Vulnerability Details CVE-2014-0754
Directory traversal vulnerability in SchneiderWEB on Schneider Electric Modicon PLC Ethernet modules 140CPU65x Exec before 5.5, 140NOC78x Exec before 1.62, 140NOE77x Exec before 6.2, BMXNOC0401 before 2.05, BMXNOE0100 before 2.9, BMXNOE0110x Exec before 6.0, TSXETC101 Exec before 2.04, TSXETY4103x Exec before 5.7, TSXETY5103x Exec before 5.9, TSXP57x ETYPort Exec before 5.7, and TSXP57x Ethernet Copro Exec before 5.5 allows remote attackers to visit arbitrary resources via a crafted HTTP request.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.054
EPSS Ranking 89.6%
CVSS Severity
CVSS v2 Score 10.0
References
- http://download.schneider-electric.com/files?p_Reference=SEVD-2014-260-01&p_EnDocType=Software%20-%20Updates&p_File_Id=608959359&p_File_Name=SEVD-2014-260-01.pdf
- http://www.securityfocus.com/bid/70193
- https://ics-cert.us-cert.gov/advisories/ICSA-14-273-01
- http://download.schneider-electric.com/files?p_Reference=SEVD-2014-260-01&p_EnDocType=Software%20-%20Updates&p_File_Id=608959359&p_File_Name=SEVD-2014-260-01.pdf
- http://www.securityfocus.com/bid/70193
- https://ics-cert.us-cert.gov/advisories/ICSA-14-273-01
Products affected by CVE-2014-0754
-
cpe:2.3:h:schneider-electric:171ccc96020:-
-
cpe:2.3:h:schneider-electric:171ccc96020c:-
-
cpe:2.3:h:schneider-electric:171ccc96030:-
-
cpe:2.3:h:schneider-electric:171ccc96030c:-
-
cpe:2.3:h:schneider-electric:171ccc98020:-
-
cpe:2.3:h:schneider-electric:171ccc98030:-
-
cpe:2.3:h:schneider-electric:modicon_m340_bmxnoc0401:-
-
cpe:2.3:h:schneider-electric:modicon_m340_bmxnoe0100:-
-
cpe:2.3:h:schneider-electric:modicon_m340_bmxnoe0110:-
-
cpe:2.3:h:schneider-electric:modicon_m340_bmxnoe0110h:-
-
cpe:2.3:h:schneider-electric:modicon_m340_bmxnor0200h:-
-
cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020:-
-
cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020h:-
-
cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302:-
-
cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302h:-
-
cpe:2.3:h:schneider-electric:modicon_m340_bmxp342030:-
-
cpe:2.3:h:schneider-electric:modicon_m340_bmxp342030h:-
-
cpe:2.3:h:schneider-electric:modicon_m580_bmxnoc0402:-
-
cpe:2.3:h:schneider-electric:stbnic2212:-
-
cpe:2.3:h:schneider-electric:stbnip2212:-
-
cpe:2.3:h:schneider-electric:tsxetc0101:-
-
cpe:2.3:h:schneider-electric:tsxetc100:-
-
cpe:2.3:h:schneider-electric:tsxety110ws:-
-
cpe:2.3:h:schneider-electric:tsxety110wsc:-
-
cpe:2.3:h:schneider-electric:tsxety4103:-
-
cpe:2.3:h:schneider-electric:tsxety4103c:-
-
cpe:2.3:h:schneider-electric:tsxety5103:-
-
cpe:2.3:h:schneider-electric:tsxety5103c:-
-
cpe:2.3:h:schneider-electric:tsxetz410:-
-
cpe:2.3:h:schneider-electric:tsxetz510:-
-
cpe:2.3:h:schneider-electric:tsxntp100:-
-
cpe:2.3:h:schneider-electric:tsxp571634m:-
-
cpe:2.3:h:schneider-electric:tsxp572634m:-
-
cpe:2.3:h:schneider-electric:tsxp573623mc:-
