Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for 171ccc96030c_firmware by schneider-electric

    CVE-2014-0754 (GCVE-0-2014-0754)

    Vulnerability from nvd – Published: 2014-10-03 18:00 – Updated: 2025-08-25 23:45
    VLAI
    Title
    Schneider Electric
    Summary
    Directory traversal vulnerability in SchneiderWEB on Schneider Electric Modicon PLC Ethernet modules 140CPU65x Exec before 5.5, 140NOC78x Exec before 1.62, 140NOE77x Exec before 6.2, BMXNOC0401 before 2.05, BMXNOE0100 before 2.9, BMXNOE0110x Exec before 6.0, TSXETC101 Exec before 2.04, TSXETY4103x Exec before 5.7, TSXETY5103x Exec before 5.9, TSXP57x ETYPort Exec before 5.7, and TSXP57x Ethernet Copro Exec before 5.5 allows remote attackers to visit arbitrary resources via a crafted HTTP request.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Impacted products
    Vendor Product Version
    Schneider Electric Ethernet modules for M340, Quantum and Premium PLC ranges Affected: 140CPU65150
    Affected: 140CPU65160
    Affected: 140CPU65260
    Affected: 140NOC77100
    Affected: 140NOC78000
    Affected: 140NOC78100
    Affected: 140NOE77100
    Affected: 140NOE77101
    Affected: 140NOE77101C
    Affected: 140NOE77110
    Affected: 140NOE77111
    Affected: 140NOE77111C
    Affected: 140NWM10000
    Affected: 170ENT11001
    Affected: 170ENT11002
    Affected: 170ENT11002C
    Affected: 171CCC96020
    Affected: 171CCC96020C
    Affected: 171CCC96030
    Affected: 171CCC96030C
    Affected: 171CCC98020
    Affected: 171CCC98030
    Affected: BMXNOC0401
    Affected: BMXNOC0402
    Affected: BMXNOE0100
    Affected: BMXNOE0110
    Affected: BMXNOE0110H
    Affected: BMXNOR0200H
    Affected: BMXP342020
    Affected: BMXP342020H
    Affected: BMXP342030
    Affected: BMXP3420302
    Affected: BMXP3420302H
    Affected: BMXP342030H
    Affected: BMXPRMxxxx
    Affected: STBNIC2212
    Affected: STBNIP2212
    Affected: TSXETC0101
    Affected: TSXETC100
    Affected: TSXETY110WS
    Affected: TSXETY110WSC
    Affected: TSXETY4103
    Affected: TSXETY4103C
    Affected: TSXETY5103
    Affected: TSXETY5103C
    Affected: TSXETZ410
    Affected: TSXETZ510
    Affected: TSXNTP100
    Affected: TSXP572623M
    Affected: TSXP572623MC
    Affected: TSXP572823M
    Affected: TSXP572823MC
    Affected: TSXP573623AM
    Affected: TSXP573623M
    Affected: TSXP573623MC
    Affected: TSXP574634M
    Affected: TSXP574823AM
    Affected: TSXP574823M
    Affected: TSXP574823MC
    Affected: TSXP575634M
    Affected: TSXP576634M
    Affected: TSXWMY100
    Affected: TSXWMY100C
    Affected: TSXP571634M
    Affected: TSXP572634M
    Affected: TSXP573634M
    Create a notification for this product.
