Lucene search

[email protected]NVD:CVE-2020-7540

HistoryDec 11, 2020 - 1:15 a.m.

CVE-2020-7540

2020-12-1101:15:12

CWE-306

[email protected]

web.nvd.nist.gov

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.7%

JSON

A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause unauthenticated command execution in the controller when sending special HTTP requests.

Affected configurations

NVD

Node

schneider-electricmodicon_m340_bmxp341000_firmwareRange<3.30

AND

schneider-electricmodicon_m340_bmxp341000Match-

Node

schneider-electricmodicon_m340_bmxp342000_firmwareRange<3.30

AND

schneider-electricmodicon_m340_bmxp342000Match-

Node

schneider-electricmodicon_m340_bmxp3420102_firmwareRange<3.30

AND

schneider-electricmodicon_m340_bmxp3420102Match-

Node

schneider-electricmodicon_m340_bmxp3420102cl_firmwareRange<3.30

AND

schneider-electricmodicon_m340_bmxp3420102clMatch-

Node

schneider-electricmodicon_m340_bmxp342020_firmwareRange<3.30

AND

schneider-electricmodicon_m340_bmxp342020Match-

Node

schneider-electricmodicon_m340_bmxp3420302_firmwareRange<3.30

AND

schneider-electricmodicon_m340_bmxp3420302Match-

Node

schneider-electricmodicon_m340_bmxp3420302cl_firmwareRange<3.30

AND

schneider-electricmodicon_m340_bmxp3420302clMatch-

Node

schneider-electricbmxnoe0100_firmwareRange<3.3

AND

schneider-electricbmxnoe0100Match-

Node

schneider-electricbmxnoe0110_firmwareRange<6.5

AND

schneider-electricbmxnoe0110Match-

Node

schneider-electric140noe77101_firmwareRange<7.1

AND

schneider-electric140noe77101Match-

Node

schneider-electric140noe77111_firmwareRange<7.1

AND

schneider-electric140noe77111Match-

Node

schneider-electric140cpu65150_firmwareRange<6.1

AND

schneider-electric140cpu65150Match-

Node

schneider-electric140cpu65160_firmwareRange<6.1

AND

schneider-electric140cpu65160Match-

Node

schneider-electric140noc78000_firmwareRange<1.74

AND

schneider-electric140noc78000Match-

Node

schneider-electric140noc78100_firmwareRange<1.74

AND

schneider-electric140noc78100Match-

Node

schneider-electric140noc77101_firmwareRange<1.08

AND

schneider-electric140noc77101Match-

Node

schneider-electrictsxp574634_firmwareRange<6.1

AND

schneider-electrictsxp574634Match-

Node

schneider-electrictsxp575634_firmwareRange<6.1

AND

schneider-electrictsxp575634Match-

Node

schneider-electrictsxp576634_firmwareRange<6.1

AND

schneider-electrictsxp576634Match-

Node

schneider-electrictsxety4103_firmwareRange<6.2

AND

schneider-electrictsxety4103Match-

Node

schneider-electrictsxety5103_firmwareRange<6.4

AND

schneider-electrictsxety5103Match-

Node

schneider-electricbmxnoc0401_firmwareRange<2.10

AND

schneider-electricbmxnoc0401Match-

Node

schneider-electricbmxnor200h_firmware

AND

schneider-electricbmxnor200hMatch-

References

www.se.com/ww/en/download/document/SEVD-2020-343-04/

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.7%

JSON

Related for NVD:CVE-2020-7540

cve1 prion1 cvelist1 nessus1