CVE-2020-7535
Severity Score
7.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal' Vulnerability Type) vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause disclosure of information when sending a specially crafted request to the controller over HTTP.
Una CWE-22: Se presenta una vulnerabilidad de Limitación Inapropiada de un Nombre de Ruta a un Directorio Restringido (Tipo de Vulnerabilidad "Path Traversal") en el Servidor Web en Modicon M340, Legacy Offers Modicon Quantum y Modicon Premium y Módulos de Comunicación asociados (consulte la notificación de seguridad para las versiones afectadas ), que podría causar la divulgación de información cuando se envía una petición especialmente diseñada hacia el controlador a través de HTTP
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2020-01-21 CVE Reserved
- 2020-12-11 CVE Published
- 2023-08-26 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.se.com/ww/en/download/document/SEVD-2020-343-05 | 2024-04-10 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Schneider-electric Search vendor "Schneider-electric" | Modicon M340 Bmxp341000 Firmware Search vendor "Schneider-electric" for product "Modicon M340 Bmxp341000 Firmware" | < 3.30 Search vendor "Schneider-electric" for product "Modicon M340 Bmxp341000 Firmware" and version " < 3.30" | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Modicon M340 Bmxp341000 Search vendor "Schneider-electric" for product "Modicon M340 Bmxp341000" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Modicon M340 Bmxp342000 Firmware Search vendor "Schneider-electric" for product "Modicon M340 Bmxp342000 Firmware" | < 3.30 Search vendor "Schneider-electric" for product "Modicon M340 Bmxp342000 Firmware" and version " < 3.30" | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Modicon M340 Bmxp342000 Search vendor "Schneider-electric" for product "Modicon M340 Bmxp342000" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Modicon M340 Bmxp3420102 Firmware Search vendor "Schneider-electric" for product "Modicon M340 Bmxp3420102 Firmware" | < 3.30 Search vendor "Schneider-electric" for product "Modicon M340 Bmxp3420102 Firmware" and version " < 3.30" | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Modicon M340 Bmxp3420102 Search vendor "Schneider-electric" for product "Modicon M340 Bmxp3420102" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Modicon M340 Bmxp3420102cl Firmware Search vendor "Schneider-electric" for product "Modicon M340 Bmxp3420102cl Firmware" | < 3.30 Search vendor "Schneider-electric" for product "Modicon M340 Bmxp3420102cl Firmware" and version " < 3.30" | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Modicon M340 Bmxp3420102cl Search vendor "Schneider-electric" for product "Modicon M340 Bmxp3420102cl" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Modicon M340 Bmxp342020 Firmware Search vendor "Schneider-electric" for product "Modicon M340 Bmxp342020 Firmware" | < 3.30 Search vendor "Schneider-electric" for product "Modicon M340 Bmxp342020 Firmware" and version " < 3.30" | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Modicon M340 Bmxp342020 Search vendor "Schneider-electric" for product "Modicon M340 Bmxp342020" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Modicon M340 Bmxp3420302 Firmware Search vendor "Schneider-electric" for product "Modicon M340 Bmxp3420302 Firmware" | < 3.30 Search vendor "Schneider-electric" for product "Modicon M340 Bmxp3420302 Firmware" and version " < 3.30" | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Modicon M340 Bmxp3420302 Search vendor "Schneider-electric" for product "Modicon M340 Bmxp3420302" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Modicon M340 Bmxp3420302cl Firmware Search vendor "Schneider-electric" for product "Modicon M340 Bmxp3420302cl Firmware" | < 3.30 Search vendor "Schneider-electric" for product "Modicon M340 Bmxp3420302cl Firmware" and version " < 3.30" | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Modicon M340 Bmxp3420302cl Search vendor "Schneider-electric" for product "Modicon M340 Bmxp3420302cl" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Bmxnoe0100 Firmware Search vendor "Schneider-electric" for product "Bmxnoe0100 Firmware" | < 3.4 Search vendor "Schneider-electric" for product "Bmxnoe0100 Firmware" and version " < 3.4" | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Bmxnoe0100 Search vendor "Schneider-electric" for product "Bmxnoe0100" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Bmxnoe0110 Firmware Search vendor "Schneider-electric" for product "Bmxnoe0110 Firmware" | < 6.6 Search vendor "Schneider-electric" for product "Bmxnoe0110 Firmware" and version " < 6.6" | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Bmxnoe0110 Search vendor "Schneider-electric" for product "Bmxnoe0110" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | 140noe77101 Firmware Search vendor "Schneider-electric" for product "140noe77101 Firmware" | < 7.3 Search vendor "Schneider-electric" for product "140noe77101 Firmware" and version " < 7.3" | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | 140noe77101 Search vendor "Schneider-electric" for product "140noe77101" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | 140noe77111 Firmware Search vendor "Schneider-electric" for product "140noe77111 Firmware" | < 7.3 Search vendor "Schneider-electric" for product "140noe77111 Firmware" and version " < 7.3" | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | 140noe77111 Search vendor "Schneider-electric" for product "140noe77111" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | 140cpu65150 Firmware Search vendor "Schneider-electric" for product "140cpu65150 Firmware" | * | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | 140cpu65150 Search vendor "Schneider-electric" for product "140cpu65150" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | 140cpu65160 Firmware Search vendor "Schneider-electric" for product "140cpu65160 Firmware" | * | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | 140cpu65160 Search vendor "Schneider-electric" for product "140cpu65160" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | 140noc78000 Firmware Search vendor "Schneider-electric" for product "140noc78000 Firmware" | * | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | 140noc78000 Search vendor "Schneider-electric" for product "140noc78000" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | 140noc78100 Firmware Search vendor "Schneider-electric" for product "140noc78100 Firmware" | * | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | 140noc78100 Search vendor "Schneider-electric" for product "140noc78100" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | 140noc77101 Firmware Search vendor "Schneider-electric" for product "140noc77101 Firmware" | * | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | 140noc77101 Search vendor "Schneider-electric" for product "140noc77101" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Tsxp574634 Firmware Search vendor "Schneider-electric" for product "Tsxp574634 Firmware" | * | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Tsxp574634 Search vendor "Schneider-electric" for product "Tsxp574634" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Tsxp575634 Firmware Search vendor "Schneider-electric" for product "Tsxp575634 Firmware" | * | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Tsxp575634 Search vendor "Schneider-electric" for product "Tsxp575634" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Tsxp576634 Firmware Search vendor "Schneider-electric" for product "Tsxp576634 Firmware" | * | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Tsxp576634 Search vendor "Schneider-electric" for product "Tsxp576634" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Tsxety4103 Firmware Search vendor "Schneider-electric" for product "Tsxety4103 Firmware" | * | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Tsxety4103 Search vendor "Schneider-electric" for product "Tsxety4103" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Tsxety5103 Firmware Search vendor "Schneider-electric" for product "Tsxety5103 Firmware" | * | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Tsxety5103 Search vendor "Schneider-electric" for product "Tsxety5103" | - | - |
Safe
|