Sign-up

ID

VAR-202012-1387


CVE

CVE-2020-7535


TITLE

plural  Schneider Electric  Path traversal vulnerabilities in products

Trust: 0.8

sources: JVNDB: JVNDB-2020-014327

DESCRIPTION

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal' Vulnerability Type) vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause disclosure of information when sending a specially crafted request to the controller over HTTP. plural Schneider Electric The product contains a path traversal vulnerability.Information may be obtained

Trust: 1.62

sources: NVD: CVE-2020-7535 // JVNDB: JVNDB-2020-014327

AFFECTED PRODUCTS

vendor:schneider electricmodel:140noc77101scope:eqversion:*

Trust: 1.0

vendor:schneider electricmodel:bmxnoe0110scope:ltversion:6.6

Trust: 1.0

vendor:schneider electricmodel:140cpu65150scope:eqversion:*

Trust: 1.0

vendor:schneider electricmodel:tsxety4103scope:eqversion:*

Trust: 1.0

vendor:schneider electricmodel:tsxety5103scope:eqversion:*

Trust: 1.0

vendor:schneider electricmodel:140noe77101scope:ltversion:7.3

Trust: 1.0

vendor:schneider electricmodel:modicon m340 bmxp3420102scope:ltversion:3.30

Trust: 1.0

vendor:schneider electricmodel:modicon m340 bmxp3420302scope:ltversion:3.30

Trust: 1.0

vendor:schneider electricmodel:tsxp575634scope:eqversion:*

Trust: 1.0

vendor:schneider electricmodel:modicon m340 bmxp342020scope:ltversion:3.30

Trust: 1.0

vendor:schneider electricmodel:modicon m340 bmxp341000scope:ltversion:3.30

Trust: 1.0

vendor:schneider electricmodel:bmxnoe0100scope:ltversion:3.4

Trust: 1.0

vendor:schneider electricmodel:tsxp576634scope:eqversion:*

Trust: 1.0

vendor:schneider electricmodel:modicon m340 bmxp3420102clscope:ltversion:3.30

Trust: 1.0

vendor:schneider electricmodel:140noc78100scope:eqversion:*

Trust: 1.0

vendor:schneider electricmodel:140noc78000scope:eqversion:*

Trust: 1.0

vendor:schneider electricmodel:modicon m340 bmxp3420302clscope:ltversion:3.30

Trust: 1.0

vendor:schneider electricmodel:140cpu65160scope:eqversion:*

Trust: 1.0

vendor:schneider electricmodel:140noe77111scope:ltversion:7.3

Trust: 1.0

vendor:schneider electricmodel:tsxp574634scope:eqversion:*

Trust: 1.0

vendor:schneider electricmodel:modicon m340 bmxp342000scope:ltversion:3.30

Trust: 1.0

vendor:schneider electricmodel:140noe 77101scope: - version: -

Trust: 0.8

vendor:schneider electricmodel:bmxnoe0110scope: - version: -

Trust: 0.8

vendor:schneider electricmodel:bmxp3420102scope: - version: -

Trust: 0.8

vendor:schneider electricmodel:bmxp3420302clscope: - version: -

Trust: 0.8

vendor:schneider electricmodel:bmxp3420102clscope: - version: -

Trust: 0.8

vendor:schneider electricmodel:bmxp342020scope: - version: -

Trust: 0.8

vendor:schneider electricmodel:bmxp342000scope: - version: -

Trust: 0.8

vendor:schneider electricmodel:bmxp341000scope: - version: -

Trust: 0.8

vendor:schneider electricmodel:bmxp3420302scope: - version: -

Trust: 0.8

vendor:schneider electricmodel:bmxnoe0100scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-014327 // NVD: CVE-2020-7535

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-7535
value: HIGH

Trust: 1.0

NVD: CVE-2020-7535
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202012-934
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2020-7535
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

nvd@nist.gov: CVE-2020-7535
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2020-7535
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2020-014327 // CNNVD: CNNVD-202012-934 // NVD: CVE-2020-7535

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.0

problemtype:Path traversal (CWE-22) [ Other ]

Trust: 0.8

sources: JVNDB: JVNDB-2020-014327 // NVD: CVE-2020-7535

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202012-934

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-202012-934

PATCH

title:SEVD-2020-343-05url:https://www.se.com/ww/en/download/document/SEVD-2020-343-05/

Trust: 0.8

title:Schneider Electric Modicon M340 Repair measures for path traversal vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=136598

Trust: 0.6

sources: JVNDB: JVNDB-2020-014327 // CNNVD: CNNVD-202012-934

EXTERNAL IDS

db:NVDid:CVE-2020-7535

Trust: 2.4

db:SCHNEIDERid:SEVD-2020-343-05

Trust: 1.6

db:JVNDBid:JVNDB-2020-014327

Trust: 0.8

db:CNNVDid:CNNVD-202012-934

Trust: 0.6

sources: JVNDB: JVNDB-2020-014327 // CNNVD: CNNVD-202012-934 // NVD: CVE-2020-7535

REFERENCES

url:https://www.se.com/ww/en/download/document/sevd-2020-343-05/

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2020-7535

Trust: 0.8

sources: JVNDB: JVNDB-2020-014327 // CNNVD: CNNVD-202012-934 // NVD: CVE-2020-7535

SOURCES

db:JVNDBid:JVNDB-2020-014327
db:CNNVDid:CNNVD-202012-934
db:NVDid:CVE-2020-7535

LAST UPDATE DATE

2024-11-23T22:58:05.427000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2020-014327date:2021-08-13T08:51:00
db:CNNVDid:CNNVD-202012-934date:2020-12-16T00:00:00
db:NVDid:CVE-2020-7535date:2024-11-21T05:37:19.907

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2020-014327date:2021-08-13T00:00:00
db:CNNVDid:CNNVD-202012-934date:2020-12-11T00:00:00
db:NVDid:CVE-2020-7535date:2020-12-11T01:15:12.127