Vulnerability Details CVE-2020-7541
A CWE-425: Direct Request ('Forced Browsing') vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause disclosure of sensitive data when sending a specially crafted request to the controller over HTTP.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 53.8%
CVSS Severity
CVSS v3 Score 5.3
CVSS v2 Score 5.0
References
Products affected by CVE-2020-7541
-
cpe:2.3:h:schneider-electric:140cpu65150:-
-
cpe:2.3:h:schneider-electric:140noc77101:-
-
cpe:2.3:h:schneider-electric:140noc78000:-
-
cpe:2.3:h:schneider-electric:140noc78100:-
-
cpe:2.3:h:schneider-electric:140noe77111:-
-
cpe:2.3:h:schneider-electric:bmxnoc0401:-
-
cpe:2.3:h:schneider-electric:bmxnoe0100:-
-
cpe:2.3:h:schneider-electric:bmxnoe0110:-
-
cpe:2.3:h:schneider-electric:modicon_m340_bmxp341000:-
-
cpe:2.3:h:schneider-electric:modicon_m340_bmxp342000:-
-
cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420102:-
-
cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420102cl:-
-
cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020:-
-
cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302:-
-
cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302cl:-
-
cpe:2.3:h:schneider-electric:tsxety4103:-
-
cpe:2.3:h:schneider-electric:tsxety5103:-
-
cpe:2.3:h:schneider-electric:tsxp574634:-
-
cpe:2.3:h:schneider-electric:tsxp575634:-
-
cpe:2.3:h:schneider-electric:tsxp576634:-
-
cpe:2.3:o:schneider-electric:140cpu65150_firmware:-
-
cpe:2.3:o:schneider-electric:140cpu65150_firmware:3.52
-
cpe:2.3:o:schneider-electric:140cpu65150_firmware:3.60
-
cpe:2.3:o:schneider-electric:140noc77101_firmware:-
-
cpe:2.3:o:schneider-electric:140noc78000_firmware:-
-
cpe:2.3:o:schneider-electric:140noc78000_firmware:1.6
-
cpe:2.3:o:schneider-electric:140noc78000_firmware:1.61
-
cpe:2.3:o:schneider-electric:140noc78000_firmware:1.62
-
cpe:2.3:o:schneider-electric:140noc78000_firmware:1.63
-
cpe:2.3:o:schneider-electric:140noc78000_firmware:1.65
-
cpe:2.3:o:schneider-electric:140noc78000_firmware:1.67
-
cpe:2.3:o:schneider-electric:140noc78000_firmware:1.68
-
cpe:2.3:o:schneider-electric:140noc78000_firmware:1.69
-
cpe:2.3:o:schneider-electric:140noc78000_firmware:1.70
-
cpe:2.3:o:schneider-electric:140noc78000_firmware:1.71
-
cpe:2.3:o:schneider-electric:140noc78000_firmware:1.72
-
cpe:2.3:o:schneider-electric:140noc78000_firmware:1.73
-
cpe:2.3:o:schneider-electric:140noc78100_firmware:-
-
cpe:2.3:o:schneider-electric:140noc78100_firmware:1.6
-
cpe:2.3:o:schneider-electric:140noc78100_firmware:1.61
-
cpe:2.3:o:schneider-electric:140noc78100_firmware:1.62
-
cpe:2.3:o:schneider-electric:140noc78100_firmware:1.63
-
cpe:2.3:o:schneider-electric:140noc78100_firmware:1.65
-
cpe:2.3:o:schneider-electric:140noc78100_firmware:1.67
-
cpe:2.3:o:schneider-electric:140noc78100_firmware:1.68
-
cpe:2.3:o:schneider-electric:140noc78100_firmware:1.69
-
cpe:2.3:o:schneider-electric:140noc78100_firmware:1.70
-
cpe:2.3:o:schneider-electric:140noc78100_firmware:1.71
-
cpe:2.3:o:schneider-electric:140noc78100_firmware:1.72
