Description
Cross-site request forgery (CSRF) vulnerability on the Schneider Electric Quantum 140NOE77111, 140NOE77101, and 140NWM10000; M340 BMXNOC0401, BMXNOE0100x, and BMXNOE011xx; and Premium TSXETY4103, TSXETY5103, and TSXWMY100 PLC modules allows remote attackers to hijack the authentication of arbitrary users for requests that execute commands, as demonstrated by modifying HTTP credentials.
Exploits (1)
References (4)
Core 4
Core References
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/44678/
Vendor Advisory x_refsource_confirm
http://www.schneider-electric.com/download/ww/en/details/35081317-Vulnerability-Disclosure-for-Quantum-Premium-and-M340/
Vendor Advisory x_refsource_confirm
http://www.schneider-electric.com/download/ww/en/file/36555639-SEVD-2013-023-01.pdf/?fileName=SEVD-2013-023-01.pdf&reference=SEVD-2013-023-01&docType=Technical-paper
US Government Resource x_refsource_misc
http://ics-cert.us-cert.gov/pdf/ICSA-13-077-01A.pdf
Scores
EPSS
0.0037
EPSS Percentile
58.5%
Details
CWE
CWE-352
Status
published
Products (9)
schneider-electric/modicon_m340
bmxnoc0401
schneider-electric/modicon_m340
bmxnoe011xx
schneider-electric/modicon_m340
bmxnoe0100x
schneider-electric/modicon_premium
tsxety4103
schneider-electric/modicon_premium
tsxety5103
schneider-electric/modicon_premium
tsxwmy100
schneider-electric/modicon_quantum_plc
140noe77101
schneider-electric/modicon_quantum_plc
140noe77111
schneider-electric/modicon_quantum_plc
140nwm10000
Published
Apr 04, 2013
Tracked Since
Feb 18, 2026