Details of VAR-201410-1134

ID

VAR-201410-1134

CVE

CVE-2014-0754

TITLE

Schneider Electric Modicon PLC Ethernet Module SchneiderWEB Vulnerable to directory traversal

Trust: 0.8

sources: JVNDB: JVNDB-2014-004531

DESCRIPTION

Directory traversal vulnerability in SchneiderWEB on Schneider Electric Modicon PLC Ethernet modules 140CPU65x Exec before 5.5, 140NOC78x Exec before 1.62, 140NOE77x Exec before 6.2, BMXNOC0401 before 2.05, BMXNOE0100 before 2.9, BMXNOE0110x Exec before 6.0, TSXETC101 Exec before 2.04, TSXETY4103x Exec before 5.7, TSXETY5103x Exec before 5.9, TSXP57x ETYPort Exec before 5.7, and TSXP57x Ethernet Copro Exec before 5.5 allows remote attackers to visit arbitrary resources via a crafted HTTP request. Schneider Electric provides products and services in the areas of energy and infrastructure, industry, data centers and networks, buildings and residential. Exploiting this issue can allow an attacker to gain access to arbitrary files. Information harvested may aid in launching further attacks. Schneider Electric Modicon PLC Ethernet is an Ethernet programmable controller produced by French Schneider Electric (Schneider Electric). The following versions are affected: Schneider Electric Modicon PLC Ethernet modules 140CPU65x Version, 140NOC78x Version, 140NOE77x Version, BMXNOC0401 Version, BMXNOC0402 Version, BMXNOE0100 Version, BMXNOE0110x Version, TSXETC101 Version, TSXETC0101 Version, TSXETY4103x Version, TSXETY5103x Version, TSXP57x Version, TSXP57x Version

Trust: 2.7

sources: NVD: CVE-2014-0754 // JVNDB: JVNDB-2014-004531 // CNVD: CNVD-2014-06695 // BID: 70193 // IVD: cce5fe38-2351-11e6-abef-000c29c66e3d // VULHUB: VHN-68247

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: cce5fe38-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-06695

