Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2014-0754

Directory traversal vulnerability in SchneiderWEB on Schneider Electric Modicon PLC Ethernet modules 140CPU65x Exec before 5.5, 140NOC78x Exec before 1.62, 140NOE77x Exec before 6.2, BMXNOC0401 before 2.05, BMXNOE0100 before 2.9, BMXNOE0110x Exec before 6.0, TSXETC101 Exec before 2.04, TSXETY4103x Exec before 5.7, TSXETY5103x Exec before 5.9, TSXP57x ETYPort Exec before 5.7, and TSXP57x Ethernet Copro Exec before 5.5 allows remote attackers to visit arbitrary resources via a crafted HTTP request.

Published

2014-10-03T18:55:06.017

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 10.0 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

10.0

Impact Score

10.0

Weaknesses

Type: Primary
CWE-22

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	schneider-electric	stbnic2212_firmware	-	Yes
Hardware	schneider-electric	stbnic2212	-	No
Operating System	schneider-electric	stbnip2212_firmware	-	Yes
Hardware	schneider-electric	stbnip2212	-	No
Operating System	schneider-electric	tsxetc0101_firmware	-	Yes
Hardware	schneider-electric	tsxetc0101	-	No
Operating System	schneider-electric	tsxetc100_firmware	-	Yes
Hardware	schneider-electric	tsxetc100	-	No
Operating System	schneider-electric	tsxp573623mc_firmware	-	Yes
Hardware	schneider-electric	tsxp573623mc	-	No
Operating System	schneider-electric	tsxety110ws_firmware	-	Yes
Hardware	schneider-electric	tsxety110ws	-	No
Operating System	schneider-electric	tsxp574634m_firmware	-	Yes
Hardware	schneider-electric	tsxp574634m	-	No
Operating System	schneider-electric	tsxety110wsc_firmware	-	Yes
Hardware	schneider-electric	tsxety110wsc	-	No
Operating System	schneider-electric	tsxp574823am_firmware	-	Yes
Hardware	schneider-electric	tsxp574823am	-	No
Operating System	schneider-electric	tsxety4103_firmware	-	Yes
Hardware	schneider-electric	tsxety4103	-	No
Operating System	schneider-electric	tsxp574823m_firmware	-	Yes
Hardware	schneider-electric	tsxp574823m	-	No
Operating System	schneider-electric	tsxety4103c_firmware	-	Yes
Hardware	schneider-electric	tsxety4103c	-	No
Operating System	schneider-electric	tsxp574823mc_firmware	-	Yes
Hardware	schneider-electric	tsxp574823mc	-	No
Operating System	schneider-electric	tsxety5103_firmware	-	Yes
Hardware	schneider-electric	tsxety5103	-	No
Operating System	schneider-electric	tsxp575634m_firmware	-	Yes
Hardware	schneider-electric	tsxp575634m	-	No
Operating System	schneider-electric	tsxety5103c_firmware	-	Yes
Hardware	schneider-electric	tsxety5103c	-	No
Operating System	schneider-electric	tsxp576634m_firmware	-	Yes
Hardware	schneider-electric	tsxp576634m	-	No
Operating System	schneider-electric	tsxetz410_firmware	-	Yes
Hardware	schneider-electric	tsxetz410	-	No
Operating System	schneider-electric	tsxwmy100_firmware	-	Yes
Hardware	schneider-electric	tsxwmy100	-	No
Operating System	schneider-electric	tsxetz510_firmware	-	Yes
Hardware	schneider-electric	tsxetz510	-	No
Operating System	schneider-electric	tsxwmy100c_firmware	-	Yes
Hardware	schneider-electric	tsxwmy100c	-	No
Operating System	schneider-electric	tsxntp100_firmware	-	Yes
Hardware	schneider-electric	tsxntp100	-	No
Operating System	schneider-electric	modicon_m580_bmxnoc0402_firmware	-	Yes
Hardware	schneider-electric	modicon_m580_bmxnoc0402	-	No
Operating System	schneider-electric	modicon_m340_bmxnoe0100_firmware	-	Yes
