CVE-2020-7541

A CWE-425: Direct Request ('Forced Browsing') vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause disclosure of sensitive data when sending a specially crafted request to the controller over HTTP.

CVSS v3 5.3 MEDIUM
CVSS v2.0 5.0 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://www.se.com/ww/en/download/document/SEVD-2020-343-03/	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:schneider-electric:modicon_m340_bmxp341000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:modicon_m340_bmxp341000:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:schneider-electric:modicon_m340_bmxp342000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:modicon_m340_bmxp342000:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420102_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420102:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420102cl_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420102cl:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:schneider-electric:modicon_m340_bmxp342020_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302cl_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302cl:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:schneider-electric:bmxnoe0100_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:bmxnoe0100:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:schneider-electric:bmxnoe0110_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:bmxnoe0110:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:schneider-electric:bmxnoc0401_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:bmxnoc0401:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:schneider-electric:tsxp574634_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:tsxp574634:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:schneider-electric:tsxp575634_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:tsxp575634:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:schneider-electric:tsxp576634_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:tsxp576634:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:schneider-electric:tsxety4103_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:tsxety4103:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:schneider-electric:tsxety5103_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:tsxety5103:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:schneider-electric:140cpu65150_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:140cpu65150:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:schneider-electric:140noe77111_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:140noe77111:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:schneider-electric:140noc78100_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:140noc78100:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:schneider-electric:140noc78000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:140noc78000:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND

cpe:2.3:o:schneider-electric:140noc77101_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:140noc77101:-:*:*:*:*:*:*:*

History

10 Apr 2024, 12:28

Type	Values Removed	Values Added
CPE	cpe:2.3:h:schneider-electric:bmxp342020:-:::::::* cpe:2.3:o:schneider-electric:bmxp342000_firmware:::::::: cpe:2.3:o:schneider-electric:bmxp3420102_firmware:::::::: cpe:2.3:o:schneider-electric:bmxp341000_firmware:::::::: cpe:2.3:o:schneider-electric:bmxp3420102cl_firmware:::::::: cpe:2.3:h:schneider-electric:bmxp3420102:-:::::::* cpe:2.3:h:schneider-electric:bmxp341000:-:::::::* cpe:2.3:o:schneider-electric:bmxp3420302_firmware:::::::: cpe:2.3:h:schneider-electric:bmxp342000:-:::::::* cpe:2.3:h:schneider-electric:bmxp3420302cl:-:::::::* cpe:2.3:h:schneider-electric:bmxp3420102cl:-:::::::* cpe:2.3:o:schneider-electric:bmxp3420302cl_firmware:::::::: cpe:2.3:h:schneider-electric:bmxp3420302:-:::::::* cpe:2.3:o:schneider-electric:bmxp342020_firmware::::::::	cpe:2.3:h:schneider-electric:modicon_m340_bmxp342000:-:::::::* cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302_firmware:::::::: cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302cl:-:::::::* cpe:2.3:o:schneider-electric:modicon_m340_bmxp342000_firmware:::::::: cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420102cl:-:::::::* cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420102_firmware:::::::: cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420102:-:::::::* cpe:2.3:h:schneider-electric:modicon_m340_bmxp341000:-:::::::* cpe:2.3:o:schneider-electric:modicon_m340_bmxp341000_firmware:::::::: cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302:-:::::::* cpe:2.3:o:schneider-electric:modicon_m340_bmxp342020_firmware:::::::: cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420102cl_firmware:::::::: cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020:-:::::::* cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302cl_firmware::::::::
First Time		Schneider-electric modicon M340 Bmxp341000 Schneider-electric modicon M340 Bmxp3420102 Firmware Schneider-electric modicon M340 Bmxp3420302cl Firmware Schneider-electric modicon M340 Bmxp3420302 Schneider-electric modicon M340 Bmxp342000 Schneider-electric modicon M340 Bmxp3420302 Firmware Schneider-electric modicon M340 Bmxp341000 Firmware Schneider-electric modicon M340 Bmxp3420302cl Schneider-electric modicon M340 Bmxp3420102cl Schneider-electric modicon M340 Bmxp3420102 Schneider-electric modicon M340 Bmxp342020 Firmware Schneider-electric modicon M340 Bmxp342000 Firmware Schneider-electric modicon M340 Bmxp3420102cl Firmware Schneider-electric modicon M340 Bmxp342020

Information

Published : 2020-12-11 01:15

Updated : 2024-04-10 12:28

NVD link : CVE-2020-7541

Mitre link : CVE-2020-7541

CVE.ORG link : CVE-2020-7541

JSON object : View

Products Affected

schneider-electric

modicon_m340_bmxp3420302_firmware
tsxp574634_firmware
bmxnoc0401_firmware
140noc78000
140noc78100
modicon_m340_bmxp341000
tsxp574634
modicon_m340_bmxp3420302cl_firmware
bmxnoe0110_firmware
modicon_m340_bmxp341000_firmware
modicon_m340_bmxp342000_firmware
modicon_m340_bmxp3420102
modicon_m340_bmxp3420302
140noe77111_firmware
modicon_m340_bmxp342000
modicon_m340_bmxp3420102cl_firmware
tsxety5103_firmware
tsxety4103
tsxp575634
140noc78100_firmware
tsxp576634_firmware
modicon_m340_bmxp3420102cl
tsxety4103_firmware
bmxnoe0100
140noe77111
tsxety5103
140noc78000_firmware
bmxnoc0401
140cpu65150_firmware
modicon_m340_bmxp3420102_firmware
tsxp575634_firmware
tsxp576634
140noc77101_firmware
140cpu65150
modicon_m340_bmxp3420302cl
140noc77101
bmxnoe0110
modicon_m340_bmxp342020
modicon_m340_bmxp342020_firmware
bmxnoe0100_firmware

CWE

CWE-425

Direct Request ('Forced Browsing')

5.3 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

5.0 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2020-7541

5.3^/10

5.0^/10

Attach tags to `CVE-2020-7541`