// For flags

CVE-2020-7535

 

Severity Score

7.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal' Vulnerability Type) vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause disclosure of information when sending a specially crafted request to the controller over HTTP.

Una CWE-22: Se presenta una vulnerabilidad de Limitación Inapropiada de un Nombre de Ruta a un Directorio Restringido (Tipo de Vulnerabilidad "Path Traversal") en el Servidor Web en Modicon M340, Legacy Offers Modicon Quantum y Modicon Premium y Módulos de Comunicación asociados (consulte la notificación de seguridad para las versiones afectadas ), que podría causar la divulgación de información cuando se envía una petición especialmente diseñada hacia el controlador a través de HTTP

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2020-01-21 CVE Reserved
  • 2020-12-11 CVE Published
  • 2023-08-26 EPSS Updated
  • 2024-08-04 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (1)
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Schneider-electric
Search vendor "Schneider-electric"
Modicon M340 Bmxp341000 Firmware
Search vendor "Schneider-electric" for product "Modicon M340 Bmxp341000 Firmware"
< 3.30
Search vendor "Schneider-electric" for product "Modicon M340 Bmxp341000 Firmware" and version " < 3.30"
-
Affected
in Schneider-electric
Search vendor "Schneider-electric"
Modicon M340 Bmxp341000
Search vendor "Schneider-electric" for product "Modicon M340 Bmxp341000"
--
Safe
Schneider-electric
Search vendor "Schneider-electric"
Modicon M340 Bmxp342000 Firmware
Search vendor "Schneider-electric" for product "Modicon M340 Bmxp342000 Firmware"
< 3.30
Search vendor "Schneider-electric" for product "Modicon M340 Bmxp342000 Firmware" and version " < 3.30"
-
Affected
in Schneider-electric
Search vendor "Schneider-electric"
Modicon M340 Bmxp342000
Search vendor "Schneider-electric" for product "Modicon M340 Bmxp342000"
--
Safe
Schneider-electric
Search vendor "Schneider-electric"
Modicon M340 Bmxp3420102 Firmware
Search vendor "Schneider-electric" for product "Modicon M340 Bmxp3420102 Firmware"
< 3.30
Search vendor "Schneider-electric" for product "Modicon M340 Bmxp3420102 Firmware" and version " < 3.30"
-
Affected
in Schneider-electric
Search vendor "Schneider-electric"
Modicon M340 Bmxp3420102
Search vendor "Schneider-electric" for product "Modicon M340 Bmxp3420102"
--
Safe
Schneider-electric
Search vendor "Schneider-electric"
Modicon M340 Bmxp3420102cl Firmware
Search vendor "Schneider-electric" for product "Modicon M340 Bmxp3420102cl Firmware"
< 3.30
Search vendor "Schneider-electric" for product "Modicon M340 Bmxp3420102cl Firmware" and version " < 3.30"
-
Affected
in Schneider-electric
Search vendor "Schneider-electric"
Modicon M340 Bmxp3420102cl
Search vendor "Schneider-electric" for product "Modicon M340 Bmxp3420102cl"
--
Safe
Schneider-electric
Search vendor "Schneider-electric"
Modicon M340 Bmxp342020 Firmware
Search vendor "Schneider-electric" for product "Modicon M340 Bmxp342020 Firmware"
< 3.30
Search vendor "Schneider-electric" for product "Modicon M340 Bmxp342020 Firmware" and version " < 3.30"
-
Affected
in Schneider-electric
Search vendor "Schneider-electric"
Modicon M340 Bmxp342020
Search vendor "Schneider-electric" for product "Modicon M340 Bmxp342020"
--
Safe
Schneider-electric
Search vendor "Schneider-electric"
Modicon M340 Bmxp3420302 Firmware
Search vendor "Schneider-electric" for product "Modicon M340 Bmxp3420302 Firmware"
< 3.30
Search vendor "Schneider-electric" for product "Modicon M340 Bmxp3420302 Firmware" and version " < 3.30"
-
Affected
in Schneider-electric
Search vendor "Schneider-electric"
Modicon M340 Bmxp3420302
Search vendor "Schneider-electric" for product "Modicon M340 Bmxp3420302"
--
Safe
Schneider-electric
Search vendor "Schneider-electric"
Modicon M340 Bmxp3420302cl Firmware
Search vendor "Schneider-electric" for product "Modicon M340 Bmxp3420302cl Firmware"
< 3.30
Search vendor "Schneider-electric" for product "Modicon M340 Bmxp3420302cl Firmware" and version " < 3.30"
-
Affected
in Schneider-electric
Search vendor "Schneider-electric"
Modicon M340 Bmxp3420302cl
Search vendor "Schneider-electric" for product "Modicon M340 Bmxp3420302cl"
--
Safe
Schneider-electric
Search vendor "Schneider-electric"
Bmxnoe0100 Firmware
Search vendor "Schneider-electric" for product "Bmxnoe0100 Firmware"
