CVE-2020-7534

Severity Score

8.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists on the web server used, that could cause a leak of sensitive data or unauthorized actions on the web server during the time the user is logged in. Affected Products: Modicon M340 CPUs: BMXP34 (All Versions), Modicon Quantum CPUs with integrated Ethernet (Copro): 140CPU65 (All Versions), Modicon Premium CPUs with integrated Ethernet (Copro): TSXP57 (All Versions), Modicon M340 ethernet modules: (BMXNOC0401, BMXNOE01, BMXNOR0200H) (All Versions), Modicon Quantum and Premium factory cast communication modules: (140NOE77111, 140NOC78*00, TSXETY5103, TSXETY4103) (All Versions)

Una CWE-352: Una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) se presenta en el servidor web usado, que podría causar un filtrado de datos confidenciales o acciones no autorizadas en el servidor web durante el tiempo en que el usuario está conectado. Productos afectados: CPUs Modicon M340: BMXP34 (Todas las versiones), CPUs Modicon Quantum con Ethernet integrada (Copro): 140CPU65 (Todas las versiones), CPUs Modicon Premium con Ethernet integrada (Copro): TSXP57 (Todas las versiones), Módulos ethernet Modicon M340: (BMXNOC0401, BMXNOE01, BMXNOR0200H) (Todas las versiones), Módulos de comunicación de fábrica Modicon Quantum y Premium: (140NOE77111, 140NOC78*00, TSXETY5103, TSXETY4103) (Todas las versiones)

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2020-01-21 CVE Reserved
2022-02-04 CVE Published
2024-08-04 CVE Updated
2024-10-20 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-352: Cross-Site Request Forgery (CSRF)

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-011-01	2024-04-10

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Schneider-electric Search vendor "Schneider-electric"	Modicon M340 Bmxp342020 Firmware Search vendor "Schneider-electric" for product "Modicon M340 Bmxp342020 Firmware"	*	-	Affected	in	Schneider-electric Search vendor "Schneider-electric"	Modicon M340 Bmxp342020 Search vendor "Schneider-electric" for product "Modicon M340 Bmxp342020"	-	-	Safe
Schneider-electric Search vendor "Schneider-electric"	140cpu65 Firmware Search vendor "Schneider-electric" for product "140cpu65 Firmware"	*	-	Affected	in	Schneider-electric Search vendor "Schneider-electric"	140cpu65 Search vendor "Schneider-electric" for product "140cpu65"	-	-	Safe
Schneider-electric Search vendor "Schneider-electric"	Tsxp57 Firmware Search vendor "Schneider-electric" for product "Tsxp57 Firmware"	*	-	Affected	in	Schneider-electric Search vendor "Schneider-electric"	Tsxp57 Search vendor "Schneider-electric" for product "Tsxp57"	-	-	Safe
Schneider-electric Search vendor "Schneider-electric"	Bmxnoc0401 Firmware Search vendor "Schneider-electric" for product "Bmxnoc0401 Firmware"	*	-	Affected	in	Schneider-electric Search vendor "Schneider-electric"	Bmxnoc0401 Search vendor "Schneider-electric" for product "Bmxnoc0401"	-	-	Safe
Schneider-electric Search vendor "Schneider-electric"	Bmxnoe01 Firmware Search vendor "Schneider-electric" for product "Bmxnoe01 Firmware"	*	-	Affected	in	Schneider-electric Search vendor "Schneider-electric"	Bmxnoe01 Search vendor "Schneider-electric" for product "Bmxnoe01"	-	-	Safe
Schneider-electric Search vendor "Schneider-electric"	Bmxnor0200h Firmware Search vendor "Schneider-electric" for product "Bmxnor0200h Firmware"	*	-	Affected	in	Schneider-electric Search vendor "Schneider-electric"	Bmxnor0200h Search vendor "Schneider-electric" for product "Bmxnor0200h"	-	-	Safe
Schneider-electric Search vendor "Schneider-electric"	140noe77111 Firmware Search vendor "Schneider-electric" for product "140noe77111 Firmware"	*	-	Affected	in	Schneider-electric Search vendor "Schneider-electric"	140noe77111 Search vendor "Schneider-electric" for product "140noe77111"	-	-	Safe
Schneider-electric Search vendor "Schneider-electric"	140noc78000 Firmware Search vendor "Schneider-electric" for product "140noc78000 Firmware"	*	-	Affected	in	Schneider-electric Search vendor "Schneider-electric"	140noc78000 Search vendor "Schneider-electric" for product "140noc78000"	-	-	Safe
Schneider-electric Search vendor "Schneider-electric"	Tsxety5103 Firmware Search vendor "Schneider-electric" for product "Tsxety5103 Firmware"	*	-	Affected	in	Schneider-electric Search vendor "Schneider-electric"	Tsxety5103 Search vendor "Schneider-electric" for product "Tsxety5103"	-	-	Safe
Schneider-electric Search vendor "Schneider-electric"	Tsxety4103 Firmware Search vendor "Schneider-electric" for product "Tsxety4103 Firmware"	*	-	Affected	in	Schneider-electric Search vendor "Schneider-electric"	Tsxety4103 Search vendor "Schneider-electric" for product "Tsxety4103"	-	-	Safe