A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause unauthenticated command execution in the controller when sending special HTTP requests.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HSchneider Electric 140cpu65150
HWSchneider-Electricwszystkie wersjeSchneider Electric 140cpu65150 Firmware
OSSchneider-Electric< 6.1Schneider Electric 140cpu65160
HWSchneider-Electricwszystkie wersjeSchneider Electric 140cpu65160 Firmware
OSSchneider-Electric< 6.1Schneider Electric 140noc77101
HWSchneider-Electricwszystkie wersjeSchneider Electric 140noc77101 Firmware
OSSchneider-Electric< 1.08Schneider Electric 140noc78000
HWSchneider-Electricwszystkie wersjeSchneider Electric 140noc78000 Firmware
OSSchneider-Electric< 1.74Schneider Electric 140noc78100
HWSchneider-Electricwszystkie wersjeSchneider Electric 140noc78100 Firmware
OSSchneider-Electric< 1.74Schneider Electric 140noe77101
HWSchneider-Electricwszystkie wersjeSchneider Electric 140noe77101 Firmware
OSSchneider-Electric< 7.1Schneider Electric 140noe77111
HWSchneider-Electricwszystkie wersjeSchneider Electric 140noe77111 Firmware
OSSchneider-Electric< 7.1Schneider Electric Bmxnoc0401
HWSchneider-Electricwszystkie wersjeSchneider Electric Bmxnoc0401 Firmware
OSSchneider-Electric< 2.10Schneider Electric Bmxnoe0100
HWSchneider-Electricwszystkie wersjeSchneider Electric Bmxnoe0100 Firmware
OSSchneider-Electric< 3.3Schneider Electric Bmxnoe0110
HWSchneider-Electricwszystkie wersjeSchneider Electric Bmxnoe0110 Firmware
OSSchneider-Electric< 6.5Schneider Electric Bmxnor200h
HWSchneider-Electricwszystkie wersjeSchneider Electric Bmxnor200h Firmware
OSSchneider-Electricwszystkie wersjeSchneider Electric Modicon M340 Bmxp341000
HWSchneider-Electricwszystkie wersjeSchneider Electric Modicon M340 Bmxp341000 Firmware
OSSchneider-Electric< 3.30Schneider Electric Modicon M340 Bmxp342000
HWSchneider-Electricwszystkie wersjeSchneider Electric Modicon M340 Bmxp342000 Firmware
OSSchneider-Electric< 3.30Schneider Electric Modicon M340 Bmxp3420102
HWSchneider-Electricwszystkie wersjeSchneider Electric Modicon M340 Bmxp3420102cl
HWSchneider-Electricwszystkie wersjeSchneider Electric Modicon M340 Bmxp3420102cl Firmware
OSSchneider-Electric< 3.30Schneider Electric Modicon M340 Bmxp3420102 Firmware
OSSchneider-Electric< 3.30
Related vulnerabilities
A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could cause unaut...
Authentication Bypass by Spoofing vulnerability exists in EcoStruxure Control Expert (all versions prior to V1...
CWE-287: Improper Authentication vulnerability exists which could cause the execution of commands on the webse...
A vulnerability exists in the HTTP request parser in Schneider Electric's Modicon M340, Modicon Premium, Modic...
Hard coded accounts exist in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR02...