< 3.4
Search vendor "Schneider-electric" for product "Bmxnoe0100 Firmware" and version " < 3.4"
-
Affected
in Schneider-electric
Search vendor "Schneider-electric"
Bmxnoe0100
Search vendor "Schneider-electric" for product "Bmxnoe0100"
--
Safe
Schneider-electric
Search vendor "Schneider-electric"
Bmxnoe0110 Firmware
Search vendor "Schneider-electric" for product "Bmxnoe0110 Firmware"
< 6.6
Search vendor "Schneider-electric" for product "Bmxnoe0110 Firmware" and version " < 6.6"
-
Affected
in Schneider-electric
Search vendor "Schneider-electric"
Bmxnoe0110
Search vendor "Schneider-electric" for product "Bmxnoe0110"
--
Safe
Schneider-electric
Search vendor "Schneider-electric"
140noe77101 Firmware
Search vendor "Schneider-electric" for product "140noe77101 Firmware"
< 7.3
Search vendor "Schneider-electric" for product "140noe77101 Firmware" and version " < 7.3"
-
Affected
in Schneider-electric
Search vendor "Schneider-electric"
140noe77101
Search vendor "Schneider-electric" for product "140noe77101"
--
Safe
Schneider-electric
Search vendor "Schneider-electric"
140noe77111 Firmware
Search vendor "Schneider-electric" for product "140noe77111 Firmware"
< 7.3
Search vendor "Schneider-electric" for product "140noe77111 Firmware" and version " < 7.3"
-
Affected
in Schneider-electric
Search vendor "Schneider-electric"
140noe77111
Search vendor "Schneider-electric" for product "140noe77111"
--
Safe
Schneider-electric
Search vendor "Schneider-electric"
140cpu65150 Firmware
Search vendor "Schneider-electric" for product "140cpu65150 Firmware"
*-
Affected
in Schneider-electric
Search vendor "Schneider-electric"
140cpu65150
Search vendor "Schneider-electric" for product "140cpu65150"
--
Safe
Schneider-electric
Search vendor "Schneider-electric"
140cpu65160 Firmware
Search vendor "Schneider-electric" for product "140cpu65160 Firmware"
*-
Affected
in Schneider-electric
Search vendor "Schneider-electric"
140cpu65160
Search vendor "Schneider-electric" for product "140cpu65160"
--
Safe
Schneider-electric
Search vendor "Schneider-electric"
140noc78000 Firmware
Search vendor "Schneider-electric" for product "140noc78000 Firmware"
*-
Affected
in Schneider-electric
Search vendor "Schneider-electric"
140noc78000
Search vendor "Schneider-electric" for product "140noc78000"
--
Safe
Schneider-electric
Search vendor "Schneider-electric"
140noc78100 Firmware
Search vendor "Schneider-electric" for product "140noc78100 Firmware"
*-
Affected
in Schneider-electric
Search vendor "Schneider-electric"
140noc78100
Search vendor "Schneider-electric" for product "140noc78100"
--
Safe
Schneider-electric
Search vendor "Schneider-electric"
140noc77101 Firmware
Search vendor "Schneider-electric" for product "140noc77101 Firmware"
*-
Affected
in Schneider-electric
Search vendor "Schneider-electric"
140noc77101
Search vendor "Schneider-electric" for product "140noc77101"
--
Safe
Schneider-electric
Search vendor "Schneider-electric"
Tsxp574634 Firmware
Search vendor "Schneider-electric" for product "Tsxp574634 Firmware"
*-
Affected
in Schneider-electric
Search vendor "Schneider-electric"
Tsxp574634
Search vendor "Schneider-electric" for product "Tsxp574634"
--
Safe
Schneider-electric
Search vendor "Schneider-electric"
Tsxp575634 Firmware
Search vendor "Schneider-electric" for product "Tsxp575634 Firmware"
*-
Affected
in Schneider-electric
Search vendor "Schneider-electric"
Tsxp575634
Search vendor "Schneider-electric" for product "Tsxp575634"
--
Safe
Schneider-electric
Search vendor "Schneider-electric"
Tsxp576634 Firmware
Search vendor "Schneider-electric" for product "Tsxp576634 Firmware"
*-
Affected
in Schneider-electric
Search vendor "Schneider-electric"
Tsxp576634
Search vendor "Schneider-electric" for product "Tsxp576634"
--
Safe
Schneider-electric
Search vendor "Schneider-electric"
Tsxety4103 Firmware
Search vendor "Schneider-electric" for product "Tsxety4103 Firmware"
*-
Affected
in Schneider-electric
Search vendor "Schneider-electric"
Tsxety4103
Search vendor "Schneider-electric" for product "Tsxety4103"
--
Safe
Schneider-electric
Search vendor "Schneider-electric"
Tsxety5103 Firmware
Search vendor "Schneider-electric" for product "Tsxety5103 Firmware"
*-
Affected
in Schneider-electric
Search vendor "Schneider-electric"
Tsxety5103
Search vendor "Schneider-electric" for product "Tsxety5103"
--
Safe