Schneider-electric Modicom Exposure of Sensitive Information to an Unauthorized Actor

2019-11-0800:00:00

www.tenable.com

0.002 Low

EPSS

Percentile

55.1%

JSON

An Information Exposure through Discrepancy vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where the web server sends different responses in a way that exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.

File data ot_500299.nasl

VendorProductVersionCPE
schneider-electricmodicom_m340_firmware*cpe:2.3:o:schneider-electric:modicom_m340_firmware:*:*:*:*:*:*:*:*
schneider-electricmodicom_m340-cpe:2.3:h:schneider-electric:modicom_m340:-:*:*:*:*:*:*:*
schneider-electricmodicom_premium_firmware*cpe:2.3:o:schneider-electric:modicom_premium_firmware:*:*:*:*:*:*:*:*
schneider-electricmodicom_premium*cpe:2.3:h:schneider-electric:modicom_premium:*:*:*:*:*:*:*:*
schneider-electricmodicom_quantum_firmware*cpe:2.3:o:schneider-electric:modicom_quantum_firmware:*:*:*:*:*:*:*:*
schneider-electricmodicom_quantum*cpe:2.3:h:schneider-electric:modicom_quantum:*:*:*:*:*:*:*:*
schneider-electricmodicom_bmxnor0200h_firmware*cpe:2.3:o:schneider-electric:modicom_bmxnor0200h_firmware:*:*:*:*:*:*:*:*
schneider-electricmodicom_bmxnor0200h-cpe:2.3:h:schneider-electric:modicom_bmxnor0200h:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
schneider-electric	modicom_m340_firmware	*	cpe:2.3:o:schneider-electric:modicom_m340_firmware::::::::
schneider-electric	modicom_m340	-	cpe:2.3:h:schneider-electric:modicom_m340:-:::::::*
schneider-electric	modicom_premium_firmware	*	cpe:2.3:o:schneider-electric:modicom_premium_firmware::::::::
schneider-electric	modicom_premium	*	cpe:2.3:h:schneider-electric:modicom_premium::::::::
schneider-electric	modicom_quantum_firmware	*	cpe:2.3:o:schneider-electric:modicom_quantum_firmware::::::::
schneider-electric	modicom_quantum	*	cpe:2.3:h:schneider-electric:modicom_quantum::::::::
schneider-electric	modicom_bmxnor0200h_firmware	*	cpe:2.3:o:schneider-electric:modicom_bmxnor0200h_firmware::::::::
schneider-electric	modicom_bmxnor0200h	-	cpe:2.3:h:schneider-electric:modicom_bmxnor0200h:-:::::::*