TROYANOSYVIRUS
Volver a CVEs

CVE-2020-7533

CRITICAL
9.8

Descripcion

CWE-287: Improper Authentication vulnerability exists which could cause the execution of commands on the webserver without authentication when sending specially crafted HTTP requests.

Detalles CVE

Puntuacion CVSS v3.19.8
SeveridadCRITICAL
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado12/1/2020
Ultima modificacion6/10/2025
Fuentenvd
Avistamientos honeypot0

Productos afectados

schneider-electric:140cpu65260schneider-electric:140cpu65260_firmwareschneider-electric:140noc77101schneider-electric:140noc77101_firmwareschneider-electric:140noc78000schneider-electric:140noc78000_firmwareschneider-electric:140noe77111schneider-electric:140noe77111_firmwareschneider-electric:bmxnoc0401schneider-electric:bmxnoc0401_firmwareschneider-electric:bmxnoe0100schneider-electric:bmxnoe0100_firmwareschneider-electric:bmxnoe0110schneider-electric:bmxnoe0110_firmwareschneider-electric:modicon_m340_bmxp341000schneider-electric:modicon_m340_bmxp341000_firmwareschneider-electric:modicon_m340_bmxp342000schneider-electric:modicon_m340_bmxp342000_firmwareschneider-electric:modicon_m340_bmxp3420102schneider-electric:modicon_m340_bmxp3420102_firmwareschneider-electric:modicon_m340_bmxp3420302schneider-electric:modicon_m340_bmxp3420302_firmwareschneider-electric:tsxety4103schneider-electric:tsxety4103_firmwareschneider-electric:tsxety5103schneider-electric:tsxety5103_firmwareschneider-electric:tsxp574634schneider-electric:tsxp574634_firmwareschneider-electric:tsxp575634schneider-electric:tsxp575634_firmwareschneider-electric:tsxp576634schneider-electric:tsxp576634_firmware

Debilidades (CWE)

CWE-287

Referencias

https://download.schneider-electric.com/files?p_File_Name=SEVD-2020-287-01_Modicon_Web_Server_Security_Notificatiton.pdf&p_Doc_Ref=SEVD-2020-287-01&p_enDocType=Security+and+Safety+Notice(cybersecurity@se.com)
https://www.se.com/ww/en/download/document/SEVD-2020-287-01/(af854a3a-2127-422b-91ae-364da2661108)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.