Cross-Site Request Forgery Vulnerability in Modicon CPUs by Schneider Electric
CVE-2020-7534
Key Information:
- Vendor
- Schneider Electric
- Vendor
- CVE Published:
- 4 February 2022
Summary
A Cross-Site Request Forgery (CSRF) vulnerability has been identified in Schneider Electric's Modicon CPUs, which could potentially allow attackers to execute unauthorized actions and expose sensitive information while a user is logged into the web server. This vulnerability affects various models including Modicon M340, Quantum, and Premium CPUs with integrated Ethernet, as well as specific ethernet modules and communication modules. Proper safeguards should be implemented to mitigate the risks associated with this vulnerability.
Affected Version(s)
Modicon M340 CPUs: BMXP34 (All ), Modicon Quantum CPUs with integrated Ethernet (Copro): 140CPU65 (All ), Modicon Premium CPUs with integrated Ethernet (Copro): TSXP57 (All ), Modicon M340 ethernet modules: (BMXNOC0401, BMXNOE01, BMXNOR0200H) (All ), Modicon Quantum and Premium factory cast communication modules: (140NOE77111, 140NOC78*00, TSXETY5103, TSXETY4103) Modicon M340 CPUs: BMXP34 (All Versions), Modicon Quantum CPUs with integrated Ethernet (Copro): 140CPU65 (All Versions), Modicon Premium CPUs with integrated Ethernet (Copro): TSXP57 (All Versions), Modicon M340 ethernet modules: (BMXNOC0401, BMXNOE01, BMXNOR0200H) (All Versions), Modicon Quantum and Premium factory cast communication modules: (140NOE77111, 140NOC78*00, TSXETY5103, TSXETY4103) (All Versions)
References
CVSS V3.1
Timeline
Vulnerability published
Vulnerability Reserved