-
cpe:2.3:h:schneider-electric:tsxp573634m:-
-
cpe:2.3:h:schneider-electric:tsxp574634m:-
-
cpe:2.3:h:schneider-electric:tsxp574823am:-
-
cpe:2.3:h:schneider-electric:tsxp574823m:-
-
cpe:2.3:h:schneider-electric:tsxp574823mc:-
-
cpe:2.3:h:schneider-electric:tsxp575634m:-
-
cpe:2.3:h:schneider-electric:tsxp576634m:-
-
cpe:2.3:h:schneider-electric:tsxwmy100:-
-
cpe:2.3:h:schneider-electric:tsxwmy100c:-
-
cpe:2.3:o:schneider-electric:171ccc96020_firmware:-
-
cpe:2.3:o:schneider-electric:171ccc96020c_firmware:-
-
cpe:2.3:o:schneider-electric:171ccc96030_firmware:-
-
cpe:2.3:o:schneider-electric:171ccc96030c_firmware:-
-
cpe:2.3:o:schneider-electric:171ccc98020_firmware:-
-
cpe:2.3:o:schneider-electric:171ccc98030_firmware:-
-
cpe:2.3:o:schneider-electric:modicon_m340_bmxnoc0401_firmware:-
-
cpe:2.3:o:schneider-electric:modicon_m340_bmxnoe0100_firmware:-
-
cpe:2.3:o:schneider-electric:modicon_m340_bmxnoe0110_firmware:-
-
cpe:2.3:o:schneider-electric:modicon_m340_bmxnoe0110h_firmware:-
-
cpe:2.3:o:schneider-electric:modicon_m340_bmxnor0200h_firmware:-
-
cpe:2.3:o:schneider-electric:modicon_m340_bmxp342020_firmware:-
-
cpe:2.3:o:schneider-electric:modicon_m340_bmxp342020h_firmware:-
-
cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302_firmware:-
-
cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302h_firmware:-
-
cpe:2.3:o:schneider-electric:modicon_m340_bmxp342030_firmware:-
-
cpe:2.3:o:schneider-electric:modicon_m340_bmxp342030h_firmware:-
-
cpe:2.3:o:schneider-electric:modicon_m580_bmxnoc0402_firmware:-
-
cpe:2.3:o:schneider-electric:stbnic2212_firmware:-
-
cpe:2.3:o:schneider-electric:stbnip2212_firmware:-
-
cpe:2.3:o:schneider-electric:tsxetc0101_firmware:-
-
cpe:2.3:o:schneider-electric:tsxetc100_firmware:-
-
cpe:2.3:o:schneider-electric:tsxety110ws_firmware:-
-
cpe:2.3:o:schneider-electric:tsxety110wsc_firmware:-
-
cpe:2.3:o:schneider-electric:tsxety4103_firmware:-
-
cpe:2.3:o:schneider-electric:tsxety4103c_firmware:-
-
cpe:2.3:o:schneider-electric:tsxety5103_firmware:-
-
cpe:2.3:o:schneider-electric:tsxety5103c_firmware:-
-
cpe:2.3:o:schneider-electric:tsxetz410_firmware:-
-
cpe:2.3:o:schneider-electric:tsxetz510_firmware:-
-
cpe:2.3:o:schneider-electric:tsxntp100_firmware:-
-
cpe:2.3:o:schneider-electric:tsxp571634m_firmware:-
-
cpe:2.3:o:schneider-electric:tsxp572634m_firmware:-
-
cpe:2.3:o:schneider-electric:tsxp573623mc_firmware:-
-
cpe:2.3:o:schneider-electric:tsxp573634m_firmware:-
-
cpe:2.3:o:schneider-electric:tsxp574634m_firmware:-
-
cpe:2.3:o:schneider-electric:tsxp574823am_firmware:-
-
cpe:2.3:o:schneider-electric:tsxp574823m_firmware:-
-
cpe:2.3:o:schneider-electric:tsxp574823mc_firmware:-
-
cpe:2.3:o:schneider-electric:tsxp575634m_firmware:-
-
cpe:2.3:o:schneider-electric:tsxp576634m_firmware:-
-
cpe:2.3:o:schneider-electric:tsxwmy100_firmware:-
-
cpe:2.3:o:schneider-electric:tsxwmy100c_firmware:-