-
cpe:2.3:o:schneider-electric:140noc78100_firmware:1.73
-
cpe:2.3:o:schneider-electric:140noe77111_firmware:-
-
cpe:2.3:o:schneider-electric:140noe77111_firmware:7.0
-
cpe:2.3:o:schneider-electric:bmxnoc0401_firmware:-
-
cpe:2.3:o:schneider-electric:bmxnoc0401_firmware:2.8
-
cpe:2.3:o:schneider-electric:bmxnoe0100_firmware:-
-
cpe:2.3:o:schneider-electric:bmxnoe0100_firmware:2.2
-
cpe:2.3:o:schneider-electric:bmxnoe0100_firmware:2.3
-
cpe:2.3:o:schneider-electric:bmxnoe0100_firmware:2.5
-
cpe:2.3:o:schneider-electric:bmxnoe0100_firmware:2.6
-
cpe:2.3:o:schneider-electric:bmxnoe0100_firmware:2.7
-
cpe:2.3:o:schneider-electric:bmxnoe0100_firmware:2.8
-
cpe:2.3:o:schneider-electric:bmxnoe0100_firmware:2.9
-
cpe:2.3:o:schneider-electric:bmxnoe0100_firmware:3.00
-
cpe:2.3:o:schneider-electric:bmxnoe0100_firmware:3.1
-
cpe:2.3:o:schneider-electric:bmxnoe0100_firmware:3.2
-
cpe:2.3:o:schneider-electric:bmxnoe0110_firmware:-
-
cpe:2.3:o:schneider-electric:bmxnoe0110_firmware:2.8
-
cpe:2.3:o:schneider-electric:bmxnoe0110_firmware:5.3
-
cpe:2.3:o:schneider-electric:bmxnoe0110_firmware:5.5
-
cpe:2.3:o:schneider-electric:bmxnoe0110_firmware:5.6
-
cpe:2.3:o:schneider-electric:bmxnoe0110_firmware:5.7
-
cpe:2.3:o:schneider-electric:bmxnoe0110_firmware:5.9
-
cpe:2.3:o:schneider-electric:bmxnoe0110_firmware:6.0
-
cpe:2.3:o:schneider-electric:bmxnoe0110_firmware:6.1
-
cpe:2.3:o:schneider-electric:bmxnoe0110_firmware:6.2
-
cpe:2.3:o:schneider-electric:bmxnoe0110_firmware:6.3
-
cpe:2.3:o:schneider-electric:bmxnoe0110_firmware:6.4
-
cpe:2.3:o:schneider-electric:modicon_m340_bmxp341000_firmware:-
-
cpe:2.3:o:schneider-electric:modicon_m340_bmxp341000_firmware:2.8
-
cpe:2.3:o:schneider-electric:modicon_m340_bmxp341000_firmware:3.20
-
cpe:2.3:o:schneider-electric:modicon_m340_bmxp342000_firmware:-
-
cpe:2.3:o:schneider-electric:modicon_m340_bmxp342000_firmware:2.8
-
cpe:2.3:o:schneider-electric:modicon_m340_bmxp342000_firmware:3.20
-
cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420102_firmware:-
-
cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420102_firmware:2.8
-
cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420102_firmware:3.20
-
cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420102cl_firmware:-
-
cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420102cl_firmware:2.8
-
cpe:2.3:o:schneider-electric:modicon_m340_bmxp342020_firmware:-
-
cpe:2.3:o:schneider-electric:modicon_m340_bmxp342020_firmware:2.8
-
cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302_firmware:-
-
cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302_firmware:2.8
-
cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302_firmware:3.20
-
cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302cl_firmware:-
-
cpe:2.3:o:schneider-electric:tsxety4103_firmware:-
-
cpe:2.3:o:schneider-electric:tsxety5103_firmware:-
-
cpe:2.3:o:schneider-electric:tsxp574634_firmware:-
-
cpe:2.3:o:schneider-electric:tsxp575634_firmware:-
-
cpe:2.3:o:schneider-electric:tsxp576634_firmware:-