Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2020-7533 (GCVE-0-2020-7533)
Vulnerability from cvelistv5 – Published: 2020-12-01 14:47 – Updated: 2025-06-10 08:02
VLAI?
EPSS
Summary
CWE-287: Improper Authentication vulnerability exists which could cause the execution of
commands on the webserver without authentication when sending specially crafted HTTP
requests.
Severity ?
No CVSS data available.
CWE
- CWE-287 - Improper Authentication
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see security notification for version information) |
Affected:
Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see security notification for version information)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:33:19.965Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-287-01/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see security notification for version information)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see security notification for version information)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\n\nCWE-287: Improper Authentication vulnerability exists which could cause the execution of\ncommands on the webserver without authentication when sending specially crafted HTTP\nrequests.\n\n\u003c/p\u003e"
}
],
"value": "CWE-287: Improper Authentication vulnerability exists which could cause the execution of\ncommands on the webserver without authentication when sending specially crafted HTTP\nrequests."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-10T08:02:15.209Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"url": "https://download.schneider-electric.com/files?p_File_Name=SEVD-2020-287-01_Modicon_Web_Server_Security_Notificatiton.pdf\u0026p_Doc_Ref=SEVD-2020-287-01\u0026p_enDocType=Security+and+Safety+Notice"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2020-7533",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see security notification for version information)",
"version": {
"version_data": [
{
"version_value": "Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see security notification for version information)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-255: Credentials Management vulnerability exists in Web Server on Modicon M340, Modicon Quantum and ModiconPremium Legacy offers and their Communication Modules (see security notification for version information) which could cause the execution of commands on the webserver without authentication when sending specially crafted HTTP requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-255: Credentials Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.se.com/ww/en/download/document/SEVD-2020-287-01/",
"refsource": "MISC",
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-287-01/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2020-7533",
"datePublished": "2020-12-01T14:47:02.000Z",
"dateReserved": "2020-01-21T00:00:00.000Z",
"dateUpdated": "2025-06-10T08:02:15.209Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2020-7533\",\"sourceIdentifier\":\"cybersecurity@se.com\",\"published\":\"2020-12-01T15:15:12.190\",\"lastModified\":\"2025-06-10T08:15:21.423\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"CWE-287: Improper Authentication vulnerability exists which could cause the execution of\\ncommands on the webserver without authentication when sending specially crafted HTTP\\nrequests.\"},{\"lang\":\"es\",\"value\":\"Una CWE-255: Se presenta una vulnerabilidad Administraci\u00f3n de Credenciales en el Servidor Web en Modicon M340, Modicon Quantum y ofertas ModiconPremium Legacy y sus M\u00f3dulos de Comunicaci\u00f3n (v\u00e9ase la notificaci\u00f3n de seguridad para la informaci\u00f3n de la versi\u00f3n) que podr\u00eda causar una ejecuci\u00f3n de comandos en el servidor web sin autenticaci\u00f3n cuando se env\u00eda peticiones HTTP dise\u00f1adas\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"cybersecurity@se.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.20\",\"matchCriteriaId\":\"86401BD9-9D3F-4626-A299-6AFD5A7C6A95\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"354968F7-C41B-4C21-8E47-81DC07DF0EA5\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:schneider-electric:modicon_m340_bmxp342000_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.20\",\"matchCriteriaId\":\"AC91F3A5-7032-45DD-8897-0A63FDD25550\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:modicon_m340_bmxp342000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D150239-27E2-4CBE-A931-5107C15E362F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:schneider-electric:modicon_m340_bmxp341000_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.20\",\"matchCriteriaId\":\"FA9F5C74-1CF8-47E8-B3AB-2F87FCD25D28\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:modicon_m340_bmxp341000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"178D2338-E48E-493C-992F-337AACE794DE\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420102_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.20\",\"matchCriteriaId\":\"486E0121-1C3B-4EDC-9D76-292648A96764\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420102:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"98212CF5-BCF4-4A55-B62A-484569687B4E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.20\",\"matchCriteriaId\":\"86401BD9-9D3F-4626-A299-6AFD5A7C6A95\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"354968F7-C41B-4C21-8E47-81DC07DF0EA5\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:schneider-electric:bmxnoe0100_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.3\",\"matchCriteriaId\":\"1BCDF059-40BF-4A32-9932-A7A744E6F295\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:bmxnoe0100:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80FC6FF2-D662-4A57-AAA6-BC04351DC779\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:schneider-electric:bmxnoe0110_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"6.5\",\"matchCriteriaId\":\"3E001828-1A7D-4C8B-95FC-046652D3EF07\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:bmxnoe0110:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"98F3B055-8919-4E09-9827-288F0A03DAFF\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:schneider-electric:bmxnoc0401_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.10\",\"matchCriteriaId\":\"887976CC-8244-4D86-9941-BA82BC1AB6C2\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:bmxnoc0401:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DF08654A-FFCB-47D3-AC82-DF7284548962\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:schneider-electric:tsxp574634_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"6.1\",\"matchCriteriaId\":\"19D112F4-50CB-4EFE-B0EA-43A732A22283\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:tsxp574634:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"76B1122A-56A2-44BB-8648-C6E96D1966D9\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:schneider-electric:tsxp575634_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"6.1\",\"matchCriteriaId\":\"4EDD6B6C-FF2A-4960-AFD6-9DF4B4F7FD5E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:tsxp575634:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A0678A50-FE23-49BD-A6CF-A7094EFDAFA1\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:schneider-electric:tsxp576634_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"6.1\",\"matchCriteriaId\":\"3CB6318A-9AEF-4C9D-9678-05208026AC8A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:tsxp576634:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"38F83CCC-4A66-4D47-A563-777A16028F3B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:schneider-electric:tsxety4103_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"6.2\",\"matchCriteriaId\":\"92C280EA-9C52-47A9-AA1E-B0AA9C1F67F2\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:tsxety4103:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"18B13865-038C-4073-955A-36E6F5037C2C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:schneider-electric:tsxety5103_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"6.4\",\"matchCriteriaId\":\"0C093ECB-B977-4346-9E0E-DC30DD762055\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:tsxety5103:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6A901BF2-9316-4067-9AFC-8A7CB3549F68\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:schneider-electric:140noe77111_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.1\",\"matchCriteriaId\":\"4570480E-3787-4263-AB51-8AD0B62969CB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:140noe77111:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7CBDCA32-398A-4AC3-A477-DEF9ACD4D3F4\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:schneider-electric:140noc78000_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.74\",\"matchCriteriaId\":\"FD80E512-2D78-4375-8DBB-D12E5F0AF484\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:140noc78000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"876CE5BA-B45D-4FFD-8176-E26181DAC355\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:schneider-electric:140noc77101_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.08\",\"matchCriteriaId\":\"EAA8F733-513D-458A-A1ED-849A3DE8F5FD\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:140noc77101:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0B688E46-6D5B-4197-BBA2-23F361E656E0\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:schneider-electric:140cpu65260_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"6.1\",\"matchCriteriaId\":\"329D4136-B86E-451A-8FF3-7722265889E1\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:140cpu65260:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3D7304B0-EE18-454B-B3F0-5EF387285D90\"}]}]}],\"references\":[{\"url\":\"https://download.schneider-electric.com/files?p_File_Name=SEVD-2020-287-01_Modicon_Web_Server_Security_Notificatiton.pdf\u0026p_Doc_Ref=SEVD-2020-287-01\u0026p_enDocType=Security+and+Safety+Notice\",\"source\":\"cybersecurity@se.com\"},{\"url\":\"https://www.se.com/ww/en/download/document/SEVD-2020-287-01/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
FKIE_CVE-2020-7533
Vulnerability from fkie_nvd - Published: 2020-12-01 15:15 - Updated: 2025-06-10 08:15
Severity ?
