Schneider-Electric: >> Tsxp57 Firmware Security Vulnerabilities
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that
could cause denial of service of the controller when a malicious project file is loaded onto the
controller by an authenticated user.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-04-19
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that
could cause denial of service of the controller when communicating over the Modbus TCP
protocol.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-04-19
A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists on the web server used, that could cause a leak of sensitive data or unauthorized actions on the web server during the time the user is logged in. Affected Products: Modicon M340 CPUs: BMXP34 (All Versions), Modicon Quantum CPUs with integrated Ethernet (Copro): 140CPU65 (All Versions), Modicon Premium CPUs with integrated Ethernet (Copro): TSXP57 (All Versions), Modicon M340 ethernet modules: (BMXNOC0401, BMXNOE01, BMXNOR0200H) (All Versions), Modicon Quantum and Premium factory cast communication modules: (140NOE77111, 140NOC78*00, TSXETY5103, TSXETY4103) (All Versions)
CVSS Score
8.8
EPSS Score
0.002
Published
2022-02-04