Vulnerability Details CVE-2015-6462
Reflected Cross-Site Scripting (nonpersistent) allows an attacker to craft a specific URL, which contains Java script that will be executed on the Schneider Electric Modicon BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, or BMXP342030H PLC client browser.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 67.8%
CVSS Severity
CVSS v3 Score 5.4
CVSS v2 Score 3.5
References
Products affected by CVE-2015-6462
-
cpe:2.3:h:schneider-electric:bmxnoc0401:-
-
cpe:2.3:h:schneider-electric:bmxnoe0100:-
-
cpe:2.3:h:schneider-electric:bmxnoe0110:-
-
cpe:2.3:h:schneider-electric:bmxnoe0110h:-
-
cpe:2.3:h:schneider-electric:bmxnor0200h:-
-
cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020:-
-
cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020h:-
-
cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302:-
-
cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302h:-
-
cpe:2.3:h:schneider-electric:modicon_m340_bmxp342030:-
-
cpe:2.3:h:schneider-electric:modicon_m340_bmxp342030h:-
-
cpe:2.3:o:schneider-electric:bmxnoc0401_firmware:-
-
cpe:2.3:o:schneider-electric:bmxnoe0100_firmware:-
-
cpe:2.3:o:schneider-electric:bmxnoe0110_firmware:-
-
cpe:2.3:o:schneider-electric:bmxnoe0110h_firmware:-
-
cpe:2.3:o:schneider-electric:bmxnor0200h_firmware:-
-
cpe:2.3:o:schneider-electric:modicon_m340_bmxp342020_firmware:-
-
cpe:2.3:o:schneider-electric:modicon_m340_bmxp342020h_firmware:-
-
cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302_firmware:-
-
cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302h_firmware:-
-
cpe:2.3:o:schneider-electric:modicon_m340_bmxp342030_firmware:-
-
cpe:2.3:o:schneider-electric:modicon_m340_bmxp342030h_firmware:-