| Summary | A CWE-20: Improper Input Validation vulnerability exists that could cause denial of service of the device when an attacker sends a specially crafted HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (All Versions), Modicon Premium Processors with integrated Ethernet (Copro): TSXP574634, TSXP575634, TSXP576634 (All Versions), Modicon Quantum Processors with Integrated Ethernet (Copro): 140CPU65xxxxx (All Versions), Modicon Quantum Communication Modules: 140NOE771x1, 140NOC78x00, 140NOC77101 (All Versions), Modicon Premium Communication Modules: TSXETY4103, TSXETY5103 (All Versions) |
|---|---|
| Publication Date | Feb. 12, 2022, 3:15 a.m. |
| Registration Date | Feb. 12, 2022, 10 a.m. |
| Last Update | Nov. 21, 2024, 2:50 p.m. |
| CVSS3.1 : HIGH | |
| スコア | 7.5 |
|---|---|
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
| 攻撃元区分(AV) | ネットワーク |
| 攻撃条件の複雑さ(AC) | 低 |
| 攻撃に必要な特権レベル(PR) | 不要 |
| 利用者の関与(UI) | 不要 |
| 影響の想定範囲(S) | 変更なし |
| 機密性への影響(C) | なし |
| 完全性への影響(I) | なし |
| 可用性への影響(A) | 高 |
| CVSS2.0 : MEDIUM | |
| Score | 5.0 |
|---|---|
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:P |
| 攻撃元区分(AV) | ネットワーク |
| 攻撃条件の複雑さ(AC) | 低 |
| 攻撃前の認証要否(Au) | 不要 |
| 機密性への影響(C) | なし |
| 完全性への影響(I) | なし |
| 可用性への影響(A) | 低 |
| Get all privileges. | いいえ |
| Get user privileges | いいえ |
| Get other privileges | いいえ |
| User operation required | いいえ |
| Configuration1 | or higher | or less | more than | less than | |
| cpe:2.3:o:schneider-electric:modicon_m340_bmxp342020_firmware:*:*:*:*:*:*:*:* | 3.40 | ||||
| execution environment | |||||
| 1 | cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020:-:*:*:*:*:*:*:* | ||||
| Configuration2 | or higher | or less | more than | less than | |
| cpe:2.3:o:schneider-electric:bmxnoe0100_firmware:*:*:*:*:*:*:*:* | |||||
| execution environment | |||||
| 1 | cpe:2.3:h:schneider-electric:bmxnoe0100:-:*:*:*:*:*:*:* | ||||
| Configuration3 | or higher | or less | more than | less than | |
| cpe:2.3:o:schneider-electric:bmxnoe0110_firmware:*:*:*:*:*:*:*:* | |||||
| execution environment | |||||
| 1 | cpe:2.3:h:schneider-electric:bmxnoe0110:-:*:*:*:*:*:*:* | ||||
| Configuration4 | or higher | or less | more than | less than | |
| cpe:2.3:o:schneider-electric:bmxnoc0401_firmware:*:*:*:*:*:*:*:* | |||||
| execution environment | |||||
| 1 | cpe:2.3:h:schneider-electric:bmxnoc0401:-:*:*:*:*:*:*:* | ||||
| Configuration5 | or higher | or less | more than | less than | |
| cpe:2.3:o:schneider-electric:bmxnor0200h_rtu_firmware:*:*:*:*:*:*:*:* | |||||
| execution environment | |||||
| 1 | cpe:2.3:h:schneider-electric:bmxnor0200h_rtu:-:*:*:*:*:*:*:* | ||||
| Configuration6 | or higher | or less | more than | less than | |
| cpe:2.3:o:schneider-electric:tsxp574634_firmware:*:*:*:*:*:*:*:* | |||||
| execution environment | |||||
| 1 | cpe:2.3:h:schneider-electric:tsxp574634:-:*:*:*:*:*:*:* | ||||
| Configuration7 | or higher | or less | more than | less than | |
| cpe:2.3:o:schneider-electric:tsxp575634_firmware:*:*:*:*:*:*:*:* | |||||
| execution environment | |||||
| 1 | cpe:2.3:h:schneider-electric:tsxp575634:-:*:*:*:*:*:*:* | ||||
| Configuration8 | or higher | or less | more than | less than | |
| cpe:2.3:o:schneider-electric:tsxp576634_firmware:*:*:*:*:*:*:*:* | |||||
| execution environment | |||||
| 1 | cpe:2.3:h:schneider-electric:tsxp576634:-:*:*:*:*:*:*:* | ||||
| Configuration9 | or higher | or less | more than | less than | |
| cpe:2.3:o:schneider-electric:140cpu65150_firmware:*:*:*:*:*:*:*:* | |||||
| execution environment | |||||
| 1 | cpe:2.3:h:schneider-electric:140cpu65150:-:*:*:*:*:*:*:* | ||||
| Configuration10 | or higher | or less | more than | less than | |
| cpe:2.3:o:schneider-electric:140noe771x1_firmware:*:*:*:*:*:*:*:* | |||||
| execution environment | |||||
| 1 | cpe:2.3:h:schneider-electric:140noe771x1:-:*:*:*:*:*:*:* | ||||
| Configuration11 | or higher | or less | more than | less than | |
| cpe:2.3:o:schneider-electric:140noc78x00_firmware:*:*:*:*:*:*:*:* | |||||
| execution environment | |||||
| 1 | cpe:2.3:h:schneider-electric:140noc78x00:-:*:*:*:*:*:*:* | ||||
| Configuration12 | or higher | or less | more than | less than | |
| cpe:2.3:o:schneider-electric:140noc77101_firmware:*:*:*:*:*:*:*:* | |||||
| execution environment | |||||
| 1 | cpe:2.3:h:schneider-electric:140noc77101:-:*:*:*:*:*:*:* | ||||
| Configuration13 | or higher | or less | more than | less than | |
| cpe:2.3:o:schneider-electric:tsxety4103_firmware:*:*:*:*:*:*:*:* | |||||
| execution environment | |||||
| 1 | cpe:2.3:h:schneider-electric:tsxety4103:-:*:*:*:*:*:*:* | ||||
| Configuration14 | or higher | or less | more than | less than | |
| cpe:2.3:o:schneider-electric:tsxety5103_firmware:*:*:*:*:*:*:*:* | |||||
| execution environment | |||||
| 1 | cpe:2.3:h:schneider-electric:tsxety5103:-:*:*:*:*:*:*:* | ||||
| Title | 複数の Schneider Electric 製品における入力確認に関する脆弱性 |
|---|---|
| Summary | 複数の Schneider Electric 製品には、入力確認に関する脆弱性が存在します。 |
| Possible impacts | サービス運用妨害 (DoS) 状態にされる可能性があります。 |
| Solution | ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。 |
| Publication Date | Sept. 14, 2021, midnight |
| Registration Date | June 15, 2023, 4:41 p.m. |
| Last Update | June 15, 2023, 4:41 p.m. |
| Schneider Electric |
| 140NOE771x1 ファームウェア |
| BMXNOC0401 ファームウェア |
| BMXNOE0100 ファームウェア |
| BMXNOE0110 ファームウェア |
| BMXNOR0200H RTU ファームウェア |
| BMXP342020 ファームウェア |
| Modicon Quantum 140CPU65150 |
| TSXP574634 ファームウェア |
| TSXP575634 ファームウェア |
| TSXP576634 ファームウェア |
| No | Changed Details | Date of change |
|---|---|---|
| 1 | [2023年06月15日] 掲載 |
June 15, 2023, 4:41 p.m. |