CVE-2015-6461
MEDIUMSchneider Electric Modicon BMXNOC0401 and BMXNOE/BMXNOR/BMXP3420 Firmware - Remote File Inclusion via Crafted URL
Title source: llmDescription
Remote file inclusion allows an attacker to craft a specific URL referencing the Schneider Electric Modicon BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, or BMXP342030H PLC web server, which, when launched, will result in the browser redirecting to a remote file via a Java script loaded with the web page.
References (1)
Core 1
Core References
Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-15-246-02
Scores
CVSS v3
5.4
EPSS
0.0019
EPSS Percentile
39.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Details
CWE
CWE-20
CWE-98
Status
published
Products (11)
schneider-electric/bmxnoc0401_firmware
schneider-electric/bmxnoe0100_firmware
schneider-electric/bmxnoe0110_firmware
schneider-electric/bmxnoe0110h_firmware
schneider-electric/bmxnor0200h_firmware
schneider-electric/modicon_m340_bmxp342020_firmware
schneider-electric/modicon_m340_bmxp342020h_firmware
schneider-electric/modicon_m340_bmxp3420302_firmware
schneider-electric/modicon_m340_bmxp3420302h_firmware
schneider-electric/modicon_m340_bmxp342030_firmware
... and 1 more
Published
Mar 21, 2019
Tracked Since
Feb 18, 2026