CVE-2015-6462

Reflected Cross-Site Scripting (nonpersistent) allows an attacker to craft a specific URL, which contains Java script that will be executed on the Schneider Electric Modicon BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, or BMXP342030H PLC client browser.
References
Link Resource
https://ics-cert.us-cert.gov/advisories/ICSA-15-246-02 US Government Resource Third Party Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:schneider-electric:bmxnoc0401_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:bmxnoc0401:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:schneider-electric:bmxnoe0100_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:bmxnoe0100:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:schneider-electric:bmxnoe0110_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:bmxnoe0110:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:schneider-electric:bmxnoe0110h_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:bmxnoe0110h:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:schneider-electric:bmxnor0200h_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:bmxnor0200h:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:schneider-electric:modicon_m340_bmxp342020_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:schneider-electric:modicon_m340_bmxp342020h_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020h:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:schneider-electric:modicon_m340_bmxp342030_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:modicon_m340_bmxp342030:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302h_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302h:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:schneider-electric:modicon_m340_bmxp342030h_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:modicon_m340_bmxp342030h:-:*:*:*:*:*:*:*

History

10 Apr 2024, 12:28

Type Values Removed Values Added
CPE cpe:2.3:h:schneider-electric:bmxp342020h:-:*:*:*:*:*:*:*
cpe:2.3:o:schneider-electric:bmxp342020_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:schneider-electric:bmxp342030_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:schneider-electric:bmxp3420302_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:bmxp342030:-:*:*:*:*:*:*:*
cpe:2.3:o:schneider-electric:bmxp3420302h_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:bmxp342020:-:*:*:*:*:*:*:*
cpe:2.3:o:schneider-electric:bmxp342020h_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:bmxp342030h:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:bmxp3420302h:-:*:*:*:*:*:*:*
cpe:2.3:o:schneider-electric:bmxp342030h_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:bmxp3420302:-:*:*:*:*:*:*:*
cpe:2.3:o:schneider-electric:modicon_m340_bmxp342020_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:modicon_m340_bmxp342030h:-:*:*:*:*:*:*:*
cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020:-:*:*:*:*:*:*:*
cpe:2.3:o:schneider-electric:modicon_m340_bmxp342020h_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:modicon_m340_bmxp342030:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302:-:*:*:*:*:*:*:*
cpe:2.3:o:schneider-electric:modicon_m340_bmxp342030_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:schneider-electric:modicon_m340_bmxp342030h_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020h:-:*:*:*:*:*:*:*
cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302h_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302h:-:*:*:*:*:*:*:*
First Time Schneider-electric modicon M340 Bmxp342030h Firmware
Schneider-electric modicon M340 Bmxp342030
Schneider-electric modicon M340 Bmxp342020h Firmware
Schneider-electric modicon M340 Bmxp342020
Schneider-electric modicon M340 Bmxp342030 Firmware
Schneider-electric modicon M340 Bmxp342020 Firmware
Schneider-electric modicon M340 Bmxp342030h
Schneider-electric modicon M340 Bmxp3420302h Firmware
Schneider-electric modicon M340 Bmxp3420302h
Schneider-electric modicon M340 Bmxp3420302
Schneider-electric modicon M340 Bmxp3420302 Firmware
Schneider-electric modicon M340 Bmxp342020h

Information

Published : 2019-03-21 19:29

Updated : 2024-04-10 12:28


NVD link : CVE-2015-6462

Mitre link : CVE-2015-6462

CVE.ORG link : CVE-2015-6462


JSON object : View

Products Affected

schneider-electric

  • modicon_m340_bmxp342030_firmware
  • modicon_m340_bmxp342020h
  • bmxnoe0110h
  • modicon_m340_bmxp342020
  • modicon_m340_bmxp3420302_firmware
  • bmxnoe0110
  • modicon_m340_bmxp342030
  • modicon_m340_bmxp342030h
  • modicon_m340_bmxp3420302
  • modicon_m340_bmxp3420302h
  • modicon_m340_bmxp342020h_firmware
  • modicon_m340_bmxp342030h_firmware
  • modicon_m340_bmxp3420302h_firmware
  • bmxnor0200h
  • bmxnoc0401_firmware
  • bmxnoe0110h_firmware
  • bmxnoe0100
  • bmxnoc0401
  • bmxnoe0100_firmware
  • bmxnor0200h_firmware
  • bmxnoe0110_firmware
  • modicon_m340_bmxp342020_firmware
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')