Lucene search

[email protected]CVE-2020-7540

HistoryDec 11, 2020 - 1:15 a.m.

CVE-2020-7540

2020-12-1101:15:00

CWE-306

[email protected]

web.nvd.nist.gov

cve-2020-7540

cwe-306

modicon m340

web server

authentication

critical function

vulnerability

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.2 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

70.4%

JSON

A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause unauthenticated command execution in the controller when sending special HTTP requests.

CPENameOperatorVersion
schneider-electric:modicon_m340_bmxp341000_firmwareschneider-electric modicon m340 bmxp341000 firmwarelt3.30
schneider-electric:modicon_m340_bmxp342000_firmwareschneider-electric modicon m340 bmxp342000 firmwarelt3.30
schneider-electric:modicon_m340_bmxp3420102_firmwareschneider-electric modicon m340 bmxp3420102 firmwarelt3.30
schneider-electric:modicon_m340_bmxp3420102cl_firmwareschneider-electric modicon m340 bmxp3420102cl firmwarelt3.30
schneider-electric:modicon_m340_bmxp342020_firmwareschneider-electric modicon m340 bmxp342020 firmwarelt3.30
schneider-electric:modicon_m340_bmxp3420302_firmwareschneider-electric modicon m340 bmxp3420302 firmwarelt3.30
schneider-electric:modicon_m340_bmxp3420302cl_firmwareschneider-electric modicon m340 bmxp3420302cl firmwarelt3.30
schneider-electric:bmxnoe0100_firmwareschneider-electric bmxnoe0100 firmwarelt3.3
schneider-electric:bmxnoe0110_firmwareschneider-electric bmxnoe0110 firmwarelt6.5
schneider-electric:140noe77101_firmwareschneider-electric 140noe77101 firmwarelt7.1

CPE	Name	Operator	Version
schneider-electric:modicon_m340_bmxp341000_firmware	schneider-electric modicon m340 bmxp341000 firmware	lt	3.30
schneider-electric:modicon_m340_bmxp342000_firmware	schneider-electric modicon m340 bmxp342000 firmware	lt	3.30
schneider-electric:modicon_m340_bmxp3420102_firmware	schneider-electric modicon m340 bmxp3420102 firmware	lt	3.30
schneider-electric:modicon_m340_bmxp3420102cl_firmware	schneider-electric modicon m340 bmxp3420102cl firmware	lt	3.30
schneider-electric:modicon_m340_bmxp342020_firmware	schneider-electric modicon m340 bmxp342020 firmware	lt	3.30
schneider-electric:modicon_m340_bmxp3420302_firmware	schneider-electric modicon m340 bmxp3420302 firmware	lt	3.30
schneider-electric:modicon_m340_bmxp3420302cl_firmware	schneider-electric modicon m340 bmxp3420302cl firmware	lt	3.30
schneider-electric:bmxnoe0100_firmware	schneider-electric bmxnoe0100 firmware	lt	3.3
schneider-electric:bmxnoe0110_firmware	schneider-electric bmxnoe0110 firmware	lt	6.5
schneider-electric:140noe77101_firmware	schneider-electric 140noe77101 firmware	lt	7.1

Rows per page:

1-10 of 231

References

www.se.com/ww/en/download/document/SEVD-2020-343-04/

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.2 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

70.4%

JSON

Related for CVE-2020-7540

nessus1 prion1 cvelist1