CVE-2020-7533

{"id": "CVE-2020-7533", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2020-12-01T15:15:12.190", "references": [{"url": "https://download.schneider-electric.com/files?p_File_Name=SEVD-2020-287-01_Modicon_Web_Server_Security_Notificatiton.pdf&p_Doc_Ref=SEVD-2020-287-01&p_enDocType=Security+and+Safety+Notice", "source": "cybersecurity@se.com"}, {"url": "https://www.se.com/ww/en/download/document/SEVD-2020-287-01/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "cybersecurity@se.com", "description": [{"lang": "en", "value": "CWE-287"}]}, {"type": "Secondary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "CWE-287: Improper Authentication vulnerability exists which could cause the execution of\ncommands on the webserver without authentication when sending specially crafted HTTP\nrequests."}, {"lang": "es", "value": "Una CWE-255: Se presenta una vulnerabilidad Administraci\u00f3n de Credenciales en el Servidor Web en Modicon M340, Modicon Quantum y ofertas ModiconPremium Legacy y sus M\u00f3dulos de Comunicaci\u00f3n (v\u00e9ase la notificaci\u00f3n de seguridad para la informaci\u00f3n de la versi\u00f3n) que podr\u00eda causar una ejecuci\u00f3n de comandos en el servidor web sin autenticaci\u00f3n cuando se env\u00eda peticiones HTTP dise\u00f1adas"}], "lastModified": "2025-06-10T08:15:21.423", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "86401BD9-9D3F-4626-A299-6AFD5A7C6A95", "versionEndExcluding": "3.20"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "354968F7-C41B-4C21-8E47-81DC07DF0EA5"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342000_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AC91F3A5-7032-45DD-8897-0A63FDD25550", "versionEndExcluding": "3.20"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6D150239-27E2-4CBE-A931-5107C15E362F"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp341000_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA9F5C74-1CF8-47E8-B3AB-2F87FCD25D28", "versionEndExcluding": "3.20"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp341000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "178D2338-E48E-493C-992F-337AACE794DE"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420102_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "486E0121-1C3B-4EDC-9D76-292648A96764", "versionEndExcluding": "3.20"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420102:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "98212CF5-BCF4-4A55-B62A-484569687B4E"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp3420302_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "86401BD9-9D3F-4626-A299-6AFD5A7C6A95", "versionEndExcluding": "3.20"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp3420302:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "354968F7-C41B-4C21-8E47-81DC07DF0EA5"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:bmxnoe0100_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1BCDF059-40BF-4A32-9932-A7A744E6F295", "versionEndExcluding": "3.3"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:bmxnoe0100:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "80FC6FF2-D662-4A57-AAA6-BC04351DC779"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:bmxnoe0110_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3E001828-1A7D-4C8B-95FC-046652D3EF07", "versionEndExcluding": "6.5"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:bmxnoe0110:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "98F3B055-8919-4E09-9827-288F0A03DAFF"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:bmxnoc0401_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "887976CC-8244-4D86-9941-BA82BC1AB6C2", "versionEndExcluding": "2.10"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:bmxnoc0401:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DF08654A-FFCB-47D3-AC82-DF7284548962"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:tsxp574634_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "19D112F4-50CB-4EFE-B0EA-43A732A22283", "versionEndExcluding": "6.1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:tsxp574634:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "76B1122A-56A2-44BB-8648-C6E96D1966D9"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:tsxp575634_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4EDD6B6C-FF2A-4960-AFD6-9DF4B4F7FD5E", "versionEndExcluding": "6.1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:tsxp575634:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A0678A50-FE23-49BD-A6CF-A7094EFDAFA1"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:tsxp576634_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3CB6318A-9AEF-4C9D-9678-05208026AC8A", "versionEndExcluding": "6.1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:tsxp576634:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "38F83CCC-4A66-4D47-A563-777A16028F3B"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:tsxety4103_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "92C280EA-9C52-47A9-AA1E-B0AA9C1F67F2", "versionEndExcluding": "6.2"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:tsxety4103:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "18B13865-038C-4073-955A-36E6F5037C2C"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:tsxety5103_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0C093ECB-B977-4346-9E0E-DC30DD762055", "versionEndExcluding": "6.4"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:tsxety5103:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6A901BF2-9316-4067-9AFC-8A7CB3549F68"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:140noe77111_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4570480E-3787-4263-AB51-8AD0B62969CB", "versionEndExcluding": "7.1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:140noe77111:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7CBDCA32-398A-4AC3-A477-DEF9ACD4D3F4"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:140noc78000_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FD80E512-2D78-4375-8DBB-D12E5F0AF484", "versionEndExcluding": "1.74"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:140noc78000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "876CE5BA-B45D-4FFD-8176-E26181DAC355"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:140noc77101_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EAA8F733-513D-458A-A1ED-849A3DE8F5FD", "versionEndExcluding": "1.08"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:140noc77101:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0B688E46-6D5B-4197-BBA2-23F361E656E0"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:140cpu65260_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "329D4136-B86E-451A-8FF3-7722265889E1", "versionEndExcluding": "6.1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:140cpu65260:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3D7304B0-EE18-454B-B3F0-5EF387285D90"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cybersecurity@se.com"}