CVE-2020-7535
Summary
| CVE | CVE-2020-7535 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-12-11 01:15:00 UTC |
| Updated | 2020-12-14 20:38:00 UTC |
| Description | A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal' Vulnerability Type) vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause disclosure of information when sending a specially crafted request to the controller over HTTP. |
Risk And Classification
Problem Types: CWE-22
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Security Notification - Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules | Schneider Electric | CONFIRM | www.se.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 591409 Schneider Electric Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and Associated Communication Modules Path Traversal Vulnerability (SEVD-2020-343-05)