AFFECTED PRODUCTS

vendor:	schneider electric	model:	modicon m340 bmxp342030h	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	tsxp575634m	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	tsxp574823am	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon m340 bmxnoe0110h	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	tsxety4103c	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	tsxntp100	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	tsxp574823m	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon m340 bmxnoe0110	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon m340 bmxnoc0401	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	tsxety5103c	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	tsxp573634m	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	171ccc96020	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon m340 bmxp342020h	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	tsxp571634m	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	stbnic2212	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon m340 bmxp3420302h	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	171ccc98020	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	tsxwmy100	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	tsxetc0101	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	stbnip2212	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	171ccc96020c	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	tsxp574634m	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	tsxetz510	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon m340 bmxp342030	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon m340 bmxp3420302	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	tsxetz410	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon m340 bmxp342020	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	tsxety110wsc	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	tsxp573623mc	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	tsxety110ws	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	tsxety4103	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon m340 bmxnoe0100	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	171ccc98030	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	tsxety5103	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	tsxwmy100c	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon m580 bmxnoc0402	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	tsxetc100	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	171ccc96030c	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	tsxp572634m	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon m340 bmxnor0200h	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	tsxp576634m	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	tsxp574823mc	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	171ccc96030	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	modicon plc ethernet communication module	scope:	lt	version:	140cpu65x exec 5.5	Trust: 0.8
vendor:	schneider electric	model:	modicon plc ethernet communication module	scope:	lt	version:	140noc78x exec 1.62	Trust: 0.8
vendor:	schneider electric	model:	modicon plc ethernet communication module	scope:	lt	version:	140noe77x exec 6.2	Trust: 0.8
vendor:	schneider electric	model:	modicon plc ethernet communication module	scope:	lt	version:	bmxnoc0401 2.05	Trust: 0.8
vendor:	schneider electric	model:	modicon plc ethernet communication module	scope:	lt	version:	bmxnoe0100 2.9	Trust: 0.8
vendor:	schneider electric	model:	modicon plc ethernet communication module	scope:	lt	version:	bmxnoe0110x exec 6.0	Trust: 0.8
vendor:	schneider electric	model:	modicon plc ethernet communication module	scope:	lt	version:	tsxetc101 exec 2.04	Trust: 0.8
vendor:	schneider electric	model:	modicon plc ethernet communication module	scope:	lt	version:	tsxety4103x exec 5.7	Trust: 0.8
