{"containers": {"cna": {"affected": [{"product": "Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions)", "vendor": "n/a", "versions": [{"status": "affected", "version": "Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions)"}]}], "descriptions": [{"lang": "en", "value": "A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause unauthenticated command execution in the controller when sending special HTTP requests."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-306", "description": "CWE-306: Missing Authentication for Critical Function", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-12-11T00:52:03", "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "shortName": "schneider"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-04/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cybersecurity@schneider-electric.com", "ID": "CVE-2020-7540", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions)", "version": {"version_data": [{"version_value": "Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions)"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause unauthenticated command execution in the controller when sending special HTTP requests."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-306: Missing Authentication for Critical Function"}]}]}, "references": {"reference_data": [{"name": "https://www.se.com/ww/en/download/document/SEVD-2020-343-04/", "refsource": "CONFIRM", "url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-04/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T09:33:19.892Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-04/"}]}]}, "cveMetadata": {"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "assignerShortName": "schneider", "cveId": "CVE-2020-7540", "datePublished": "2020-12-11T00:52:03", "dateReserved": "2020-01-21T00:00:00", "dateUpdated": "2024-08-04T09:33:19.892Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp341000_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C440362A-7E0E-497C-B275-409E9B57D8A2", "versionEndExcluding": "3.30", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp341000:-:*:*:*:*:*:*:*", "matchCriteriaId": "178D2338-E48E-493C-992F-337AACE794DE", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342000_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B6ACCC66-4075-4EE9-A6BA-01EF7529C568", "versionEndExcluding": "3.30", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342000:-:*:*:*:*:*:*:*", "matchCriteriaId": "6D150239-27E2-4CBE-A931-5107C15E362F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420102_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "FD031F4E-9F3C-4035-AFB8-B7442F1B2475", "versionEndExcluding": "3.30", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420102:-:*:*:*:*:*:*:*", "matchCriteriaId": "98212CF5-BCF4-4A55-B62A-484569687B4E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420102cl_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "1C1D1498-1069-4080-8EB4-3BA6C0DC2CEA", "versionEndExcluding": "3.30", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420102cl:-:*:*:*:*:*:*:*", "matchCriteriaId": "D30336F0-EDCF-486C-B52E-D0C53BCDFC65", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342020_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E5481772-5E18-4985-A5E5-F7223B52A90B", "versionEndExcluding": "3.30", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020:-:*:*:*:*:*:*:*", "matchCriteriaId": "99F2F851-C18F-4CB8-B47C-516F2AC7955D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "1A83CF92-F35F-416F-B571-CA5600BF671F", "versionEndExcluding": "3.30", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302:-:*:*:*:*:*:*:*", "matchCriteriaId": "354968F7-C41B-4C21-8E47-81DC07DF0EA5", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302cl_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "8E506AD9-C302-4D41-B971-46DE19AF83FB", "versionEndExcluding": "3.30", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302cl:-:*:*:*:*:*:*:*", "matchCriteriaId": "32091F91-9397-4506-8801-C68B9E8B60F0", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:bmxnoe0100_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "1BCDF059-40BF-4A32-9932-A7A744E6F295", "versionEndExcluding": "3.3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:bmxnoe0100:-:*:*:*:*:*:*:*", "matchCriteriaId": "80FC6FF2-D662-4A57-AAA6-BC04351DC779", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:bmxnoe0110_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3E001828-1A7D-4C8B-95FC-046652D3EF07", "versionEndExcluding": "6.5", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:bmxnoe0110:-:*:*:*:*:*:*:*", "matchCriteriaId": "98F3B055-8919-4E09-9827-288F0A03DAFF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:140noe77101_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F72DC31C-3FF4-416C-BCD7-5F78EE066907", "versionEndExcluding": "7.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:140noe77101:-:*:*:*:*:*:*:*", "matchCriteriaId": "DBA60BB0-1725-45E7-9191-0D300EB05082", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:140noe77111_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4570480E-3787-4263-AB51-8AD0B62969CB", "versionEndExcluding": "7.