CVE-2013-0663
published 2013-04-04CVE-2013-0663: Cross-site request forgery (CSRF) vulnerability on the Schneider Electric Quantum 140NOE77111, 140NOE77101, and 140NWM10000; M340 BMXNOC0401, BMXNOE0100x, and…
medium6.8CVSS 3.1
AVNACMAuNCPIPAP
EXPLOIT
Cross-site request forgery (CSRF) vulnerability on the Schneider Electric Quantum 140NOE77111, 140NOE77101, and 140NWM10000; M340 BMXNOC0401, BMXNOE0100x, and BMXNOE011xx; and Premium TSXETY4103, TSXETY5103, and TSXWMY100 PLC modules allows remote attackers to hijack the authentication of arbitrary users for requests that execute commands, as demonstrated by modifying HTTP credentials.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| schneider-electric | modicon_m340 | — | — |
| schneider-electric | modicon_m340 | — | — |
| schneider-electric | modicon_m340 | — | — |
| schneider-electric | modicon_premium | — | — |
| schneider-electric | modicon_premium | — | — |
| schneider-electric | modicon_premium | — | — |
| schneider-electric | modicon_quantum_plc | — | — |
| schneider-electric | modicon_quantum_plc | — | — |
| schneider-electric | modicon_quantum_plc | — | — |