CVE-2020-7533 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Affected Products (NVD)

Vendor	Product	Version
schneider-electric	modicon_m340_bmxp3420302_firmware	𝑥 < 3.20
schneider-electric	modicon_m340_bmxp342000_firmware	𝑥 < 3.20
schneider-electric	modicon_m340_bmxp341000_firmware	𝑥 < 3.20
schneider-electric	modicon_m340_bmxp3420102_firmware	𝑥 < 3.20
schneider-electric	modicon_m340_bmxp3420302_firmware	𝑥 < 3.20
schneider-electric	bmxnoe0100_firmware	𝑥 < 3.3
schneider-electric	bmxnoe0110_firmware	𝑥 < 6.5
schneider-electric	bmxnoc0401_firmware	𝑥 < 2.10
schneider-electric	tsxp574634_firmware	𝑥 < 6.1
schneider-electric	tsxp575634_firmware	𝑥 < 6.1
schneider-electric	tsxp576634_firmware	𝑥 < 6.1
schneider-electric	tsxety4103_firmware	𝑥 < 6.2
schneider-electric	tsxety5103_firmware	𝑥 < 6.4
schneider-electric	140noe77111_firmware	𝑥 < 7.1
schneider-electric	140noc78000_firmware	𝑥 < 1.74
schneider-electric	140noc77101_firmware	𝑥 < 1.08
schneider-electric	140cpu65260_firmware	𝑥 < 6.1

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-287 - Improper Authentication
When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.

References

https://download.schneider-electric.com/files?p_File_Name=SEVD-2020-287-01_Modicon_Web_Server_Security_Notificatiton.pdf&p_Doc_Ref=SEVD-2020-287-01&p_enDocType=Security+and+Safety+Notice

https://www.se.com/ww/en/download/document/SEVD-2020-287-01/