CVE-2014-0754

03.10.2014, 18:55

Directory traversal vulnerability in SchneiderWEB on Schneider Electric Modicon PLC Ethernet modules 140CPU65x Exec before 5.5, 140NOC78x Exec before 1.62, 140NOE77x Exec before 6.2, BMXNOC0401 before 2.05, BMXNOE0100 before 2.9, BMXNOE0110x Exec before 6.0, TSXETC101 Exec before 2.04, TSXETY4103x Exec before 5.7, TSXETY5103x Exec before 5.9, TSXP57x ETYPort Exec before 5.7, and TSXP57x Ethernet Copro Exec before 5.5 allows remote attackers to visit arbitrary resources via a crafted HTTP request.

Path Traversal

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Vector
NIST	NIST	10 UNKNOWN	NETWORK	LOW	AV:N/AC:L/Au:N/C:C/I:C/A:C
icscert	CNA	---			---
CVE	ADP	---			---

Base Score

CVSS 3.x

EPSS Score

Percentile: 89%

Vendor	Product	Version
schneider-electric	stbnic2212_firmware	-
schneider-electric	stbnip2212_firmware	-
schneider-electric	tsxetc0101_firmware	-
schneider-electric	tsxetc100_firmware	-
schneider-electric	tsxp573623mc_firmware	-
schneider-electric	tsxety110ws_firmware	-
schneider-electric	tsxp574634m_firmware	-
schneider-electric	tsxety110wsc_firmware	-
schneider-electric	tsxp574823am_firmware	-
schneider-electric	tsxety4103_firmware	-
schneider-electric	tsxp574823m_firmware	-
schneider-electric	tsxety4103c_firmware	-
schneider-electric	tsxp574823mc_firmware	-
schneider-electric	tsxety5103_firmware	-
schneider-electric	tsxp575634m_firmware	-
schneider-electric	tsxety5103c_firmware	-
schneider-electric	tsxp576634m_firmware	-
schneider-electric	tsxetz410_firmware	-
schneider-electric	tsxwmy100_firmware	-
schneider-electric	tsxetz510_firmware	-
schneider-electric	tsxwmy100c_firmware	-
schneider-electric	tsxntp100_firmware	-
schneider-electric	modicon_m580_bmxnoc0402_firmware	-
schneider-electric	modicon_m340_bmxnoe0100_firmware	-
schneider-electric	modicon_m340_bmxnoe0110_firmware	-
schneider-electric	modicon_m340_bmxnoe0110h_firmware	-
schneider-electric	modicon_m340_bmxnor0200h_firmware	-
schneider-electric	modicon_m340_bmxp342020_firmware	-
schneider-electric	modicon_m340_bmxp342020h_firmware	-
schneider-electric	modicon_m340_bmxp342030_firmware	-
schneider-electric	modicon_m340_bmxp3420302_firmware	-
schneider-electric	modicon_m340_bmxp3420302h_firmware	-
schneider-electric	modicon_m340_bmxp342030h_firmware	-
schneider-electric	modicon_m340_bmxnoc0401_firmware	-
schneider-electric	171ccc96020_firmware	-
schneider-electric	171ccc96020c_firmware	-
schneider-electric	171ccc96030_firmware	-
schneider-electric	171ccc96030c_firmware	-
schneider-electric	171ccc98020_firmware	-
schneider-electric	171ccc98030_firmware	-
schneider-electric	modicon_m340_bmxnoc0401_firmware	-
schneider-electric	modicon_m580_bmxnoc0402_firmware	-
schneider-electric	modicon_m340_bmxnoe0110_firmware	-
schneider-electric	modicon_m340_bmxnoe0110h_firmware	-
schneider-electric	modicon_m340_bmxnor0200h_firmware	-
schneider-electric	modicon_m340_bmxp342020_firmware	-
schneider-electric	modicon_m340_bmxp342020h_firmware	-
schneider-electric	modicon_m340_bmxp3420302_firmware	-
schneider-electric	modicon_m340_bmxp342030_firmware	-
schneider-electric	modicon_m340_bmxp3420302h_firmware	-
schneider-electric	modicon_m340_bmxp342030h_firmware	-
schneider-electric	tsxetc100_firmware	-
schneider-electric	tsxp573623mc_firmware	-
schneider-electric	tsxety110ws_firmware	-
schneider-electric	tsxp574634m_firmware	-
schneider-electric	tsxety110wsc_firmware	-
schneider-electric	tsxp574823am_firmware	-
schneider-electric	tsxety4103_firmware	-
schneider-electric	tsxp574823m_firmware	-
schneider-electric	tsxety4103c_firmware	-
schneider-electric	tsxp574823mc_firmware	-
schneider-electric	tsxety5103_firmware	-
schneider-electric	tsxp575634m_firmware	-
schneider-electric	tsxety5103c_firmware	-
schneider-electric	tsxp576634m_firmware	-
schneider-electric	tsxetz410_firmware	-
schneider-electric	tsxwmy100_firmware	-
schneider-electric	tsxetz510_firmware	-
schneider-electric	tsxwmy100c_firmware	-
schneider-electric	tsxntp100_firmware	-
schneider-electric	tsxp571634m_firmware	-
schneider-electric	tsxp572634m_firmware	-
schneider-electric	tsxp573634m_firmware	-

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References

http://download.schneider-electric.com/files?p_Reference=SEVD-2014-260-01&p_EnDocType=Software%20-%20Updates&p_File_Id=608959359&p_File_Name=SEVD-2014-260-01.pdf

http://www.securityfocus.com/bid/70193

https://ics-cert.us-cert.gov/advisories/ICSA-14-273-01

http://download.schneider-electric.com/files?p_Reference=SEVD-2014-260-01&p_EnDocType=Software%20-%20Updates&p_File_Id=608959359&p_File_Name=SEVD-2014-260-01.pdf

http://www.securityfocus.com/bid/70193

https://ics-cert.us-cert.gov/advisories/ICSA-14-273-01