vendor:	schneider electric	model:	modicon plc ethernet communication module	scope:	lt	version:	tsxety5103x exec 5.9	Trust: 0.8
vendor:	schneider electric	model:	modicon plc ethernet communication module	scope:	lt	version:	tsxp57x ethernet copro exec 5.5	Trust: 0.8
vendor:	schneider electric	model:	modicon plc ethernet communication module	scope:	lt	version:	tsxp57x etyport exec 5.7	Trust: 0.8
vendor:	schneider	model:	electric modicon plc ethernet module	scope:	-	version:	-	Trust: 0.6
vendor:	schneider electric	model:	modicon plc ethernet module	scope:	eq	version:	bmxp3420302h	Trust: 0.6
vendor:	schneider electric	model:	modicon plc ethernet module	scope:	eq	version:	bmxp342030h	Trust: 0.6
vendor:	schneider electric	model:	modicon plc ethernet module	scope:	eq	version:	tsxp573634m	Trust: 0.6
vendor:	schneider electric	model:	modicon plc ethernet module	scope:	eq	version:	140cpu65160	Trust: 0.6
vendor:	schneider electric	model:	modicon plc ethernet module	scope:	eq	version:	tsxp572623mc	Trust: 0.6
vendor:	schneider electric	model:	modicon plc ethernet module	scope:	eq	version:	tsxp572623m	Trust: 0.6
vendor:	schneider electric	model:	modicon plc ethernet module	scope:	eq	version:	140cpu65150	Trust: 0.6
vendor:	schneider electric	model:	modicon plc ethernet module	scope:	eq	version:	171ccc96020	Trust: 0.6
vendor:	schneider electric	model:	modicon plc ethernet module	scope:	eq	version:	140cpu65260	Trust: 0.6
vendor:	schneider electric	model:	modicon plc ethernet module	scope:	eq	version:	171ccc96020c	Trust: 0.6
vendor:	schneider electric	model:	tsxwmy100	scope:	eq	version:	0	Trust: 0.3
vendor:	schneider electric	model:	tsxwmy10	scope:	eq	version:	0	Trust: 0.3
vendor:	schneider electric	model:	tsxp576634	scope:	eq	version:	0	Trust: 0.3
vendor:	schneider electric	model:	tsxp575634	scope:	eq	version:	0	Trust: 0.3
vendor:	schneider electric	model:	tsxp574823m	scope:	eq	version:	0	Trust: 0.3
vendor:	schneider electric	model:	tsxp574823a	scope:	eq	version:	0	Trust: 0.3
vendor:	schneider electric	model:	tsxp574823	scope:	eq	version:	0	Trust: 0.3
vendor:	schneider electric	model:	tsxp574634	scope:	eq	version:	0	Trust: 0.3
vendor:	schneider electric	model:	tsxp573634	scope:	eq	version:	0	Trust: 0.3
vendor:	schneider electric	model:	tsxp573623m	scope:	eq	version:	0	Trust: 0.3
vendor:	schneider electric	model:	tsxp573623a	scope:	eq	version:	0	Trust: 0.3
vendor:	schneider electric	model:	tsxp573623	scope:	eq	version:	0	Trust: 0.3
vendor:	schneider electric	model:	tsxp572823m	scope:	eq	version:	0	Trust: 0.3
vendor:	schneider electric	model:	tsxp572823	scope:	eq	version:	0	Trust: 0.3
vendor:	schneider electric	model:	tsxp572634	scope:	eq	version:	0	Trust: 0.3
vendor:	schneider electric	model:	tsxp572623mc	scope:	eq	version:	0	Trust: 0.3
vendor:	schneider electric	model:	tsxp572623m	scope:	eq	version:	0	Trust: 0.3
vendor:	schneider electric	model:	tsxp571634m	scope:	eq	version:	0	Trust: 0.3
vendor:	schneider electric	model:	tsxntp100	scope:	eq	version:	0	Trust: 0.3
vendor:	schneider electric	model:	tsxetz510	scope:	eq	version:	0	Trust: 0.3
vendor:	schneider electric	model:	tsxetz410	scope:	eq	version:	0	Trust: 0.3
vendor:	schneider electric	model:	tsxety5103c	scope:	eq	version:	0	Trust: 0.3
vendor:	schneider electric	model:	tsxety5103	scope:	eq	version:	0	Trust: 0.3
vendor:	schneider electric	model:	tsxety4103c	scope:	eq	version:	0	Trust: 0.3
vendor:	schneider electric	model:	tsxety4103	scope:	eq	version:	0	Trust: 0.3
vendor:	schneider electric	model:	tsxety110wsc	scope:	eq	version:	0	Trust: 0.3
vendor:	schneider electric	model:	tsxety110ws	scope:	eq	version:	0	Trust: 0.3
vendor:	schneider electric	model:	tsxetc100	scope:	eq	version:	0	Trust: 0.3
vendor:	schneider electric	model:	tsxetc0101	scope:	eq	version:	0	Trust: 0.3
vendor:	schneider electric	model:	bmxprmxxxx	scope:	eq	version:	0	Trust: 0.3
vendor:	schneider electric	model:	bmxp342030h	scope:	eq	version:	0	Trust: 0.3
vendor:	schneider electric	model:	bmxp3420302h	scope:	eq	version:	0	Trust: 0.3