Summary
CWE-287: Improper Authentication vulnerability exists which could cause the execution of
commands on the webserver without authentication when sending specially crafted HTTP
requests.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "86401BD9-9D3F-4626-A299-6AFD5A7C6A95",
"versionEndExcluding": "3.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302:-:*:*:*:*:*:*:*",
"matchCriteriaId": "354968F7-C41B-4C21-8E47-81DC07DF0EA5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AC91F3A5-7032-45DD-8897-0A63FDD25550",
"versionEndExcluding": "3.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6D150239-27E2-4CBE-A931-5107C15E362F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp341000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FA9F5C74-1CF8-47E8-B3AB-2F87FCD25D28",
"versionEndExcluding": "3.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp341000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "178D2338-E48E-493C-992F-337AACE794DE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420102_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "486E0121-1C3B-4EDC-9D76-292648A96764",
"versionEndExcluding": "3.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420102:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98212CF5-BCF4-4A55-B62A-484569687B4E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "86401BD9-9D3F-4626-A299-6AFD5A7C6A95",
"versionEndExcluding": "3.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302:-:*:*:*:*:*:*:*",
"matchCriteriaId": "354968F7-C41B-4C21-8E47-81DC07DF0EA5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:bmxnoe0100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1BCDF059-40BF-4A32-9932-A7A744E6F295",
"versionEndExcluding": "3.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:bmxnoe0100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "80FC6FF2-D662-4A57-AAA6-BC04351DC779",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:bmxnoe0110_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E001828-1A7D-4C8B-95FC-046652D3EF07",
"versionEndExcluding": "6.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:bmxnoe0110:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98F3B055-8919-4E09-9827-288F0A03DAFF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:bmxnoc0401_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "887976CC-8244-4D86-9941-BA82BC1AB6C2",
"versionEndExcluding": "2.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:bmxnoc0401:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DF08654A-FFCB-47D3-AC82-DF7284548962",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:tsxp574634_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "19D112F4-50CB-4EFE-B0EA-43A732A22283",
"versionEndExcluding": "6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:tsxp574634:-:*:*:*:*:*:*:*",
"matchCriteriaId": "76B1122A-56A2-44BB-8648-C6E96D1966D9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:tsxp575634_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4EDD6B6C-FF2A-4960-AFD6-9DF4B4F7FD5E",
"versionEndExcluding": "6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:tsxp575634:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A0678A50-FE23-49BD-A6CF-A7094EFDAFA1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:tsxp576634_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3CB6318A-9AEF-4C9D-9678-05208026AC8A",
"versionEndExcluding": "6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:tsxp576634:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38F83CCC-4A66-4D47-A563-777A16028F3B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:tsxety4103_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "92C280EA-9C52-47A9-AA1E-B0AA9C1F67F2",
"versionEndExcluding": "6.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:tsxety4103:-:*:*:*:*:*:*:*",
"matchCriteriaId": "18B13865-038C-4073-955A-36E6F5037C2C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:tsxety5103_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C093ECB-B977-4346-9E0E-DC30DD762055",
"versionEndExcluding": "6.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:tsxety5103:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6A901BF2-9316-4067-9AFC-8A7CB3549F68",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:140noe77111_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4570480E-3787-4263-AB51-8AD0B62969CB",
"versionEndExcluding": "7.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:140noe77111:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7CBDCA32-398A-4AC3-A477-DEF9ACD4D3F4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:140noc78000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FD80E512-2D78-4375-8DBB-D12E5F0AF484",
"versionEndExcluding": "1.74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:140noc78000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "876CE5BA-B45D-4FFD-8176-E26181DAC355",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:140noc77101_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EAA8F733-513D-458A-A1ED-849A3DE8F5FD",
"versionEndExcluding": "1.08",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:140noc77101:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B688E46-6D5B-4197-BBA2-23F361E656E0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:140cpu65260_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "329D4136-B86E-451A-8FF3-7722265889E1",
"versionEndExcluding": "6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:140cpu65260:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D7304B0-EE18-454B-B3F0-5EF387285D90",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CWE-287: Improper Authentication vulnerability exists which could cause the execution of\ncommands on the webserver without authentication when sending specially crafted HTTP\nrequests."
},
{
"lang": "es",
"value": "Una CWE-255: Se presenta una vulnerabilidad Administraci\u00f3n de Credenciales en el Servidor Web en Modicon M340, Modicon Quantum y ofertas ModiconPremium Legacy y sus M\u00f3dulos de Comunicaci\u00f3n (v\u00e9ase la notificaci\u00f3n de seguridad para la informaci\u00f3n de la versi\u00f3n) que podr\u00eda causar una ejecuci\u00f3n de comandos en el servidor web sin autenticaci\u00f3n cuando se env\u00eda peticiones HTTP dise\u00f1adas"
}
],
"id": "CVE-2020-7533",
"lastModified": "2025-06-10T08:15:21.423",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-01T15:15:12.190",
"references": [
{
"source": "cybersecurity@se.com",
"url": "https://download.schneider-electric.com/files?p_File_Name=SEVD-2020-287-01_Modicon_Web_Server_Security_Notificatiton.pdf\u0026p_Doc_Ref=SEVD-2020-287-01\u0026p_enDocType=Security+and+Safety+Notice"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-287-01/"
}
],
"sourceIdentifier": "cybersecurity@se.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "cybersecurity@se.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
CERTFR-2020-AVI-643
Vulnerability from certfr_avis - Published: 2020-10-14 - Updated: 2020-10-14
De multiples vulnérabilités ont été découvertes dans les produits Schneider Electric. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service, un contournement de la politique de sécurité, une atteinte à l'intégrité des données, une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Schneider Electric | N/A | Acti9 Smartlink SI D et SI B 002.004.002 et versions antérieures | ||
| Schneider Electric | N/A | Acti9 PowerTag Link / Link HD 001.008.007 et versions antérieures | ||
| Schneider Electric | N/A | Modicon Momentum Ethernet MDI | ||
| Schneider Electric | N/A | IFE Gateway toutes versions | ||
| Schneider Electric | N/A | Wiser Energy IP module par Schneider Electric (EER31800) toutes versions | ||
| Schneider Electric | N/A | TeSys T LTMR08EBD Motor Controller toutes versions | ||
| Schneider Electric | N/A | Acti9 Smartlink EL B 1.2.1 et versions antérieures | ||
| Schneider Electric | N/A | Modicon Quantum Co-processors ref. 140CPU6 | ||
| Schneider Electric | N/A | Premium processors avec Ethernet COPRO intégré (TSXP574634, TSXP575634, TSXP576634) versions antérieures à 6.1 | ||
| Schneider Electric | N/A | Gateway Connector par Elko (EKO01827) toutes versions | ||
| Schneider Electric | N/A | Network Management Card 3 (NMC3) SmartSlot (modèles AP9640/AP9640J, AP9641/AP9641J) AOS 1.3.0.6 et versions antérieures | ||
| Schneider Electric | N/A | Premium communication modules TSXETY4103 versions antérieures à 6.2, TSXETY5103 versions antérieures à 6.4 | ||
| Schneider Electric | N/A | Embedded NMC1 (Battery Management System, AP9921X, Rack Automatic Transfer Switches, AP77XX, AP9320, AP9340, AP9361, NetBotz NBRK0200, NetworkAir, InRow) AOS 3.9.2 et version antérieures | ||
| Schneider Electric | Modicon M340 | Modicon M340 CPU ref. BMXP34 | ||
| Schneider Electric | N/A | ACE850 Sepam communication interface toutes versions | ||
| Schneider Electric | N/A | Embedded NMC1 (Metered/Switched Rack PDUs with embedded NMC1, AP78XX, AP79XX) AOS 3.9.2 et versions antérieures | ||
| Schneider Electric | N/A | EcoStruxure Building SmartX IP MP et IP RP Controllers toutes versions | ||
| Schneider Electric | N/A | Wiser Energy 1.5.0 et versions antérieures | ||
| Schneider Electric | N/A | Embedded NMC2 (2G Metered/Switched Rack PDUs with embedded NMC2, AP84XX, AP86XX, AP88XX, AP89XX) | ||
