CVE-2013-0664

3 documents3 sources

Severity

8.5HIGH

EPSS

1.2%

top 21.42%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Schneider-electric Modicon M340 Schneider-electric Modicon Premium Schneider-electric Modicon Quantum PLC

Timeline

PublishedApr 4

Latest updateMay 17

Description

The FactoryCast service on the Schneider Electric Quantum 140NOE77111 and 140NWM10000, M340 BMXNOE0110x, and Premium TSXETY5103 PLC modules allows remote authenticated users to send Modbus messages, and consequently execute arbitrary code, by embedding these messages in SOAP HTTP POST requests.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 6.8 | Impact: 10.0

Affected Packages3 packages

▶NVDschneider-electric/modicon_m340bmxnoe0110x

▶NVDschneider-electric/modicon_premiumtsxety5103

▶NVDschneider-electric/modicon_quantum_plc140noe77111, 140nwm10000+1

🔴Vulnerability Details

GHSA

GHSA-rvwq-pwvv-r8jc: The FactoryCast service on the Schneider Electric Quantum 140NOE77111 and 140NWM10000, M340 BMXNOE0110x, and Premium TSXETY5103 PLC modules allows rem↗2022-05-17

▶

CVEList

CVE-2013-0664: The FactoryCast service on the Schneider Electric Quantum 140NOE77111 and 140NWM10000, M340 BMXNOE0110x, and Premium TSXETY5103 PLC modules allows rem↗2013-04-04

▶