CVE-2020-7534
HIGH
8.8
CVSS Severity Score
Vulnerability Description
A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists on the web server used, that could cause a leak of sensitive data or unauthorized actions on the web server during the time the user is logged in. Affected Products: Modicon M340 CPUs: BMXP34 (All Versions), Modicon Quantum CPUs with integrated Ethernet (Copro): 140CPU65 (All Versions), Modicon Premium CPUs with integrated Ethernet (Copro): TSXP57 (All Versions), Modicon M340 ethernet modules: (BMXNOC0401, BMXNOE01, BMXNOR0200H) (All Versions), Modicon Quantum and Premium factory cast communication modules: (140NOE77111, 140NOC78*00, TSXETY5103, TSXETY4103) (All Versions)
Affected Platforms (CPE)
π»
Schneider Electric
Modicon M340 Bmxp342020 Firmware
All versionsπ»
Schneider Electric
140cpu65 Firmware
All versionsπ»
Schneider Electric
Tsxp57 Firmware
All versionsπ»
Schneider Electric
Bmxnoc0401 Firmware
All versionsπ»
Schneider Electric
Bmxnoe01 Firmware
All versionsπ»
Schneider Electric
Bmxnor0200h Firmware
All versionsπ»
Schneider Electric
140noe77111 Firmware
All versionsπ»
Schneider Electric
140noc78000 Firmware
All versionsπ»
Schneider Electric
Tsxety5103 Firmware
All versionsπ»
Schneider Electric