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:140noe77111:-:*:*:*:*:*:*:*", "matchCriteriaId": "7CBDCA32-398A-4AC3-A477-DEF9ACD4D3F4", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:140cpu65150_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F419FC54-72D9-488F-9B0F-C12CEA213089", "versionEndExcluding": "6.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:140cpu65150:-:*:*:*:*:*:*:*", "matchCriteriaId": "EC3E5496-C3D0-4DF4-A9AF-F227F889840E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:140cpu65160_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "CF7A5C7B-9DBA-47CB-B7D4-70184AEBC684", "versionEndExcluding": "6.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:140cpu65160:-:*:*:*:*:*:*:*", "matchCriteriaId": "B2C2AF70-F0BB-4D17-901C-1FCBECDC44FB", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:140noc78000_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "FD80E512-2D78-4375-8DBB-D12E5F0AF484", "versionEndExcluding": "1.74", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:140noc78000:-:*:*:*:*:*:*:*", "matchCriteriaId": "876CE5BA-B45D-4FFD-8176-E26181DAC355", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:140noc78100_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "FCD74F63-7BA1-498F-977F-FCA90B5968AA", "versionEndExcluding": "1.74", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:140noc78100:-:*:*:*:*:*:*:*", "matchCriteriaId": "1067FDEA-33BC-4AA9-AC5B-099BA757065B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:140noc77101_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "EAA8F733-513D-458A-A1ED-849A3DE8F5FD", "versionEndExcluding": "1.08", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:140noc77101:-:*:*:*:*:*:*:*", "matchCriteriaId": "0B688E46-6D5B-4197-BBA2-23F361E656E0", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:tsxp574634_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "19D112F4-50CB-4EFE-B0EA-43A732A22283", "versionEndExcluding": "6.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:tsxp574634:-:*:*:*:*:*:*:*", "matchCriteriaId": "76B1122A-56A2-44BB-8648-C6E96D1966D9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:tsxp575634_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4EDD6B6C-FF2A-4960-AFD6-9DF4B4F7FD5E", "versionEndExcluding": "6.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:tsxp575634:-:*:*:*:*:*:*:*", "matchCriteriaId": "A0678A50-FE23-49BD-A6CF-A7094EFDAFA1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:tsxp576634_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3CB6318A-9AEF-4C9D-9678-05208026AC8A", "versionEndExcluding": "6.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:tsxp576634:-:*:*:*:*:*:*:*", "matchCriteriaId": "38F83CCC-4A66-4D47-A563-777A16028F3B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:tsxety4103_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "92C280EA-9C52-47A9-AA1E-B0AA9C1F67F2", "versionEndExcluding": "6.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:tsxety4103:-:*:*:*:*:*:*:*", "matchCriteriaId": "18B13865-038C-4073-955A-36E6F5037C2C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:tsxety5103_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "0C093ECB-B977-4346-9E0E-DC30DD762055", "versionEndExcluding": "6.4", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:tsxety5103:-:*:*:*:*:*:*:*", "matchCriteriaId": "6A901BF2-9316-4067-9AFC-8A7CB3549F68", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:bmxnoc0401_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "887976CC-8244-4D86-9941-BA82BC1AB6C2", "versionEndExcluding": "2.10", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:bmxnoc0401:-:*:*:*:*:*:*:*", "matchCriteriaId": "DF08654A-FFCB-47D3-AC82-DF7284548962", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:bmxnor200h_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "916E21A9-E841-496D-84DB-A6427A300FD2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:bmxnor200h:-:*:*:*:*:*:*:*", "matchCriteriaId": "61020CA2-94D2-461F-B103-5A4985AE438E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause unauthenticated command execution in the controller when sending special HTTP requests."}, {"lang": "es", "value": "Una CWE-306: Se presenta una vulnerabilidad de Falta Autenticaci\u00f3n para la Funci\u00f3n Cr\u00edtica en el Servidor Web en Modicon M340, Legacy Offers Modicon Quantum y Modicon Premium y Modicon Premium y M\u00f3dulos de Comunicaci\u00f3n asociados (consulte la notificaci\u00f3n de seguridad para las versiones afectadas), que podr\u00eda causar una ejecuci\u00f3n de comandos no autenticados en el controlador cuando se env\u00edan peticiones HTTP especiales"}], "id": "CVE-2020-7540", "lastModified": "2024-04-10T12:28:45.957", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-12-11T01:15:12.377", "references": [{"source": "cybersecurity@se.com", "tags": ["Vendor Advisory"], "url": "https://www.se.com/ww/en/download/document/SEVD-2020-343-04/"}], "sourceIdentifier": "cybersecurity@se.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-306"}], "source": "cybersecurity@se.com", "type": "Primary"}]}

{}