CVE-2020-7540
Severity Score
9.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause unauthenticated command execution in the controller when sending special HTTP requests.
Una CWE-306: Se presenta una vulnerabilidad de Falta Autenticación para la Función Crítica en el Servidor Web en Modicon M340, Legacy Offers Modicon Quantum y Modicon Premium y Modicon Premium y Módulos de Comunicación asociados (consulte la notificación de seguridad para las versiones afectadas), que podría causar una ejecución de comandos no autenticados en el controlador cuando se envían peticiones HTTP especiales
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2020-01-21 CVE Reserved
- 2020-12-11 CVE Published
- 2024-04-15 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-306: Missing Authentication for Critical Function
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.se.com/ww/en/download/document/SEVD-2020-343-04 | 2024-04-10 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Schneider-electric Search vendor "Schneider-electric" | Modicon M340 Bmxp341000 Firmware Search vendor "Schneider-electric" for product "Modicon M340 Bmxp341000 Firmware" | < 3.30 Search vendor "Schneider-electric" for product "Modicon M340 Bmxp341000 Firmware" and version " < 3.30" | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Modicon M340 Bmxp341000 Search vendor "Schneider-electric" for product "Modicon M340 Bmxp341000" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Modicon M340 Bmxp342000 Firmware Search vendor "Schneider-electric" for product "Modicon M340 Bmxp342000 Firmware" | < 3.30 Search vendor "Schneider-electric" for product "Modicon M340 Bmxp342000 Firmware" and version " < 3.30" | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Modicon M340 Bmxp342000 Search vendor "Schneider-electric" for product "Modicon M340 Bmxp342000" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Modicon M340 Bmxp3420102 Firmware Search vendor "Schneider-electric" for product "Modicon M340 Bmxp3420102 Firmware" | < 3.30 Search vendor "Schneider-electric" for product "Modicon M340 Bmxp3420102 Firmware" and version " < 3.30" | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Modicon M340 Bmxp3420102 Search vendor "Schneider-electric" for product "Modicon M340 Bmxp3420102" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Modicon M340 Bmxp3420102cl Firmware Search vendor "Schneider-electric" for product "Modicon M340 Bmxp3420102cl Firmware" | < 3.30 Search vendor "Schneider-electric" for product "Modicon M340 Bmxp3420102cl Firmware" and version " < 3.30" | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Modicon M340 Bmxp3420102cl Search vendor "Schneider-electric" for product "Modicon M340 Bmxp3420102cl" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Modicon M340 Bmxp342020 Firmware Search vendor "Schneider-electric" for product "Modicon M340 Bmxp342020 Firmware" | < 3.30 Search vendor "Schneider-electric" for product "Modicon M340 Bmxp342020 Firmware" and version " < 3.30" | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Modicon M340 Bmxp342020 Search vendor "Schneider-electric" for product "Modicon M340 Bmxp342020" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Modicon M340 Bmxp3420302 Firmware Search vendor "Schneider-electric" for product "Modicon M340 Bmxp3420302 Firmware" | < 3.30 Search vendor "Schneider-electric" for product "Modicon M340 Bmxp3420302 Firmware" and version " < 3.30" | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Modicon M340 Bmxp3420302 Search vendor "Schneider-electric" for product "Modicon M340 Bmxp3420302" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Modicon M340 Bmxp3420302cl Firmware Search vendor "Schneider-electric" for product "Modicon M340 Bmxp3420302cl Firmware" | < 3.30 Search vendor "Schneider-electric" for product "Modicon M340 Bmxp3420302cl Firmware" and version " < 3.30" | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Modicon M340 Bmxp3420302cl Search vendor "Schneider-electric" for product "Modicon M340 Bmxp3420302cl" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Bmxnoe0100 Firmware Search vendor "Schneider-electric" for product "Bmxnoe0100 Firmware" | < 3.3 Search vendor "Schneider-electric" for product "Bmxnoe0100 Firmware" and version " < 3.3" | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Bmxnoe0100 Search vendor "Schneider-electric" for product "Bmxnoe0100" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Bmxnoe0110 Firmware Search vendor "Schneider-electric" for product "Bmxnoe0110 Firmware" | < 6.5 Search vendor "Schneider-electric" for product "Bmxnoe0110 Firmware" and version " < 6.5" | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Bmxnoe0110 Search vendor "Schneider-electric" for product "Bmxnoe0110" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | 140noe77101 Firmware Search vendor "Schneider-electric" for product "140noe77101 Firmware" | < 7.1 