vendor:	schneider electric	model:	bmxp342030	scope:	eq	version:	0	Trust: 0.3
vendor:	schneider electric	model:	bmxp342020h	scope:	eq	version:	0	Trust: 0.3
vendor:	schneider electric	model:	bmxp342020	scope:	eq	version:	0	Trust: 0.3
vendor:	schneider electric	model:	bmxnor0200h	scope:	eq	version:	0	Trust: 0.3
vendor:	schneider electric	model:	bmxnoe0110h	scope:	eq	version:	0	Trust: 0.3
vendor:	schneider electric	model:	bmxnoe0110	scope:	eq	version:	0	Trust: 0.3
vendor:	schneider electric	model:	bmxnoe0100	scope:	eq	version:	0	Trust: 0.3
vendor:	schneider electric	model:	bmxnoc0402	scope:	eq	version:	0	Trust: 0.3
vendor:	schneider electric	model:	bmxnoc0401	scope:	eq	version:	0	Trust: 0.3
vendor:	schneider electric	model:	bmx noe	scope:	eq	version:	01100	Trust: 0.3
vendor:	schneider electric	model:	171ccc98030	scope:	eq	version:	0	Trust: 0.3
vendor:	schneider electric	model:	171ccc98020	scope:	eq	version:	0	Trust: 0.3
vendor:	schneider electric	model:	171ccc96030c	scope:	eq	version:	0	Trust: 0.3
vendor:	schneider electric	model:	171ccc96030	scope:	eq	version:	0	Trust: 0.3
vendor:	schneider electric	model:	171ccc96020c	scope:	eq	version:	0	Trust: 0.3
vendor:	schneider electric	model:	171ccc96020	scope:	eq	version:	0	Trust: 0.3
vendor:	schneider electric	model:	170ent11002	scope:	eq	version:	0	Trust: 0.3
vendor:	schneider electric	model:	170ent11001	scope:	eq	version:	0	Trust: 0.3
vendor:	schneider electric	model:	140nwm10000	scope:	eq	version:	0	Trust: 0.3
vendor:	schneider electric	model:	140noe77111c	scope:	eq	version:	0	Trust: 0.3
vendor:	schneider electric	model:	140noe77111	scope:	eq	version:	0	Trust: 0.3
vendor:	schneider electric	model:	140noe77110	scope:	eq	version:	0	Trust: 0.3
vendor:	schneider electric	model:	140noe77101c	scope:	eq	version:	0	Trust: 0.3
vendor:	schneider electric	model:	140noe77101	scope:	eq	version:	0	Trust: 0.3
vendor:	schneider electric	model:	140noe77100	scope:	eq	version:	0	Trust: 0.3
vendor:	schneider electric	model:	140noc78100	scope:	eq	version:	0	Trust: 0.3
vendor:	schneider electric	model:	140noc78000	scope:	eq	version:	0	Trust: 0.3
vendor:	schneider electric	model:	140noc77100	scope:	eq	version:	0	Trust: 0.3
vendor:	schneider electric	model:	140cpu65260	scope:	eq	version:	0	Trust: 0.3
vendor:	schneider electric	model:	140cpu65160	scope:	eq	version:	0	Trust: 0.3
vendor:	schneider electric	model:	140cpu65150	scope:	eq	version:	0	Trust: 0.3
vendor:	modicon plc ethernet module	model:	bmxnor0200h	scope:	-	version:	-	Trust: 0.2
vendor:	modicon plc ethernet module	model:	140cpu65150	scope:	-	version:	-	Trust: 0.2
vendor:	modicon plc ethernet module	model:	140cpu65160	scope:	-	version:	-	Trust: 0.2
vendor:	modicon plc ethernet module	model:	140cpu65260	scope:	-	version:	-	Trust: 0.2
vendor:	modicon plc ethernet module	model:	140noc77100	scope:	-	version:	-	Trust: 0.2
vendor:	modicon plc ethernet module	model:	140noc78000	scope:	-	version:	-	Trust: 0.2
vendor:	modicon plc ethernet module	model:	140noe77100	scope:	-	version:	-	Trust: 0.2
vendor:	modicon plc ethernet module	model:	140noe77101	scope:	-	version:	-	Trust: 0.2
vendor:	modicon plc ethernet module	model:	140noe77101c	scope:	-	version:	-	Trust: 0.2
vendor:	modicon plc ethernet module	model:	140noe77110	scope:	-	version:	-	Trust: 0.2
vendor:	modicon plc ethernet module	model:	140noe77111	scope:	-	version:	-	Trust: 0.2
vendor:	modicon plc ethernet module	model:	140noe77111c	scope:	-	version:	-	Trust: 0.2
vendor:	modicon plc ethernet module	model:	140nwm10000	scope:	-	version:	-	Trust: 0.2
vendor:	modicon plc ethernet module	model:	170ent11001	scope:	-	version:	-	Trust: 0.2
vendor:	modicon plc ethernet module	model:	170ent11002	scope:	-	version:	-	Trust: 0.2
vendor:	modicon plc ethernet module	model:	170ent11002c	scope:	-	version:	-	Trust: 0.2
vendor:	modicon plc ethernet module	model:	171ccc96020	scope:	-	version:	-	Trust: 0.2
vendor:	modicon plc ethernet module	model:	171ccc96020c	scope:	-	version:	-	Trust: 0.2