    Date Public
    2014-09-30 06:00
    Credits
    Billy Rios
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T09:27:19.540Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "70193",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/70193"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-273-01"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://download.schneider-electric.com/files?p_Reference=SEVD-2014-260-01\u0026p_EnDocType=Software%20-%20Updates\u0026p_File_Id=608959359\u0026p_File_Name=SEVD-2014-260-01.pdf"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Ethernet modules for M340, Quantum and Premium PLC ranges",
              "vendor": "Schneider Electric",
              "versions": [
                {
                  "status": "affected",
                  "version": "140CPU65150"
                },
                {
                  "status": "affected",
                  "version": "140CPU65160"
                },
                {
                  "status": "affected",
                  "version": "140CPU65260"
                },
                {
                  "status": "affected",
                  "version": "140NOC77100"
                },
                {
                  "status": "affected",
                  "version": "140NOC78000"
                },
                {
                  "status": "affected",
                  "version": "140NOC78100"
                },
                {
                  "status": "affected",
                  "version": "140NOE77100"
                },
                {
                  "status": "affected",
                  "version": "140NOE77101"
                },
                {
                  "status": "affected",
                  "version": "140NOE77101C"
                },
                {
                  "status": "affected",
                  "version": "140NOE77110"
                },
                {
                  "status": "affected",
                  "version": "140NOE77111"
                },
                {
                  "status": "affected",
                  "version": "140NOE77111C"
                },
                {
                  "status": "affected",
                  "version": "140NWM10000"
                },
                {
                  "status": "affected",
                  "version": "170ENT11001"
                },
                {
                  "status": "affected",
                  "version": "170ENT11002"
                },
                {
                  "status": "affected",
                  "version": "170ENT11002C"
                },
                {
                  "status": "affected",
                  "version": "171CCC96020"
                },
                {
                  "status": "affected",
                  "version": "171CCC96020C"
                },
                {
                  "status": "affected",
                  "version": "171CCC96030"
                },
                {
                  "status": "affected",
                  "version": "171CCC96030C"
                },
                {
                  "status": "affected",
                  "version": "171CCC98020"
                },
                {
                  "status": "affected",
                  "version": "171CCC98030"
                },
                {
                  "status": "affected",
                  "version": "BMXNOC0401"
                },
                {
                  "status": "affected",
                  "version": "BMXNOC0402"
                },
                {
                  "status": "affected",
                  "version": "BMXNOE0100"
                },
                {
                  "status": "affected",
                  "version": "BMXNOE0110"
                },
                {
                  "status": "affected",
                  "version": "BMXNOE0110H"
                },
                {
                  "status": "affected",
                  "version": "BMXNOR0200H"
                },
                {
                  "status": "affected",
                  "version": "BMXP342020"
                },
                {
                  "status": "affected",
                  "version": "BMXP342020H"
                },
                {
                  "status": "affected",
                  "version": "BMXP342030"
                },
                {
                  "status": "affected",
                  "version": "BMXP3420302"
                },
                {
                  "status": "affected",
                  "version": "BMXP3420302H"
                },
                {
                  "status": "affected",
                  "version": "BMXP342030H"
                },
                {
                  "status": "affected",
                  "version": "BMXPRMxxxx"
                },
                {
                  "status": "affected",
                  "version": "STBNIC2212"
                },
                {
                  "status": "affected",
                  "version": "STBNIP2212"
                },
                {
                  "status": "affected",
                  "version": "TSXETC0101"
                },
                {
                  "status": "affected",
                  "version": "TSXETC100"
                },
                {
                  "status": "affected",
                  "version": "TSXETY110WS"
                },
                {
                  "status": "affected",
                  "version": "TSXETY110WSC"
                },
                {
                  "status": "affected",
                  "version": "TSXETY4103"
                },
                {
                  "status": "affected",
                  "version": "TSXETY4103C"
                },
                {
                  "status": "affected",
                  "version": "TSXETY5103"
                },
                {