| Schneider Electric | N/A | EcoStruxure Machine Expert (précédemment SoMachine et SoMachine Motion) toutes versions | ||
| Schneider Electric | N/A | XUPH001 OsSense communication module toutes versions | ||
| Schneider Electric | N/A | XGCS850C201 OsiSense RFID compact smart antenna toutes versions | ||
| Schneider Electric | N/A | PowerLogic EGX300 Ethernet Gateway toutes versions | ||
| Schneider Electric | N/A | Centrale de mesure PowerLogic PM5000 series toutes versions | ||
| Schneider Electric | N/A | M340 Communication Ethernet modules BMX NOE 0100 (H) versions antérieures à 3.3, BMX NOE 0110 (H) versions antérieures à 6.5, BMX NOC 0401 versions antérieures à 2.10 | ||
| Schneider Electric | Modicon M340 | Modicon M340 Ethernet communication Modules ref. BMXNOC, BMXNOE, BMXNOR | ||
| Schneider Electric | N/A | EcoStruxure™Power Monitoring Expert versions 7.x, 8.x et 9.0 | ||
| Schneider Electric | N/A | SCADAPack 32 RTUsAll versions 2.24 et versions antérieures | ||
| Schneider Electric | N/A | ATV630/650/660/680/6A0/6B0 Altivar Process Drives 2.6IE31 et versions antérieures | ||
| Schneider Electric | N/A | ATV340E Altivar Machine Drives 3.1IE23 et versions antérieures | ||
| Schneider Electric | N/A | M340 CPUs (BMX P34x) micologiciel versions antérieures à 3.20 | ||
| Schneider Electric | N/A | EcoStruxure™Power SCADA Operation with Advanced Reporting and Dashboards Module version 9.0 | ||
| Schneider Electric | N/A | Embedded NMC2 (Battery Manager, AP9922, Rack Automatic Transfer Switches, AP44XX, NetBotz NBRK0250) AOS 6.8.8 et version antérieures | ||
| Schneider Electric | N/A | Power Manager versions 1.1, 1.2 et 1.3 | ||
| Schneider Electric | N/A | AOS 6.8.8 et versions antérieures | ||
| Schneider Electric | N/A | ATV930/950/960/980/9A0/9B0 Altivar Process Drives 3.1IE24 et versions antérieures | ||
| Schneider Electric | N/A | Acti9 Smartlink IP, Acti9 Smartlink EL B et EL D, Acti9 Smartlink SI B et SI D toutes versions | ||
| Schneider Electric | N/A | Smart-UPS et Symmetra UPS Network Management Card 1 (NMC1) SmartSlot (modèles AP9617 (fin de support Nov 2011), AP9619 (fin de support Sep 2012), AP9618 (fin de support Jan 2017), Audio/Video Network Management Enabled products (S20BLK, G50NETB2, G50NETB-20A2)) AOS 3.9.2 et versions antérieures | ||
| Schneider Electric | N/A | Modicon Quantum Ethernet communication modules ref.140NOE et 140NOC | ||
| Schneider Electric | N/A | eIFE Ethernet Interface pour disjoncteurs MasterPact MTZ drawout toutes versions | ||
| Schneider Electric | N/A | EGX150/Link150 Ethernet Gateway toutes versions | ||
| Schneider Electric | N/A | EcoStruxure™Energy Expert version 2.0 | ||
| Schneider Electric | N/A | Modicon Premium Co-processors ref. TSXP et TSXH | ||
| Schneider Electric | N/A | Quantum communication modules 140NOE771x1 versions antérieures à 7.1, 140NOC78x00 versions antérieures à 1.74, 140NOC77101 versions antérieures à 1.08 | ||
| Schneider Electric | N/A | Wiser Link 1.5.0 et versions antérieures | ||
| Schneider Electric | N/A | Modicon M241 et M251 Logic Controller micrologiciel versions antérieures à 5.0.8.4 | ||
| Schneider Electric | N/A | Modicon Premium Ethernet communication modules ref. TSXETY | ||
| Schneider Electric | N/A | Andover Continuum controller (NetController 1 (NC1) = modèle CX9900, NetController 2 (NC2) = modèle CX9680, ACX2 = modèles ACX5720 et ACX5740, séries CX9200, séries CX9400, CX9924, CX9702, séries BCX4040, séries BCX9640) toutes versions | ||
| Schneider Electric | N/A | IFE Ethernet Interface pour ComPact, PowerPact, et disjoncteurs MasterPact toutes versions | ||
| Schneider Electric | N/A | Acti9 PowerTag Link C et Link HD toutes versions | ||
| Schneider Electric | N/A | EcoStruxure Machine SCADA Expert toutes versions | ||
| Schneider Electric | N/A | Wiser Energy IP module par Clipsal (EER72600) toutes versions | ||
| Schneider Electric | N/A | Quantum processors avec Ethernet COPRO intégré 140CPU65xxxxx versions antérieures à 6.1 | ||
| Schneider Electric | N/A | ZBRCETH Modbus TCP communication module for ZBRN1 Harmony Hub 02.03 et versions antérieures | ||
| Schneider Electric | N/A | ATV6000 Medium Voltage AltivarProcess Drives 1.1IE02 et versions antérieures | ||
| Schneider Electric | N/A | StruxureWare™ PowerSCADA Expert with Advanced Reporting and Dashboards Module versions 8.x | ||
| Schneider Electric | N/A | E+PLC400, E+PLC100 et E+PLC_Setup toutes versions | ||
| Schneider Electric | N/A | TM3BC bus coupler module EIP, SL et CANOpen toutes versions | ||
| Schneider Electric | N/A | VW3A3720, VW3A3721 Altivar ProcessCommunication Modules 1.15IE18 et versions antérieures |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Acti9 Smartlink SI D et SI B 002.004.002 et versions ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Acti9 PowerTag Link / Link HD 001.008.007 et versions ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Modicon Momentum Ethernet MDI",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "IFE Gateway toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Wiser Energy IP module par Schneider Electric (EER31800) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "TeSys T LTMR08EBD Motor Controller toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Acti9 Smartlink EL B 1.2.1 et versions ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Modicon Quantum Co-processors ref. 140CPU6",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Premium processors avec Ethernet COPRO int\u00e9gr\u00e9 (TSXP574634, TSXP575634, TSXP576634) versions ant\u00e9rieures \u00e0 6.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Gateway Connector par Elko (EKO01827) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Network Management Card 3 (NMC3) SmartSlot (mod\u00e8les AP9640/AP9640J, AP9641/AP9641J) AOS 1.3.0.6 et versions ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Premium communication modules TSXETY4103 versions ant\u00e9rieures \u00e0 6.2, TSXETY5103 versions ant\u00e9rieures \u00e0 6.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Embedded NMC1 (Battery Management System, AP9921X, Rack Automatic Transfer Switches, AP77XX, AP9320, AP9340, AP9361, NetBotz NBRK0200, NetworkAir, InRow) AOS 3.9.2 et version ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Modicon M340 CPU ref. BMXP34",
"product": {
"name": "Modicon M340",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "ACE850 Sepam communication interface toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Embedded NMC1 (Metered/Switched Rack PDUs with embedded NMC1, AP78XX, AP79XX) AOS 3.9.2 et versions ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "EcoStruxure Building SmartX IP MP et IP RP Controllers toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Wiser Energy 1.5.0 et versions ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Embedded NMC2 (2G Metered/Switched Rack PDUs with embedded NMC2, AP84XX, AP86XX, AP88XX, AP89XX)",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "EcoStruxure Machine Expert (pr\u00e9c\u00e9demment SoMachine et SoMachine Motion) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "XUPH001 OsSense communication module toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "XGCS850C201 OsiSense RFID compact smart antenna toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "PowerLogic EGX300 Ethernet Gateway toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Centrale de mesure PowerLogic PM5000 series toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "M340 Communication Ethernet modules BMX NOE 0100 (H) versions ant\u00e9rieures \u00e0 3.3, BMX NOE 0110 (H) versions ant\u00e9rieures \u00e0 6.5, BMX NOC 0401 versions ant\u00e9rieures \u00e0 2.10",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Modicon M340 Ethernet communication Modules ref. BMXNOC, BMXNOE, BMXNOR",
"product": {
"name": "Modicon M340",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "EcoStruxure\u2122Power Monitoring Expert versions 7.x, 8.x et 9.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "SCADAPack 32 RTUsAll versions 2.24 et versions ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "ATV630/650/660/680/6A0/6B0 Altivar Process Drives 2.6IE31 et versions ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "ATV340E Altivar Machine Drives 3.1IE23 et versions ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "M340 CPUs (BMX P34x) micologiciel versions ant\u00e9rieures \u00e0 3.20",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "EcoStruxure\u2122Power SCADA Operation with Advanced Reporting and Dashboards Module version 9.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Embedded NMC2 (Battery Manager, AP9922, Rack Automatic Transfer Switches, AP44XX, NetBotz NBRK0250) AOS 6.8.8 et version ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Power Manager versions 1.1, 1.2 et 1.