Lucene search

[email protected]CVE-2020-7535

HistoryDec 11, 2020 - 1:15 a.m.

CVE-2020-7535

2020-12-1101:15:00

CWE-22

[email protected]

web.nvd.nist.gov

119

cwe-22

path traversal

vulnerability

modicon m340

web server

security notification

http

nvd

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

6.4 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

71.2%

JSON

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’ Vulnerability Type) vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause disclosure of information when sending a specially crafted request to the controller over HTTP.

CPENameOperatorVersion
schneider-electric:modicon_m340_bmxp341000_firmwareschneider-electric modicon m340 bmxp341000 firmwarelt3.30
schneider-electric:modicon_m340_bmxp342000_firmwareschneider-electric modicon m340 bmxp342000 firmwarelt3.30
schneider-electric:modicon_m340_bmxp3420102_firmwareschneider-electric modicon m340 bmxp3420102 firmwarelt3.30
schneider-electric:modicon_m340_bmxp3420102cl_firmwareschneider-electric modicon m340 bmxp3420102cl firmwarelt3.30
schneider-electric:modicon_m340_bmxp342020_firmwareschneider-electric modicon m340 bmxp342020 firmwarelt3.30
schneider-electric:modicon_m340_bmxp3420302_firmwareschneider-electric modicon m340 bmxp3420302 firmwarelt3.30
schneider-electric:modicon_m340_bmxp3420302cl_firmwareschneider-electric modicon m340 bmxp3420302cl firmwarelt3.30
schneider-electric:bmxnoe0100_firmwareschneider-electric bmxnoe0100 firmwarelt3.4
schneider-electric:bmxnoe0110_firmwareschneider-electric bmxnoe0110 firmwarelt6.6
schneider-electric:140noe77101_firmwareschneider-electric 140noe77101 firmwarelt7.3

CPE	Name	Operator	Version
schneider-electric:modicon_m340_bmxp341000_firmware	schneider-electric modicon m340 bmxp341000 firmware	lt	3.30
schneider-electric:modicon_m340_bmxp342000_firmware	schneider-electric modicon m340 bmxp342000 firmware	lt	3.30
schneider-electric:modicon_m340_bmxp3420102_firmware	schneider-electric modicon m340 bmxp3420102 firmware	lt	3.30
schneider-electric:modicon_m340_bmxp3420102cl_firmware	schneider-electric modicon m340 bmxp3420102cl firmware	lt	3.30
schneider-electric:modicon_m340_bmxp342020_firmware	schneider-electric modicon m340 bmxp342020 firmware	lt	3.30
schneider-electric:modicon_m340_bmxp3420302_firmware	schneider-electric modicon m340 bmxp3420302 firmware	lt	3.30
schneider-electric:modicon_m340_bmxp3420302cl_firmware	schneider-electric modicon m340 bmxp3420302cl firmware	lt	3.30
schneider-electric:bmxnoe0100_firmware	schneider-electric bmxnoe0100 firmware	lt	3.4
schneider-electric:bmxnoe0110_firmware	schneider-electric bmxnoe0110 firmware	lt	6.6
schneider-electric:140noe77101_firmware	schneider-electric 140noe77101 firmware	lt	7.3

Rows per page:

1-10 of 211

References

www.se.com/ww/en/download/document/SEVD-2020-343-05/

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

6.4 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

71.2%

JSON

Related for CVE-2020-7535

prion1 nessus1 cvelist1