                  "status": "affected",
                  "version": "TSXETY5103C"
                },
                {
                  "status": "affected",
                  "version": "TSXETZ410"
                },
                {
                  "status": "affected",
                  "version": "TSXETZ510"
                },
                {
                  "status": "affected",
                  "version": "TSXNTP100"
                },
                {
                  "status": "affected",
                  "version": "TSXP572623M"
                },
                {
                  "status": "affected",
                  "version": "TSXP572623MC"
                },
                {
                  "status": "affected",
                  "version": "TSXP572823M"
                },
                {
                  "status": "affected",
                  "version": "TSXP572823MC"
                },
                {
                  "status": "affected",
                  "version": "TSXP573623AM"
                },
                {
                  "status": "affected",
                  "version": "TSXP573623M"
                },
                {
                  "status": "affected",
                  "version": "TSXP573623MC"
                },
                {
                  "status": "affected",
                  "version": "TSXP574634M"
                },
                {
                  "status": "affected",
                  "version": "TSXP574823AM"
                },
                {
                  "status": "affected",
                  "version": "TSXP574823M"
                },
                {
                  "status": "affected",
                  "version": "TSXP574823MC"
                },
                {
                  "status": "affected",
                  "version": "TSXP575634M"
                },
                {
                  "status": "affected",
                  "version": "TSXP576634M"
                },
                {
                  "status": "affected",
                  "version": "TSXWMY100"
                },
                {
                  "status": "affected",
                  "version": "TSXWMY100C"
                },
                {
                  "status": "affected",
                  "version": "TSXP571634M"
                },
                {
                  "status": "affected",
                  "version": "TSXP572634M"
                },
                {
                  "status": "affected",
                  "version": "TSXP573634M"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Billy Rios"
            }
          ],
          "datePublic": "2014-09-30T06:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eDirectory traversal vulnerability in SchneiderWEB on Schneider Electric Modicon PLC Ethernet modules 140CPU65x Exec before 5.5, 140NOC78x Exec before 1.62, 140NOE77x Exec before 6.2, BMXNOC0401 before 2.05, BMXNOE0100 before 2.9, BMXNOE0110x Exec before 6.0, TSXETC101 Exec before 2.04, TSXETY4103x Exec before 5.7, TSXETY5103x Exec before 5.9, TSXP57x ETYPort Exec before 5.7, and TSXP57x Ethernet Copro Exec before 5.5 allows remote attackers to visit arbitrary resources via a crafted HTTP request.\u003c/p\u003e"
                }
              ],
              "value": "Directory traversal vulnerability in SchneiderWEB on Schneider Electric Modicon PLC Ethernet modules 140CPU65x Exec before 5.5, 140NOC78x Exec before 1.62, 140NOE77x Exec before 6.2, BMXNOC0401 before 2.05, BMXNOE0100 before 2.9, BMXNOE0110x Exec before 6.0, TSXETC101 Exec before 2.04, TSXETY4103x Exec before 5.7, TSXETY5103x Exec before 5.9, TSXP57x ETYPort Exec before 5.7, and TSXP57x Ethernet Copro Exec before 5.5 allows remote attackers to visit arbitrary resources via a crafted HTTP request."
            }
          ],
          "metrics": [
            {
              "cvssV2_0": {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10,
                "confidentialityImpact": "COMPLETE",
                "integrityImpact": "COMPLETE",
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-25T23:45:03.684Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "name": "70193",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/70193"
            },
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-273-01"
            },
            {
              "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2014-260-01"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003ePlease see Schneider Electric\u2019s vulnerability disclosure \n(SEVD-2014-260-01)Schneider Electric Vulnerability Disclosure \u2013 Modicon \nEthernet Comm Modules - SEVD-2014-260-01 - \n\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2014-260-01\"\u003ehttp://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2014-260-01\u003c/a\u003e. for more detailed \ninformation on which product part numbers are affected, as well as the \ncomplete list of which devices have released firmware updates available.\u003c/p\u003e\u003cp\u003eThis vulnerability disclosure can be downloaded at the following URL:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.schneider-electric.com/ww/en/download/\"\u003ehttp://www.schneider-electric.com/ww/en/download/\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "Please see Schneider Electric\u2019s vulnerability disclosure \n(SEVD-2014-260-01)Schneider Electric Vulnerability Disclosure \u2013 Modicon \nEthernet Comm Modules - SEVD-2014-260-01 - \n http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2014-260-01 . for more detailed \ninformation on which product part numbers are affected, as well as the \ncomplete list of which devices have released firmware updates available.\n\nThis vulnerability disclosure can be downloaded at the following URL:\u00a0 http://www.schneider-electric.com/ww/en/download/"
            }
          ],
          "source": {
            "advisory": "ICSA-14-273-01",