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "AOS 6.8.8 et versions ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "ATV930/950/960/980/9A0/9B0 Altivar Process Drives 3.1IE24 et versions ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Acti9 Smartlink IP, Acti9 Smartlink EL B et EL D, Acti9 Smartlink SI B et SI D toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Smart-UPS et Symmetra UPS Network Management Card 1 (NMC1) SmartSlot (mod\u00e8les AP9617 (fin de support Nov 2011), AP9619 (fin de support Sep 2012), AP9618 (fin de support Jan 2017), Audio/Video Network Management Enabled products (S20BLK, G50NETB2, G50NETB-20A2)) AOS 3.9.2 et versions ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Modicon Quantum Ethernet communication modules ref.140NOE et 140NOC",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "eIFE Ethernet Interface pour disjoncteurs MasterPact MTZ drawout toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "EGX150/Link150 Ethernet Gateway toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "EcoStruxure\u2122Energy Expert version 2.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Modicon Premium Co-processors ref. TSXP et TSXH",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Quantum communication modules 140NOE771x1 versions ant\u00e9rieures \u00e0 7.1, 140NOC78x00 versions ant\u00e9rieures \u00e0 1.74, 140NOC77101 versions ant\u00e9rieures \u00e0 1.08",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Wiser Link 1.5.0 et versions ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Modicon M241 et M251 Logic Controller micrologiciel versions ant\u00e9rieures \u00e0 5.0.8.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Modicon Premium Ethernet communication modules ref. TSXETY",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Andover Continuum controller (NetController 1 (NC1) = mod\u00e8le CX9900, NetController 2 (NC2) = mod\u00e8le CX9680, ACX2 = mod\u00e8les ACX5720 et ACX5740, s\u00e9ries CX9200, s\u00e9ries CX9400, CX9924, CX9702, s\u00e9ries BCX4040, s\u00e9ries BCX9640) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "IFE Ethernet Interface pour ComPact, PowerPact, et disjoncteurs MasterPact toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Acti9 PowerTag Link C et Link HD toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "EcoStruxure Machine SCADA Expert toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Wiser Energy IP module par Clipsal (EER72600) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Quantum processors avec Ethernet COPRO int\u00e9gr\u00e9 140CPU65xxxxx versions ant\u00e9rieures \u00e0 6.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "ZBRCETH Modbus TCP communication module for ZBRN1 Harmony Hub 02.03 et versions ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "ATV6000 Medium Voltage AltivarProcess Drives 1.1IE02 et versions ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "StruxureWare\u2122 PowerSCADA Expert with Advanced Reporting and Dashboards Module versions 8.x",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "E+PLC400, E+PLC100 et E+PLC_Setup toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "TM3BC bus coupler module EIP, SL et CANOpen toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "VW3A3720, VW3A3721 Altivar ProcessCommunication Modules 1.15IE18 et versions ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-7547",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7547"
},
{
"name": "CVE-2020-14515",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14515"
},
{
"name": "CVE-2020-14513",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14513"
},
{
"name": "CVE-2020-7548",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7548"
},
{
"name": "CVE-2020-7545",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7545"
},
{
"name": "CVE-2017-6028",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6028"
},
{
"name": "CVE-2020-14517",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14517"
},
{
"name": "CVE-2020-14519",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14519"
},
{
"name": "CVE-2020-7546",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7546"
},
{
"name": "CVE-2020-14509",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14509"
},
{
"name": "CVE-2020-16233",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16233"
},
{
"name": "CVE-2020-7533",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7533"
},
{
"name": "CVE-2020-11898",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11898"
},
{
"name": "CVE-2020-11896",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11896"
}
],
"initial_release_date": "2020-10-14T00:00:00",
"last_revision_date": "2020-10-14T00:00:00",
"links": [],
"reference": "CERTFR-2020-AVI-643",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-10-14T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSchneider Electric. Elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service, un\ncontournement de la politique de s\u00e9curit\u00e9, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9\ndes donn\u00e9es, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Schneider Electric",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2020-287-02 du 10 octobre 2020",
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-287-02/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2017-075-03 du 10 octobre 2020",
"url": "https://www.se.com/ww/en/download/document/SEVD-2017-075-03/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2020-287-03 du 10 octobre 2020",
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-287-03/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2020-287-04 du 10 octobre 2020",
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-287-04/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2020-287-01 du 10 octobre 2020",
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-287-01/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2020-175-01 du 10 octobre 2020",
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-175-01/"
}
]
}
CVE-2020-7533
Vulnerability from csaf_se - Published: 2020-10-13 00:00 - Updated: 2025-06-10 04:00Summary
Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules
Notes
General Security Recommendations
We strongly recommend the following industry cybersecurity best practices.
https://www.se.com/us/en/download/document/7EN52-0390/
* Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network.
* Install physical controls so no unauthorized personnel can access your industrial control and safety systems, components, peripheral equipment, and networks.
* Place all controllers in locked cabinets and never leave them in the “Program” mode.
* Never connect programming software to any network other than the network intended for that device.
* Scan all methods of mobile data exchange with the isolated network such as CDs, USB drives, etc. before use in the terminals or any node connected to these networks.
* Never allow mobile devices that have connected to any other network besides the intended network to connect to the safety or control networks without proper sanitation.
* Minimize network exposure for all control system devices and systems and ensure that they are not accessible from the Internet.
* When remote access is required, use secure methods, such as Virtual Private Networks (VPNs). Recognize that VPNs may have vulnerabilities and should be updated to the most current version available. Also, understand that VPNs are only as secure as the connected devices.
For more information refer to the Schneider Electric Recommended Cybersecurity Best Practices document.
For More Information
This document provides an overview of the identified vulnerability or vulnerabilities and actions required to mitigate. For more details and assistance on how to protect your installation, contact your local Schneider Electric representative or Schneider Electric Industrial Cybersecurity Services: https://www.se.com/ww/en/work/solutions/cybersecurity/. These organizations will be fully aware of this situation and can support you through the process.
For further information related to cybersecurity in Schneider Electric’s products, visit the company’s cybersecurity support portal page: https://www.se.com/ww/en/work/support/cybersecurity/overview.jsp
LEGAL DISCLAIMER
THIS NOTIFICATION DOCUMENT, THE INFORMATION CONTAINED HEREIN, AND ANY MATERIALS LINKED FROM IT (COLLECTIVELY, THIS “NOTIFICATION”) ARE INTENDED TO HELP PROVIDE AN OVERVIEW OF THE IDENTIFIED SITUATION AND SUGGESTED MITIGATION ACTIONS, REMEDIATION, FIX, AND/OR GENERAL SECURITY RECOMMENDATIONS AND IS PROVIDED ON AN “AS-IS” BASIS WITHOUT WARRANTY OR GUARANTEE OF ANY KIND. SCHNEIDER ELECTRIC DISCLAIMS ALL WARRANTIES RELATING TO THIS NOTIFICATION, EITHER EXPRESS OR IMPLIED, INCLUDING WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. SCHNEIDER ELECTRIC MAKES NO WARRANTY THAT THE NOTIFICATION WILL RESOLVE THE IDENTIFIED SITUATION. IN NO EVENT SHALL SCHNEIDER ELECTRIC BE LIABLE FOR ANY DAMAGES OR LOSSES WHATSOEVER IN CONNECTION WITH THIS NOTIFICATION, INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF SCHNEIDER ELECTRIC HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. YOUR USE OF THIS NOTIFICATION IS AT YOUR OWN RISK, AND YOU ARE SOLELY LIABLE FOR ANY DAMAGES TO YOUR SYSTEMS OR ASSETS OR OTHER LOSSES THAT MAY RESULT FROM YOUR USE OF THIS NOTIFICATION. SCHNEIDER ELECTRIC RESERVES THE RIGHT TO UPDATE OR CHANGE THIS NOTIFICATION AT ANY TIME AND IN ITS SOLE DISCRETION
About Schneider Electric
At Schneider, we believe access to energy and digital is a basic human right. We empower all to do more with less, ensuring Life Is On everywhere, for everyone, at every moment.
