CVE-2020-7535

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal' Vulnerability Type) vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause disclosure of information when sending a specially crafted request to the controller over HTTP.

CVSS v3 7.5 HIGH
CVSS v2.0 5.0 MEDIUM

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://www.se.com/ww/en/download/document/SEVD-2020-343-05/	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:schneider-electric:modicon_m340_bmxp341000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:modicon_m340_bmxp341000:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:schneider-electric:modicon_m340_bmxp342000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:modicon_m340_bmxp342000:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420102_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420102:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420102cl_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420102cl:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:schneider-electric:modicon_m340_bmxp342020_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302cl_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302cl:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:schneider-electric:bmxnoe0100_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:bmxnoe0100:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:schneider-electric:bmxnoe0110_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:bmxnoe0110:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:schneider-electric:140noe77101_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:140noe77101:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:schneider-electric:140noe77111_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:140noe77111:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:schneider-electric:140cpu65150_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:140cpu65150:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:schneider-electric:140cpu65160_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:140cpu65160:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:schneider-electric:140noc78000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:140noc78000:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:schneider-electric:140noc78100_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:140noc78100:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:schneider-electric:140noc77101_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:140noc77101:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:schneider-electric:tsxp574634_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:tsxp574634:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:schneider-electric:tsxp575634_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:tsxp575634:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:schneider-electric:tsxp576634_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:tsxp576634:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND

cpe:2.3:o:schneider-electric:tsxety4103_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:tsxety4103:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND

cpe:2.3:o:schneider-electric:tsxety5103_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:tsxety5103:-:*:*:*:*:*:*:*

History

10 Apr 2024, 12:28

Type	Values Removed	Values Added
CPE	cpe:2.3:o:schneider-electric:bmxp342020_firmware:::::::: cpe:2.3:o:schneider-electric:bmxp342000_firmware:::::::: cpe:2.3:h:schneider-electric:bmxp342020:-:::::::* cpe:2.3:h:schneider-electric:bmxp342000:-:::::::* cpe:2.3:h:schneider-electric:bmxp3420302cl:-:::::::* cpe:2.3:h:schneider-electric:bmxp341000:-:::::::* cpe:2.3:o:schneider-electric:bmxp3420302cl_firmware:::::::: cpe:2.3:h:schneider-electric:bmxp3420102cl:-:::::::* cpe:2.3:o:schneider-electric:bmxp3420302_firmware:::::::: cpe:2.3:o:schneider-electric:bmxp341000_firmware:::::::: cpe:2.3:h:schneider-electric:bmxp3420102:-:::::::* cpe:2.3:o:schneider-electric:bmxp3420102_firmware:::::::: cpe:2.3:h:schneider-electric:bmxp3420302:-:::::::* cpe:2.3:o:schneider-electric:bmxp3420102cl_firmware::::::::	cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020:-:::::::* cpe:2.3:h:schneider-electric:modicon_m340_bmxp342000:-:::::::* cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420102cl_firmware:::::::: cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302cl_firmware:::::::: cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302cl:-:::::::* cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420102:-:::::::* cpe:2.3:o:schneider-electric:modicon_m340_bmxp342000_firmware:::::::: cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420102_firmware:::::::: cpe:2.3:h:schneider-electric:modicon_m340_bmxp341000:-:::::::* cpe:2.3:o:schneider-electric:modicon_m340_bmxp341000_firmware:::::::: cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302:-:::::::* cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302_firmware:::::::: cpe:2.3:o:schneider-electric:modicon_m340_bmxp342020_firmware:::::::: cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420102cl:-:::::::*
First Time		Schneider-electric modicon M340 Bmxp341000 Schneider-electric modicon M340 Bmxp3420302cl Firmware Schneider-electric modicon M340 Bmxp3420102cl Schneider-electric modicon M340 Bmxp342020 Firmware Schneider-electric modicon M340 Bmxp3420102cl Firmware Schneider-electric modicon M340 Bmxp342020 Schneider-electric modicon M340 Bmxp3420102 Firmware Schneider-electric modicon M340 Bmxp3420302 Schneider-electric modicon M340 Bmxp3420102 Schneider-electric modicon M340 Bmxp3420302cl Schneider-electric modicon M340 Bmxp3420302 Firmware Schneider-electric modicon M340 Bmxp341000 Firmware Schneider-electric modicon M340 Bmxp342000 Schneider-electric modicon M340 Bmxp342000 Firmware

Information

Published : 2020-12-11 01:15

Updated : 2024-04-10 12:28

NVD link : CVE-2020-7535

Mitre link : CVE-2020-7535

CVE.ORG link : CVE-2020-7535

JSON object : View

Products Affected

schneider-electric

modicon_m340_bmxp3420302cl
tsxety4103
tsxety5103_firmware
bmxnoe0110
modicon_m340_bmxp3420302
140noe77101_firmware
modicon_m340_bmxp341000
140cpu65160
bmxnoe0110_firmware
140noc78000_firmware
140noc77101_firmware
modicon_m340_bmxp342020_firmware
modicon_m340_bmxp3420302_firmware
140noe77111_firmware
tsxp576634
140cpu65150
140noe77101
modicon_m340_bmxp342000
bmxnoe0100
tsxp574634_firmware
tsxp576634_firmware
140noc77101
modicon_m340_bmxp3420102cl_firmware
tsxety4103_firmware
140cpu65150_firmware
140cpu65160_firmware
tsxety5103
140noc78100_firmware
bmxnoe0100_firmware
tsxp574634
140noc78000
140noe77111
modicon_m340_bmxp3420302cl_firmware
modicon_m340_bmxp3420102
tsxp575634
modicon_m340_bmxp3420102cl
modicon_m340_bmxp342020
modicon_m340_bmxp342000_firmware
140noc78100
tsxp575634_firmware
modicon_m340_bmxp3420102_firmware
modicon_m340_bmxp341000_firmware

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

7.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

5.0 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2020-7535

7.5^/10

5.0^/10

Attach tags to `CVE-2020-7535`