electric ≫ Modicon M340 Bmxp3420302cl Version-

Schneider-electric ≫ Bmxnoe0100 Firmware Version < 3.3

Schneider-electric ≫ Bmxnoe0100 Version-

Schneider-electric ≫ Bmxnoe0110 Firmware Version < 6.5

Schneider-electric ≫ Bmxnoe0110 Version-

Schneider-electric ≫ Bmxnoc0401 Firmware Version < 2.10

Schneider-electric ≫ Bmxnoc0401 Version-

Schneider-electric ≫ Tsxp574634 Firmware Version < 6.1

Schneider-electric ≫ Tsxp574634 Version-

Schneider-electric ≫ Tsxp575634 Firmware Version < 6.1

Schneider-electric ≫ Tsxp575634 Version-

Schneider-electric ≫ Tsxp576634 Firmware Version < 6.1

Schneider-electric ≫ Tsxp576634 Version-

Schneider-electric ≫ Tsxety4103 Firmware Version < 6.2

Schneider-electric ≫ Tsxety4103 Version-

Schneider-electric ≫ Tsxety5103 Firmware Version < 6.4

Schneider-electric ≫ Tsxety5103 Version-

Schneider-electric ≫ 140cpu65150 Firmware Version < 6.1

Schneider-electric ≫ 140cpu65150 Version-

Schneider-electric ≫ 140noe77111 Firmware Version < 7.1

Schneider-electric ≫ 140noe77111 Version-

Schneider-electric ≫ 140noc78100 Firmware Version < 1.74

Schneider-electric ≫ 140noc78100 Version-

Schneider-electric ≫ 140noc78000 Firmware Version < 1.74

Schneider-electric ≫ 140noc78000 Version-

Schneider-electric ≫ 140noc77101 Firmware Version < 1.08

Schneider-electric ≫ 140noc77101 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.31%	0.513

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-425 Direct Request ('Forced Browsing')

The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.

https://www.se.com/ww/en/download/document/SEVD-2020-343-03/

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-7541

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-7541

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-7541

EUVD