Path traversal

2020-12-1101:15:00

PRIOn knowledge base

www.prio-n.com

7.3 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.4%

JSON

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’ Vulnerability Type) vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause disclosure of information when sending a specially crafted request to the controller over HTTP.

CPENameOperatorVersion
140noe77101_firmwarelt7.3
140noe77111_firmwarelt7.3
bmxnoe0100_firmwarelt3.4
bmxnoe0110_firmwarelt6.6
bmxp341000_firmwarelt3.30
bmxp342000_firmwarelt3.30
bmxp3420102_firmwarelt3.30
bmxp3420102cl_firmwarelt3.30
bmxp342020_firmwarelt3.30
bmxp3420302_firmwarelt3.30

Name	Operator	Version
140noe77101_firmware	lt	7.3
140noe77111_firmware	lt	7.3
bmxnoe0100_firmware	lt	3.4
bmxnoe0110_firmware	lt	6.6
bmxp341000_firmware	lt	3.30
bmxp342000_firmware	lt	3.30
bmxp3420102_firmware	lt	3.30
bmxp3420102cl_firmware	lt	3.30
bmxp342020_firmware	lt	3.30
bmxp3420302_firmware	lt	3.30