CVE-2020-7541
Summary
| CVE | CVE-2020-7541 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-12-11 01:15:00 UTC |
| Updated | 2020-12-14 21:07:00 UTC |
| Description | A CWE-425: Direct Request ('Forced Browsing') vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause disclosure of sensitive data when sending a specially crafted request to the controller over HTTP. |
Risk And Classification
Problem Types: CWE-425
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Security Notification - Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules | Schneider Electric | CONFIRM | www.se.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 590745 Schneider Electric Web Server on Modicon M340 Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules Multiple Vulnerabilities (SEVD-2020-343-03)