vendor:	modicon plc ethernet module	model:	171ccc96030	scope:	-	version:	-	Trust: 0.2
vendor:	modicon plc ethernet module	model:	171ccc96030c	scope:	-	version:	-	Trust: 0.2
vendor:	modicon plc ethernet module	model:	171ccc98020	scope:	-	version:	-	Trust: 0.2
vendor:	modicon plc ethernet module	model:	171ccc98030	scope:	-	version:	-	Trust: 0.2
vendor:	modicon plc ethernet module	model:	bmxnoc0401	scope:	-	version:	-	Trust: 0.2
vendor:	modicon plc ethernet module	model:	bmxnoc0402	scope:	-	version:	-	Trust: 0.2
vendor:	modicon plc ethernet module	model:	bmxnoe0100	scope:	-	version:	-	Trust: 0.2
vendor:	modicon plc ethernet module	model:	bmxnoe0110	scope:	-	version:	-	Trust: 0.2
vendor:	modicon plc ethernet module	model:	bmxnoe0110h	scope:	-	version:	-	Trust: 0.2
vendor:	modicon plc ethernet module	model:	bmxp342020	scope:	-	version:	-	Trust: 0.2
vendor:	modicon plc ethernet module	model:	bmxp342020h	scope:	-	version:	-	Trust: 0.2
vendor:	modicon plc ethernet module	model:	bmxp342030	scope:	-	version:	-	Trust: 0.2
vendor:	modicon plc ethernet module	model:	bmxp342030h	scope:	-	version:	-	Trust: 0.2
vendor:	modicon plc ethernet module	model:	bmxp3420302	scope:	-	version:	-	Trust: 0.2
vendor:	modicon plc ethernet module	model:	bmxp3420302h	scope:	-	version:	-	Trust: 0.2
vendor:	modicon plc ethernet module	model:	bmxprmxxxx	scope:	-	version:	-	Trust: 0.2
vendor:	modicon plc ethernet module	model:	stbnic2212	scope:	-	version:	-	Trust: 0.2
vendor:	modicon plc ethernet module	model:	stbnip2212	scope:	-	version:	-	Trust: 0.2
vendor:	modicon plc ethernet module	model:	tsxetc100	scope:	-	version:	-	Trust: 0.2
vendor:	modicon plc ethernet module	model:	tsxetc0101	scope:	-	version:	-	Trust: 0.2
vendor:	modicon plc ethernet module	model:	tsxety110ws	scope:	-	version:	-	Trust: 0.2
vendor:	modicon plc ethernet module	model:	tsxety110wsc	scope:	-	version:	-	Trust: 0.2
vendor:	modicon plc ethernet module	model:	tsxety4103	scope:	-	version:	-	Trust: 0.2
vendor:	modicon plc ethernet module	model:	tsxety4103c	scope:	-	version:	-	Trust: 0.2
vendor:	modicon plc ethernet module	model:	tsxety5103	scope:	-	version:	-	Trust: 0.2
vendor:	modicon plc ethernet module	model:	tsxety5103c	scope:	-	version:	-	Trust: 0.2
vendor:	modicon plc ethernet module	model:	tsxetz410	scope:	-	version:	-	Trust: 0.2
vendor:	modicon plc ethernet module	model:	tsxetz510	scope:	-	version:	-	Trust: 0.2
vendor:	modicon plc ethernet module	model:	tsxntp100	scope:	-	version:	-	Trust: 0.2
vendor:	modicon plc ethernet module	model:	tsxp571634m	scope:	-	version:	-	Trust: 0.2
vendor:	modicon plc ethernet module	model:	tsxp572623m	scope:	-	version:	-	Trust: 0.2
vendor:	modicon plc ethernet module	model:	tsxp572623mc	scope:	-	version:	-	Trust: 0.2
vendor:	modicon plc ethernet module	model:	tsxp572823m	scope:	-	version:	-	Trust: 0.2
vendor:	modicon plc ethernet module	model:	tsxp572823mc	scope:	-	version:	-	Trust: 0.2
vendor:	modicon plc ethernet module	model:	tsxp573623am	scope:	-	version:	-	Trust: 0.2
vendor:	modicon plc ethernet module	model:	tsxp573623m	scope:	-	version:	-	Trust: 0.2
vendor:	modicon plc ethernet module	model:	tsxp573623mc	scope:	-	version:	-	Trust: 0.2
vendor:	modicon plc ethernet module	model:	tsxp573634m	scope:	-	version:	-	Trust: 0.2
vendor:	modicon plc ethernet module	model:	tsxp574634m	scope:	-	version:	-	Trust: 0.2
vendor:	modicon plc ethernet module	model:	tsxp574823am	scope:	-	version:	-	Trust: 0.2
vendor:	modicon plc ethernet module	model:	tsxp574823m	scope:	-	version:	-	Trust: 0.2
vendor:	modicon plc ethernet module	model:	tsxp574823mc	scope:	-	version:	-	Trust: 0.2
vendor:	modicon plc ethernet module	model:	tsxp575634m	scope:	-	version:	-	Trust: 0.2
vendor:	modicon plc ethernet module	model:	tsxp576634m	scope:	-	version:	-	Trust: 0.2
vendor:	modicon plc ethernet module	model:	tsxwmy100	scope:	-	version:	-	Trust: 0.2
vendor:	modicon plc ethernet module	model:	tsxwmy100c	scope:	-	version:	-	Trust: 0.2