Hardware	schneider-electric	modicon_m340_bmxnoe0100	-	No
Operating System	schneider-electric	modicon_m340_bmxnoe0110_firmware	-	Yes
Hardware	schneider-electric	modicon_m340_bmxnoe0110	-	No
Operating System	schneider-electric	modicon_m340_bmxnoe0110h_firmware	-	Yes
Hardware	schneider-electric	modicon_m340_bmxnoe0110h	-	No
Operating System	schneider-electric	modicon_m340_bmxnor0200h_firmware	-	Yes
Hardware	schneider-electric	modicon_m340_bmxnor0200h	-	No
Operating System	schneider-electric	modicon_m340_bmxp342020_firmware	-	Yes
Hardware	schneider-electric	modicon_m340_bmxp342020	-	No
Operating System	schneider-electric	modicon_m340_bmxp342020h_firmware	-	Yes
Hardware	schneider-electric	modicon_m340_bmxp342020h	-	No
Operating System	schneider-electric	modicon_m340_bmxp342030_firmware	-	Yes
Hardware	schneider-electric	modicon_m340_bmxp342030	-	No
Operating System	schneider-electric	modicon_m340_bmxp3420302_firmware	-	Yes
Hardware	schneider-electric	modicon_m340_bmxp3420302	-	No
Operating System	schneider-electric	modicon_m340_bmxp3420302h_firmware	-	Yes
Hardware	schneider-electric	modicon_m340_bmxp3420302h	-	No
Operating System	schneider-electric	modicon_m340_bmxp342030h_firmware	-	Yes
Hardware	schneider-electric	modicon_m340_bmxp342030h	-	No
Operating System	schneider-electric	modicon_m340_bmxnoc0401_firmware	-	Yes
Hardware	schneider-electric	modicon_m340_bmxnoc0401	-	No
Operating System	schneider-electric	171ccc96020_firmware	-	Yes
Hardware	schneider-electric	171ccc96020	-	No
Operating System	schneider-electric	171ccc96020c_firmware	-	Yes
Hardware	schneider-electric	171ccc96020c	-	No
Operating System	schneider-electric	171ccc96030_firmware	-	Yes
Hardware	schneider-electric	171ccc96030	-	No
Operating System	schneider-electric	171ccc96030c_firmware	-	Yes
Hardware	schneider-electric	171ccc96030c	-	No
Operating System	schneider-electric	171ccc98020_firmware	-	Yes
Hardware	schneider-electric	171ccc98020	-	No
Operating System	schneider-electric	171ccc98030_firmware	-	Yes
Hardware	schneider-electric	171ccc98030	-	No
Operating System	schneider-electric	modicon_m340_bmxnoc0401_firmware	-	Yes
Hardware	schneider-electric	modicon_m340_bmxnoc0401	-	No
Operating System	schneider-electric	modicon_m580_bmxnoc0402_firmware	-	Yes
Hardware	schneider-electric	modicon_m580_bmxnoc0402	-	No
Operating System	schneider-electric	modicon_m340_bmxnoe0110_firmware	-	Yes
Hardware	schneider-electric	modicon_m340_bmxnoe0110	-	No
Operating System	schneider-electric	modicon_m340_bmxnoe0110h_firmware	-	Yes
Hardware	schneider-electric	modicon_m340_bmxnoe0110h	-	No
Operating System	schneider-electric	modicon_m340_bmxnor0200h_firmware	-	Yes
Hardware	schneider-electric	modicon_m340_bmxnor0200h	-	No
Operating System	schneider-electric	modicon_m340_bmxp342020_firmware	-	Yes
Hardware	schneider-electric	modicon_m340_bmxp342020	-	No
Operating System	schneider-electric	modicon_m340_bmxp342020h_firmware	-	Yes
Hardware	schneider-electric	modicon_m340_bmxp342020h	-	No
Operating System	schneider-electric	modicon_m340_bmxp3420302_firmware	-	Yes
Hardware	schneider-electric	modicon_m340_bmxp3420302	-	No
Operating System	schneider-electric	modicon_m340_bmxp342030_firmware	-	Yes
Hardware	schneider-electric	modicon_m340_bmxp342030	-	No
Operating System	schneider-electric	modicon_m340_bmxp3420302h_firmware	-	Yes
