Vulnerability Details CVE-2020-7535
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal' Vulnerability Type) vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause disclosure of information when sending a specially crafted request to the controller over HTTP.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 61.4%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
Products affected by CVE-2020-7535
-
cpe:2.3:h:schneider-electric:140cpu65150:-
-
cpe:2.3:h:schneider-electric:140cpu65160:-
-
cpe:2.3:h:schneider-electric:140noc77101:-
-
cpe:2.3:h:schneider-electric:140noc78000:-
-
cpe:2.3:h:schneider-electric:140noc78100:-
-
cpe:2.3:h:schneider-electric:140noe77101:-
-
cpe:2.3:h:schneider-electric:140noe77111:-
-
cpe:2.3:h:schneider-electric:bmxnoe0100:-
-
cpe:2.3:h:schneider-electric:bmxnoe0110:-
-
cpe:2.3:h:schneider-electric:modicon_m340_bmxp341000:-
-
cpe:2.3:h:schneider-electric:modicon_m340_bmxp342000:-
-
cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420102:-
-
cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420102cl:-
-
cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020:-
-
cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302:-
-
cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302cl:-
-
cpe:2.3:h:schneider-electric:tsxety4103:-
-
cpe:2.3:h:schneider-electric:tsxety5103:-
-
cpe:2.3:h:schneider-electric:tsxp574634:-
-
cpe:2.3:h:schneider-electric:tsxp575634:-
-
cpe:2.3:h:schneider-electric:tsxp576634:-
-
cpe:2.3:o:schneider-electric:140cpu65150_firmware:-
-
cpe:2.3:o:schneider-electric:140cpu65150_firmware:3.52
-
cpe:2.3:o:schneider-electric:140cpu65150_firmware:3.60
-
cpe:2.3:o:schneider-electric:140cpu65150_firmware:6.1
-
cpe:2.3:o:schneider-electric:140cpu65160_firmware:-
-
cpe:2.3:o:schneider-electric:140cpu65160_firmware:3.52
-
cpe:2.3:o:schneider-electric:140cpu65160_firmware:3.60
-
cpe:2.3:o:schneider-electric:140cpu65160_firmware:6.1
-
cpe:2.3:o:schneider-electric:140noc77101_firmware:-
-
cpe:2.3:o:schneider-electric:140noc77101_firmware:1.08
-
cpe:2.3:o:schneider-electric:140noc78000_firmware:-
-
cpe:2.3:o:schneider-electric:140noc78000_firmware:1.6
-
cpe:2.3:o:schneider-electric:140noc78000_firmware:1.61
-
cpe:2.3:o:schneider-electric:140noc78000_firmware:1.62
-
cpe:2.3:o:schneider-electric:140noc78000_firmware:1.63
-
cpe:2.3:o:schneider-electric:140noc78000_firmware:1.65
-
cpe:2.3:o:schneider-electric:140noc78000_firmware:1.67
-
cpe:2.3:o:schneider-electric:140noc78000_firmware:1.68
-
cpe:2.3:o:schneider-electric:140noc78000_firmware:1.69
-
cpe:2.3:o:schneider-electric:140noc78000_firmware:1.70
-
cpe:2.3:o:schneider-electric:140noc78000_firmware:1.71
-
cpe:2.3:o:schneider-electric:140noc78000_firmware:1.72
-
cpe:2.3:o:schneider-electric:140noc78000_firmware:1.73
-
cpe:2.3:o:schneider-electric:140noc78000_firmware:1.74
-
cpe:2.3:o:schneider-electric:140noc78100_firmware:-
-
cpe:2.3:o:schneider-electric:140noc78100_firmware:1.6
-
cpe:2.3:o:schneider-electric:140noc78100_firmware:1.61
-
cpe:2.3:o:schneider-electric:140noc78100_firmware:1.62
-
cpe:2.3:o:schneider-electric:140noc78100_firmware:1.63
-
cpe:2.3:o:schneider-electric:140noc78100_firmware:1.65
-
cpe:2.3:o:schneider-electric:140noc78100_firmware:1.67
-
cpe:2.3:o:schneider-electric:140noc78100_firmware:1.68
-
cpe:2.3:o:schneider-electric:140noc78100_firmware:1.69
-
cpe:2.3:o:schneider-electric:140noc78100_firmware:1.70
-
cpe:2.3:o:schneider-electric:140noc78100_firmware:1.71
-
cpe:2.3:o:schneider-electric:140noc78100_firmware:1.72
-
cpe:2.3:o:schneider-electric:140noc78100_firmware:1.73
-
cpe:2.3:o:schneider-electric:140noc78100_firmware:1.74
-
cpe:2.3:o:schneider-electric:140noe77101_firmware:4.7
-
cpe:2.3:o:schneider-electric:140noe77101_firmware:4.8
-
cpe:2.3:o:schneider-electric:140noe77101_firmware:4.9
-
cpe:2.3:o:schneider-electric:140noe77101_firmware:5.0
-
cpe:2.3:o:schneider-electric:140noe77101_firmware:5.01
-
cpe:2.3:o:schneider-electric:140noe77101_firmware:5.1
-
cpe:2.3:o:schneider-electric:140noe77101_firmware:5.2
-
cpe:2.3:o:schneider-electric:140noe77101_firmware:5.3
-
