Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2013-0664

The FactoryCast service on the Schneider Electric Quantum 140NOE77111 and 140NWM10000, M340 BMXNOE0110x, and Premium TSXETY5103 PLC modules allows remote authenticated users to send Modbus messages, and consequently execute arbitrary code, by embedding these messages in SOAP HTTP POST requests.

Published

2013-04-04T11:58:49.823

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 8.5 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:S/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: SINGLE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

6.8

Impact Score

10.0

Weaknesses

Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Hardware	schneider-electric	modicon_quantum_plc	140noe77111	Yes
Hardware	schneider-electric	modicon_quantum_plc	140nwm10000	Yes
Hardware	schneider-electric	modicon_m340	bmxnoe0110x	Yes
Hardware	schneider-electric	modicon_premium	tsxety5103	Yes

References

http://ics-cert.us-cert.gov/pdf/ICSA-13-077-01A.pdf US Government Resource ([email protected])
http://www.schneider-electric.com/download/ww/en/details/35081317-Vulnerability-Disclosure-for-Quantum-Premium-and-M340/ Vendor Advisory ([email protected])
http://www.schneider-electric.com/download/ww/en/file/36555639-SEVD-2013-023-01.pdf/?fileName=SEVD-2013-023-01.pdf&reference=SEVD-2013-023-01&docType=Technical-paper Vendor Advisory ([email protected])
http://ics-cert.us-cert.gov/pdf/ICSA-13-077-01A.pdf US Government Resource (af854a3a-2127-422b-91ae-364da2661108)
http://www.schneider-electric.com/download/ww/en/details/35081317-Vulnerability-Disclosure-for-Quantum-Premium-and-M340/ Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.schneider-electric.com/download/ww/en/file/36555639-SEVD-2013-023-01.pdf/?fileName=SEVD-2013-023-01.pdf&reference=SEVD-2013-023-01&docType=Technical-paper Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)