sources: IVD: cce5fe38-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-06695 // BID: 70193 // JVNDB: JVNDB-2014-004531 // CNNVD: CNNVD-201410-075 // NVD: CVE-2014-0754

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-0754
value:	HIGH
Trust: 1.0
NVD:	CVE-2014-0754
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2014-06695
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201410-075
value:	CRITICAL
Trust: 0.6
IVD:	cce5fe38-2351-11e6-abef-000c29c66e3d
value:	CRITICAL
Trust: 0.2
VULHUB:	VHN-68247
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2014-0754
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2014-06695
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	cce5fe38-2351-11e6-abef-000c29c66e3d
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-68247
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: IVD: cce5fe38-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-06695 // VULHUB: VHN-68247 // JVNDB: JVNDB-2014-004531 // CNNVD: CNNVD-201410-075 // NVD: CVE-2014-0754

PROBLEMTYPE DATA

problemtype:

CWE-22

Trust: 1.9

sources: VULHUB: VHN-68247 // JVNDB: JVNDB-2014-004531 // NVD: CVE-2014-0754

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201410-075

TYPE

Path traversal

Trust: 0.8

sources: IVD: cce5fe38-2351-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201410-075

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-004531

PATCH

title:	Modicon PLC Ethernet Communication Modules	url:	http://download.schneider-electric.com/files?p_Reference=SEVD-2014-260-01&p_EnDocType=Software%20-%20Updates&p_File_Id=608959359&p_File_Name=SEVD-2014-260-01.pdf	Trust: 0.8
title:	Patches for multiple Schneider Electric product catalog traversal vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/50841	Trust: 0.6
title:	BMXNOE0100+Exec	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54170	Trust: 0.6
title:	BMXNOE0110+Web+and+Exec	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54171	Trust: 0.6
title:	140NOE77101+Exec+For+Unity+Users	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54184	Trust: 0.6
title:	140NOE77101+Exec+For+Non+Unity+Users	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54183	Trust: 0.6
title:	140NOE77111+Exec+For+Unity+and+Non+Unity+Users	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54185	Trust: 0.6
title:	140CPU65260+Quantum+Copro+Exec	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54180	Trust: 0.6
title:	140CPU65160+Quantum+Copro+Exec	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54179	Trust: 0.6
title:	140CPU65150+Quantum+CoPro+Exec	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54178	Trust: 0.6
title:	140NOC78000+Exec	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54181	Trust: 0.6
title:	TSXP575634M+Premium+Copro+Exec	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54176	Trust: 0.6
title:	TSXP574634M+Premium+Copro+Exec	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54175	Trust: 0.6
title:	TSXP576634M+Premium+Copro+Exec	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54177	Trust: 0.6
title:	TSXETC101+Exec	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54172	Trust: 0.6
title:	140NOC78100+Exec	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54182	Trust: 0.6
title:	TSXP573634M+ETY+Port+Exec	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54188	Trust: 0.6
title:	TSXP572634M+ETY+Port+Exec	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54187	Trust: 0.6
title:	TSXETY5103+Exec	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54174	Trust: 0.6
title:	TSXP571634M+ETY+Port+Exec	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54186	Trust: 0.6
title:	TSXETY4103+Exec	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54173	Trust: 0.6
title:	BMXNOC0401+Exec	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54169	Trust: 0.6

sources: CNVD: CNVD-2014-06695 // JVNDB: JVNDB-2014-004531 // CNNVD: CNNVD-201410-075

