CRITICAL🇬🇧 English

CVE-2020-7540

CVSS 9.8v3.1pub. 2020-12-11upd. 2024-11-21

A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause unauthenticated command execution in the controller when sending special HTTP requests.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Schneider Electric 140cpu65150

    HW
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric 140cpu65150 Firmware

    OS
    Schneider-Electric
    < 6.1
  • Schneider Electric 140cpu65160

    HW
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric 140cpu65160 Firmware

    OS
    Schneider-Electric
    < 6.1
  • Schneider Electric 140noc77101

    HW
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric 140noc77101 Firmware

    OS
    Schneider-Electric
    < 1.08
  • Schneider Electric 140noc78000

    HW
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric 140noc78000 Firmware

    OS
    Schneider-Electric
    < 1.74
  • Schneider Electric 140noc78100

    HW
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric 140noc78100 Firmware

    OS
    Schneider-Electric
    < 1.74
  • Schneider Electric 140noe77101

    HW
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric 140noe77101 Firmware

    OS
    Schneider-Electric
    < 7.1
  • Schneider Electric 140noe77111

    HW
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric 140noe77111 Firmware

    OS
    Schneider-Electric
    < 7.1
  • Schneider Electric Bmxnoc0401

    HW
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Bmxnoc0401 Firmware

    OS
    Schneider-Electric
    < 2.10
  • Schneider Electric Bmxnoe0100

    HW
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Bmxnoe0100 Firmware

    OS
    Schneider-Electric
    < 3.3
  • Schneider Electric Bmxnoe0110

    HW
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Bmxnoe0110 Firmware

    OS
    Schneider-Electric
    < 6.5
  • Schneider Electric Bmxnor200h

    HW
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Bmxnor200h Firmware

    OS
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Modicon M340 Bmxp341000

    HW
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Modicon M340 Bmxp341000 Firmware

    OS
    Schneider-Electric
    < 3.30
  • Schneider Electric Modicon M340 Bmxp342000

    HW
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Modicon M340 Bmxp342000 Firmware

    OS
    Schneider-Electric
    < 3.30
  • Schneider Electric Modicon M340 Bmxp3420102

    HW
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Modicon M340 Bmxp3420102cl

    HW
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Modicon M340 Bmxp3420102cl Firmware

    OS
    Schneider-Electric
    < 3.30
  • Schneider Electric Modicon M340 Bmxp3420102 Firmware

    OS
    Schneider-Electric
    < 3.30
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2022-37300CRITICAL9.8ten sam produkt

A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could cause unaut...

CVE-2021-22779CRITICAL9.1ten sam produkt

Authentication Bypass by Spoofing vulnerability exists in EcoStruxure Control Expert (all versions prior to V1...

CVE-2020-7533CRITICAL9.8ten sam produkt

CWE-287: Improper Authentication vulnerability exists which could cause the execution of commands on the webse...

CVE-2018-7761CRITICAL9.8ten sam produkt

A vulnerability exists in the HTTP request parser in Schneider Electric's Modicon M340, Modicon Premium, Modic...

CVE-2018-7241CRITICAL9.8ten sam produkt

Hard coded accounts exist in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR02...