            "discovery": "EXTERNAL"
          },
          "title": "Schneider Electric",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eSearch downloads for SEVD-14-260-01, then keyword SEVD-14-260-01 to \ndownload the vulnerability disclosure. This URL site can also be used to\n download firmware updates identified in the vulnerability disclosure.\u003c/p\u003e\n\u003cp\u003eSchneider Electric also recommends the following measures to mitigate the vulnerability for the remaining affected devices:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUse a deep packet inspection firewall to prevent HTTP requests to the product that contains traversals in the URL.\u003c/li\u003e\n\u003cli\u003eDisable Port 80 (HTTP) on modules where it is possible.\u003c/li\u003e\n\u003cli\u003eBlock Port 80 in firewalls to these devices, except for trusted devices.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePlease contact Schneider Electric Customer Care Center for more information.\u003c/p\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "Search downloads for SEVD-14-260-01, then keyword SEVD-14-260-01 to \ndownload the vulnerability disclosure. This URL site can also be used to\n download firmware updates identified in the vulnerability disclosure.\n\n\nSchneider Electric also recommends the following measures to mitigate the vulnerability for the remaining affected devices:\n\n\n\n  *  Use a deep packet inspection firewall to prevent HTTP requests to the product that contains traversals in the URL.\n\n  *  Disable Port 80 (HTTP) on modules where it is possible.\n\n  *  Block Port 80 in firewalls to these devices, except for trusted devices.\n\n\n\n\nPlease contact Schneider Electric Customer Care Center for more information."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2014-0754",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Directory traversal vulnerability in SchneiderWEB on Schneider Electric Modicon PLC Ethernet modules 140CPU65x Exec before 5.5, 140NOC78x Exec before 1.62, 140NOE77x Exec before 6.2, BMXNOC0401 before 2.05, BMXNOE0100 before 2.9, BMXNOE0110x Exec before 6.0, TSXETC101 Exec before 2.04, TSXETY4103x Exec before 5.7, TSXETY5103x Exec before 5.9, TSXP57x ETYPort Exec before 5.7, and TSXP57x Ethernet Copro Exec before 5.5 allows remote attackers to visit arbitrary resources via a crafted HTTP request."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "70193",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/70193"
                },
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-273-01",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-273-01"
                },
                {
                  "name": "http://download.schneider-electric.com/files?p_Reference=SEVD-2014-260-01\u0026p_EnDocType=Software%20-%20Updates\u0026p_File_Id=608959359\u0026p_File_Name=SEVD-2014-260-01.pdf",
                  "refsource": "CONFIRM",
                  "url": "http://download.schneider-electric.com/files?p_Reference=SEVD-2014-260-01\u0026p_EnDocType=Software%20-%20Updates\u0026p_File_Id=608959359\u0026p_File_Name=SEVD-2014-260-01.pdf"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2014-0754",
        "datePublished": "2014-10-03T18:00:00.000Z",
        "dateReserved": "2014-01-02T00:00:00.000Z",
        "dateUpdated": "2025-08-25T23:45:03.684Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-0754 (GCVE-0-2014-0754)

    Vulnerability from cvelistv5 – Published: 2014-10-03 18:00 – Updated: 2025-08-25 23:45
    VLAI
    Title
    Schneider Electric
    Summary
    Directory traversal vulnerability in SchneiderWEB on Schneider Electric Modicon PLC Ethernet modules 140CPU65x Exec before 5.5, 140NOC78x Exec before 1.62, 140NOE77x Exec before 6.2, BMXNOC0401 before 2.05, BMXNOE0100 before 2.9, BMXNOE0110x Exec before 6.0, TSXETC101 Exec before 2.04, TSXETY4103x Exec before 5.7, TSXETY5103x Exec before 5.9, TSXP57x ETYPort Exec before 5.7, and TSXP57x Ethernet Copro Exec before 5.5 allows remote attackers to visit arbitrary resources via a crafted HTTP request.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Impacted products
    Vendor Product Version
    Schneider Electric Ethernet modules for M340, Quantum and Premium PLC ranges Affected: 140CPU65150
    Affected: 140CPU65160
    Affected: 140CPU65260
    Affected: 140NOC77100
    Affected: 140NOC78000
    Affected: 140NOC78100
    Affected: 140NOE77100
    Affected: 140NOE77101
    Affected: 140NOE77101C
    Affected: 140NOE77110
    Affected: 140NOE77111
    Affected: 140NOE77111C
    Affected: 140NWM10000
    Affected: 170ENT11001
    Affected: 170ENT11002
    Affected: 170ENT11002C
    Affected: 171CCC96020
    Affected: 171CCC96020C
    Affected: 171CCC96030
    Affected: 171CCC96030C
    Affected: 171CCC98020
    Affected: 171CCC98030
    Affected: BMXNOC0401
    Affected: BMXNOC0402
    Affected: BMXNOE0100
    Affected: BMXNOE0110
    Affected: BMXNOE0110H
    Affected: BMXNOR0200H
    Affected: BMXP342020
    Affected: BMXP342020H
    Affected: BMXP342030
    Affected: BMXP3420302
    Affected: BMXP3420302H
    Affected: BMXP342030H
    Affected: BMXPRMxxxx
    Affected: STBNIC2212
    Affected: STBNIP2212
    Affected: TSXETC0101
    Affected: TSXETC100
    Affected: TSXETY110WS
    Affected: TSXETY110WSC
    Affected: TSXETY4103
    Affected: TSXETY4103C
    Affected: TSXETY5103
    Affected: TSXETY5103C
    Affected: TSXETZ410
    Affected: TSXETZ510
    Affected: TSXNTP100
    Affected: TSXP572623M
    Affected: TSXP572623MC
    Affected: TSXP572823M
    Affected: TSXP572823MC
    Affected: TSXP573623AM
    Affected: TSXP573623M
    Affected: TSXP573623MC
    Affected: TSXP574634M
    Affected: TSXP574823AM
    Affected: TSXP574823M
    Affected: TSXP574823MC
    Affected: TSXP575634M
    Affected: TSXP576634M
    Affected: TSXWMY100
    Affected: TSXWMY100C
    Affected: TSXP571634M
    Affected: TSXP572634M
    Affected: TSXP573634M
    Create a notification for this product.
