CVE-2020-7540

🗓️ 11 Dec 2020 00:52:03Reported by schneiderType

Web Server CWE-306 Vulnerability Modicon M34

Reporter	Title	Published	Views	Family All 9
BDU FSTEC	The vulnerability of microprogrammed software in Schneider Electric’s programmable logic controllers such as Modicon M340, Modicon Quantum, and Modicon Premium lies in the absence of authentication for a critical function, allowing attackers to execute arbitrary commands.	2 Sep 202100:00	–	bdu_fstec
CNNVD	Access Control Error Vulnerability in Multiple Schneider Electric Products	11 Dec 202000:00	–	cnnvd
CVE	CVE-2020-7540	11 Dec 202000:52	–	cve
NCSC	Vulnerabilities fixed in Schneider Electric EcoStruxure and Modicon products	12 Aug 202100:00	–	ncsc
NVD	CVE-2020-7540	11 Dec 202001:15	–	nvd
Prion	Authentication flaw	11 Dec 202001:15	–	prion
Positive Technologies	PT-2020-6376 · Schneider Electric · Modicon M340 +2	8 Dec 202000:00	–	ptsecurity
RedhatCVE	CVE-2020-7540	22 May 202515:08	–	redhatcve
Tenable Nessus	Schneider Electric Modicon Missing Authentication for Critical Function (CVE-2020-7540)	29 Jun 202300:00	–	nessus

[
  {
    "product": "Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions)",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions)"
      }
    ]
  }
]

Source	Link
se	www.se.com/ww/en/download/document/SEVD-2020-343-04/

11 Dec 2020 00:52Current

9.8High risk

Vulners AI Score9.8

EPSS0.02144

CWE-306