CWE-287: Improper Authentication vulnerability exists which could cause the execution of commands on the webserver without authentication when sending specially crafted HTTP requests.
AI analysis not yet available
Plain-English explanation, risk summary, and remediation steps will appear here once AI analysis is complete.
No Fix Known
No patch has been released yet. Apply workarounds or mitigations where available.
| Vendor | Product | Versions | Fixed In |
|---|---|---|---|
| schneider-electric | modicon_m340_bmxp3420302_firmware | 3.20 | - |
| schneider-electric | modicon_m340_bmxp342000_firmware | 3.20 | - |
| schneider-electric | modicon_m340_bmxp341000_firmware |
Published
CVE disclosed publicly
Last Modified
Most recent update
Indexed to CVEInsight
Added to this platform
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
17
Affected Products
2
References
schneider-electric / modicon_m340_bmxp3420302_firmware
| 3.20 |
| - |
| schneider-electric | modicon_m340_bmxp3420102_firmware | 3.20 | - |
| schneider-electric | modicon_m340_bmxp3420302_firmware | 3.20 | - |
| schneider-electric | bmxnoe0100_firmware | 3.3 | - |
| schneider-electric | bmxnoe0110_firmware | 6.5 | - |
| schneider-electric | bmxnoc0401_firmware | 2.10 | - |
| schneider-electric | tsxp574634_firmware | 6.1 | - |
| schneider-electric | tsxp575634_firmware | 6.1 | - |
| schneider-electric | tsxp576634_firmware | 6.1 | - |
| schneider-electric | tsxety4103_firmware | 6.2 | - |
| schneider-electric | tsxety5103_firmware | 6.4 | - |
| schneider-electric | 140noe77111_firmware | 7.1 | - |
| schneider-electric | 140noc78000_firmware | 1.74 | - |
| schneider-electric | 140noc77101_firmware | 1.08 | - |
| schneider-electric | 140cpu65260_firmware | 6.1 | - |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability
Impact