Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2015-6462

Reflected Cross-Site Scripting (nonpersistent) allows an attacker to craft a specific URL, which contains Java script that will be executed on the Schneider Electric Modicon BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, or BMXP342030H PLC client browser.

Published

2019-03-21T19:29:00.317

Last Modified

2024-11-21T02:35:00.833

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 5.4 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:S/C:N/I:P/A:N

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: SINGLE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

6.8

Impact Score

2.9

Weaknesses

Type: Secondary
CWE-79
Type: Primary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	schneider-electric	bmxnoc0401_firmware	-	Yes
Hardware	schneider-electric	bmxnoc0401	-	No
Operating System	schneider-electric	bmxnoe0100_firmware	-	Yes
Hardware	schneider-electric	bmxnoe0100	-	No
Operating System	schneider-electric	bmxnoe0110_firmware	-	Yes
Hardware	schneider-electric	bmxnoe0110	-	No
Operating System	schneider-electric	bmxnoe0110h_firmware	-	Yes
Hardware	schneider-electric	bmxnoe0110h	-	No
Operating System	schneider-electric	bmxnor0200h_firmware	-	Yes
Hardware	schneider-electric	bmxnor0200h	-	No
Operating System	schneider-electric	modicon_m340_bmxp342020_firmware	-	Yes
Hardware	schneider-electric	modicon_m340_bmxp342020	-	No
Operating System	schneider-electric	modicon_m340_bmxp342020h_firmware	-	Yes
Hardware	schneider-electric	modicon_m340_bmxp342020h	-	No
Operating System	schneider-electric	modicon_m340_bmxp342030_firmware	-	Yes
Hardware	schneider-electric	modicon_m340_bmxp342030	-	No
Operating System	schneider-electric	modicon_m340_bmxp3420302_firmware	-	Yes
Hardware	schneider-electric	modicon_m340_bmxp3420302	-	No
Operating System	schneider-electric	modicon_m340_bmxp3420302h_firmware	-	Yes
Hardware	schneider-electric	modicon_m340_bmxp3420302h	-	No
Operating System	schneider-electric	modicon_m340_bmxp342030h_firmware	-	Yes
Hardware	schneider-electric	modicon_m340_bmxp342030h	-	No

References

https://ics-cert.us-cert.gov/advisories/ICSA-15-246-02 Third Party Advisory, US Government Resource ([email protected])
https://ics-cert.us-cert.gov/advisories/ICSA-15-246-02 Third Party Advisory, US Government Resource (af854a3a-2127-422b-91ae-364da2661108)