We provide energy and automation digital solutions for efficiency and sustainability. We combine world-leading energy technologies, real-time automation, software and services into integrated solutions for Homes, Buildings, Data Centers, Infrastructure and Industries.
We are committed to unleash the infinite possibilities of an open, global, innovative community that is passionate with our Meaningful Purpose, Inclusive and Empowered values.
www.se.com
Overview
Schneider Electric is aware of a vulnerability in the web server of the Modicon M340, Modicon
Quantum and Modicon Premium Legacy offers and their communication modules.
The Modicon Ethernet Programmable Automation products are controllers for industrial process
and infrastructure.
Failure to apply the remediations provided below may risk execution of commands on the
webserver by an authenticated attacker, which could result in loss of availability, confidentiality
and integrity on the controller.
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "We strongly recommend the following industry cybersecurity best practices.\n\nhttps://www.se.com/us/en/download/document/7EN52-0390/\n* Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network.\n* Install physical controls so no unauthorized personnel can access your industrial control and safety systems, components, peripheral equipment, and networks.\n* Place all controllers in locked cabinets and never leave them in the \u201cProgram\u201d mode.\n* Never connect programming software to any network other than the network intended for that device.\n* Scan all methods of mobile data exchange with the isolated network such as CDs, USB drives, etc. before use in the terminals or any node connected to these networks.\n* Never allow mobile devices that have connected to any other network besides the intended network to connect to the safety or control networks without proper sanitation.\n* Minimize network exposure for all control system devices and systems and ensure that they are not accessible from the Internet.\n* When remote access is required, use secure methods, such as Virtual Private Networks (VPNs). Recognize that VPNs may have vulnerabilities and should be updated to the most current version available. Also, understand that VPNs are only as secure as the connected devices.\nFor more information refer to the Schneider Electric Recommended Cybersecurity Best Practices document. \n",
"title": "General Security Recommendations"
},
{
"category": "general",
"text": "This document provides an overview of the identified vulnerability or vulnerabilities and actions required to mitigate. For more details and assistance on how to protect your installation, contact your local Schneider Electric representative or Schneider Electric Industrial Cybersecurity Services: https://www.se.com/ww/en/work/solutions/cybersecurity/. These organizations will be fully aware of this situation and can support you through the process.\nFor further information related to cybersecurity in Schneider Electric\u2019s products, visit the company\u2019s cybersecurity support portal page: https://www.se.com/ww/en/work/support/cybersecurity/overview.jsp",
"title": "For More Information"
},
{
"category": "legal_disclaimer",
"text": "THIS NOTIFICATION DOCUMENT, THE INFORMATION CONTAINED HEREIN, AND ANY MATERIALS LINKED FROM IT (COLLECTIVELY, THIS \u201cNOTIFICATION\u201d) ARE INTENDED TO HELP PROVIDE AN OVERVIEW OF THE IDENTIFIED SITUATION AND SUGGESTED MITIGATION ACTIONS, REMEDIATION, FIX, AND/OR GENERAL SECURITY RECOMMENDATIONS AND IS PROVIDED ON AN \u201cAS-IS\u201d BASIS WITHOUT WARRANTY OR GUARANTEE OF ANY KIND. SCHNEIDER ELECTRIC DISCLAIMS ALL WARRANTIES RELATING TO THIS NOTIFICATION, EITHER EXPRESS OR IMPLIED, INCLUDING WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. SCHNEIDER ELECTRIC MAKES NO WARRANTY THAT THE NOTIFICATION WILL RESOLVE THE IDENTIFIED SITUATION. IN NO EVENT SHALL SCHNEIDER ELECTRIC BE LIABLE FOR ANY DAMAGES OR LOSSES WHATSOEVER IN CONNECTION WITH THIS NOTIFICATION, INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF SCHNEIDER ELECTRIC HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. YOUR USE OF THIS NOTIFICATION IS AT YOUR OWN RISK, AND YOU ARE SOLELY LIABLE FOR ANY DAMAGES TO YOUR SYSTEMS OR ASSETS OR OTHER LOSSES THAT MAY RESULT FROM YOUR USE OF THIS NOTIFICATION. SCHNEIDER ELECTRIC RESERVES THE RIGHT TO UPDATE OR CHANGE THIS NOTIFICATION AT ANY TIME AND IN ITS SOLE DISCRETION",
"title": "LEGAL DISCLAIMER"
},
{
"category": "general",
"text": "At Schneider, we believe access to energy and digital is a basic human right. We empower all to do more with less, ensuring Life Is On everywhere, for everyone, at every moment.\n\nWe provide energy and automation digital solutions for efficiency and sustainability. We combine world-leading energy technologies, real-time automation, software and services into integrated solutions for Homes, Buildings, Data Centers, Infrastructure and Industries.\n\nWe are committed to unleash the infinite possibilities of an open, global, innovative community that is passionate with our Meaningful Purpose, Inclusive and Empowered values.\n\nwww.se.com ",
"title": "About Schneider Electric"
},
{
"category": "summary",
"text": "Schneider Electric is aware of a vulnerability in the web server of the Modicon M340, Modicon \r\nQuantum and Modicon Premium Legacy offers and their communication modules.\r\nThe Modicon Ethernet Programmable Automation products are controllers for industrial process \r\nand infrastructure.\r\nFailure to apply the remediations provided below may risk execution of commands on the \r\nwebserver by an authenticated attacker, which could result in loss of availability, confidentiality \r\nand integrity on the controller. ",
"title": "Overview"
}
],
"publisher": {
"category": "vendor",
"contact_details": "cpcert@se.com",
"name": "Schneider Electric CPCERT",
"namespace": "https://www.se.com/ww/en/work/support/cybersecurity/security-notifications.jsp"
},
"references": [
{
"category": "self",
"summary": "Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules - SEVD-2020-287-01 PDF Version",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2020-287-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2020-287-01_Modicon_Web_Server_Security_Notificatiton.pdf"
},
{
"category": "self",
"summary": "Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules - SEVD-2020-287-01 CSAF Version",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2020-287-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=sevd-2020-287-01.json"
},
{
"category": "external",
"summary": "Recommended Cybersecurity Best Practices",
"url": "https://www.se.com/us/en/download/document/7EN52-0390/"
}
],
"title": "Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules",
"tracking": {
"current_release_date": "2025-06-10T04:00:00.000Z",
"generator": {
"date": "2025-06-05T06:54:52.522Z",
"engine": {
"name": "Schneider Electric CSAF Generator",
"version": "1.2"
}
},
"id": "SEVD-2020-287-01",
"initial_release_date": "2020-10-13T00:00:00.000Z",
"revision_history": [
{
"date": "2020-10-13T00:00:00.000Z",
"number": "1.0.0",
"summary": "Original Release"
},
{
"date": "2025-06-10T04:00:00.000Z",
"number": "1.1.0",
"summary": "CWE was updated."
