Lucene search
This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.OT_500223.NASLHistoryNov 08, 2019 - 12:00 a.m.
Schneider-electric Modicom Cross-Site Request Forgery (CSRF)
2019-11-0800:00:00
This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
14
0.001 Low
EPSS
Percentile
41.1%
An Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 allowing an attacker to send a specially crafted URL to a currently authenticated web server user to execute a password change on the web server.
File data ot_500223.nasl| Vendor | Product | Version | CPE |
|---|---|---|---|
| schneider-electric | modicom_m340_firmware | * | cpe:2.3:o:schneider-electric:modicom_m340_firmware:*:*:*:*:*:*:*:* |
| schneider-electric | modicom_m340 | - | cpe:2.3:h:schneider-electric:modicom_m340:-:*:*:*:*:*:*:* |
| schneider-electric | modicom_premium_firmware | * | cpe:2.3:o:schneider-electric:modicom_premium_firmware:*:*:*:*:*:*:*:* |
| schneider-electric | modicom_premium | - | cpe:2.3:h:schneider-electric:modicom_premium:-:*:*:*:*:*:*:* |
| schneider-electric | modicom_quantum_firmware | * | cpe:2.3:o:schneider-electric:modicom_quantum_firmware:*:*:*:*:*:*:*:* |
| schneider-electric | modicom_quantum | - | cpe:2.3:h:schneider-electric:modicom_quantum:-:*:*:*:*:*:*:* |
| schneider-electric | modicom_bmxnor0200h_firmware | * | cpe:2.3:o:schneider-electric:modicom_bmxnor0200h_firmware:*:*:*:*:*:*:*:* |
| schneider-electric | modicom_bmxnor0200h | - | cpe:2.3:h:schneider-electric:modicom_bmxnor0200h:-:*:*:*:*:*:*:* |
Related
nessus
nessus
Schneider Electric Modicon Cross-site Scripting (CVE-2018-7831)
2022-02-07 00:00:00
cve
cve
CVE-2018-7831
2018-11-30 19:29:00
cvelist
cvelist
CVE-2018-7831
2018-11-30 19:00:00
nvd
nvd
CVE-2018-7831
2018-11-30 19:29:00
prion
prion
Design/Logic Flaw
2018-11-30 19:29:00