Improper Neutralization of CRLF Sequences in HTTP Headers (‘HTTP Response Splitting’) vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where a denial of service can occur for ~1 minute by sending a specially crafted HTTP request.
File data ot_500311.nasl
Vendor | Product | Version | CPE |
---|---|---|---|
schneider-electric | modicom_m340_firmware | * | cpe:2.3:o:schneider-electric:modicom_m340_firmware:*:*:*:*:*:*:*:* |
schneider-electric | modicom_m340 | - | cpe:2.3:h:schneider-electric:modicom_m340:-:*:*:*:*:*:*:* |
schneider-electric | modicom_premium_firmware | * | cpe:2.3:o:schneider-electric:modicom_premium_firmware:*:*:*:*:*:*:*:* |
schneider-electric | modicom_premium | * | cpe:2.3:h:schneider-electric:modicom_premium:*:*:*:*:*:*:*:* |
schneider-electric | modicom_quantum_firmware | * | cpe:2.3:o:schneider-electric:modicom_quantum_firmware:*:*:*:*:*:*:*:* |
schneider-electric | modicom_quantum | * | cpe:2.3:h:schneider-electric:modicom_quantum:*:*:*:*:*:*:*:* |
schneider-electric | modicom_bmxnor0200h_firmware | * | cpe:2.3:o:schneider-electric:modicom_bmxnor0200h_firmware:*:*:*:*:*:*:*:* |
schneider-electric | modicom_bmxnor0200h | - | cpe:2.3:h:schneider-electric:modicom_bmxnor0200h:-:*:*:*:*:*:*:* |