}
],
"status": "final",
"version": "1.1.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c3.20",
"product": {
"name": "Schneider Electric M340 CPUs BMX P34x prior to firmware version 3.20",
"product_id": "1",
"product_identification_helper": {
"model_numbers": [
"BMX P34x"
]
}
}
}
],
"category": "product_name",
"name": "M340 CPUs BMX P34x"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c3.3",
"product": {
"name": "Schneider Electric M340 Communication Ethernet modules BMX NOE 0100 (H) prior to version 3.3",
"product_id": "2",
"product_identification_helper": {
"model_numbers": [
"BMX NOE 0100 (H)"
]
}
}
}
],
"category": "product_name",
"name": "M340 Communication Ethernet modules BMX NOE 0100 (H)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c6.5",
"product": {
"name": "Schneider Electric M340 Communication Ethernet modules BMX NOE 0110 (H) prior to version 6.5",
"product_id": "3",
"product_identification_helper": {
"model_numbers": [
"BMX NOE 0110 (H)"
]
}
}
}
],
"category": "product_name",
"name": "M340 Communication Ethernet modules BMX NOE 0110 (H)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c2.10",
"product": {
"name": "Schneider Electric M340 Communication Ethernet modules BMX NOC 0401 prior to version 2.10",
"product_id": "4",
"product_identification_helper": {
"model_numbers": [
"BMX NOC 0401"
]
}
}
}
],
"category": "product_name",
"name": "M340 Communication Ethernet modules BMX NOC 0401"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c6.1",
"product": {
"name": "Schneider Electric Premium processors with integrated Ethernet COPRO TSXP574634, TSXP575634, TSXP576634 prior to 6.1 version",
"product_id": "5",
"product_identification_helper": {
"model_numbers": [
"TSXP574634",
"TSXP575634",
"TSXP576634"
]
}
}
}
],
"category": "product_name",
"name": "Premium processors with integrated Ethernet COPRO TSXP574634, TSXP575634, TSXP576634"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c6.2",
"product": {
"name": "Schneider Electric Premium communication modules TSXETY4103 prior to version 6.2",
"product_id": "6",
"product_identification_helper": {
"model_numbers": [
"TSXETY4103"
]
}
}
}
],
"category": "product_name",
"name": "Premium communication modules TSXETY4103"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c6.4",
"product": {
"name": "Schneider Electric Premium communication modules TSXETY5103 prior to version 6.4",
"product_id": "7",
"product_identification_helper": {
"model_numbers": [
"TSXETY5103"
]
}
}
}
],
"category": "product_name",
"name": "Premium communication modules TSXETY5103"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c6.1",
"product": {
"name": "Schneider Electric Quantum processors with integrated Ethernet COPRO 140CPU65xxxxx prior to 6.1 version",
"product_id": "8",
"product_identification_helper": {
"model_numbers": [
"140CPU65xxxxx"
]
}
}
}
],
"category": "product_name",
"name": "Quantum processors with integrated Ethernet COPRO 140CPU65xxxxx"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c7.1",
"product": {
"name": "Schneider Electric Quantum communication modules 140NOE771x1 prior to version 7.1",
"product_id": "9",
"product_identification_helper": {
"model_numbers": [
"140NOE771x1"
]
}
}
}
],
"category": "product_name",
"name": "Quantum communication modules 140NOE771x1"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c1.74",
"product": {
"name": "Schneider Electric Quantum communication modules 140NOC78x00 prior to version 1.74",
"product_id": "10",
"product_identification_helper": {
"model_numbers": [
"140NOC78x00"
]
}
}
}
],
"category": "product_name",
"name": "Quantum communication modules 140NOC78x00"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c1.08",
"product": {
"name": "Schneider Electric Quantum communication modules 140NOC77101 prior to version 1.08",
"product_id": "11",
"product_identification_helper": {
"model_numbers": [
"140NOC77101"
]
}
}
}
],
"category": "product_name",
"name": "Quantum communication modules 140NOC77101"
},
{
"branches": [
{
"category": "product_version",
"name": "3.20",
"product": {
"name": "Schneider Electric M340 BMXP3420302 and CL and H version 3.20",
"product_id": "12",
"product_identification_helper": {
"model_numbers": [
"BMXP3420302 and CL and H"
]
}
}
}
],
"category": "product_name",
"name": "M340 BMXP3420302 and CL and H"
},
{
"branches": [
{
"category": "product_version",
"name": "3.20",
"product": {
"name": "Schneider Electric M340 BMXP342020 and H version 3.20",
"product_id": "13",
"product_identification_helper": {
"model_numbers": [
"BMXP342020 and H"
]
}
}
}
],
"category": "product_name",
"name": "M340 BMXP342020 and H "
},
{
"branches": [
{
"category": "product_version",
"name": "3.20",
"product": {
"name": "Schneider Electric M340 BMXP342000 version 3.20",
"product_id": "14",
"product_identification_helper": {
"model_numbers": [
"BMXP342000"
]
}
}
}
],
"category": "product_name",
"name": "M340 BMXP342000"
},
{
"branches": [
{
"category": "product_version",
"name": "3.20",
"product": {
"name": "Schneider Electric M340 BMXP341000 and H version 3.20",
"product_id": "15",
"product_identification_helper": {
"model_numbers": [
"BMXP341000 and H"
]
}
}
}
],
"category": "product_name",
"name": "M340 BMXP341000 and H"
},
{
"branches": [
{
"category": "product_version",
"name": "3.20",
"product": {
"name": "Schneider Electric M340 BMXP3420102 and CL version 3.20",
"product_id": "16",
"product_identification_helper": {
"model_numbers": [
"BMXP3420102 and CL"
]
}
}
}
],
"category": "product_name",
"name": "M340 BMXP3420102 and CL"
},
{
"branches": [
{
"category": "product_version",
"name": "3.20",
"product": {
"name": "Schneider Electric M340 BMXP3420302 version 3.20",
"product_id": "17",
"product_identification_helper": {
"model_numbers": [
"BMXP3420302"
]
}
}
}
],
"category": "product_name",
"name": "M340 BMXP3420302"
},
{
"branches": [
{
"category": "product_version",
"name": "3.3",
"product": {
"name": "Schneider Electric M340 Communication Ethernet modules BMXNOE0100 and H version 3.3",
"product_id": "18",
"product_identification_helper": {
"model_numbers": [
"BMXNOE0100 and H"
]
}
}
}
],
"category": "product_name",
"name": "M340 Communication Ethernet modules BMXNOE0100 and H"
},
{
"branches": [
{
"category": "product_version",
"name": "6.5",
"product": {
"name": "Schneider Electric M340 Communication Ethernet modules BMXNOE0110 and H version 6.5",
"product_id": "19",
"product_identification_helper": {
"model_numbers": [
"BMXNOE0110 and H"
]
}
}
}
],
"category": "product_name",
"name": "M340 Communication Ethernet modules BMXNOE0110 and H"
},
{
"branches": [
{
"category": "product_version",
"name": "2.10",
"product": {
"name": "Schneider Electric M340 Communication Ethernet modules BMXNOC0401 version 2.10",
"product_id": "20",
"product_identification_helper": {
"model_numbers": [
"BMXNOC0401"
]
}
}
}
],
"category": "product_name",
"name": "M340 Communication Ethernet modules BMXNOC0401"
},
{
"branches": [
{
"category": "product_version",
"name": "6.1",
"product": {
"name": "Schneider Electric Premium Offers Premium processors with integrated Ethernet COPRO product references TSXP574634, TSXP575634, TSXP576634 version 6.1",
"product_id": "21",
"product_identification_helper": {
"model_numbers": [
"TSXP574634",
"TSXP575634",
"TSXP576634"
]
}
}
}
],
"category": "product_name",
"name": "Premium Offers Premium processors with integrated Ethernet COPRO product references TSXP574634, TSXP575634, TSXP576634"
},
{
"branches": [
{
"category": "product_version",
"name": "6.2",
"product": {
"name": "Schneider Electric Premium Offers TSXETY4103 version 6.2",
