Reflected Cross-Site Scripting Vulnerability in Schneider Electric Modicon Products
CVE-2015-6462

5.4MEDIUM

Key Information:

Vendor: Schneider Electric
Status: Schneider Electric Modicon Plc
Vendor: CVE Published:; 21 March 2019

Summary

This vulnerability allows an attacker to exploit reflected cross-site scripting in Schneider Electric Modicon PLC products. By crafting a specific URL that contains malicious JavaScript, an attacker can cause the code to be executed in the browser of users accessing the affected PLCs. This could lead to unauthorized actions performed on behalf of the user, compromising the security of the affected systems.

Affected Version(s)

Schneider Electric Modicon PLC BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, and BMXP342030H.

References

https://ics-cert.us-cert.gov/advisories/ICSA-15-246-02

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Mar 21, 2019
Vulnerability Reserved
Aug 17, 2015