    Date Public
    2014-09-30 06:00
    Credits
    Billy Rios
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T09:27:19.540Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "70193",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/70193"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-273-01"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://download.schneider-electric.com/files?p_Reference=SEVD-2014-260-01\u0026p_EnDocType=Software%20-%20Updates\u0026p_File_Id=608959359\u0026p_File_Name=SEVD-2014-260-01.pdf"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Ethernet modules for M340, Quantum and Premium PLC ranges",
              "vendor": "Schneider Electric",
              "versions": [
                {
                  "status": "affected",
                  "version": "140CPU65150"
                },
                {
                  "status": "affected",
                  "version": "140CPU65160"
                },
                {
                  "status": "affected",
                  "version": "140CPU65260"
                },
                {
                  "status": "affected",
                  "version": "140NOC77100"
                },
                {
                  "status": "affected",
                  "version": "140NOC78000"
                },
                {
                  "status": "affected",
                  "version": "140NOC78100"
                },
                {
                  "status": "affected",
                  "version": "140NOE77100"
                },
                {
                  "status": "affected",
                  "version": "140NOE77101"
                },
                {
                  "status": "affected",
                  "version": "140NOE77101C"
                },
                {
                  "status": "affected",
                  "version": "140NOE77110"
                },
                {
                  "status": "affected",
                  "version": "140NOE77111"
                },
                {
                  "status": "affected",
                  "version": "140NOE77111C"
                },
                {
                  "status": "affected",
                  "version": "140NWM10000"
                },
                {
                  "status": "affected",
                  "version": "170ENT11001"
                },
                {
                  "status": "affected",
                  "version": "170ENT11002"
                },
                {
                  "status": "affected",
                  "version": "170ENT11002C"
                },
                {
                  "status": "affected",
                  "version": "171CCC96020"
                },
                {
                  "status": "affected",
                  "version": "171CCC96020C"
                },
                {
                  "status": "affected",
                  "version": "171CCC96030"
                },
                {
                  "status": "affected",
                  "version": "171CCC96030C"
                },
                {
                  "status": "affected",
                  "version": "171CCC98020"
                },
                {
                  "status": "affected",
                  "version": "171CCC98030"
                },
                {
                  "status": "affected",
                  "version": "BMXNOC0401"
                },
                {
                  "status": "affected",
                  "version": "BMXNOC0402"
                },
                {
                  "status": "affected",
                  "version": "BMXNOE0100"
                },
                {
                  "status": "affected",
                  "version": "BMXNOE0110"
                },
                {
                  "status": "affected",
                  "version": "BMXNOE0110H"
                },
                {
                  "status": "affected",
                  "version": "BMXNOR0200H"
                },
                {
                  "status": "affected",
                  "version": "BMXP342020"
                },
                {
                  "status": "affected",
                  "version": "BMXP342020H"
                },
                {
                  "status": "affected",
                  "version": "BMXP342030"
                },
                {
                  "status": "affected",
                  "version": "BMXP3420302"
                },
                {
                  "status": "affected",
                  "version": "BMXP3420302H"
                },
                {
                  "status": "affected",
                  "version": "BMXP342030H"
                },
                {
                  "status": "affected",
                  "version": "BMXPRMxxxx"
                },
                {