"product_id": "22",
"product_identification_helper": {
"model_numbers": [
"TSXETY4103"
]
}
}
}
],
"category": "product_name",
"name": "Premium Offers TSXETY4103"
},
{
"branches": [
{
"category": "product_version",
"name": "6.4",
"product": {
"name": "Schneider Electric Premium Offers TSXETY5103 version 6.4",
"product_id": "23",
"product_identification_helper": {
"model_numbers": [
"TSXETY5103"
]
}
}
}
],
"category": "product_name",
"name": "Premium Offers TSXETY5103"
},
{
"branches": [
{
"category": "product_version",
"name": "6.1",
"product": {
"name": "Schneider Electric Quantum Offers Quantum processors with integrated Ethernet COPRO product reference 140CPU65xxxxx version 6.1",
"product_id": "24",
"product_identification_helper": {
"model_numbers": [
"140CPU65xxxxx"
]
}
}
}
],
"category": "product_name",
"name": "Quantum Offers Quantum processors with integrated Ethernet COPRO product reference 140CPU65xxxxx"
},
{
"branches": [
{
"category": "product_version",
"name": "7.1",
"product": {
"name": "Schneider Electric Quantum Offers 140NOE771x1 version 7.1",
"product_id": "25",
"product_identification_helper": {
"model_numbers": [
"140NOE771x1"
]
}
}
}
],
"category": "product_name",
"name": "Quantum Offers 140NOE771x1"
},
{
"branches": [
{
"category": "product_version",
"name": "1.74",
"product": {
"name": "Schneider Electric Quantum Offers 140NOC78x00 version 1.74",
"product_id": "26",
"product_identification_helper": {
"model_numbers": [
"140NOC78x00"
]
}
}
}
],
"category": "product_name",
"name": "Quantum Offers 140NOC78x00"
},
{
"branches": [
{
"category": "product_version",
"name": "1.08",
"product": {
"name": "Schneider Electric Quantum Offers 140NOC77101 version 1.08",
"product_id": "27",
"product_identification_helper": {
"model_numbers": [
"140NOC77101"
]
}
}
}
],
"category": "product_name",
"name": "Quantum Offers 140NOC77101"
}
],
"category": "vendor",
"name": "Schneider Electric"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Yang Dong"
],
"organization": "DingXiang Dongjian Security Lab"
}
],
"cve": "CVE-2020-7533",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"notes": [
{
"category": "description",
"text": "CWE-287: Improper Authentication vulnerability exists which could cause the execution of commands on the webserver without authentication when sending specially crafted HTTP requests.",
"title": "CVE Description"
},
{
"category": "summary",
"text": "Customers should use appropriate patching methodologies when applying these patches to \ntheir systems. We strongly recommend the use of back-ups and evaluating the impact of these \npatches in a Test and Development environment or on an offline infrastructure. Contact\nSchneider Electric\u2019s Customer Care Center if you need assistance removing a patch."
}
],
"product_status": {
"fixed": [
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"24",
"25",
"26",
"27"
],
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "https://www.se.com/en/download/document/BMXP3420302_Firmwares/",
"product_ids": [
"1"
],
"restart_required": {
"category": "none"
},
"url": "https://www.se.com/en/download/document/BMXP3420302_Firmwares/"
},
{
"category": "vendor_fix",
"details": "https://www.se.com/en/download/document/BMXP342020_Firmwares/",
"product_ids": [
"1"
],
"restart_required": {
"category": "none"
},
"url": "https://www.se.com/en/download/document/BMXP342020_Firmwares/"
},
{
"category": "vendor_fix",
"details": "https://www.se.com/en/download/document/BMXP342000_Firmwares/",
"product_ids": [
"1"
],
"restart_required": {
"category": "none"
},
"url": "https://www.se.com/en/download/document/BMXP342000_Firmwares/"
},
{
"category": "vendor_fix",
"details": "https://www.se.com/en/download/document/BMXP341000_Firmwares/",
"product_ids": [
"1"
],
"restart_required": {
"category": "none"
},
"url": "https://www.se.com/en/download/document/BMXP341000_Firmwares/"
},
{
"category": "vendor_fix",
"details": "https://www.se.com/en/download/document/BMXP3420102_Firmwares/",
"product_ids": [
"1"
],
"restart_required": {
"category": "none"
},
"url": "https://www.se.com/en/download/document/BMXP3420102_Firmwares/"
},
{
"category": "vendor_fix",
"details": "https://www.se.com/en/download/document/BMXP3420302_Firmwares",
"product_ids": [
"1"
],
"restart_required": {
"category": "none"
},
"url": "https://www.se.com/en/download/document/BMXP3420302_Firmwares"
},
{
"category": "vendor_fix",
"details": "https://www.se.com/ww/en/download/document/BMXNOE0100%20Exec%20and%20Release%20Notes/",
"product_ids": [
"2"
],
"restart_required": {
"category": "none"
},
"url": "https://www.se.com/ww/en/download/document/BMXNOE0100%20Exec%20and%20Release%20Notes/"
},
{
"category": "vendor_fix",
"details": "https://www.se.com/ww/en/download/document/BMXNOE0110%20Exec%20and%20Release%20Notes/",
"product_ids": [
"3"
],
"restart_required": {
"category": "none"
},
"url": "https://www.se.com/ww/en/download/document/BMXNOE0110%20Exec%20and%20Release%20Notes/"
},
{
"category": "vendor_fix",
"details": "https://www.se.com/ww/en/download/document/BMXNOC0401%20Exec%20and%20Release%20Notes/",
"product_ids": [
"4"
],
"restart_required": {
"category": "none"
},
"url": "https://www.se.com/ww/en/download/document/BMXNOC0401%20Exec%20and%20Release%20Notes/"
},
{
"category": "vendor_fix",
"details": "https://www.se.com/ww/en/download/document/TSXP574634M%20Premium%20Copro%20Exec%20and%20Release%20Notes/",
"product_ids": [
"5"
],
"restart_required": {
"category": "none"
},
"url": "https://www.se.com/ww/en/download/document/TSXP574634M%20Premium%20Copro%20Exec%20and%20Release%20Notes/"
},
{
"category": "vendor_fix",
"details": "https://www.se.com/ww/en/download/document/TSXETY4103%20Exec%20and%20Release%20Notes/",
"product_ids": [
"6"
],
"restart_required": {
"category": "none"
},
"url": "https://www.se.com/ww/en/download/document/TSXETY4103%20Exec%20and%20Release%20Notes/"
},
{
"category": "vendor_fix",
"details": "https://www.se.com/ww/en/download/document/TSXETY5103%20Exec/",
"product_ids": [
"7"
],
"restart_required": {
"category": "none"
},
"url": "https://www.se.com/ww/en/download/document/TSXETY5103%20Exec/"
},
{
"category": "vendor_fix",
"details": "https://www.se.com/ww/en/download/document/140CPU65260%20Quantum%20Copro%20Exec%20and%20Release%20Notes/",
"product_ids": [
"8"
],
"restart_required": {
"category": "none"
},
"url": "https://www.se.com/ww/en/download/document/140CPU65260%20Quantum%20Copro%20Exec%20and%20Release%20Notes/"
},
{
"category": "vendor_fix",
"details": "https://www.se.com/ww/en/download/document/140NOE77111%20Exec%20and%20Release%20Notes%20For%20Unity%20and%20Non%20Unity%20Users/",
"product_ids": [
"9"
],
"restart_required": {
"category": "none"
},
"url": "https://www.se.com/ww/en/download/document/140NOE77111%20Exec%20and%20Release%20Notes%20For%20Unity%20and%20Non%20Unity%20Users/"
},
{
"category": "vendor_fix",
"details": "https://www.se.com/ww/en/download/document/140NOC78000%20Exec%20and%20Release%20Notes/",
"product_ids": [
"10"
],
"restart_required": {
"category": "none"
},
"url": "https://www.se.com/ww/en/download/document/140NOC78000%20Exec%20and%20Release%20Notes/"
},
{
"category": "vendor_fix",
"details": "https://www.se.com/ww/en/download/document/140NOC77101%20Exec%20and%20Release%20Notes/",
"product_ids": [
"11"
],
"restart_required": {
"category": "none"
},
"url": "https://www.se.com/ww/en/download/document/140NOC77101%20Exec%20and%20Release%20Notes/"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2020-7533"
}
]
}
GHSA-4WM4-5VMP-66G7
Vulnerability from github – Published: 2022-05-24 17:35 – Updated: 2025-06-10 09:30
VLAI?