EXTERNAL IDS

db:	NVD	id:	CVE-2014-0754	Trust: 3.6
db:	ICS CERT	id:	ICSA-14-273-01	Trust: 3.4
db:	BID	id:	70193	Trust: 2.6
db:	SCHNEIDER	id:	SEVD-2014-260-01	Trust: 2.0
db:	CNNVD	id:	CNNVD-201410-075	Trust: 0.9
db:	CNVD	id:	CNVD-2014-06695	Trust: 0.8
db:	JVNDB	id:	JVNDB-2014-004531	Trust: 0.8
db:	IVD	id:	CCE5FE38-2351-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	VULHUB	id:	VHN-68247	Trust: 0.1

sources: IVD: cce5fe38-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-06695 // VULHUB: VHN-68247 // BID: 70193 // JVNDB: JVNDB-2014-004531 // CNNVD: CNNVD-201410-075 // NVD: CVE-2014-0754

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-14-273-01	Trust: 3.4
url:	http://www.securityfocus.com/bid/70193	Trust: 1.7
url:	http://download.schneider-electric.com/files?p_reference=sevd-2014-260-01&p_endoctype=software%20-%20updates&p_file_id=608959359&p_file_name=sevd-2014-260-01.pdf	Trust: 1.6
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0754	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0754	Trust: 0.8
url:	http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true	Trust: 0.3
url:	http://download.schneider-electric.com/files?p_doc_ref=sevd-2014-260-01	Trust: 0.3
url:	http://download.schneider-electric.com/files?p_reference=sevd-2014-260-01&p_endoctype=software%20-%20updates&p_file_id=608959359&p_file_name=sevd-2014-260-01.pdf	Trust: 0.1

sources: CNVD: CNVD-2014-06695 // VULHUB: VHN-68247 // BID: 70193 // JVNDB: JVNDB-2014-004531 // CNNVD: CNNVD-201410-075 // NVD: CVE-2014-0754

CREDITS

Billy Rios

Trust: 0.3

sources: BID: 70193

SOURCES

db:	IVD	id:	cce5fe38-2351-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2014-06695
db:	VULHUB	id:	VHN-68247
db:	BID	id:	70193
db:	JVNDB	id:	JVNDB-2014-004531
db:	CNNVD	id:	CNNVD-201410-075
db:	NVD	id:	CVE-2014-0754

LAST UPDATE DATE

2024-11-23T22:13:39.284000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-06695	date:	2014-10-14T00:00:00
db:	VULHUB	id:	VHN-68247	date:	2016-04-04T00:00:00
db:	BID	id:	70193	date:	2014-09-30T00:00:00
db:	JVNDB	id:	JVNDB-2014-004531	date:	2014-10-07T00:00:00
db:	CNNVD	id:	CNNVD-201410-075	date:	2022-02-11T00:00:00
db:	NVD	id:	CVE-2014-0754	date:	2024-11-21T02:02:44.980

SOURCES RELEASE DATE

db:	IVD	id:	cce5fe38-2351-11e6-abef-000c29c66e3d	date:	2014-10-14T00:00:00
db:	CNVD	id:	CNVD-2014-06695	date:	2014-10-14T00:00:00
db:	VULHUB	id:	VHN-68247	date:	2014-10-03T00:00:00
db:	BID	id:	70193	date:	2014-09-30T00:00:00
db:	JVNDB	id:	JVNDB-2014-004531	date:	2014-10-07T00:00:00
db:	CNNVD	id:	CNNVD-201410-075	date:	2014-10-13T00:00:00
db:	NVD	id:	CVE-2014-0754	date:	2014-10-03T18:55:06.017