Hardware	schneider-electric	modicon_m340_bmxp3420302h	-	No
Operating System	schneider-electric	modicon_m340_bmxp342030h_firmware	-	Yes
Hardware	schneider-electric	modicon_m340_bmxp342030h	-	No
Operating System	schneider-electric	tsxetc100_firmware	-	Yes
Hardware	schneider-electric	tsxetc100	-	No
Operating System	schneider-electric	tsxp573623mc_firmware	-	Yes
Hardware	schneider-electric	tsxp573623mc	-	No
Operating System	schneider-electric	tsxety110ws_firmware	-	Yes
Hardware	schneider-electric	tsxety110ws	-	No
Operating System	schneider-electric	tsxp574634m_firmware	-	Yes
Hardware	schneider-electric	tsxp574634m	-	No
Operating System	schneider-electric	tsxety110wsc_firmware	-	Yes
Hardware	schneider-electric	tsxety110wsc	-	No
Operating System	schneider-electric	tsxp574823am_firmware	-	Yes
Hardware	schneider-electric	tsxp574823am	-	No
Operating System	schneider-electric	tsxety4103_firmware	-	Yes
Hardware	schneider-electric	tsxety4103	-	No
Operating System	schneider-electric	tsxp574823m_firmware	-	Yes
Hardware	schneider-electric	tsxp574823m	-	No
Operating System	schneider-electric	tsxety4103c_firmware	-	Yes
Hardware	schneider-electric	tsxety4103c	-	No
Operating System	schneider-electric	tsxp574823mc_firmware	-	Yes
Hardware	schneider-electric	tsxp574823mc	-	No
Operating System	schneider-electric	tsxety5103_firmware	-	Yes
Hardware	schneider-electric	tsxety5103	-	No
Operating System	schneider-electric	tsxp575634m_firmware	-	Yes
Hardware	schneider-electric	tsxp575634m	-	No
Operating System	schneider-electric	tsxety5103c_firmware	-	Yes
Hardware	schneider-electric	tsxety5103c	-	No
Operating System	schneider-electric	tsxp576634m_firmware	-	Yes
Hardware	schneider-electric	tsxp576634m	-	No
Operating System	schneider-electric	tsxetz410_firmware	-	Yes
Hardware	schneider-electric	tsxetz410	-	No
Operating System	schneider-electric	tsxwmy100_firmware	-	Yes
Hardware	schneider-electric	tsxwmy100	-	No
Operating System	schneider-electric	tsxetz510_firmware	-	Yes
Hardware	schneider-electric	tsxetz510	-	No
Operating System	schneider-electric	tsxwmy100c_firmware	-	Yes
Hardware	schneider-electric	tsxwmy100c	-	No
Operating System	schneider-electric	tsxntp100_firmware	-	Yes
Hardware	schneider-electric	tsxntp100	-	No
Operating System	schneider-electric	tsxp571634m_firmware	-	Yes
Hardware	schneider-electric	tsxp571634m	-	No
Operating System	schneider-electric	tsxp572634m_firmware	-	Yes
Hardware	schneider-electric	tsxp572634m	-	No
Operating System	schneider-electric	tsxp573634m_firmware	-	Yes
Hardware	schneider-electric	tsxp573634m	-	No

References

http://download.schneider-electric.com/files?p_Reference=SEVD-2014-260-01&p_EnDocType=Software%20-%20Updates&p_File_Id=608959359&p_File_Name=SEVD-2014-260-01.pdf Patch, Vendor Advisory ([email protected])
http://www.securityfocus.com/bid/70193 Third Party Advisory, VDB Entry ([email protected])
https://ics-cert.us-cert.gov/advisories/ICSA-14-273-01 Third Party Advisory, US Government Resource ([email protected])
http://download.schneider-electric.com/files?p_Reference=SEVD-2014-260-01&p_EnDocType=Software%20-%20Updates&p_File_Id=608959359&p_File_Name=SEVD-2014-260-01.pdf Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/70193 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://ics-cert.us-cert.gov/advisories/ICSA-14-273-01 Third Party Advisory, US Government Resource (af854a3a-2127-422b-91ae-364da2661108)