Search vendor "Schneider-electric" for product "140noe77101 Firmware" and version " < 7.1" | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | 140noe77101 Search vendor "Schneider-electric" for product "140noe77101" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | 140noe77111 Firmware Search vendor "Schneider-electric" for product "140noe77111 Firmware" | < 7.1 Search vendor "Schneider-electric" for product "140noe77111 Firmware" and version " < 7.1" | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | 140noe77111 Search vendor "Schneider-electric" for product "140noe77111" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | 140cpu65150 Firmware Search vendor "Schneider-electric" for product "140cpu65150 Firmware" | < 6.1 Search vendor "Schneider-electric" for product "140cpu65150 Firmware" and version " < 6.1" | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | 140cpu65150 Search vendor "Schneider-electric" for product "140cpu65150" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | 140cpu65160 Firmware Search vendor "Schneider-electric" for product "140cpu65160 Firmware" | < 6.1 Search vendor "Schneider-electric" for product "140cpu65160 Firmware" and version " < 6.1" | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | 140cpu65160 Search vendor "Schneider-electric" for product "140cpu65160" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | 140noc78000 Firmware Search vendor "Schneider-electric" for product "140noc78000 Firmware" | < 1.74 Search vendor "Schneider-electric" for product "140noc78000 Firmware" and version " < 1.74" | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | 140noc78000 Search vendor "Schneider-electric" for product "140noc78000" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | 140noc78100 Firmware Search vendor "Schneider-electric" for product "140noc78100 Firmware" | < 1.74 Search vendor "Schneider-electric" for product "140noc78100 Firmware" and version " < 1.74" | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | 140noc78100 Search vendor "Schneider-electric" for product "140noc78100" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | 140noc77101 Firmware Search vendor "Schneider-electric" for product "140noc77101 Firmware" | < 1.08 Search vendor "Schneider-electric" for product "140noc77101 Firmware" and version " < 1.08" | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | 140noc77101 Search vendor "Schneider-electric" for product "140noc77101" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Tsxp574634 Firmware Search vendor "Schneider-electric" for product "Tsxp574634 Firmware" | < 6.1 Search vendor "Schneider-electric" for product "Tsxp574634 Firmware" and version " < 6.1" | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Tsxp574634 Search vendor "Schneider-electric" for product "Tsxp574634" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Tsxp575634 Firmware Search vendor "Schneider-electric" for product "Tsxp575634 Firmware" | < 6.1 Search vendor "Schneider-electric" for product "Tsxp575634 Firmware" and version " < 6.1" | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Tsxp575634 Search vendor "Schneider-electric" for product "Tsxp575634" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Tsxp576634 Firmware Search vendor "Schneider-electric" for product "Tsxp576634 Firmware" | < 6.1 Search vendor "Schneider-electric" for product "Tsxp576634 Firmware" and version " < 6.1" | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Tsxp576634 Search vendor "Schneider-electric" for product "Tsxp576634" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Tsxety4103 Firmware Search vendor "Schneider-electric" for product "Tsxety4103 Firmware" | < 6.2 Search vendor "Schneider-electric" for product "Tsxety4103 Firmware" and version " < 6.2" | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Tsxety4103 Search vendor "Schneider-electric" for product "Tsxety4103" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Tsxety5103 Firmware Search vendor "Schneider-electric" for product "Tsxety5103 Firmware" | < 6.4 Search vendor "Schneider-electric" for product "Tsxety5103 Firmware" and version " < 6.4" | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Tsxety5103 Search vendor "Schneider-electric" for product "Tsxety5103" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Bmxnoc0401 Firmware Search vendor "Schneider-electric" for product "Bmxnoc0401 Firmware" | < 2.10 Search vendor "Schneider-electric" for product "Bmxnoc0401 Firmware" and version " < 2.10" | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Bmxnoc0401 Search vendor "Schneider-electric" for product "Bmxnoc0401" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Bmxnor200h Firmware Search vendor "Schneider-electric" for product "Bmxnor200h Firmware" | * | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Bmxnor200h Search vendor "Schneider-electric" for product "Bmxnor200h" | - | - |
Safe
|