                  "status": "affected",
                  "version": "STBNIC2212"
                },
                {
                  "status": "affected",
                  "version": "STBNIP2212"
                },
                {
                  "status": "affected",
                  "version": "TSXETC0101"
                },
                {
                  "status": "affected",
                  "version": "TSXETC100"
                },
                {
                  "status": "affected",
                  "version": "TSXETY110WS"
                },
                {
                  "status": "affected",
                  "version": "TSXETY110WSC"
                },
                {
                  "status": "affected",
                  "version": "TSXETY4103"
                },
                {
                  "status": "affected",
                  "version": "TSXETY4103C"
                },
                {
                  "status": "affected",
                  "version": "TSXETY5103"
                },
                {
                  "status": "affected",
                  "version": "TSXETY5103C"
                },
                {
                  "status": "affected",
                  "version": "TSXETZ410"
                },
                {
                  "status": "affected",
                  "version": "TSXETZ510"
                },
                {
                  "status": "affected",
                  "version": "TSXNTP100"
                },
                {
                  "status": "affected",
                  "version": "TSXP572623M"
                },
                {
                  "status": "affected",
                  "version": "TSXP572623MC"
                },
                {
                  "status": "affected",
                  "version": "TSXP572823M"
                },
                {
                  "status": "affected",
                  "version": "TSXP572823MC"
                },
                {
                  "status": "affected",
                  "version": "TSXP573623AM"
                },
                {
                  "status": "affected",
                  "version": "TSXP573623M"
                },
                {
                  "status": "affected",
                  "version": "TSXP573623MC"
                },
                {
                  "status": "affected",
                  "version": "TSXP574634M"
                },
                {
                  "status": "affected",
                  "version": "TSXP574823AM"
                },
                {
                  "status": "affected",
                  "version": "TSXP574823M"
                },
                {
                  "status": "affected",
                  "version": "TSXP574823MC"
                },
                {
                  "status": "affected",
                  "version": "TSXP575634M"
                },
                {
                  "status": "affected",
                  "version": "TSXP576634M"
                },
                {
                  "status": "affected",
                  "version": "TSXWMY100"
                },
                {
                  "status": "affected",
                  "version": "TSXWMY100C"
                },
                {
                  "status": "affected",
                  "version": "TSXP571634M"
                },
                {
                  "status": "affected",
                  "version": "TSXP572634M"
                },
                {
                  "status": "affected",
                  "version": "TSXP573634M"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Billy Rios"
            }
          ],
          "datePublic": "2014-09-30T06:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eDirectory traversal vulnerability in SchneiderWEB on Schneider Electric Modicon PLC Ethernet modules 140CPU65x Exec before 5.5, 140NOC78x Exec before 1.62, 140NOE77x Exec before 6.2, BMXNOC0401 before 2.05, BMXNOE0100 before 2.9, BMXNOE0110x Exec before 6.0, TSXETC101 Exec before 2.04, TSXETY4103x Exec before 5.7, TSXETY5103x Exec before 5.9, TSXP57x ETYPort Exec before 5.7, and TSXP57x Ethernet Copro Exec before 5.5 allows remote attackers to visit arbitrary resources via a crafted HTTP request.\u003c/p\u003e"
                }
              ],
              "value": "Directory traversal vulnerability in SchneiderWEB on Schneider Electric Modicon PLC Ethernet modules 140CPU65x Exec before 5.5, 140NOC78x Exec before 1.62, 140NOE77x Exec before 6.2, BMXNOC0401 before 2.05, BMXNOE0100 before 2.9, BMXNOE0110x Exec before 6.0, TSXETC101 Exec before 2.04, TSXETY4103x Exec before 5.7, TSXETY5103x Exec before 5.9, TSXP57x ETYPort Exec before 5.7, and TSXP57x Ethernet Copro Exec before 5.5 allows remote attackers to visit arbitrary resources via a crafted HTTP request."
