// For flags

CVE-2013-0663

Schneider Electric PLCs - Cross-Site Request Forgery

Severity Score

6.8
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Cross-site request forgery (CSRF) vulnerability on the Schneider Electric Quantum 140NOE77111, 140NOE77101, and 140NWM10000; M340 BMXNOC0401, BMXNOE0100x, and BMXNOE011xx; and Premium TSXETY4103, TSXETY5103, and TSXWMY100 PLC modules allows remote attackers to hijack the authentication of arbitrary users for requests that execute commands, as demonstrated by modifying HTTP credentials.

Vulnerabilidad CSRF en los módulos Schneider Electric Quantum 140NOE77111, 140NOE77101, y 140NWM10000; M340 BMXNOC0401, BMXNOE0100x, y BMXNOE011xx; y Premium TSXETY4103, TSXETY5103, y TSXWMY100 PLC, permite a atacantes remotos secuestrar la autenticación de los usuarios para peticiones que ejecutan comandos, como se ha demostrado mediante la modificación de de peticiones HTTP.

Schneider Electric PLCs suffer from a cross site request forgery vulnerability.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2012-12-19 CVE Reserved
  • 2013-04-04 CVE Published
  • 2024-06-28 EPSS Updated
  • 2024-08-06 CVE Updated
  • 2024-08-06 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-352: Cross-Site Request Forgery (CSRF)
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Schneider-electric
Search vendor "Schneider-electric"
 Modicon Quantum Plc
Search vendor "Schneider-electric" for product "Modicon Quantum Plc"
 140noe77101
Search vendor "Schneider-electric" for product "Modicon Quantum Plc" and version "140noe77101"
-
Affected
Schneider-electric
Search vendor "Schneider-electric"
 Modicon Quantum Plc
Search vendor "Schneider-electric" for product "Modicon Quantum Plc"
 140noe77111
Search vendor "Schneider-electric" for product "Modicon Quantum Plc" and version "140noe77111"
-
Affected
Schneider-electric
Search vendor "Schneider-electric"
 Modicon Quantum Plc
Search vendor "Schneider-electric" for product "Modicon Quantum Plc"
 140nwm10000
Search vendor "Schneider-electric" for product "Modicon Quantum Plc" and version "140nwm10000"
-
Affected
Schneider-electric
Search vendor "Schneider-electric"
 Modicon M340
Search vendor "Schneider-electric" for product "Modicon M340"
 bmxnoc0401
Search vendor "Schneider-electric" for product "Modicon M340" and version "bmxnoc0401"
-
Affected
Schneider-electric
Search vendor "Schneider-electric"
 Modicon M340
Search vendor "Schneider-electric" for product "Modicon M340"
 bmxnoe011xx
Search vendor "Schneider-electric" for product "Modicon M340" and version "bmxnoe011xx"
-
Affected
Schneider-electric
Search vendor "Schneider-electric"
 Modicon M340
Search vendor "Schneider-electric" for product "Modicon M340"
 bmxnoe0100x
Search vendor "Schneider-electric" for product "Modicon M340" and version "bmxnoe0100x"
-
Affected
Schneider-electric
Search vendor "Schneider-electric"
 Modicon Premium
Search vendor "Schneider-electric" for product "Modicon Premium"
 tsxety4103
Search vendor "Schneider-electric" for product "Modicon Premium" and version "tsxety4103"
-
Affected
Schneider-electric
Search vendor "Schneider-electric"
 Modicon Premium
Search vendor "Schneider-electric" for product "Modicon Premium"
 tsxety5103
Search vendor "Schneider-electric" for product "Modicon Premium" and version "tsxety5103"
-
Affected
Schneider-electric
Search vendor "Schneider-electric"
 Modicon Premium
Search vendor "Schneider-electric" for product "Modicon Premium"
 tsxwmy100
Search vendor "Schneider-electric" for product "Modicon Premium" and version "tsxwmy100"
-
Affected