CVE-2020-7533

CWE-287 — Improper Authentication3 documents3 sources

Severity

9.8CRITICAL

EPSS

0.2%

top 53.81%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Schneider-electric 140cpu65260 Firmware Schneider-electric 140noc77101 Firmware Schneider-electric 140noc78000 Firmware +13 more

Timeline

PublishedDec 1

Latest updateMay 24

Description

CWE-287: Improper Authentication vulnerability exists which could cause the execution of commands on the webserver without authentication when sending specially crafted HTTP requests.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages16 packages

▶NVDschneider-electric/bmxnoc0401_firmware< 2.10

▶NVDschneider-electric/bmxnoe0100_firmware< 3.3

▶NVDschneider-electric/bmxnoe0110_firmware< 6.5

▶NVDschneider-electric/tsxety4103_firmware< 6.2

▶NVDschneider-electric/tsxety5103_firmware< 6.4

🔴Vulnerability Details

GHSA

GHSA-4wm4-5vmp-66g7: A CWE-255: Credentials Management vulnerability exists in Web Server on Modicon M340, Modicon Quantum and ModiconPremium Legacy offers and their Commu↗2022-05-24

▶

CVEList

CVE-2020-7533: CWE-287: Improper Authentication vulnerability exists which could cause the execution of commands on the webserver without authentication when sending↗2020-12-01

▶