Details
A CWE-255: Credentials Management vulnerability exists in Web Server on Modicon M340, Modicon Quantum and ModiconPremium Legacy offers and their Communication Modules (see security notification for version information) which could cause the execution of commands on the webserver without authentication when sending specially crafted HTTP requests.
Severity ?
9.8 (Critical)
{
"affected": [],
"aliases": [
"CVE-2020-7533"
],
"database_specific": {
"cwe_ids": [
"CWE-287"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-12-01T15:15:00Z",
"severity": "CRITICAL"
},
"details": "A CWE-255: Credentials Management vulnerability exists in Web Server on Modicon M340, Modicon Quantum and ModiconPremium Legacy offers and their Communication Modules (see security notification for version information) which could cause the execution of commands on the webserver without authentication when sending specially crafted HTTP requests.",
"id": "GHSA-4wm4-5vmp-66g7",
"modified": "2025-06-10T09:30:30Z",
"published": "2022-05-24T17:35:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7533"
},
{
"type": "WEB",
"url": "https://download.schneider-electric.com/files?p_File_Name=SEVD-2020-287-01_Modicon_Web_Server_Security_Notificatiton.pdf\u0026p_Doc_Ref=SEVD-2020-287-01\u0026p_enDocType=Security+and+Safety+Notice"
},
{
"type": "WEB",
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-287-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GSD-2020-7533
Vulnerability from gsd - Updated: 2023-12-13 01:21Details
A CWE-255: Credentials Management vulnerability exists in Web Server on Modicon M340, Modicon Quantum and ModiconPremium Legacy offers and their Communication Modules (see security notification for version information) which could cause the execution of commands on the webserver without authentication when sending specially crafted HTTP requests.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2020-7533",
"description": "A CWE-255: Credentials Management vulnerability exists in Web Server on Modicon M340, Modicon Quantum and ModiconPremium Legacy offers and their Communication Modules (see security notification for version information) which could cause the execution of commands on the webserver without authentication when sending specially crafted HTTP requests.",
"id": "GSD-2020-7533"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2020-7533"
],
"details": "A CWE-255: Credentials Management vulnerability exists in Web Server on Modicon M340, Modicon Quantum and ModiconPremium Legacy offers and their Communication Modules (see security notification for version information) which could cause the execution of commands on the webserver without authentication when sending specially crafted HTTP requests.",
"id": "GSD-2020-7533",
"modified": "2023-12-13T01:21:51.525031Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2020-7533",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see security notification for version information)",
"version": {
"version_data": [
{
"version_value": "Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see security notification for version information)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-255: Credentials Management vulnerability exists in Web Server on Modicon M340, Modicon Quantum and ModiconPremium Legacy offers and their Communication Modules (see security notification for version information) which could cause the execution of commands on the webserver without authentication when sending specially crafted HTTP requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-255: Credentials Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.se.com/ww/en/download/document/SEVD-2020-287-01/",
"refsource": "MISC",
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-287-01/"
}
]
}
},
"nvd.nist.gov": {
"cve": {
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "86401BD9-9D3F-4626-A299-6AFD5A7C6A95",
"versionEndExcluding": "3.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302:-:*:*:*:*:*:*:*",
"matchCriteriaId": "354968F7-C41B-4C21-8E47-81DC07DF0EA5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AC91F3A5-7032-45DD-8897-0A63FDD25550",
"versionEndExcluding": "3.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6D150239-27E2-4CBE-A931-5107C15E362F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp341000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FA9F5C74-1CF8-47E8-B3AB-2F87FCD25D28",
"versionEndExcluding": "3.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp341000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "178D2338-E48E-493C-992F-337AACE794DE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420102_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "486E0121-1C3B-4EDC-9D76-292648A96764",
"versionEndExcluding": "3.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420102:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98212CF5-BCF4-4A55-B62A-484569687B4E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "86401BD9-9D3F-4626-A299-6AFD5A7C6A95",
"versionEndExcluding": "3.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302:-:*:*:*:*:*:*:*",
"matchCriteriaId": "354968F7-C41B-4C21-8E47-81DC07DF0EA5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:bmxnoe0100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1BCDF059-40BF-4A32-9932-A7A744E6F295",
"versionEndExcluding": "3.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:bmxnoe0100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "80FC6FF2-D662-4A57-AAA6-BC04351DC779",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:bmxnoe0110_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E001828-1A7D-4C8B-95FC-046652D3EF07",
"versionEndExcluding": "6.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:bmxnoe0110:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98F3B055-8919-4E09-9827-288F0A03DAFF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:bmxnoc0401_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "887976CC-8244-4D86-9941-BA82BC1AB6C2",
"versionEndExcluding": "2.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:bmxnoc0401:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DF08654A-FFCB-47D3-AC82-DF7284548962",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:tsxp574634_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "19D112F4-50CB-4EFE-B0EA-43A732A22283",
"versionEndExcluding": "6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:tsxp574634:-:*:*:*:*:*:*:*",
"matchCriteriaId": "76B1122A-56A2-44BB-8648-C6E96D1966D9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:tsxp575634_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4EDD6B6C-FF2A-4960-AFD6-9DF4B4F7FD5E",
"versionEndExcluding": "6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:tsxp575634:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A0678A50-FE23-49BD-A6CF-A7094EFDAFA1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:tsxp576634_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3CB6318A-9AEF-4C9D-9678-05208026AC8A",
"versionEndExcluding": "6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:tsxp576634:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38F83CCC-4A66-4D47-A563-777A16028F3B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:tsxety4103_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "92C280EA-9C52-47A9-AA1E-B0AA9C1F67F2",
"versionEndExcluding": "6.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:tsxety4103:-:*:*:*:*:*:*:*",
"matchCriteriaId": "18B13865-038C-4073-955A-36E6F5037C2C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:tsxety5103_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C093ECB-B977-4346-9E0E-DC30DD762055",
"versionEndExcluding": "6.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:tsxety5103:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6A901BF2-9316-4067-9AFC-8A7CB3549F68",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:140noe77111_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4570480E-3787-4263-AB51-8AD0B62969CB",
"versionEndExcluding": "7.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:140noe77111:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7CBDCA32-398A-4AC3-A477-DEF9ACD4D3F4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:140noc78000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FD80E512-2D78-4375-8DBB-D12E5F0AF484",
"versionEndExcluding": "1.74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:140noc78000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "876CE5BA-B45D-4FFD-8176-E26181DAC355",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:140noc77101_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EAA8F733-513D-458A-A1ED-849A3DE8F5FD",
"versionEndExcluding": "1.08",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:140noc77101:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B688E46-6D5B-4197-BBA2-23F361E656E0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:140cpu65260_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "329D4136-B86E-451A-8FF3-7722265889E1",
"versionEndExcluding": "6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:140cpu65260:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D7304B0-EE18-454B-B3F0-5EF387285D90",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-255: Credentials Management vulnerability exists in Web Server on Modicon M340, Modicon Quantum and ModiconPremium Legacy offers and their Communication Modules (see security notification for version information) which could cause the execution of commands on the webserver without authentication when sending specially crafted HTTP requests."
},
{
"lang": "es",
"value": "Una CWE-255: Se presenta una vulnerabilidad Administraci\u00f3n de Credenciales en el Servidor Web en Modicon M340, Modicon Quantum y ofertas ModiconPremium Legacy y sus M\u00f3dulos de Comunicaci\u00f3n (v\u00e9ase la notificaci\u00f3n de seguridad para la informaci\u00f3n de la versi\u00f3n) que podr\u00eda causar una ejecuci\u00f3n de comandos en el servidor web sin autenticaci\u00f3n cuando se env\u00eda peticiones HTTP dise\u00f1adas"
}
],
"id": "CVE-2020-7533",
"lastModified": "2024-04-10T12:28:45.957",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-01T15:15:12.190",
"references": [
{
"source": "cybersecurity@se.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-287-01/"
}
],
"sourceIdentifier": "cybersecurity@se.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-255"
}
],
"source": "cybersecurity@se.com",
"type": "Secondary"
}
]
}
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…