cpe:2.3:o:schneider-electric:140noe77101_firmware:5.32
-
cpe:2.3:o:schneider-electric:140noe77101_firmware:5.4
-
cpe:2.3:o:schneider-electric:140noe77101_firmware:6.0
-
cpe:2.3:o:schneider-electric:140noe77101_firmware:6.1
-
cpe:2.3:o:schneider-electric:140noe77101_firmware:6.2
-
cpe:2.3:o:schneider-electric:140noe77101_firmware:6.3
-
cpe:2.3:o:schneider-electric:140noe77101_firmware:6.4
-
cpe:2.3:o:schneider-electric:140noe77101_firmware:6.5
-
cpe:2.3:o:schneider-electric:140noe77101_firmware:6.6
-
cpe:2.3:o:schneider-electric:140noe77101_firmware:6.7
-
cpe:2.3:o:schneider-electric:140noe77101_firmware:6.8
-
cpe:2.3:o:schneider-electric:140noe77101_firmware:6.9
-
cpe:2.3:o:schneider-electric:140noe77101_firmware:7.0
-
cpe:2.3:o:schneider-electric:140noe77101_firmware:7.1
-
cpe:2.3:o:schneider-electric:140noe77111_firmware:-
-
cpe:2.3:o:schneider-electric:140noe77111_firmware:7.0
-
cpe:2.3:o:schneider-electric:140noe77111_firmware:7.1
-
cpe:2.3:o:schneider-electric:bmxnoe0100_firmware:-
-
cpe:2.3:o:schneider-electric:bmxnoe0100_firmware:2.2
-
cpe:2.3:o:schneider-electric:bmxnoe0100_firmware:2.3
-
cpe:2.3:o:schneider-electric:bmxnoe0100_firmware:2.5
-
cpe:2.3:o:schneider-electric:bmxnoe0100_firmware:2.6
-
cpe:2.3:o:schneider-electric:bmxnoe0100_firmware:2.7
-
cpe:2.3:o:schneider-electric:bmxnoe0100_firmware:2.8
-
cpe:2.3:o:schneider-electric:bmxnoe0100_firmware:2.9
-
cpe:2.3:o:schneider-electric:bmxnoe0100_firmware:3.00
-
cpe:2.3:o:schneider-electric:bmxnoe0100_firmware:3.1
-
cpe:2.3:o:schneider-electric:bmxnoe0100_firmware:3.2
-
cpe:2.3:o:schneider-electric:bmxnoe0100_firmware:3.3
-
cpe:2.3:o:schneider-electric:bmxnoe0110_firmware:-
-
cpe:2.3:o:schneider-electric:bmxnoe0110_firmware:2.8
-
cpe:2.3:o:schneider-electric:bmxnoe0110_firmware:5.3
-
cpe:2.3:o:schneider-electric:bmxnoe0110_firmware:5.5
-
cpe:2.3:o:schneider-electric:bmxnoe0110_firmware:5.6
-
cpe:2.3:o:schneider-electric:bmxnoe0110_firmware:5.7
-
cpe:2.3:o:schneider-electric:bmxnoe0110_firmware:5.9
-
cpe:2.3:o:schneider-electric:bmxnoe0110_firmware:6.0
-
cpe:2.3:o:schneider-electric:bmxnoe0110_firmware:6.1
-
cpe:2.3:o:schneider-electric:bmxnoe0110_firmware:6.2
-
cpe:2.3:o:schneider-electric:bmxnoe0110_firmware:6.3
-
cpe:2.3:o:schneider-electric:bmxnoe0110_firmware:6.4
-
cpe:2.3:o:schneider-electric:bmxnoe0110_firmware:6.5
-
cpe:2.3:o:schneider-electric:modicon_m340_bmxp341000_firmware:-
-
cpe:2.3:o:schneider-electric:modicon_m340_bmxp341000_firmware:2.8
-
cpe:2.3:o:schneider-electric:modicon_m340_bmxp341000_firmware:3.20
-
cpe:2.3:o:schneider-electric:modicon_m340_bmxp342000_firmware:-
-
cpe:2.3:o:schneider-electric:modicon_m340_bmxp342000_firmware:2.8
-
cpe:2.3:o:schneider-electric:modicon_m340_bmxp342000_firmware:3.20
-
cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420102_firmware:-
-
cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420102_firmware:2.8
-
cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420102_firmware:3.20
-
cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420102cl_firmware:-
-
cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420102cl_firmware:2.8
-
cpe:2.3:o:schneider-electric:modicon_m340_bmxp342020_firmware:-
-
cpe:2.3:o:schneider-electric:modicon_m340_bmxp342020_firmware:2.8
-
cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302_firmware:-
-
cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302_firmware:2.8
-
cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302_firmware:3.20
-
cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302cl_firmware:-
-
cpe:2.3:o:schneider-electric:tsxety4103_firmware:-
-
cpe:2.3:o:schneider-electric:tsxety4103_firmware:6.2
-
cpe:2.3:o:schneider-electric:tsxety5103_firmware:-
-
cpe:2.3:o:schneider-electric:tsxety5103_firmware:6.4
-
cpe:2.3:o:schneider-electric:tsxp574634_firmware:-
-
cpe:2.3:o:schneider-electric:tsxp574634_firmware:6.1
-
cpe:2.3:o:schneider-electric:tsxp575634_firmware:-
-
cpe:2.3:o:schneider-electric:tsxp575634_firmware:6.1
-
cpe:2.3:o:schneider-electric:tsxp576634_firmware:-
-
cpe:2.3:o:schneider-electric:tsxp576634_firmware:6.1