Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2013-0663

CWE-352Cross-Site Request Forgery (CSRF)4 documents4 sources
Severity
6.8MEDIUM
EPSS
0.4%
top 41.50%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
3
Schneider-electric Modicon M340Schneider-electric Modicon PremiumSchneider-electric Modicon Quantum PLC
Timeline
PublishedApr 4
Latest updateMay 14

Description

Cross-site request forgery (CSRF) vulnerability on the Schneider Electric Quantum 140NOE77111, 140NOE77101, and 140NWM10000; M340 BMXNOC0401, BMXNOE0100x, and BMXNOE011xx; and Premium TSXETY4103, TSXETY5103, and TSXWMY100 PLC modules allows remote attackers to hijack the authentication of arbitrary users for requests that execute commands, as demonstrated by modifying HTTP credentials.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages3 packages

NVDschneider-electric/modicon_m340bmxnoc0401, bmxnoe0100x, bmxnoe011xx+2
NVDschneider-electric/modicon_premiumtsxety4103, tsxety5103, tsxwmy100+2
NVDschneider-electric/modicon_quantum_plc140noe77101, 140noe77111, 140nwm10000+2

🔴Vulnerability Details

2
GHSA
GHSA-4rvg-cqxf-frqm: Cross-site request forgery (CSRF) vulnerability on the Schneider Electric Quantum 140NOE77111, 140NOE77101, and 140NWM10000; M340 BMXNOC0401, BMXNOE012022-05-14
CVEList
CVE-2013-0663: Cross-site request forgery (CSRF) vulnerability on the Schneider Electric Quantum 140NOE77111, 140NOE77101, and 140NWM10000; M340 BMXNOC0401, BMXNOE012013-04-04

💥Exploits & PoCs

1
Exploit-DB
Schneider Electric PLCs - Cross-Site Request Forgery2018-05-21
CVE-2013-0663 (MEDIUM CVSS 6.8) | Cross-site request forgery (CSRF) v | cvebase.io