            }
          ],
          "metrics": [
            {
              "cvssV2_0": {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10,
                "confidentialityImpact": "COMPLETE",
                "integrityImpact": "COMPLETE",
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-25T23:45:03.684Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "name": "70193",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/70193"
            },
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-273-01"
            },
            {
              "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2014-260-01"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003ePlease see Schneider Electric\u2019s vulnerability disclosure \n(SEVD-2014-260-01)Schneider Electric Vulnerability Disclosure \u2013 Modicon \nEthernet Comm Modules - SEVD-2014-260-01 - \n\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2014-260-01\"\u003ehttp://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2014-260-01\u003c/a\u003e. for more detailed \ninformation on which product part numbers are affected, as well as the \ncomplete list of which devices have released firmware updates available.\u003c/p\u003e\u003cp\u003eThis vulnerability disclosure can be downloaded at the following URL:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.schneider-electric.com/ww/en/download/\"\u003ehttp://www.schneider-electric.com/ww/en/download/\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "Please see Schneider Electric\u2019s vulnerability disclosure \n(SEVD-2014-260-01)Schneider Electric Vulnerability Disclosure \u2013 Modicon \nEthernet Comm Modules - SEVD-2014-260-01 - \n http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2014-260-01 . for more detailed \ninformation on which product part numbers are affected, as well as the \ncomplete list of which devices have released firmware updates available.\n\nThis vulnerability disclosure can be downloaded at the following URL:\u00a0 http://www.schneider-electric.com/ww/en/download/"
            }
          ],
          "source": {
            "advisory": "ICSA-14-273-01",
            "discovery": "EXTERNAL"
          },
          "title": "Schneider Electric",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eSearch downloads for SEVD-14-260-01, then keyword SEVD-14-260-01 to \ndownload the vulnerability disclosure. This URL site can also be used to\n download firmware updates identified in the vulnerability disclosure.\u003c/p\u003e\n\u003cp\u003eSchneider Electric also recommends the following measures to mitigate the vulnerability for the remaining affected devices:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUse a deep packet inspection firewall to prevent HTTP requests to the product that contains traversals in the URL.\u003c/li\u003e\n\u003cli\u003eDisable Port 80 (HTTP) on modules where it is possible.\u003c/li\u003e\n\u003cli\u003eBlock Port 80 in firewalls to these devices, except for trusted devices.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePlease contact Schneider Electric Customer Care Center for more information.\u003c/p\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "Search downloads for SEVD-14-260-01, then keyword SEVD-14-260-01 to \ndownload the vulnerability disclosure. This URL site can also be used to\n download firmware updates identified in the vulnerability disclosure.\n\n\nSchneider Electric also recommends the following measures to mitigate the vulnerability for the remaining affected devices:\n\n\n\n  *  Use a deep packet inspection firewall to prevent HTTP requests to the product that contains traversals in the URL.\n\n  *  Disable Port 80 (HTTP) on modules where it is possible.\n\n  *  Block Port 80 in firewalls to these devices, except for trusted devices.\n\n\n\n\nPlease contact Schneider Electric Customer Care Center for more information."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2014-0754",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Directory traversal vulnerability in SchneiderWEB on Schneider Electric Modicon PLC Ethernet modules 140CPU65x Exec before 5.5, 140NOC78x Exec before 1.62, 140NOE77x Exec before 6.2, BMXNOC0401 before 2.05, BMXNOE0100 before 2.9, BMXNOE0110x Exec before 6.0, TSXETC101 Exec before 2.04, TSXETY4103x Exec before 5.7, TSXETY5103x Exec before 5.9, TSXP57x ETYPort Exec before 5.7, and TSXP57x Ethernet Copro Exec before 5.5 allows remote attackers to visit arbitrary resources via a crafted HTTP request."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "70193",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/70193"
                },
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-273-01",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-273-01"
                },
                {
                  "name": "http://download.schneider-electric.com/files?p_Reference=SEVD-2014-260-01\u0026p_EnDocType=Software%20-%20Updates\u0026p_File_Id=608959359\u0026p_File_Name=SEVD-2014-260-01.pdf",
                  "refsource": "CONFIRM",
                  "url": "http://download.schneider-electric.com/files?p_Reference=SEVD-2014-260-01\u0026p_EnDocType=Software%20-%20Updates\u0026p_File_Id=608959359\u0026p_File_Name=SEVD-2014-260-01.pdf"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2014-0754",
        "datePublished": "2014-10-03T18:00:00.000Z",
        "dateReserved": "2014-01-02T00:00:00.000Z",
        "dateUpdated": "2025-08-25T23:45:03.684Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }