Sign-up

ID

VAR-201304-0399


CVE

CVE-2013-2761


TITLE

Schneider Electric M340 BMXNOE01xx/BMXP3420xx PLC Module Denial of Service Vulnerability

Trust: 1.4

sources: IVD: 03de9d4a-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-02812 // CNNVD: CNNVD-201304-034

DESCRIPTION

The Schneider Electric M340 BMXNOE01xx and BMXP3420xx PLC modules allow remote authenticated users to cause a denial of service (module crash) via crafted FTP traffic, as demonstrated by the FileZilla FTP client. The SESU tool used by several of these products is used to update software on Windows PC systems. Schneider Electric provides total solutions for the energy and infrastructure, industrial, data center and network, building and residential markets in more than 100 countries. Schneider Electric Ethernetmokuai has a cross-site request forgery vulnerability that allows an attacker to build a malicious URI, entice a user to resolve, and perform malicious actions, such as changing passwords, in the context of the target user. The following versions are affected by this vulnerability: Quantum: 140NOE77111 140NOE77101 140NWM10000 M340: BMXNOC0401 BMXNOE0100x BMXNOE011xx Premium: TSXETY4103 TSXETY5103 TSXWMY100. Schneider Electric Ethernet Modules are prone to a denial-of-service vulnerability. A remote attacker can exploit this issue to crash the module, resulting in denial-of-service conditions. The following modules are vulnerable: Ethernet Module M340 BMXNOE01xx Ethernet Module M340 BMXP3420xx. Schneider Electric software on customer PCs uses the SESU service as a communication mechanism to the Schneider Electric central update server, which can be used to receive software updates on a regular basis. ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: Schneider Electric Ethernet Modules Cross-Site Request Forgery Vulnerability SECUNIA ADVISORY ID: SA52189 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/52189/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=52189 RELEASE DATE: 2013-02-14 DISCUSS ADVISORY: http://secunia.com/advisories/52189/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/52189/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=52189 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Schneider Electric Ethernet Modules, which can be exploited by malicious people to conduct cross-site request forgery attacks. The vulnerability is caused due to the modules allowing users to perform certain actions via HTTP requests without performing proper validity checks to verify the requests. This can be exploited to e.g. change credentials when a logged-in administrator visits a specially crafted web page. Quantum: 140NOE77111 140NOE77101 140NWM10000 M340: BMXNOC0401 BMXNOE0100x BMXNOE011xx Premium: TSXETY4103 TSXETY5103 TSXWMY100 SOLUTION: No official solution is currently available. PROVIDED AND/OR DISCOVERED BY: The vendor credits Arthur Gervais. ORIGINAL ADVISORY: SEVD-2013-023-01: http://download.schneider-electric.com/files?L=en&p=&p_docId=&p_docId=&p_Reference=SEVD%202013-023-01&p_EnDocType=Technical%20paper&p_File_Id=36555639&p_File_Name=SEVD-2013-023-01.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 3.51

sources: NVD: CVE-2013-2761 // JVNDB: JVNDB-2013-002148 // CNVD: CNVD-2013-02812 // CNVD: CNVD-2013-01138 // BID: 58950 // IVD: 03de9d4a-2353-11e6-abef-000c29c66e3d // IVD: 8d5791de-1f35-11e6-abef-000c29c66e3d // VULHUB: VHN-62763 // PACKETSTORM: 120311

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 1.6

sources: IVD: 03de9d4a-2353-11e6-abef-000c29c66e3d // IVD: 8d5791de-1f35-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-02812 // CNVD: CNVD-2013-01138

AFFECTED PRODUCTS

vendor:schneider electricmodel:modicon m340scope:eqversion:bmxnoe01xx

Trust: 1.6

vendor:schneider electricmodel:modicon m340scope:eqversion:bmxp3420xx

Trust: 1.6

vendor:schneider electricmodel:modicon m340 pacscope:eqversion:bmxnoe01xx

Trust: 0.8

vendor:schneider electricmodel:modicon m340 pacscope:eqversion:bmxp3420xx

Trust: 0.8

vendor:schneidermodel:electric bmxp3420xx plc modulesscope: - version: -

Trust: 0.6

vendor:schneidermodel:electric m340 bmxnoe01xx modulesscope: - version: -

Trust: 0.6

vendor:schneidermodel:electric m340 series modulesscope: - version: -

Trust: 0.6

vendor:schneidermodel:electric modicon quantum series modulesscope: - version: -

Trust: 0.6

vendor:schneidermodel:electric premium series modulesscope: - version: -

Trust: 0.6

vendor:modicon m340model:bmxnoe01xxscope: - version: -

Trust: 0.2

vendor:modicon m340model:bmxp3420xxscope: - version: -

Trust: 0.2

vendor:schneidermodel:electric m340 series modules nullscope:eqversion:*

Trust: 0.2

vendor:schneidermodel:electric modicon quantum series modules nullscope:eqversion:*

Trust: 0.2

vendor:schneidermodel:electric premium series modules nullscope:eqversion:*

Trust: 0.2

sources: IVD: 03de9d4a-2353-11e6-abef-000c29c66e3d // IVD: 8d5791de-1f35-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-02812 // CNVD: CNVD-2013-01138 // JVNDB: JVNDB-2013-002148 // CNNVD: CNNVD-201304-034 // NVD: CVE-2013-2761

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-2761
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-2761
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2013-02812
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201304-034
value: MEDIUM

Trust: 0.6

IVD: 03de9d4a-2353-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

IVD: 8d5791de-1f35-11e6-abef-000c29c66e3d
value: LOW

Trust: 0.2

VULHUB: VHN-62763
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-2761
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2013-02812
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 03de9d4a-2353-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: 8d5791de-1f35-11e6-abef-000c29c66e3d
severity: NONE
baseScore: NONE
vectorString: NONE
accessVector: NONE
accessComplexity: NONE
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: UNKNOWN

Trust: 0.2

VULHUB: VHN-62763
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: 03de9d4a-2353-11e6-abef-000c29c66e3d // IVD: 8d5791de-1f35-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-02812 // VULHUB: VHN-62763 // JVNDB: JVNDB-2013-002148 // CNNVD: CNNVD-201304-034 // NVD: CVE-2013-2761

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-62763 // JVNDB: JVNDB-2013-002148 // NVD: CVE-2013-2761

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201304-034

TYPE

Buffer overflow

Trust: 0.8

sources: IVD: 03de9d4a-2353-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201304-034

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-002148

PATCH
title:SEVD 2013-023-01url:http://www.schneider-electric.com/download/ww/en/details/35081317-Vulnerability-Disclosure-for-Quantum-Premium-and-M340/
Trust: 0.8
title:Important Security Notification – M340, Quantum. and Premium Ethernet communication modulesurl:http://download.schneider-electric.com/files?p_File_Id=36555639&p_File_Name=SEVD-2013-023-01.pdf
Trust: 0.8
title:サポートurl:http://www.schneider-electric.co.jp/sites/japan/jp/support/contact/we-care.page
Trust: 0.8
title:トップページurl:http://www.schneider-electric.com/site/home/index.cfm/jp/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-002148

EXTERNAL IDS
db:NVDid:CVE-2013-2761
Trust: 3.6
db:SCHNEIDERid:SEVD-2013-023-01
Trust: 1.8
db:CNNVDid:CNNVD-201304-034
Trust: 0.9
db:CNVDid:CNVD-2013-02812
Trust: 0.8
db:CNVDid:CNVD-2013-01138
Trust: 0.8
db:SECUNIAid:52189
Trust: 0.8
db:JVNDBid:JVNDB-2013-002148
Trust: 0.8
db:ICS CERTid:ICSA-13-077-01A
Trust: 0.6
db:BIDid:58950
Trust: 0.4
db:IVDid:03DE9D4A-2353-11E6-ABEF-000C29C66E3D
Trust: 0.2
db:IVDid:8D5791DE-1F35-11E6-ABEF-000C29C66E3D
Trust: 0.2
db:VULHUBid:VHN-62763
Trust: 0.1
db:PACKETSTORMid:120311
Trust: 0.1
sources:
            
            
            IVD: 03de9d4a-2353-11e6-abef-000c29c66e3d // 
            
            
            
            IVD: 8d5791de-1f35-11e6-abef-000c29c66e3d // 
            
            
            
            CNVD: CNVD-2013-02812 // 
            
            
            
            CNVD: CNVD-2013-01138 // 
            
            
            
            VULHUB: VHN-62763 // 
            
            
            
            BID: 58950 // 
            
            
            
            JVNDB: JVNDB-2013-002148 // 
            
            
            
            PACKETSTORM: 120311 // 
            
            
            
            CNNVD: CNNVD-201304-034 // 
            
            
            
            NVD: CVE-2013-2761

REFERENCES
url:http://www.schneider-electric.com/download/ww/en/details/35081317-vulnerability-disclosure-for-quantum-premium-and-m340/
Trust: 1.7
url:http://www.schneider-electric.com/download/ww/en/file/36555639-sevd-2013-023-01.pdf/?filename=sevd-2013-023-01.pdf&reference=sevd-2013-023-01&doctype=technical-paper
Trust: 1.6
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-2761
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-2761
Trust: 0.8
url:http://secunia.com/advisories/52189/
Trust: 0.7
url:http://ics-cert.us-cert.gov/pdf/icsa-13-077-01a.pdf
Trust: 0.6
url:http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true
Trust: 0.3
url:http://www.schneider-electric.com/download/ww/en/file/36555639-sevd-2013-023-01.pdf/?filename=sevd-2013-023-01.pdf&reference=sevd-2013-023-01&doctype=technical-paper
Trust: 0.1
url:http://secunia.com/vulnerability_intelligence/
Trust: 0.1
url:http://secunia.com/advisories/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
Trust: 0.1
url:https://ca.secunia.com/?page=viewadvisory&vuln_id=52189
Trust: 0.1
url:http://download.schneider-electric.com/files?l=en&p=&p_docid=&p_docid=&p_reference=sevd%202013-023-01&p_endoctype=technical%20paper&p_file_id=36555639&p_file_name=sevd-2013-023-01.pdf
Trust: 0.1
url:http://secunia.com/vulnerability_scanning/personal/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/advisories/52189/#comments
Trust: 0.1
url:http://secunia.com/blog/325/
Trust: 0.1
url:http://secunia.com/advisories/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2013-02812 // 
            
            
            
            CNVD: CNVD-2013-01138 // 
            
            
            
            VULHUB: VHN-62763 // 
            
            
            
            BID: 58950 // 
            
            
            
            JVNDB: JVNDB-2013-002148 // 
            
            
            
            PACKETSTORM: 120311 // 
            
            
            
            CNNVD: CNNVD-201304-034 // 
            
            
            
            NVD: CVE-2013-2761

CREDITS
Arthur Gervais
Trust: 0.3
sources:
            
            
            BID: 58950

SOURCES
db:IVDid:03de9d4a-2353-11e6-abef-000c29c66e3d
db:IVDid:8d5791de-1f35-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2013-02812
db:CNVDid:CNVD-2013-01138
db:VULHUBid:VHN-62763
db:BIDid:58950
db:JVNDBid:JVNDB-2013-002148
db:PACKETSTORMid:120311
db:CNNVDid:CNNVD-201304-034
db:NVDid:CVE-2013-2761

LAST UPDATE DATE
2024-11-23T21:51:40.436000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2013-02812date:2013-04-09T00:00:00
db:CNVDid:CNVD-2013-01138date:2013-05-28T00:00:00
db:VULHUBid:VHN-62763date:2013-04-04T00:00:00
db:BIDid:58950date:2015-03-19T09:17:00
db:JVNDBid:JVNDB-2013-002148date:2013-04-05T00:00:00
db:CNNVDid:CNNVD-201304-034date:2013-04-07T00:00:00
db:NVDid:CVE-2013-2761date:2024-11-21T01:52:19.180

SOURCES RELEASE DATE
db:IVDid:03de9d4a-2353-11e6-abef-000c29c66e3ddate:2013-04-09T00:00:00
db:IVDid:8d5791de-1f35-11e6-abef-000c29c66e3ddate:2013-02-21T00:00:00
db:CNVDid:CNVD-2013-02812date:2013-04-09T00:00:00
db:CNVDid:CNVD-2013-01138date:2013-02-21T00:00:00
db:VULHUBid:VHN-62763date:2013-04-04T00:00:00
db:BIDid:58950date:2013-01-23T00:00:00
db:JVNDBid:JVNDB-2013-002148date:2013-04-05T00:00:00
db:PACKETSTORMid:120311date:2013-02-14T01:37:18
db:CNNVDid:CNNVD-201304-034date:2013-04-07T00:00:00
db:NVDid:CVE-2013-2761date:2013-04-04T11:58:49.837