TROYANOSYVIRUS
Zuruck zu CVEs

CVE-2020-7533

CRITICAL
9.8

Beschreibung

CWE-287: Improper Authentication vulnerability exists which could cause the execution of commands on the webserver without authentication when sending specially crafted HTTP requests.

CVE Details

CVSS v3.1 Bewertung9.8
SchweregradCRITICAL
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht12/1/2020
Zuletzt geandert6/10/2025
Quellenvd
Honeypot-Sichtungen0

Betroffene Produkte

schneider-electric:140cpu65260schneider-electric:140cpu65260_firmwareschneider-electric:140noc77101schneider-electric:140noc77101_firmwareschneider-electric:140noc78000schneider-electric:140noc78000_firmwareschneider-electric:140noe77111schneider-electric:140noe77111_firmwareschneider-electric:bmxnoc0401schneider-electric:bmxnoc0401_firmwareschneider-electric:bmxnoe0100schneider-electric:bmxnoe0100_firmwareschneider-electric:bmxnoe0110schneider-electric:bmxnoe0110_firmwareschneider-electric:modicon_m340_bmxp341000schneider-electric:modicon_m340_bmxp341000_firmwareschneider-electric:modicon_m340_bmxp342000schneider-electric:modicon_m340_bmxp342000_firmwareschneider-electric:modicon_m340_bmxp3420102schneider-electric:modicon_m340_bmxp3420102_firmwareschneider-electric:modicon_m340_bmxp3420302schneider-electric:modicon_m340_bmxp3420302_firmwareschneider-electric:tsxety4103schneider-electric:tsxety4103_firmwareschneider-electric:tsxety5103schneider-electric:tsxety5103_firmwareschneider-electric:tsxp574634schneider-electric:tsxp574634_firmwareschneider-electric:tsxp575634schneider-electric:tsxp575634_firmwareschneider-electric:tsxp576634schneider-electric:tsxp576634_firmware

Schwachen (CWE)

CWE-287

Referenzen

https://download.schneider-electric.com/files?p_File_Name=SEVD-2020-287-01_Modicon_Web_Server_Security_Notificatiton.pdf&p_Doc_Ref=SEVD-2020-287-01&p_enDocType=Security+and+Safety+Notice(cybersecurity@se.com)
https://www.se.com/ww/en/download/document/SEVD-2020-287-01/(af854a3a-2127-422b-91ae-364da2661108)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.