CWE-287: Improper Authentication vulnerability exists which could cause the execution of commands on the webserver without authentication when sending specially crafted HTTP requests.
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HSchneider Electric 140cpu65260
HWSchneider-Electricwszystkie wersjeSchneider Electric 140cpu65260 Firmware
OSSchneider-Electric< 6.1Schneider Electric 140noc77101
HWSchneider-Electricwszystkie wersjeSchneider Electric 140noc77101 Firmware
OSSchneider-Electric< 1.08Schneider Electric 140noc78000
HWSchneider-Electricwszystkie wersjeSchneider Electric 140noc78000 Firmware
OSSchneider-Electric< 1.74Schneider Electric 140noe77111
HWSchneider-Electricwszystkie wersjeSchneider Electric 140noe77111 Firmware
OSSchneider-Electric< 7.1Schneider Electric Bmxnoc0401
HWSchneider-Electricwszystkie wersjeSchneider Electric Bmxnoc0401 Firmware
OSSchneider-Electric< 2.10Schneider Electric Bmxnoe0100
HWSchneider-Electricwszystkie wersjeSchneider Electric Bmxnoe0100 Firmware
OSSchneider-Electric< 3.3Schneider Electric Bmxnoe0110
HWSchneider-Electricwszystkie wersjeSchneider Electric Bmxnoe0110 Firmware
OSSchneider-Electric< 6.5Schneider Electric Modicon M340 Bmxp341000
HWSchneider-Electricwszystkie wersjeSchneider Electric Modicon M340 Bmxp341000 Firmware
OSSchneider-Electric< 3.20Schneider Electric Modicon M340 Bmxp342000
HWSchneider-Electricwszystkie wersjeSchneider Electric Modicon M340 Bmxp342000 Firmware
OSSchneider-Electric< 3.20Schneider Electric Modicon M340 Bmxp3420102
HWSchneider-Electricwszystkie wersjeSchneider Electric Modicon M340 Bmxp3420102 Firmware
OSSchneider-Electric< 3.20Schneider Electric Modicon M340 Bmxp3420302
HWSchneider-Electricwszystkie wersjeSchneider Electric Modicon M340 Bmxp3420302 Firmware
OSSchneider-Electric< 3.20Schneider Electric Tsxety4103
HWSchneider-Electricwszystkie wersjeSchneider Electric Tsxety4103 Firmware
OSSchneider-Electric< 6.2Schneider Electric Tsxety5103
HWSchneider-Electricwszystkie wersjeSchneider Electric Tsxety5103 Firmware
OSSchneider-Electric< 6.4Schneider Electric Tsxp574634
HWSchneider-Electricwszystkie wersjeSchneider Electric Tsxp574634 Firmware
OSSchneider-Electric< 6.1Schneider Electric Tsxp575634
HWSchneider-Electricwszystkie wersjeSchneider Electric Tsxp575634 Firmware
OSSchneider-Electric< 6.1
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Auth Bypass
Powiązane podatności
CVE-2022-37300CRITICAL9.8ten sam produkt
A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could cause unaut...
CVE-2021-22779CRITICAL9.1ten sam produkt
Authentication Bypass by Spoofing vulnerability exists in EcoStruxure Control Expert (all versions prior to V1...
CVE-2020-7540CRITICAL9.8ten sam produkt
A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Web Server on Modicon M340...
CVE-2018-7761CRITICAL9.8ten sam produkt
A vulnerability exists in the HTTP request parser in Schneider Electric's Modicon M340, Modicon Premium, Modic...
CVE-2018-7241CRITICAL9.8ten sam produkt
Hard coded accounts exist in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR02...